Trojaner Agent3.OXX

MC-Lenz · 20.06.2011, 12:57

Hilfe :> ich bekomm ihn net weg

ich kenn mich schon eig gut aus aber der kack virus will nicht weg gehn :/ ich hab schon alles versucht =(( kann mir wer helfen ???

Die exe die sich immer starten willl alle 30 sekunden heißt kscpsvc.exe

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 20.06.2011 14:04:27 - Run 1
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\Alnop\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 54,47% Memory free
6,00 Gb Paging File | 4,50 Gb Available in Paging File | 75,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 27,95 Gb Free Space | 18,75% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 411,05 Gb Free Space | 44,13% Space Free | Partition Type: NTFS
 
Computer Name: HURE | User Name: Alnop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.06.20 14:04:01 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Alnop\Desktop\OTL.exe
PRC - [2011.05.19 08:42:20 | 004,265,472 | ---- | M] (SDU) -- C:\Program Files\SDUProtect\sdupsvc.exe
PRC - [2011.04.18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011.04.18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011.04.14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011.04.12 21:24:58 | 000,122,040 | ---- | M] (dotSyntax, LLC) -- C:\Program Files\Digsby\lib\digsby-app.exe
PRC - [2011.03.30 19:49:44 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011.03.30 19:48:00 | 001,523,008 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011.03.28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011.03.16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011.03.16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~2\AVG\AVG10\avgchsvx.exe
PRC - [2011.03.09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
PRC - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011.02.08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~2\AVG\AVG10\avgrsx.exe
PRC - [2011.02.08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010.08.03 11:05:54 | 000,358,472 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2010.08.03 11:03:46 | 003,649,096 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2010.08.03 10:43:18 | 001,809,992 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
PRC - [2010.08.03 10:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2010.08.03 10:42:42 | 000,676,424 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
PRC - [2009.10.05 19:05:12 | 002,158,592 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe
PRC - [2009.07.13 02:07:48 | 000,021,096 | ---- | M] (The Within Network, LLC) -- C:\Windows\UnsignedThemesSvc.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2006.07.09 22:58:00 | 001,777,664 | ---- | M] (Idea2) -- C:\Program Files\Desktop Sidebar\dsidebar.exe
PRC - [2005.01.14 16:32:38 | 000,053,248 | ---- | M] () -- C:\Windows\System32\PAStiSvc.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.06.20 14:04:01 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Alnop\Desktop\OTL.exe
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (gupdate) Google Update Service (gupdate)
SRV - File not found [On_Demand | Stopped] --  -- (DAUpdaterSvc)
SRV - [2011.05.19 08:42:20 | 004,265,472 | ---- | M] (SDU) [Auto | Running] -- C:\Program Files\SDUProtect\sdupsvc.exe -- (sdupsvc)
SRV - [2011.05.10 13:29:01 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.04.18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.03.30 19:48:00 | 001,523,008 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.03.30 19:45:32 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.03.18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011.03.09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.11.21 11:49:24 | 000,247,608 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.06 20:32:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009.07.13 02:07:48 | 000,021,096 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2005.01.14 16:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PAStiSvc.exe -- (STI Simulator)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.04.14 21:28:30 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.04.05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.03.16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.03.01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.02.24 19:59:07 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.02.24 19:59:07 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.02.22 08:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.02.10 11:22:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.02.10 07:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.02.10 07:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011.01.07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010.12.13 15:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010.11.20 14:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010.11.20 14:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010.11.20 12:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.08.12 13:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010.07.12 05:34:02 | 000,054,112 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010.07.10 06:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.06.19 00:41:25 | 000,002,996 | ---- | M] (Buzz) [Kernel | System | Running] -- C:\Windows\System32\drivers\hwinterface.sys -- (hwinterface)
DRV - [2010.03.27 20:09:15 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.01.07 03:20:22 | 000,375,808 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2009.11.23 17:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009.11.23 17:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.07.13 02:07:46 | 000,025,448 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\uxpatch.sys -- (uxpatch)
DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.06.17 18:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009.05.19 17:22:43 | 001,872,192 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2007.04.11 15:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007.04.11 15:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007.03.16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2006.03.26 14:22:14 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006.03.13 11:38:23 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.10.18 18:48:38 | 000,154,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PA707UCM.SYS -- (PAC7311)
DRV - [2003.12.24 12:43:42 | 000,256,512 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mrv8k51.sys -- (W8100PCI)
DRV - [2003.10.15 19:52:50 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ov519vid.sys -- (ovt519)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 59 E2 05 76 D7 CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.011.025.001
FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4
FF - prefs.js..keyword.URL: "hxxp://search.avg.com/route/?d=4d7aa835&v=6.011.025.001&i=26&tp=ab&iy=&ychte=de&lng=de&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011.05.06 14:38:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011.05.10 21:36:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.16 17:33:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.02 11:20:28 | 000,000,000 | ---D | M]
 
