Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\

Apxzor · 07.11.2011, 09:51

HEy jungs. ich hoffe ihr seit meine lezte rettung vorm verzweiflen.. also ich habe schon gesehen dass dieses thema schon erstellt wurde aber ich muss dieses thema ja neumachen weil ich nicht anders posten konnte. :P
also ich habe auch den virus konnte bis jetzt schonmal so weit vorarbeiten dass er sich nicht bei jeden systemstart öffnet..
Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
ziemlich nervig wenn man keine musik mehr hören kann oder überhauot auf seine festplatte kann.
ich habe windows 7 64bit.
OTl habe ich auch shcon geladen nur ich würde ganz gerne mit einem admin jeden schritt bearbeiten damit ich nichts falsch mache

danke

Apxzor · 07.11.2011, 11:50

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 07.11.2011 11:45:16 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 56,76% Memory free
8,00 Gb Paging File | 5,77 Gb Available in Paging File | 72,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 30,16 Gb Free Space | 30,92% Space Free | Partition Type: NTFS
Drive D: | 200,43 Gb Total Space | 39,37 Gb Free Space | 19,64% Space Free | Partition Type: NTFS
Drive E: | 5,63 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\TuneUp Utilities 2012\integrator.exe (TuneUp Software)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\PC Tools Security\pctsGui.exe (PC Tools)
PRC - C:\Program Files (x86)\PC Tools Security\pctsSvc.exe (PC Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe (PC Tools)
PRC - D:\Sony Ericsson PC Suite\SupServ.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\TuneUp Utilities 2012\libcef.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - D:\Multimedia\Winrar\RarExt32.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (sdCoreService) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (sdAuxService) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (OMSI download service) -- D:\Sony Ericsson PC Suite\SupServ.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (pctEFA) -- C:\Windows\SysNative\drivers\pctEFA64.sys (PC Tools)
DRV:64bit: - (pctDS) -- C:\Windows\SysNative\drivers\pctDS64.sys (PC Tools)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (Ph3xIB64) -- C:\Windows\SysNative\drivers\Ph3xIB64.sys (NXP Semiconductors)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM) -- C:\Windows\SysNative\drivers\s1029unic.sys (MCCI Corporation)
DRV:64bit: - (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s1029mgmt.sys (MCCI Corporation)
DRV:64bit: - (s1029obex) -- C:\Windows\SysNative\drivers\s1029obex.sys (MCCI Corporation)
DRV:64bit: - (s1029mdm) -- C:\Windows\SysNative\drivers\s1029mdm.sys (MCCI Corporation)
DRV:64bit: - (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS) -- C:\Windows\SysNative\drivers\s1029nd5.sys (MCCI Corporation)
DRV:64bit: - (s1029mdfl) -- C:\Windows\SysNative\drivers\s1029mdfl.sys (MCCI Corporation)
DRV:64bit: - (s1029bus) Sony Ericsson Device 1029 driver (WDM) -- C:\Windows\SysNative\drivers\s1029bus.sys (MCCI Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation)
DRV:64bit: - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation)
DRV:64bit: - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation)
DRV:64bit: - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation)
DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation)
DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\ManyCam_x64.sys (ManyCam LLC.)
DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Labtec Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (ASPI) -- C:\Windows\SysWOW64\drivers\ASPI32.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=100607&mntrId=fce321e700000000000090e6babb5a06
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0B A6 23 00 F8 AB CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.Facebook.com"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ff65fdbc-5683-4dfd-9113-1fcb5b0a3447}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=fce321e700000000000090e6babb5a06&tlver=1.4.31.6&instlRef=sst&&q="
FF - prefs.js..network.proxy.backup.ftp: "64.85.167.155"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.socks: "64.85.167.155"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "64.85.167.155"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "64.85.167.155"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http: "64.85.167.155"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "64.85.167.155"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "64.85.167.155"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.11.06 16:14:46 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.11.06 16:14:46 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.06 16:14:39 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.06 16:14:38 | 000,000,000 | -H-D | M]
 