[2010.03.06 19:33:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alnop\AppData\Roaming\mozilla\Extensions
[2011.06.07 05:04:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alnop\AppData\Roaming\mozilla\Firefox\Profiles\2ivawqiy.default\extensions
[2011.06.07 05:04:58 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Alnop\AppData\Roaming\mozilla\Firefox\Profiles\2ivawqiy.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.10.15 17:46:22 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Alnop\AppData\Roaming\mozilla\Firefox\Profiles\2ivawqiy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.03.24 19:28:50 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Alnop\AppData\Roaming\mozilla\Firefox\Profiles\2ivawqiy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.22 03:15:47 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\Alnop\AppData\Roaming\mozilla\Firefox\Profiles\2ivawqiy.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
[2011.03.25 02:05:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alnop\AppData\Roaming\mozilla\Firefox\Profiles\2ivawqiy.default\extensions\ffxtlbr@Facemoods.com
[2011.04.16 17:37:54 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Alnop\AppData\Roaming\mozilla\Firefox\Profiles\2ivawqiy.default\extensions\vshare@toolbar
[2011.01.01 15:45:24 | 000,001,771 | ---- | M] () -- C:\Users\Alnop\AppData\Roaming\Mozilla\Firefox\Profiles\2ivawqiy.default\searchplugins\bing.xml
[2011.02.28 19:52:01 | 000,002,055 | ---- | M] () -- C:\Users\Alnop\AppData\Roaming\Mozilla\Firefox\Profiles\2ivawqiy.default\searchplugins\daemon-search.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Alnop\AppData\Roaming\Mozilla\Firefox\Profiles\2ivawqiy.default\searchplugins\icqplugin.xml
[2011.01.01 15:45:24 | 000,001,357 | ---- | M] () -- C:\Users\Alnop\AppData\Roaming\Mozilla\Firefox\Profiles\2ivawqiy.default\searchplugins\kikin-search.xml
[2011.03.05 01:38:45 | 000,001,583 | ---- | M] () -- C:\Users\Alnop\AppData\Roaming\Mozilla\Firefox\Profiles\2ivawqiy.default\searchplugins\web-search.xml
[2011.01.01 15:45:24 | 000,002,854 | ---- | M] () -- C:\Users\Alnop\AppData\Roaming\Mozilla\Firefox\Profiles\2ivawqiy.default\searchplugins\world-of-warcraft-arsenal.xml
[2010.12.10 20:27:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.09.25 07:16:19 | 000,000,000 | ---D | M] (Yummy Games Player) -- C:\Program Files\mozilla firefox\extensions\YPlayer@yummy.net
[2011.04.16 17:33:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.16 17:33:31 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.16 17:33:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.04.16 17:33:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.16 17:33:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.11 11:38:33 | 000,429,948 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    007guard.com - 007guard and Free Antivirus
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    Avast | Cash Advance | Debt Consolidation | Insurance | Free Credit Report at 0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 127.0.0.1    123fporn.info
O1 - Hosts: 14798 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Idea2 SidebarBrowserMonitor Class) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Graphic Driver] C:\Users\Alnop\AppData\Roaming\0IhFWI82aQbz.exe ()
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Desktop Sidebar\dsidebar.exe (Idea2)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alnop\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra 'Tools' menuitem : Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O27 - HKLM IFEO\AcroRd32.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\skype.exe: Debugger - "C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7e0bbeaa-29d5-11df-ba08-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7e0bbeaa-29d5-11df-ba08-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{ee1eb885-2941-11df-9260-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ee1eb885-2941-11df-9260-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsvx.exe /sync) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsx.exe /sync /restart) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.20 14:04:01 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Alnop\Desktop\OTL.exe
[2011.06.17 14:32:44 | 000,000,000 | ---D | C] -- C:\Users\Alnop\Documents\Duke Nukem Forever
[2011.06.17 12:31:33 | 000,000,000 | ---D | C] -- C:\Users\Alnop\Desktop\SC-1.15.2-enGB
[2011.06.16 23:23:25 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.06.16 23:22:49 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011.06.16 23:22:49 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.06.16 23:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2011.06.16 23:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011
[2011.06.15 19:30:08 | 000,000,000 | ---D | C] -- C:\Users\Alnop\AppData\Roaming\vlc
[2011.06.15 19:25:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.06.07 08:25:15 | 000,000,000 | ---D | C] -- C:\Users\Alnop\AppData\Local\{5CE28D40-3DAD-4EA0-BB4A-475E157519C2}
[2011.06.07 05:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ6Toolbar
[2011.06.07 05:05:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5
[2011.06.07 05:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2011.06.07 05:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.5
[2011.05.29 05:50:36 | 000,000,000 | ---D | C] -- C:\temp
[2011.05.27 07:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011.05.27 04:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Black
[2011.05.22 15:31:09 | 000,000,000 | ---D | C] -- C:\Windows\PixArt
[2011.05.21 20:44:25 | 000,000,000 | ---D | C] -- C:\Users\Alnop\AppData\Roaming\TheWorld
[2011.05.21 16:07:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2011.05.21 15:25:55 | 000,000,000 | ---D | C] -- C:\Users\Alnop\AppData\Roaming\The First Templar
[2011.05.21 15:21:11 | 000,000,000 | ---D | C] -- C:\Users\Alnop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kalypso Media
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.20 14:06:41 | 002,577,920 | ---- | M] () -- C:\Windows\System32\kscpsvc.exe
[2011.06.20 14:04:01 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Alnop\Desktop\OTL.exe
[2011.06.20 14:00:26 | 000,000,000 | ---- | M] () -- C:\Users\Alnop\AppData\Local\prvlcl.dat
[2011.06.20 13:52:56 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3504907097-3767979923-387567469-1001UA.job
[2011.06.20 13:51:50 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.20 13:51:50 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.20 13:43:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.20 12:59:34 | 119,248,602 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011.06.18 22:33:29 | 000,698,006 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.18 22:33:29 | 000,651,988 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.18 22:33:29 | 000,148,062 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.18 22:33:29 | 000,120,920 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.18 22:31:31 | 000,174,496 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011.06.17 18:51:02 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3504907097-3767979923-387567469-1001Core.job
[2011.06.17 18:39:42 | 000,654,876 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011.06.16 23:22:36 | 000,002,140 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2011.06.16 17:26:31 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\Firstload.lnk
[2011.06.04 03:14:08 | 730,322,944 | ---- | M] () -- C:\Users\Alnop\Desktop\cis-priest.r5_xvid.avi
[2011.05.23 17:45:06 | 002,154,496 | RHS- | M] () -- C:\Users\Alnop\AppData\Roaming\0IhFWI82aQbz.exe
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.16 23:22:36 | 000,002,140 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2011.06.16 23:22:32 | 000,002,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk
[2011.06.05 00:49:05 | 730,322,944 | ---- | C] () -- C:\Users\Alnop\Desktop\cis-priest.r5_xvid.avi
[2011.05.29 05:39:15 | 002,154,496 | RHS- | C] () -- C:\Users\Alnop\AppData\Roaming\0IhFWI82aQbz.exe
[2011.05.27 03:56:03 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.05.27 03:56:03 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.05.22 15:31:25 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PAStiSvc.exe
[2011.05.19 08:42:22 | 002,577,920 | ---- | C] () -- C:\Windows\System32\kscpsvc.exe
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.12 14:02:22 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.03.12 14:01:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.03.05 05:00:55 | 000,000,384 | ---- | C] () -- C:\Windows\{27018D57-D152-44EF-BCE0-5E3B3445EABE}_WiseFW.ini
[2011.01.13 07:45:12 | 000,020,480 | ---- | C] () -- C:\Windows\System32\H@tKeysH@@k.DLL
[2011.01.01 16:28:58 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.12.05 18:35:58 | 000,022,328 | ---- | C] () -- C:\Users\Alnop\AppData\Roaming\PnkBstrK.sys
[2010.10.15 14:09:47 | 000,000,760 | ---- | C] () -- C:\Users\Alnop\AppData\Roaming\setup_ldm.iss
[2010.10.09 01:35:25 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.07.19 14:41:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2010.06.17 18:40:52 | 000,057,904 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2010.06.08 19:06:44 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.05.18 20:17:40 | 000,000,013 | ---- | C] () -- C:\Windows\7smp1_0.dll
[2010.05.16 06:46:48 | 000,088,280 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.05.15 17:31:43 | 000,000,000 | ---- | C] () -- C:\Users\Alnop\AppData\Local\prvlcl.dat
[2010.04.26 16:12:07 | 000,005,632 | ---- | C] () -- C:\Users\Alnop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.27 17:45:12 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.03.27 17:45:07 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.03.25 23:48:35 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2010.03.12 11:25:00 | 000,544,768 | ---- | C] () -- C:\Windows\System32\Cmeaupci.exe
[2010.03.12 11:25:00 | 000,000,082 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2010.03.12 11:24:23 | 000,299,008 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2010.03.12 11:24:23 | 000,002,641 | ---- | C] () -- C:\Windows\cmudax3.ini
[2010.03.12 11:24:23 | 000,002,123 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2010.03.12 11:24:23 | 000,000,214 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2010.03.07 03:35:10 | 000,007,592 | ---- | C] () -- C:\Users\Alnop\AppData\Local\resmon.resmoncfg
[2010.03.06 22:13:28 | 000,200,704 | ---- | C] () -- C:\Windows\sel3110.exe
[2010.03.06 22:13:28 | 000,040,960 | ---- | C] () -- C:\Windows\CleanDev.exe
[2010.03.06 22:13:28 | 000,032,528 | ---- | C] () -- C:\Windows\amcap.exe
[2010.03.06 19:33:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.14 10:47:43 | 000,698,006 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,148,062 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,265,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,651,988 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,120,920 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.13 02:07:46 | 000,025,448 | ---- | C] () -- C:\Windows\System32\drivers\uxpatch.sys
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.12.02 05:48:42 | 000,078,336 | ---- | C] () -- C:\Windows\bcdedit.exe
 
========== LOP Check ==========
 
[2010.09.23 20:07:08 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\27BB2C556FAC6D11472349291965742D
[2010.07.23 02:37:34 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\AlcaTech
[2011.03.25 02:12:33 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\AVG
[2011.03.12 00:55:25 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\AVG10
[2011.02.04 04:51:19 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Azureus
[2011.03.19 02:49:54 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\bizarre creations
[2010.07.26 03:43:43 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Command and Conquer 4
[2010.03.28 01:39:52 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\DAEMON Tools Lite
[2011.06.19 17:16:34 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Desktop Sidebar
[2011.02.24 00:24:20 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Digital Red
[2010.10.15 17:42:15 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\DVDVideoSoft
[2011.03.24 19:28:50 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.18 02:38:22 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Firstload
[2011.05.09 03:29:05 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\GetRightToGo
[2010.04.29 06:17:21 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\GMX
[2011.06.18 23:52:08 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\ICQ
[2011.01.01 15:45:45 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\ICQ-Tools.de
[2011.02.26 18:48:42 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Kalypso Media
[2010.08.29 21:57:20 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Leadertech
[2011.05.20 16:44:24 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Lionhead Studios
[2010.05.12 20:28:56 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\LolClient
[2010.03.08 00:41:43 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010.09.29 01:49:52 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\ManyCam
[2011.02.14 11:30:22 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\My Games
[2010.12.22 04:56:43 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\OCS
[2010.12.22 04:56:47 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Opera
[2010.08.01 07:32:10 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Process Hacker 2
[2010.07.10 13:29:04 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Publish Providers
[2011.05.13 13:10:43 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\PunkBuster
[2010.09.25 07:44:03 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Raptr
[2011.04.09 19:16:58 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Recorder
[2011.02.17 01:20:00 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Red Alert 3
[2010.07.26 06:39:52 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\runic games
[2011.03.22 21:29:28 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\SEGA Corporation
[2010.08.12 03:56:05 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Similarity
[2010.08.23 19:00:47 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Software Hildner
[2010.07.10 13:28:59 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Sony
[2010.03.26 15:38:19 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\temp
[2011.03.23 21:20:32 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\The Creative Assembly
[2011.05.21 15:50:04 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\The First Templar
[2011.05.21 20:44:25 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\TheWorld
[2011.06.17 16:19:47 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\TS3Client
[2010.11.24 20:00:21 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\TuneUp Software
[2010.07.20 04:27:34 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Tunngle
[2011.02.24 20:00:51 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Ubisoft
[2011.05.08 21:28:29 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\UseNeXT
[2010.10.27 14:31:43 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\WebMoney
[2011.04.23 22:20:14 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:CE2C623F
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
 
< End of report >

--- --- ---

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 20.06.2011 14:04:27 - Run 1
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\Alnop\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 54,47% Memory free
6,00 Gb Paging File | 4,50 Gb Available in Paging File | 75,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 27,95 Gb Free Space | 18,75% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 411,05 Gb Free Space | 44,13% Space Free | Partition Type: NTFS
 