[2011.02.09 18:37:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2011.11.04 22:40:53 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wyfk3u7a.default\extensions
[2011.11.06 16:14:23 | 000,000,000 | -H-D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wyfk3u7a.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.06 16:14:23 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wyfk3u7a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.11.06 16:14:23 | 000,000,000 | -H-D | M] (Babylon) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\wyfk3u7a.default\extensions\ffxtlbr@babylon.com
[2011.09.07 15:12:06 | 000,002,399 | -H-- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wyfk3u7a.default\searchplugins\askcom.xml
[2011.11.04 00:35:40 | 000,000,950 | -H-- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wyfk3u7a.default\searchplugins\icqplugin-1.xml
[2011.05.13 23:31:16 | 000,000,950 | -H-- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wyfk3u7a.default\searchplugins\icqplugin-2.xml
[2011.05.04 06:26:12 | 000,001,056 | -H-- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wyfk3u7a.default\searchplugins\icqplugin.xml
[2011.05.13 23:31:06 | 000,003,915 | -H-- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wyfk3u7a.default\searchplugins\SweetIM Search.xml
[2011.05.13 23:31:29 | 000,003,915 | -H-- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wyfk3u7a.default\searchplugins\sweetim.xml
[2011.09.08 06:23:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.11.06 16:14:39 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.11.06 16:14:39 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.11.06 16:14:39 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WYFK3U7A.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.10.01 15:43:16 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.02.02 21:40:24 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.01 15:43:15 | 000,001,392 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.15 19:33:15 | 000,002,288 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.10.01 15:43:15 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.01 15:43:15 | 000,001,153 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.01 15:43:15 | 000,006,805 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.01 15:43:15 | 000,001,178 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.01 15:43:15 | 000,001,105 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [StartCCC] D:\Ati\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [] 0 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91AE71BB-5920-4EA6-85CE-52BA3DEA5031}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\webcam10.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\webcam10.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.09.08 06:27:29 | 000,000,000 | -H-D | M] - D:\autostart -- [ NTFS ]
O32 - AutoRun File - [2011.09.09 20:35:07 | 000,206,657 | R--- | M] () - E:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2011.10.07 23:43:22 | 000,000,106 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4534eca5-363f-11df-919f-90e6babb5a06}\Shell - "" = AutoRun
O33 - MountPoints2\{4534eca5-363f-11df-919f-90e6babb5a06}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.07 09:14:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2011.11.06 19:53:11 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2011.11.06 19:53:11 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2011.11.06 19:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Delayed Write Failed Fake Alert Removal Tool
[2011.11.06 19:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Delayed Write Failed Fake Alert Removal Tool
[2011.11.06 19:51:16 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2011.11.06 19:51:13 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2011.11.06 19:51:12 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011.11.06 19:51:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2011.11.06 19:50:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2011.11.06 19:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft
[2011.11.06 19:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2011.11.06 19:13:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011.11.06 19:09:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.11.06 18:45:47 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2011.11.06 18:45:47 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2011.11.06 18:45:45 | 000,334,976 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2011.11.06 18:45:45 | 000,137,704 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2011.11.06 18:45:40 | 000,257,232 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2011.11.06 18:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011.11.06 18:45:32 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2011.11.06 18:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.11.06 18:45:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2011.11.06 18:45:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PC Tools
[2011.11.06 18:45:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011.11.06 18:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011.11.06 16:35:54 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011.11.06 16:35:49 | 000,000,000 | -H-D | C] -- C:\Program Files\Microsoft Security Client
[2011.11.06 14:36:59 | 000,000,000 | -H-D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011.11.06 14:36:35 | 000,353,280 | -H-- | C] (Recover Inc) -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011.11.06 14:30:02 | 000,462,848 | -HS- | C] (Recover Inc) -- C:\ProgramData\EMSTOQkqCSJFM.exe
[2011.11.05 00:39:08 | 000,000,000 | -H-D | C] -- C:\Users\User\Desktop\Freetracks
[2011.11.05 00:38:53 | 000,000,000 | -H-D | C] -- C:\Users\User\dwhelper
[2011.11.05 00:30:34 | 000,000,000 | -H-D | C] -- C:\Users\User\Desktop\Prinz_Pi-Illuminati-EP-DE-2010-NOiR
[2011.11.01 11:28:33 | 000,000,000 | -H-D | C] -- C:\Users\User\Desktop\Casper münster 31.10.2011
[2011.10.30 22:38:22 | 000,000,000 | -H-D | C] -- C:\Users\User\Desktop\Lou Reed & Metallica - Lulu
[2011.10.27 09:41:29 | 000,000,000 | -H-D | C] -- C:\Users\User\Documents\Battlefield 3
[2011.10.27 09:41:02 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2011.10.27 09:39:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\EA Core
[2011.10.27 09:08:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2011.10.27 09:08:10 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2011.10.27 08:29:25 | 000,000,000 | -H-D | C] -- C:\Users\User\AppData\Roaming\Origin
[2011.10.27 08:29:23 | 000,000,000 | -H-D | C] -- C:\Users\User\AppData\Local\Origin
[2011.10.27 08:29:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2011.10.27 08:29:10 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Origin Games
[2011.10.27 08:29:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\Origin
[2011.10.27 08:29:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\Electronic Arts
[2011.10.26 17:02:37 | 000,000,000 | -H-D | C] -- C:\Program Files\Logitech
[2011.10.23 19:24:15 | 000,000,000 | -H-D | C] -- C:\Users\User\Documents\BFBC2
[2011.10.22 10:24:12 | 000,000,000 | -H-D | C] -- C:\Users\User\Desktop\springtoifel - tanz der teufel
[2011.10.21 15:17:41 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011.10.20 19:27:26 | 000,000,000 | -H-D | C] -- C:\Users\User\Desktop\Terrorgruppe
[2011.10.19 18:59:50 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\Steam
[2011.10.18 18:35:45 | 000,000,000 | -H-D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2011.10.18 18:35:39 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\GameSpy Arcade
[2011.10.18 18:35:18 | 000,000,000 | -H-D | C] -- C:\Users\User\Documents\Battlefield 2
[2011.10.18 18:31:15 | 000,000,000 | -H-D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2011.10.18 17:15:53 | 000,000,000 | -H-D | C] -- C:\AMD
[2011.10.18 17:08:59 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\ATI Technologies
[2011.10.18 17:08:49 | 000,000,000 | -H-D | C] -- C:\Program Files\ATI Technologies
[2011.10.18 17:04:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\ATI
[2011.10.18 17:04:36 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\AMD APP
[2011.10.18 17:04:32 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011.10.18 17:04:32 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011.10.18 17:04:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.10.14 18:12:54 | 000,000,000 | -H-D | C] -- C:\Users\User\AppData\Local\Quadriga Games
[2011.10.14 18:12:46 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\ProtectDisc Driver Installer
[2011.10.13 18:39:38 | 000,000,000 | -H-D | C] -- C:\Users\User\Desktop\Bis einer weint
[2011.10.12 21:01:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.10.12 21:01:24 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011.10.12 20:58:26 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.10.12 20:58:26 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.10.12 20:58:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.10.12 20:58:25 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.10.12 20:58:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.10.12 20:58:24 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.10.12 20:58:24 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.10.12 20:57:56 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011.10.12 20:57:56 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011.10.12 20:57:56 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011.10.12 20:57:56 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011.10.12 20:57:48 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011.10.12 20:57:47 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011.10.12 15:16:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\NVIDIA
[2011.10.08 20:20:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2010.07.09 17:14:51 | 000,148,736 | -H-- | C] (Avanquest Software) -- C:\ProgramData\hpe3BAA.dll
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.07 11:33:00 | 000,001,106 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.07 09:30:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2011.11.07 09:16:02 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.07 09:16:02 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.07 09:08:02 | 000,001,102 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.07 09:07:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.07 09:07:47 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.06 19:53:13 | 000,002,551 | ---- | M] () -- C:\Users\User\Desktop\Windows Delayed Write Failed Fake Alert Removal Tool.lnk
[2011.11.06 19:51:08 | 000,002,220 | ---- | M] () -- C:\Users\User\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011.11.06 19:51:08 | 000,002,200 | ---- | M] () -- C:\Users\User\Desktop\TuneUp Utilities 2012.lnk
[2011.11.06 19:18:24 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2011.11.06 18:46:14 | 001,806,752 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011.11.06 18:45:38 | 000,002,071 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011.11.06 18:37:55 | 000,512,992 | ---- | M] () -- C:\Users\User\Desktop\fasterpc.exe
[2011.11.06 18:34:43 | 001,478,530 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.06 18:34:43 | 000,645,728 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.06 18:34:43 | 000,609,092 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.06 18:34:43 | 000,127,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.06 18:34:43 | 000,104,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.06 17:33:57 | 000,000,000 | -H-- | M] () -- C:\Users\User\tasklist
[2011.11.06 15:15:51 | 000,002,198 | -H-- | M] () -- C:\Windows\epplauncher.mif
[2011.11.06 14:39:47 | 000,000,448 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.11.06 14:37:16 | 000,414,368 | -H-- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.11.06 14:37:00 | 000,000,664 | -H-- | M] () -- C:\Users\User\Desktop\System Restore.lnk
[2011.11.06 14:37:00 | 000,000,280 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011.11.06 14:37:00 | 000,000,216 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011.11.06 14:36:35 | 000,353,280 | -H-- | M] (Recover Inc) -- C:\ProgramData\6DSS92c31Apgjk.exe
[2011.11.06 14:29:18 | 000,462,848 | -HS- | M] (Recover Inc) -- C:\ProgramData\EMSTOQkqCSJFM.exe
[2011.11.06 14:04:15 | 000,280,904 | -H-- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.11.06 14:04:15 | 000,280,904 | -H-- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.11.06 13:54:19 | 000,280,904 | -H-- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011.11.05 01:25:03 | 000,000,689 | -H-- | M] () -- C:\Users\User\Desktop\Free Video to MP3 Converter.lnk
[2011.11.01 19:35:52 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2011.11.01 19:35:42 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2011.11.01 19:35:40 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011.10.28 21:48:21 | 000,196,568 | -H-- | M] () -- C:\Users\User\Desktop\bfbf.jpg