Computer Name: HURE | User Name: Alnop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant *S-1-5-32-544:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{13C64D80-2447-4509-B98D-614CAF6A9D42}" = Damnation
"{1487C7D1-AFBC-6EA4-AD70-45AAC049DA74}" = Civilization IV
"{14C36646-83C8-430E-92B3-16F998BDB4E0}" = Activision(R)
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210160CD-F27D-469F-9982-41E900F6820E}" = Warhammer® Mark of Chaos
"{23DA4222-E517-42B3-8F97-9CFD49E2A732}" = AVG 2011
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{27018D57-D152-44EF-BCE0-5E3B3445EABE}" = X-Blades
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{442D5880-05B4-4DC8-A038-2EDA79FAE601}" = Warhammer Mark of Chaos Patch 1.72
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000028702}" = Grand Theft Auto: Episodes from Liberty City
"{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Activision(R)
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{628C3D50-F524-4C49-A958-672CE7953756}" = Der Herr der Ringe® - Die Eroberung™
"{66045325-25FA-41AF-A13B-3928B59EAA1E}_is1" = Dr Kawashima
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6FCFA783-CE7B-4018-AC48-0E6EEAAEA322}" = LOST PLANET COLONIES
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{79A65475-2F7F-491C-BF2F-8D5C0AF0775C}" = DUNGEONS
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E8242F8-BD2A-44D7-BCED-9B231A02B367}" = SpellForce 2 Patch
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{91D2C605-AD2B-44C8-A0A1-9B116B3C91CB}" = AVG 2011
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A66C4716-7E10-4A53-8101-00C3C11D6A9C}" = Kane and Lynch: Dead Men
"{A92D7264-1A13-45BE-B769-88445DD04FD6}" = Desktop Sidebar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3D87264-EAC9-4DE8-8D0E-E758CA1413A0}_is1" = Disciples III
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{BE98A2FE-F4DE-4083-BCB1-7E9E63A11E6E}" = Space Siege
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3C697E8-9183-4088-994C-2662166830BC}" = Damnation
"{CCE4507E-7D40-4AEB-84FC-A63C35666A94}" = KalOnline
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}" = Alpha Protocol
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™
"{EAEAAF8C-8E86-4CAC-AC08-1A33EDCA34AC}" = Prince of Persia The Forgotten Sands™
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ASSP_is1" = All Star Strip Poker Girls at Work
"AVG" = AVG 2011
"Badaboom" = Badaboom 1.2.0.87
"Battle vs. Chess_is1" = Battle vs. Chess
"Brink_is1" = Brink
"Casebook Trilogy" = Casebook Trilogy 1.7
"Cities XL 2011" = Cities XL 2011
"C-Media PCI Audio Driver" = C-Media PCI Audio Device
"Cross Fire_is1" = Cross Fire En
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Deep Black_is1" = Deep Black
"Diablo II" = Diablo II
"Digsby" = Digsby
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"D-Link VGA Webcam" = D-Link VGA Webcam
"EAX(tm) Unified (SHELL)" = EAX(tm) Unified (SHELL)
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"Fallout New Vegas_is1" = Fallout New Vegas
"Fiesta Online(EU_German)" = Fiesta Online(EU_German) 1.03.008
"Firstload" = Firstload
"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09
"FUSSBALL MANAGER 11" = FUSSBALL MANAGER 11
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"GFWL_{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"GMX SMS-Manager" = GMX SMS-Manager
"ICQToolbar" = ICQ Toolbar
"InstallShield_{14C36646-83C8-430E-92B3-16F998BDB4E0}" = Spider-Man(TM) - Dimensions
"InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Blur(TM)
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"Just Cause 2_is1" = Just Cause 2
"Kings Bounty The Legend_is1" = Kings Bounty The Legend de
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"Luxor Amun Rising Deluxe" = Luxor Amun Rising Deluxe (entfernen)
"Magicka_is1" = Magicka
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"OVERNEXT_is1" = OVERNEXT 1.0.32
"Postal 2_is1" = Portal 2
"Sniper Ghost Warrior_is1" = Sniper Ghost Warrior
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes
"Steam App 17520" = Synergy
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 30" = Day of Defeat
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 40" = Deathmatch Classic
"Steam App 500" = Left 4 Dead
"Steam App 60" = Ricochet
"Steam App 80" = Counter-Strike: Condition Zero
"STORM: Frontline Nation (c) Colossai Studio_is1" = STORM: Frontline Nation (c) Colossai Studio version 1
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Two Worlds II" = Two Worlds II
"Uninstall_is1" = Uninstall 1.0.0.1
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 1.1.10
"Vtune_is1" = Vtune 7.6
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Zombie Driver" = Zombie Driver 1.0.3
"Zuma Deluxe" = Zuma Deluxe (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"NCsoft-Aion" = Aion (North America)
"The First Templar" = The First Templar 1.00
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

kann mir bitte wer helfen ich dreh noch durch -.-

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:16 on 20/06/2011 (Alnop)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU

AEMON Tools Lite -> Removed

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)

-=E.O.F=-

bitte kann mir wer helfen =( ich versuch alles mögliche ihn aus der reg key oder system32 zu löschen er erstellt sich einfach 100 mal wieder überall neu Mein AVG dreht schond urch und popupt nun schon fats alle 10 sekunden . und dann hat er sich schon gleich wieder neu erstellt... hab nun bestimmt 10 verschiedene scanner durchlaufen lassen und keiner kann ihn entfernen ... ich dreh bald ab =((

kommt schonb itte... bin seit 2007 hier und hatte noch nie probleme mit eurem support ging immer schnell

aber grad wos wichtig is is keiner da

cosinus · 21.06.2011, 11:06

Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

MC-Lenz · 21.06.2011, 15:24

Malwarebytes' Anti-Malware 1.51.0.1200
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6909

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

21.06.2011 16:25:15
mbam-log-2011-06-21 (16-25-15).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 176393
Laufzeit: 4 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sshnas21_RASAPI32 (Worm.KoobFace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\sshnas21_RASMANCS (Worm.KoobFace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Graphic Driver (Trojan.MSIL.ND3) -> Value: Graphic Driver -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Alnop\AppData\Roaming\0ihfwi82aqbz.exe (Trojan.MSIL.ND3) -> Quarantined and deleted successfully.
c:\Windows\System32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Habe sie entfernen lassen mit dem programm . Muss nun neu starten

MC-Lenz · 21.06.2011, 15:49

is immer noch da

cosinus · 21.06.2011, 15:52

Zitat:

Art des Suchlaufs: Quick-Scan

Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!

MC-Lenz · 21.06.2011, 15:53

ok voll scann im lauf ! Ich hab den trojaner nun gestartet und avg ausgemacht es nervt alle 10 sekunden das fenster zu schliesne -.-

MC-Lenz · 21.06.2011, 18:24

mensch ich hab fast 2 terabit festplatte der l#äuft seit 3 stunden ^^ wie lange noch :>?