[2011.10.28 08:41:00 | 000,844,311 | -H-- | M] () -- C:\Users\User\Desktop\DSC02408.JPG
[2011.10.28 08:40:16 | 000,815,289 | -H-- | M] () -- C:\Users\User\Desktop\DSC02407.JPG
[2011.10.27 09:36:49 | 000,075,136 | -H-- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.26 17:03:59 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2011.10.23 16:08:00 | 002,434,856 | -H-- | M] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.10.22 10:38:29 | 000,000,000 | -H-- | M] () -- C:\Users\User\Documents\Default.rdp
[2011.10.21 15:17:59 | 000,526,392 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2011.10.20 21:01:47 | 000,000,074 | -H-- | M] () -- C:\Users\User\Desktop\rld-botg.cue
[2011.10.20 20:39:47 | 578,185,104 | -H-- | M] () -- C:\Users\User\Desktop\rld-botg.bin
[2011.10.14 20:53:54 | 000,004,096 | -H-- | M] () -- C:\Users\Public\Documents\00001811.LCS
[2011.10.13 21:29:40 | 000,042,392 | -H-- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.10.13 21:29:40 | 000,028,056 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2011.10.13 13:28:05 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.06 19:53:13 | 000,002,551 | ---- | C] () -- C:\Users\User\Desktop\Windows Delayed Write Failed Fake Alert Removal Tool.lnk
[2011.11.06 19:51:08 | 000,002,230 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2011.11.06 19:51:08 | 000,002,220 | ---- | C] () -- C:\Users\User\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011.11.06 19:51:08 | 000,002,200 | ---- | C] () -- C:\Users\User\Desktop\TuneUp Utilities 2012.lnk
[2011.11.06 19:18:24 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2011.11.06 18:45:47 | 001,806,752 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011.11.06 18:45:38 | 000,002,071 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011.11.06 18:38:22 | 000,512,992 | ---- | C] () -- C:\Users\User\Desktop\fasterpc.exe
[2011.11.06 17:33:30 | 000,000,000 | -H-- | C] () -- C:\Users\User\tasklist
[2011.11.06 16:35:51 | 000,001,864 | -H-- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011.11.06 14:37:00 | 000,000,664 | -H-- | C] () -- C:\Users\User\Desktop\System Restore.lnk
[2011.11.06 14:37:00 | 000,000,280 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011.11.06 14:37:00 | 000,000,216 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011.11.06 14:36:53 | 000,000,448 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.11.05 01:25:03 | 000,000,689 | -H-- | C] () -- C:\Users\User\Desktop\Free Video to MP3 Converter.lnk
[2011.10.28 21:48:20 | 000,196,568 | -H-- | C] () -- C:\Users\User\Desktop\bfbf.jpg
[2011.10.28 09:41:13 | 000,844,311 | -H-- | C] () -- C:\Users\User\Desktop\DSC02408.JPG
[2011.10.28 09:41:13 | 000,815,289 | -H-- | C] () -- C:\Users\User\Desktop\DSC02407.JPG
[2011.10.22 10:38:29 | 000,000,000 | -H-- | C] () -- C:\Users\User\Documents\Default.rdp
[2011.10.20 21:01:46 | 000,000,074 | -H-- | C] () -- C:\Users\User\Desktop\rld-botg.cue
[2011.10.20 19:56:26 | 578,185,104 | -H-- | C] () -- C:\Users\User\Desktop\rld-botg.bin
[2011.10.13 21:29:40 | 000,042,392 | -H-- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.10.13 21:29:40 | 000,028,056 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2011.10.07 19:30:55 | 000,000,296 | -H-- | C] () -- C:\Windows\game.ini
[2011.09.17 17:49:22 | 000,001,492 | -H-- | C] () -- C:\ProgramData\ss.ini
[2011.09.14 10:47:40 | 000,053,760 | -H-- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.08.02 15:15:38 | 000,069,632 | RH-- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2011.08.02 15:15:38 | 000,036,864 | RH-- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2011.04.09 17:55:28 | 000,179,261 | -H-- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.27 20:08:24 | 000,000,193 | -H-- | C] () -- C:\Windows\WORDPAD.INI
[2011.03.17 18:51:44 | 000,003,929 | -H-- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.02.09 18:37:19 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2011.02.03 11:33:41 | 000,000,760 | -H-- | C] () -- C:\Users\User\AppData\Roaming\setup_ldm.iss
[2011.02.02 11:03:26 | 001,499,556 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.27 00:47:52 | 000,021,840 | -H-- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010.11.27 00:47:52 | 000,017,212 | -H-- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010.11.27 00:47:52 | 000,012,067 | -H-- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010.11.27 00:43:39 | 000,000,025 | -H-- | C] () -- C:\Windows\SIERRA.INI
[2010.07.17 18:07:58 | 000,000,709 | -H-- | C] () -- C:\Windows\CoD.INI
[2010.07.16 23:47:31 | 000,000,531 | -H-- | C] () -- C:\Windows\eReg.dat
[2010.05.10 14:54:31 | 002,434,856 | -H-- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.04.27 18:04:03 | 000,165,376 | -H-- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.04.27 18:04:02 | 000,000,038 | -H-- | C] () -- C:\Windows\avisplitter.ini
[2010.04.27 18:04:00 | 000,881,664 | -H-- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.04.27 18:04:00 | 000,205,824 | -H-- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.04.27 18:03:58 | 000,085,504 | -H-- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.03.19 16:13:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.16 21:35:17 | 000,057,856 | -H-- | C] () -- C:\Windows\Fce32.dll
[2010.03.16 21:35:15 | 000,092,672 | -H-- | C] () -- C:\Windows\SysWow64\See32.dll
[2010.03.16 21:35:15 | 000,057,856 | -H-- | C] () -- C:\Windows\SysWow64\Fce32.dll
[2010.03.16 15:10:43 | 000,000,528 | -H-- | C] () -- C:\Windows\_delis32.ini
[2010.02.21 18:52:14 | 000,280,904 | -H-- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.02.21 18:52:12 | 000,682,280 | -H-- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.02.21 18:52:12 | 000,075,136 | -H-- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.02 13:30:14 | 000,010,296 | -H-- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2002.01.17 03:05:10 | 000,015,875 | -H-- | C] () -- C:\Windows\Ascd_log.ini
[2002.01.17 03:04:50 | 000,001,769 | -H-- | C] () -- C:\Windows\Language_trs.ini
[2002.01.17 03:04:46 | 000,012,219 | -H-- | C] () -- C:\Windows\Ascd_tmp.ini
[2002.01.16 11:56:19 | 000,000,000 | -H-- | C] () -- C:\Windows\ativpsrm.bin
[1999.01.27 13:39:06 | 000,065,024 | -H-- | C] () -- C:\Windows\SysWow64\indounin.dll
[1997.06.13 07:56:08 | 000,056,320 | -H-- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
 
========== LOP Check ==========
 
[2011.11.06 16:14:24 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\AIMP
[2011.09.03 10:12:56 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.10.21 15:23:30 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2011.11.05 01:24:56 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoft
[2011.07.16 13:45:48 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.11.06 16:14:24 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\FreeAudioPack
[2011.11.06 16:14:24 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\GetRightToGo
[2011.11.06 09:13:27 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\ICQ
[2010.09.11 12:39:25 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\Ipid
[2010.02.20 19:33:11 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2011.09.15 18:45:35 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\Logicool
[2011.09.15 15:06:04 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\LolClient
[2011.11.06 16:14:24 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\Media Get LLC
[2011.11.06 16:14:23 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\mmserver
[2010.08.28 19:52:48 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\OCS
[2011.05.09 20:46:51 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2011.11.06 16:14:22 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\Opera
[2011.10.27 08:34:42 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\Origin
[2010.11.27 18:15:52 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\ParetoLogic
[2011.11.06 16:14:22 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\ProtectDISC
[2011.03.04 19:37:18 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\TeamViewer
[2011.11.06 19:50:42 | 000,000,000 | -H-D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software
[2011.08.29 17:12:35 | 000,032,640 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 07.11.2011 11:45:16 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 56,76% Memory free
8,00 Gb Paging File | 5,77 Gb Available in Paging File | 72,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 30,16 Gb Free Space | 30,92% Space Free | Partition Type: NTFS
Drive D: | 200,43 Gb Total Space | 39,37 Gb Free Space | 19,64% Space Free | Partition Type: NTFS
Drive E: | 5,63 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{119CFC4D-EB75-D47F-1209-032721858C32}" = ccc-utility64
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B1A8F3D-8059-43FB-A7AE-4F2C21F0AAF2}" = KhalInstallWrapper
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A73F0084-A1CC-6E42-06DF-D088D583CC2A}" = AMD Media Foundation Decoders
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F809FFB5-6F9B-AFDE-6048-5D9E95A85505}" = AMD Drag and Drop Transcoding
"CCleaner" = CCleaner
"Microsoft Security Client" = Microsoft Security Essentials
"sp6" = Logitech SetPoint 6.32
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{13AE7598-928A-83E7-548B-44FA68242798}" = CCC Help English
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{211D9A2A-0ECA-7AC7-ABAA-03ED3242F33E}" = Catalyst Control Center
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{37BA50EE-C851-4394-93DD-A0A611891031}" = Nero 7 Essentials
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B11379A-9196-4228-981A-BB255E13109E}" = Autostart-Manager 2006
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.6
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{5066FFF7-0029-BBA3-DD41-D71599987F1B}" = Catalyst Control Center InstallProxy
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5943B7F7-678B-477E-9AEE-6E4C6962322B}" = Sparwelt.de Gutschein Alarm
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7156BCE1-5D8D-1A41-565E-E8E8EA604328}" = Application Profiles
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.1
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A174402A-2EE6-4B86-A930-7BC85A9933BD}" = Tom Clancy's Splinter Cell
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{D89EF3B3-6F17-4665-B7A9-A4235A6DC787}" = Ghost Recon
"{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = WORLD IN CONFLICT
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FECCC297-24D6-F2B0-2BEC-446AC0205EEB}" = Catalyst Control Center Graphics Previews Common
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIMP2" = AIMP2
"AMIP" = AMIP (remove only)
"AudioCon" = AudioCon
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BF2SP64" = BF2SP64
"Company of Heroes" = Company of Heroes
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX-Setup
"Emergency 2012" = Emergency 2012
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.3.3.908
"GameSpy Arcade" = GameSpy Arcade
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Full)
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"mp3-2-wav" = mp3-2-wav converter 1.14
"Origin" = Origin
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.93
"Spyware Doctor" = Spyware Doctor mit Antivirus 8.0
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 57900" = Duke Nukem Forever
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Windows Delayed Write Failed Fake Alert Removal Tool_is1" = Windows Delayed Write Failed Fake Alert Removal Tool
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xfire" = Xfire (remove only)
"XPMP" = Xfire Plus: Music Plugin
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"FileZilla Client" = FileZilla Client 3.2.7.1
"FoxTab Audio Converter" = FoxTab Audio Converter
"PhotoFiltre" = PhotoFiltre
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

markusg · 07.11.2011, 12:45

lade unhide:
http://filepony.de/download-unhide/
doppelklicken, dateien werden sichtbar