MC-Lenz · 21.06.2011, 18:27

Malwarebytes' Anti-Malware 1.51.0.1200
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6909

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

21.06.2011 19:28:10
mbam-log-2011-06-21 (19-28-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 363882
Laufzeit: 2 Stunde(n), 39 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\system volume information\_restore{484121d9-d0bb-493b-8a4c-72c4bb062f9c}\RP23\A0002710.nfo (Backdoor.Agent.H) -> Quarantined and deleted successfully.
c:\program files\alcohol soft\alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Quarantined and deleted successfully.

cosinus · 21.06.2011, 21:56

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

MC-Lenz · 21.06.2011, 22:26

ok sekunde

MC-Lenz · 21.06.2011, 22:39

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 21.06.2011 23:26:53 - Run 2
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\Alnop\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 48,13% Memory free
6,00 Gb Paging File | 4,24 Gb Available in Paging File | 70,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 27,49 Gb Free Space | 18,45% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 417,17 Gb Free Space | 44,78% Space Free | Partition Type: NTFS
 
Computer Name: HURE | User Name: Alnop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.06.21 23:25:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Alnop\Desktop\OTL.exe
PRC - [2011.06.21 22:29:21 | 002,577,920 | ---- | M] () -- C:\Windows\System32\kscpsvc.exe
PRC - [2011.06.06 17:16:20 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011.06.06 17:14:42 | 001,524,544 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.05.19 08:42:20 | 004,265,472 | ---- | M] (SDU) -- C:\Program Files\SDUProtect\sdupsvc.exe
PRC - [2011.04.18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011.04.18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011.04.14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011.03.28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011.03.16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011.03.16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~2\AVG\AVG10\avgchsvx.exe
PRC - [2011.03.09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
PRC - [2011.02.09 05:35:14 | 001,265,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgsrmax.exe
PRC - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011.02.08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~2\AVG\AVG10\avgrsx.exe
PRC - [2011.02.08 05:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010.08.03 11:05:54 | 000,358,472 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2010.08.03 11:03:46 | 003,649,096 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2010.08.03 10:43:18 | 001,809,992 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
PRC - [2010.08.03 10:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2010.08.03 10:42:42 | 000,676,424 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
PRC - [2009.10.05 19:05:12 | 002,158,592 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2006.07.09 22:58:00 | 001,777,664 | ---- | M] (Idea2) -- C:\Program Files\Desktop Sidebar\dsidebar.exe
PRC - [2005.01.14 16:32:38 | 000,053,248 | ---- | M] () -- C:\Windows\System32\PAStiSvc.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.06.21 23:25:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Alnop\Desktop\OTL.exe
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (gupdate) Google Update Service (gupdate)
SRV - File not found [On_Demand | Stopped] --  -- (DAUpdaterSvc)
SRV - [2011.06.21 21:57:03 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.06.06 17:14:42 | 001,524,544 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.06.06 17:12:18 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.05.19 08:42:20 | 004,265,472 | ---- | M] (SDU) [Auto | Running] -- C:\Program Files\SDUProtect\sdupsvc.exe -- (sdupsvc)
SRV - [2011.04.18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.03.18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011.03.09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.03.06 20:32:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2005.01.14 16:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PAStiSvc.exe -- (STI Simulator)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.04.14 21:28:30 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.04.05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.03.16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.03.01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.02.24 19:59:07 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.02.24 19:59:07 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.02.22 08:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.02.10 11:22:58 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.02.10 07:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.02.10 07:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011.01.07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010.12.13 15:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010.11.20 14:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2010.11.20 14:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2010.11.20 12:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.08.12 13:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010.07.12 05:34:02 | 000,054,112 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010.07.10 06:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.06.19 00:41:25 | 000,002,996 | ---- | M] (Buzz) [Kernel | System | Running] -- C:\Windows\System32\drivers\hwinterface.sys -- (hwinterface)
DRV - [2010.03.27 20:09:15 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.01.07 03:20:22 | 000,375,808 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2009.11.23 17:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009.11.23 17:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.06.17 18:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009.05.19 17:22:43 | 001,872,192 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2007.04.11 15:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007.04.11 15:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007.03.16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2006.03.26 14:22:14 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006.03.13 11:38:23 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.10.18 18:48:38 | 000,154,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PA707UCM.SYS -- (PAC7311)
DRV - [2003.12.24 12:43:42 | 000,256,512 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mrv8k51.sys -- (W8100PCI)
DRV - [2003.10.15 19:52:50 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ov519vid.sys -- (ovt519)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 59 E2 05 76 D7 CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.011.025.001
FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4
FF - prefs.js..keyword.URL: "hxxp://search.avg.com/route/?d=4d7aa835&v=6.011.025.001&i=26&tp=ab&iy=&ychte=de&lng=de&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011.05.06 14:38:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011.05.10 21:36:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.16 17:33:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.02 11:20:28 | 000,000,000 | ---D | M]
 