Apxzor · 07.11.2011, 12:48

okay habe es mir geladen und es führt aus kann das sein dass es gerne mal dauert? :P

Apxzor · 07.11.2011, 12:49

gut programm c ich seh die viren..

Apxzor · 07.11.2011, 12:50

was muss ich nun tun?

markusg · 07.11.2011, 13:00

was soll der quatsch, du hast hier um 9 nen topic eröffnet, es ist also kaum nötig zu drängeln, schau dich mal um wie viele leute hier helfen wollen und wie viele leute hier als helfer aktiev sind. da kann ne antwort schon mal n paar stunden dauern...

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
Tool

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Hinweis:
Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

Apxzor · 07.11.2011, 13:22

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-11-07.02 - User 07.11.2011  13:06:08.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2040 [GMT 1:00]
ausgeführt von:: c:\users\User\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\6DSS92c31Apgjk.exe
c:\programdata\EMSTOQkqCSJFM.exe
c:\programdata\hpe3BAA.dll
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\System Restore.lnk
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\windows\IsUn0407.exe
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-07 bis 2011-11-07  ))))))))))))))))))))))))))))))
.
.
2011-11-07 12:12 . 2011-11-07 12:12	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-06 18:53 . 2011-02-17 17:26	81920	----a-w-	c:\windows\eSellerateControl350.dll
2011-11-06 18:53 . 2011-02-17 17:26	356352	----a-w-	c:\windows\eSellerateEngine.dll
2011-11-06 18:53 . 2011-11-06 20:08	--------	d-----w-	c:\program files (x86)\Windows Delayed Write Failed Fake Alert Removal Tool
2011-11-06 18:51 . 2011-11-01 18:35	34624	----a-w-	c:\windows\system32\TURegOpt.exe
2011-11-06 18:51 . 2011-11-01 18:35	25920	----a-w-	c:\windows\system32\authuitu.dll
2011-11-06 18:51 . 2011-11-01 18:35	21312	----a-w-	c:\windows\SysWow64\authuitu.dll
2011-11-06 18:50 . 2011-11-06 18:51	--------	d-----w-	c:\program files (x86)\TuneUp Utilities 2012
2011-11-06 18:18 . 2011-11-06 18:44	--------	d-----w-	c:\program files (x86)\GridinSoft Trojan Killer
2011-11-06 18:13 . 2011-11-06 18:13	--------	d-sh--w-	c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2011-11-06 17:45 . 2010-07-16 13:53	816016	----a-w-	c:\windows\system32\drivers\pctEFA64.sys
2011-11-06 17:45 . 2010-06-29 09:35	452872	----a-w-	c:\windows\system32\drivers\pctDS64.sys
2011-11-06 17:45 . 2011-01-17 08:09	334976	----a-w-	c:\windows\system32\drivers\pctgntdi64.sys
2011-11-06 17:45 . 2010-12-16 07:43	137704	----a-w-	c:\windows\system32\drivers\pctwfpfilter64.sys
2011-11-06 17:45 . 2010-12-10 12:24	257232	----a-w-	c:\windows\system32\drivers\PCTCore64.sys
2011-11-06 17:45 . 2010-12-16 07:46	92896	----a-w-	c:\windows\system32\drivers\pctplsg64.sys
2011-11-06 17:45 . 2011-11-07 10:56	--------	d-----w-	c:\program files (x86)\PC Tools Security
2011-11-06 17:45 . 2011-11-06 17:52	--------	d-----w-	c:\program files (x86)\Common Files\PC Tools
2011-11-06 17:45 . 2011-11-06 17:45	--------	d-----w-	c:\users\User\AppData\Roaming\PC Tools
2011-11-06 17:38 . 2011-11-06 17:45	--------	d-----w-	c:\programdata\PC Tools
2011-11-06 15:32 . 2011-11-06 15:35	1499556	----a-w-	c:\windows\SysWow64\PerfStringBackup.TMP
2011-10-27 08:41 . 2011-11-06 15:14	--------	d-----w-	c:\program files (x86)\Battlelog Web Plugins
2011-10-27 08:39 . 2011-10-27 08:39	--------	d-----w-	c:\programdata\EA Core
2011-10-27 08:08 . 2011-10-27 08:08	--------	d-----w-	c:\program files (x86)\Common Files\EAInstaller
2011-10-27 07:29 . 2011-10-27 07:34	--------	d-----w-	c:\users\User\AppData\Roaming\Origin
2011-10-27 07:29 . 2011-10-27 14:45	--------	d-----w-	c:\users\User\AppData\Local\Origin