[2010.03.06 19:33:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alnop\AppData\Roaming\mozilla\Extensions
[2011.06.07 05:04:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alnop\AppData\Roaming\mozilla\Firefox\Profiles\2ivawqiy.default\extensions
[2011.06.07 05:04:58 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Alnop\AppData\Roaming\mozilla\Firefox\Profiles\2ivawqiy.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.10.15 17:46:22 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Alnop\AppData\Roaming\mozilla\Firefox\Profiles\2ivawqiy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.03.24 19:28:50 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Alnop\AppData\Roaming\mozilla\Firefox\Profiles\2ivawqiy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.22 03:15:47 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\Alnop\AppData\Roaming\mozilla\Firefox\Profiles\2ivawqiy.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
[2011.03.25 02:05:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alnop\AppData\Roaming\mozilla\Firefox\Profiles\2ivawqiy.default\extensions\ffxtlbr@Facemoods.com
[2011.04.16 17:37:54 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Alnop\AppData\Roaming\mozilla\Firefox\Profiles\2ivawqiy.default\extensions\vshare@toolbar
[2011.01.01 15:45:24 | 000,001,771 | ---- | M] () -- C:\Users\Alnop\AppData\Roaming\Mozilla\Firefox\Profiles\2ivawqiy.default\searchplugins\bing.xml
[2011.02.28 19:52:01 | 000,002,055 | ---- | M] () -- C:\Users\Alnop\AppData\Roaming\Mozilla\Firefox\Profiles\2ivawqiy.default\searchplugins\daemon-search.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Alnop\AppData\Roaming\Mozilla\Firefox\Profiles\2ivawqiy.default\searchplugins\icqplugin.xml
[2011.01.01 15:45:24 | 000,001,357 | ---- | M] () -- C:\Users\Alnop\AppData\Roaming\Mozilla\Firefox\Profiles\2ivawqiy.default\searchplugins\kikin-search.xml
[2011.03.05 01:38:45 | 000,001,583 | ---- | M] () -- C:\Users\Alnop\AppData\Roaming\Mozilla\Firefox\Profiles\2ivawqiy.default\searchplugins\web-search.xml
[2011.01.01 15:45:24 | 000,002,854 | ---- | M] () -- C:\Users\Alnop\AppData\Roaming\Mozilla\Firefox\Profiles\2ivawqiy.default\searchplugins\world-of-warcraft-arsenal.xml
[2010.12.10 20:27:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.09.25 07:16:19 | 000,000,000 | ---D | M] (Yummy Games Player) -- C:\Program Files\mozilla firefox\extensions\YPlayer@yummy.net
[2011.04.16 17:33:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.16 17:33:31 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.16 17:33:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.04.16 17:33:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.16 17:33:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.11 11:38:33 | 000,429,948 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	007guard.com - 007guard and Free Antivirus
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	Avast | Cash Advance | Debt Consolidation | Insurance | Free Credit Report at 0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 14798 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Idea2 SidebarBrowserMonitor Class) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Desktop Sidebar\dsidebar.exe (Idea2)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alnop\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra 'Tools' menuitem : Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (Idea2)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7e0bbeaa-29d5-11df-ba08-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7e0bbeaa-29d5-11df-ba08-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{ee1eb885-2941-11df-9260-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ee1eb885-2941-11df-9260-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsvx.exe /sync) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsx.exe /sync /restart) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Stardock MyColors.lnk -  - File not found
MsConfig - StartUpFolder: C:^Users^Alnop^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ICQ-Tools.de Launcher.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= -  File not found
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: GMX SMS-Manager - hkey= - key= -  File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Alnop\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: LifeCam - hkey= - key= -  File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: Ocs_SM - hkey= - key= - C:\Users\Alnop\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
MsConfig - StartUpReg: Realtime Audio Engine - hkey= - key= -  File not found
MsConfig - StartUpReg: TrojanScanner - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.21 23:25:38 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Alnop\Desktop\OTL.exe
[2011.06.21 20:47:10 | 000,000,000 | ---D | C] -- C:\Users\Alnop\Desktop\KalOnline
[2011.06.21 16:15:07 | 000,000,000 | ---D | C] -- C:\Users\Alnop\AppData\Roaming\Malwarebytes
[2011.06.21 16:15:02 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.21 16:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.21 16:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.21 16:14:59 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.06.21 16:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.06.20 20:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2011.06.20 17:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft
[2011.06.17 14:32:44 | 000,000,000 | ---D | C] -- C:\Users\Alnop\Documents\Duke Nukem Forever
[2011.06.16 23:23:25 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.06.16 23:22:49 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011.06.16 23:22:49 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.06.16 23:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2011.06.16 23:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2011
[2011.06.15 19:30:08 | 000,000,000 | ---D | C] -- C:\Users\Alnop\AppData\Roaming\vlc
[2011.06.15 19:25:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.06.07 08:25:15 | 000,000,000 | ---D | C] -- C:\Users\Alnop\AppData\Local\{5CE28D40-3DAD-4EA0-BB4A-475E157519C2}
[2011.06.07 05:05:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5
[2011.06.07 05:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2011.06.07 05:04:09 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.5
[2011.05.29 05:50:36 | 000,000,000 | ---D | C] -- C:\temp
[2011.05.27 07:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011.05.27 04:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Black
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.21 23:25:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Alnop\Desktop\OTL.exe
[2011.06.21 22:51:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3504907097-3767979923-387567469-1001UA.job
[2011.06.21 22:29:21 | 002,577,920 | ---- | M] () -- C:\Windows\System32\kscpsvc.exe
[2011.06.21 22:19:16 | 000,000,000 | ---- | M] () -- C:\Users\Alnop\AppData\Local\prvlcl.dat
[2011.06.21 19:39:21 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.21 19:39:21 | 000,013,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.21 19:31:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.21 18:51:01 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3504907097-3767979923-387567469-1001Core.job
[2011.06.21 18:22:58 | 000,174,464 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011.06.21 16:39:36 | 000,000,543 | ---- | M] () -- C:\Windows\NGO.cer
[2011.06.21 16:15:47 | 119,334,329 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011.06.21 16:15:03 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.20 19:16:20 | 000,000,176 | ---- | M] () -- C:\Users\Alnop\defogger_reenable
[2011.06.20 18:43:26 | 000,655,012 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011.06.18 22:33:29 | 000,698,006 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.18 22:33:29 | 000,651,988 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.18 22:33:29 | 000,148,062 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.18 22:33:29 | 000,120,920 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.16 23:22:36 | 000,002,140 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2011.06.16 17:26:31 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\Firstload.lnk
[2011.06.06 17:17:00 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.06.06 17:12:24 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.06.06 17:12:18 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011.06.04 03:14:08 | 730,322,944 | ---- | M] () -- C:\Users\Alnop\Desktop\cis-priest.r5_xvid.avi
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.21 19:31:49 | 002,577,920 | ---- | C] () -- C:\Windows\System32\kscpsvc.exe
[2011.06.21 16:39:36 | 000,000,543 | ---- | C] () -- C:\Windows\NGO.cer
[2011.06.21 16:15:03 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.20 19:16:04 | 000,000,176 | ---- | C] () -- C:\Users\Alnop\defogger_reenable
[2011.06.16 23:22:36 | 000,002,140 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2011.06.16 23:22:32 | 000,002,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk
[2011.06.05 00:49:05 | 730,322,944 | ---- | C] () -- C:\Users\Alnop\Desktop\cis-priest.r5_xvid.avi
[2011.05.27 03:56:03 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.05.27 03:56:03 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.05.22 15:31:25 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PAStiSvc.exe
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.12 14:02:22 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.03.12 14:01:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.03.05 05:00:55 | 000,000,384 | ---- | C] () -- C:\Windows\{27018D57-D152-44EF-BCE0-5E3B3445EABE}_WiseFW.ini
[2011.01.01 16:28:58 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.12.05 18:35:58 | 000,022,328 | ---- | C] () -- C:\Users\Alnop\AppData\Roaming\PnkBstrK.sys
[2010.10.15 14:09:47 | 000,000,760 | ---- | C] () -- C:\Users\Alnop\AppData\Roaming\setup_ldm.iss
[2010.10.09 01:35:25 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.07.19 14:41:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2010.06.17 18:40:52 | 000,057,904 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2010.06.08 19:06:44 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.05.18 20:17:40 | 000,000,013 | ---- | C] () -- C:\Windows\7smp1_0.dll
[2010.05.16 06:46:48 | 000,088,280 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.05.15 17:31:43 | 000,000,000 | ---- | C] () -- C:\Users\Alnop\AppData\Local\prvlcl.dat
[2010.04.26 16:12:07 | 000,005,632 | ---- | C] () -- C:\Users\Alnop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.27 17:45:12 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.03.27 17:45:07 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.03.25 23:48:35 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2010.03.12 11:25:00 | 000,544,768 | ---- | C] () -- C:\Windows\System32\Cmeaupci.exe
[2010.03.12 11:25:00 | 000,000,082 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2010.03.12 11:24:23 | 000,299,008 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2010.03.12 11:24:23 | 000,002,641 | ---- | C] () -- C:\Windows\cmudax3.ini
[2010.03.12 11:24:23 | 000,002,123 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2010.03.12 11:24:23 | 000,000,214 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2010.03.07 03:35:10 | 000,007,592 | ---- | C] () -- C:\Users\Alnop\AppData\Local\resmon.resmoncfg
[2010.03.06 22:13:28 | 000,200,704 | ---- | C] () -- C:\Windows\sel3110.exe
[2010.03.06 22:13:28 | 000,040,960 | ---- | C] () -- C:\Windows\CleanDev.exe
[2010.03.06 22:13:28 | 000,032,528 | ---- | C] () -- C:\Windows\amcap.exe
[2010.03.06 19:33:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.14 10:47:43 | 000,698,006 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,148,062 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,265,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,651,988 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,120,920 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010.09.23 20:07:08 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\27BB2C556FAC6D11472349291965742D
[2010.07.23 02:37:34 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\AlcaTech
[2011.03.25 02:12:33 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\AVG
[2011.03.12 00:55:25 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\AVG10
[2011.02.04 04:51:19 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Azureus
[2010.07.26 03:43:43 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Command and Conquer 4
[2010.03.28 01:39:52 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\DAEMON Tools Lite
[2011.06.21 19:29:13 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Desktop Sidebar
[2011.02.24 00:24:20 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Digital Red
[2010.10.15 17:42:15 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\DVDVideoSoft
[2011.03.24 19:28:50 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.21 21:59:59 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Firstload
[2011.05.09 03:29:05 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\GetRightToGo
[2010.04.29 06:17:21 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\GMX
[2011.06.21 16:48:07 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\ICQ
[2011.01.01 15:45:45 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\ICQ-Tools.de
[2011.02.26 18:48:42 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Kalypso Media
[2010.08.29 21:57:20 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Leadertech
[2011.05.20 16:44:24 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Lionhead Studios
[2010.05.12 20:28:56 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\LolClient
[2010.03.08 00:41:43 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010.09.29 01:49:52 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\ManyCam
[2011.02.14 11:30:22 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\My Games
[2010.12.22 04:56:43 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\OCS
[2010.12.22 04:56:47 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Opera
[2010.08.01 07:32:10 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Process Hacker 2
[2010.07.10 13:29:04 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Publish Providers
[2011.05.13 13:10:43 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\PunkBuster
[2010.09.25 07:44:03 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Raptr
[2011.04.09 19:16:58 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Recorder
[2011.02.17 01:20:00 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Red Alert 3
[2010.07.26 06:39:52 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\runic games
[2011.03.22 21:29:28 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\SEGA Corporation
[2010.08.12 03:56:05 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Similarity
[2010.08.23 19:00:47 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Software Hildner
[2010.07.10 13:28:59 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Sony
[2010.03.26 15:38:19 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\temp
[2011.03.23 21:20:32 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\The Creative Assembly
[2011.05.21 15:50:04 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\The First Templar
[2011.05.21 20:44:25 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\TheWorld
[2011.06.17 16:19:47 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\TS3Client
[2010.11.24 20:00:21 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\TuneUp Software
[2010.07.20 04:27:34 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Tunngle
[2011.02.24 20:00:51 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Ubisoft
[2010.10.27 14:31:43 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\WebMoney
[2011.04.23 22:20:14 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.09.23 20:07:08 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\27BB2C556FAC6D11472349291965742D
[2010.08.19 15:02:01 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Adobe
[2011.05.25 12:30:32 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Adobe Systems
[2010.07.23 02:37:34 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\AlcaTech
[2010.10.15 16:55:30 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Apple Computer
[2011.03.25 02:12:33 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\AVG
[2011.03.12 00:55:25 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\AVG10
[2011.02.04 04:51:19 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Azureus
[2010.07.26 03:43:43 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Command and Conquer 4
[2010.03.28 01:39:52 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\DAEMON Tools Lite
[2011.06.21 19:29:13 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Desktop Sidebar
[2011.02.24 00:24:20 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Digital Red
[2010.05.14 09:25:08 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Digsby
[2010.04.03 02:41:44 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\DivX
[2011.02.03 16:18:02 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\dvdcss
[2010.10.15 17:42:15 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\DVDVideoSoft
[2011.03.24 19:28:50 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.21 21:59:59 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Firstload
[2011.05.09 03:29:05 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\GetRightToGo
[2010.04.29 06:17:21 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\GMX
[2011.04.09 19:05:38 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Help
[2011.06.21 16:48:07 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\ICQ
[2011.01.01 15:45:45 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\ICQ-Tools.de
[2010.03.06 19:19:08 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Identities
[2010.09.22 06:15:11 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\InstallShield
[2011.02.26 18:48:42 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Kalypso Media
[2010.08.29 21:57:20 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Leadertech
[2011.05.20 16:44:24 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Lionhead Studios
[2010.05.12 20:28:56 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\LolClient
[2010.03.08 00:41:43 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010.03.06 20:27:09 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Macromedia
[2011.06.21 16:15:07 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Malwarebytes
[2010.09.29 01:49:52 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\ManyCam
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Media Center Programs
[2011.03.12 00:43:05 | 000,000,000 | --SD | M] -- C:\Users\Alnop\AppData\Roaming\Microsoft
[2010.03.06 19:33:09 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Mozilla
[2011.02.14 11:30:22 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\My Games
[2010.04.10 14:01:22 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\NVIDIA
[2010.12.22 04:56:43 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\OCS
[2010.12.22 04:56:47 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Opera
[2010.08.01 07:32:10 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Process Hacker 2
[2010.07.10 13:29:04 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Publish Providers
[2011.05.13 13:10:43 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\PunkBuster
[2010.09.25 07:44:03 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Raptr
[2010.08.12 03:21:48 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Reallusion
[2011.04.09 19:16:58 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Recorder
[2011.02.17 01:20:00 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Red Alert 3
[2010.07.26 06:39:52 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\runic games
[2010.03.25 20:22:57 | 000,000,000 | RH-D | M] -- C:\Users\Alnop\AppData\Roaming\SecuROM
[2011.03.22 21:29:28 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\SEGA Corporation
[2010.08.12 03:56:05 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Similarity
[2011.06.16 13:19:46 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Skype
[2011.06.16 12:41:37 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\skypePM
[2010.08.23 19:00:47 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Software Hildner
[2010.07.10 13:28:59 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Sony
[2011.04.06 03:12:35 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\teamspeak2
[2010.03.26 15:38:19 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\temp
[2011.03.23 21:20:32 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\The Creative Assembly
[2011.05.21 15:50:04 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\The First Templar
[2011.05.21 20:44:25 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\TheWorld
[2011.06.17 16:19:47 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\TS3Client
[2010.11.24 20:00:21 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\TuneUp Software
[2010.07.20 04:27:34 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Tunngle
[2011.02.24 20:00:51 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Ubisoft
[2010.05.06 23:22:40 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Ventrilo
[2011.06.15 19:30:13 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\vlc
[2010.10.27 14:31:43 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\WebMoney
[2011.05.29 06:08:20 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\Winamp
[2010.03.06 23:00:28 | 000,000,000 | ---D | M] -- C:\Users\Alnop\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.09.25 07:42:17 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Alnop\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2011.02.24 11:10:47 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Alnop\AppData\Roaming\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\NewShortcut1_1A4E47DC67014A85AA16C1F99A44598C.exe
[2011.02.24 11:10:47 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Alnop\AppData\Roaming\Microsoft\Installer\{1A4E47DC-6701-4A85-AA16-C1F99A44598C}\NewShortcut5_1A4E47DC67014A85AA16C1F99A44598C.exe
[2011.03.23 01:31:18 | 000,010,134 | R--- | M] () -- C:\Users\Alnop\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011.06.21 22:45:53 | 002,209,528 | ---- | M] (Phoenix Studio) -- C:\Users\Alnop\AppData\Roaming\Microsoft\Windows\Templates\The_World.exe
[2010.12.25 15:37:07 | 000,106,496 | ---- | M] (OCS) -- C:\Users\Alnop\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2010.12.25 15:37:07 | 000,040,960 | ---- | M] () -- C:\Users\Alnop\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
[2011.02.24 17:07:45 | 000,835,440 | R--- | M] () -- C:\Users\Alnop\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:CE2C623F
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