2011-10-27 07:29 . 2011-11-06 15:14	--------	d-----w-	c:\programdata\Origin
2011-10-27 07:29 . 2011-10-27 08:39	--------	d-----w-	c:\programdata\Electronic Arts
2011-10-27 07:29 . 2011-10-27 07:38	--------	d-----w-	c:\program files (x86)\Origin Games
2011-10-26 16:02 . 2011-10-26 16:02	--------	d-----w-	c:\program files\Logitech
2011-10-21 14:17 . 2011-11-06 15:14	--------	d-----w-	c:\program files (x86)\DAEMON Tools Lite
2011-10-19 17:59 . 2011-11-06 15:14	--------	d-----w-	c:\program files (x86)\Common Files\Steam
2011-10-18 17:35 . 2011-11-06 15:14	--------	d-----w-	c:\program files (x86)\GameSpy Arcade
2011-10-18 16:15 . 2011-11-06 15:14	--------	d-----w-	C:\AMD
2011-10-18 16:08 . 2011-11-06 15:14	--------	d-----w-	c:\program files (x86)\ATI Technologies
2011-10-18 16:08 . 2011-10-18 16:08	--------	d-----w-	c:\program files\ATI Technologies
2011-10-18 16:04 . 2011-10-18 16:04	--------	d-----w-	c:\programdata\ATI
2011-10-18 16:04 . 2011-11-06 15:14	--------	d-----w-	c:\program files (x86)\AMD APP
2011-10-18 16:04 . 2011-11-06 15:14	--------	d-----w-	c:\program files (x86)\Common Files\ATI Technologies
2011-10-18 16:04 . 2011-11-06 15:14	--------	d-----w-	c:\program files\Common Files\ATI Technologies
2011-10-14 17:12 . 2011-10-14 17:12	--------	d-----w-	c:\users\User\AppData\Local\Quadriga Games
2011-10-14 17:12 . 2011-11-06 15:14	--------	d-----w-	c:\program files (x86)\ProtectDisc Driver Installer
2011-10-13 20:29 . 2011-10-13 20:29	42392	----a-w-	c:\windows\SysWow64\xfcodec.dll
2011-10-13 20:29 . 2011-10-13 20:29	28056	----a-w-	c:\windows\system32\xfcodec64.dll
2011-10-12 20:01 . 2011-11-06 15:14	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2011-10-12 19:57 . 2011-08-17 05:26	613888	----a-w-	c:\windows\system32\psisdecd.dll
2011-10-12 19:57 . 2011-08-17 05:25	108032	----a-w-	c:\windows\system32\psisrndr.ax
2011-10-12 19:57 . 2011-08-17 04:24	465408	----a-w-	c:\windows\SysWow64\psisdecd.dll
2011-10-12 19:57 . 2011-08-17 04:19	75776	----a-w-	c:\windows\SysWow64\psisrndr.ax
2011-10-12 19:57 . 2011-08-27 05:37	331776	----a-w-	c:\windows\system32\oleacc.dll
2011-10-12 19:57 . 2011-08-27 05:37	861696	----a-w-	c:\windows\system32\oleaut32.dll
2011-10-12 19:57 . 2011-08-27 04:26	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2011-10-12 19:57 . 2011-08-27 04:26	233472	----a-w-	c:\windows\SysWow64\oleacc.dll
2011-10-12 14:16 . 2011-10-12 14:16	--------	d-----w-	c:\programdata\NVIDIA
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-06 13:37 . 2011-05-25 04:50	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-06 13:04 . 2010-03-09 22:06	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2011-11-06 13:04 . 2010-02-21 17:52	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2011-11-06 12:54 . 2010-02-21 17:52	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2011-10-27 08:36 . 2010-02-21 17:52	75136	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2011-10-26 16:03 . 2011-03-27 20:04	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2011-10-23 15:08 . 2010-05-10 13:54	2434856	----a-w-	c:\windows\SysWow64\pbsvc_bc2.exe
2011-09-21 08:41 . 2011-09-21 08:41	319488	----a-w-	c:\windows\HideWin.exe
2011-09-17 15:16 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2011-09-17 15:16 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2011-09-15 12:30 . 2011-09-15 12:30	53248	----a-r-	c:\users\User\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-09-14 09:47 . 2011-09-14 09:47	60416	----a-w-	c:\windows\system32\OVDecode64.dll
2011-09-14 09:47 . 2011-09-14 09:47	53760	----a-w-	c:\windows\SysWow64\OVDecode.dll
2011-09-14 09:47 . 2011-09-14 09:47	51200	----a-w-	c:\windows\system32\OpenCL.dll
2011-09-14 09:47 . 2011-09-14 09:47	43520	----a-w-	c:\windows\SysWow64\OpenCL.dll