--- --- ---

MC-Lenz · 21.06.2011, 22:40

sorry er postet irgendwie immer alles 2 mal ....

Aber was zur hölle ist das denn ? :>

O1 HOSTS File: ([2011.02.11 11:38:33 | 000,429,948 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14798 more lines...

Ich geh aufs sowas nicht drauf

cosinus · 22.06.2011, 10:15

Zitat:

Aber was zur hölle ist das denn ? :>

Das kommt von Spybot S&D, die Einträge sind so, damit die genannten Seiten für dienen Rechner "gesperrt" sind, sie können nämlich nicht in die korrekten IP-Adressen aufgelöst werden.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7e0bbeaa-29d5-11df-ba08-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7e0bbeaa-29d5-11df-ba08-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{ee1eb885-2941-11df-9260-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ee1eb885-2941-11df-9260-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
[2011.06.21 19:31:49 | 002,577,920 | ---- | C] () -- C:\Windows\System32\kscpsvc.exe
[2011.06.21 16:39:36 | 000,000,543 | ---- | C] () -- C:\Windows\NGO.cer
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:CE2C623F
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9
:Commands
[purity]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

MC-Lenz · 22.06.2011, 16:43

========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e0bbeaa-29d5-11df-ba08-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e0bbeaa-29d5-11df-ba08-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7e0bbeaa-29d5-11df-ba08-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e0bbeaa-29d5-11df-ba08-806e6f6e6963}\ not found.
File D:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee1eb885-2941-11df-9260-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee1eb885-2941-11df-9260-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee1eb885-2941-11df-9260-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee1eb885-2941-11df-9260-806e6f6e6963}\ not found.
File D:\setup.exe not found.
C:\Windows\System32\kscpsvc.exe moved successfully.
C:\Windows\NGO.cer moved successfully.
ADS C:\ProgramData\TEMP:CE2C623F deleted successfully.
ADS C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM deleted successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.24.1 log created on 06222011_174415

MC-Lenz · 22.06.2011, 16:44

das problem ist. er erstellt sich die ganze zeit neu ... er is schon wieder da....sobald ich ihn nur irgendwie berühre mit virenprogrammen entfernen oder remover. mit reg edit oder sonst etwas. ist er weg. und sofort wieder da..... otl sagt auch konnte nicht gefunden werden nach fix... er geht nicht zu löschen egal was ich versuche =(

Sobald ich ihn in Quarantäne stecke stürzt der pc ab

21.06.2011, 11:06	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner Agent3.OXX Hallo und Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! __________________ __________________

21.06.2011, 15:49	#4
MC-Lenz	Trojaner Agent3.OXX is immer noch da

21.06.2011, 15:53	#6
MC-Lenz	Trojaner Agent3.OXX ok voll scann im lauf ! Ich hab den trojaner nun gestartet und avg ausgemacht es nervt alle 10 sekunden das fenster zu schliesne -.-

21.06.2011, 18:24	#7
MC-Lenz	Trojaner Agent3.OXX mensch ich hab fast 2 terabit festplatte der l#äuft seit 3 stunden ^^ wie lange noch :>?

Trojaner Agent3.OXX

Plagegeister aller Art und deren Bekämpfung: Trojaner Agent3.OXX