2011-09-14 09:47 . 2011-09-14 09:47	16652288	----a-w-	c:\windows\system32\amdocl64.dll
2011-09-14 09:46 . 2011-09-14 09:46	13625856	----a-w-	c:\windows\SysWow64\amdocl.dll
2011-09-14 09:38 . 2011-09-14 09:38	44032	----a-w-	c:\windows\system32\amdoclcl64.dll
2011-09-14 09:38 . 2011-09-14 09:38	37376	----a-w-	c:\windows\SysWow64\amdoclcl.dll
2011-09-08 18:27 . 2011-09-08 18:27	10203648	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2011-09-08 17:59 . 2011-09-08 17:59	24229376	----a-w-	c:\windows\system32\atio6axx.dll
2011-09-08 17:39 . 2011-09-08 17:39	18534912	----a-w-	c:\windows\SysWow64\atioglxx.dll
2011-09-08 17:34 . 2011-09-08 17:34	151552	----a-w-	c:\windows\system32\atiapfxx.exe
2011-09-08 17:34 . 2011-09-08 17:34	732672	----a-w-	c:\windows\SysWow64\aticfx32.dll
2011-09-08 17:32 . 2010-03-03 04:15	862720	----a-w-	c:\windows\system32\aticfx64.dll
2011-09-08 17:30 . 2011-09-08 17:30	466944	----a-w-	c:\windows\system32\ATIDEMGX.dll
2011-09-08 17:30 . 2011-09-08 17:30	486912	----a-w-	c:\windows\system32\atieclxx.exe
2011-09-08 17:29 . 2011-09-08 17:29	204288	----a-w-	c:\windows\system32\atiesrxx.exe
2011-09-08 17:28 . 2011-09-08 17:28	120320	----a-w-	c:\windows\system32\atitmm64.dll
2011-09-08 17:28 . 2011-09-08 17:28	423424	----a-w-	c:\windows\system32\atipdl64.dll
2011-09-08 17:28 . 2011-09-08 17:28	356352	----a-w-	c:\windows\SysWow64\atipdlxx.dll
2011-09-08 17:28 . 2011-09-08 17:28	278528	----a-w-	c:\windows\SysWow64\Oemdspif.dll
2011-09-08 17:28 . 2011-09-08 17:28	21504	----a-w-	c:\windows\system32\atimuixx.dll
2011-09-08 17:28 . 2011-09-08 17:28	59392	----a-w-	c:\windows\system32\atiedu64.dll
2011-09-08 17:28 . 2011-09-08 17:28	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2011-09-08 17:24 . 2011-09-08 17:24	4204032	----a-w-	c:\windows\SysWow64\atidxx32.dll
2011-09-08 17:18 . 2011-09-08 17:18	1113088	----a-w-	c:\windows\system32\atiumd6v.dll
2011-09-08 17:18 . 2011-09-08 17:18	1828864	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2011-09-08 17:18 . 2011-09-08 17:18	3888640	----a-w-	c:\windows\system32\atiumd6a.dll
2011-09-08 17:16 . 2009-08-18 01:26	4944896	----a-w-	c:\windows\system32\atidxx64.dll
2011-09-08 17:09 . 2011-09-08 17:09	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2011-09-08 17:09 . 2011-09-08 17:09	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2011-09-08 17:09 . 2011-09-08 17:09	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2011-09-08 17:09 . 2011-09-08 17:09	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2011-09-08 17:09 . 2011-09-08 17:09	8723456	----a-w-	c:\windows\system32\aticaldd64.dll
2011-09-08 17:08 . 2010-03-03 03:24	4064768	----a-w-	c:\windows\SysWow64\atiumdva.dll
2011-09-08 17:05 . 2011-09-08 17:05	7331840	----a-w-	c:\windows\SysWow64\aticaldd.dll
2011-09-08 17:05 . 2010-03-03 03:46	4289024	----a-w-	c:\windows\SysWow64\atiumdag.dll
2011-09-08 17:00 . 2011-09-08 17:00	5428736	----a-w-	c:\windows\system32\atiumd64.dll
2011-09-08 16:59 . 2010-03-03 03:23	58880	----a-w-	c:\windows\system32\coinst.dll
2011-09-08 16:53 . 2011-09-08 16:53	381952	----a-w-	c:\windows\system32\atiadlxx.dll
2011-09-08 16:53 . 2011-09-08 16:53	270336	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2011-09-08 16:52 . 2011-09-08 16:52	15360	----a-w-	c:\windows\system32\atig6pxx.dll
2011-09-08 16:52 . 2011-09-08 16:52	13312	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52	13312	----a-w-	c:\windows\system32\atiglpxx.dll
2011-09-08 16:52 . 2011-09-08 16:52	39936	----a-w-	c:\windows\system32\atig6txx.dll
2011-09-08 16:52 . 2011-09-08 16:52	32768	----a-w-	c:\windows\SysWow64\atigktxx.dll
2011-09-08 16:52 . 2011-09-08 16:52	310784	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2011-09-08 16:52 . 2010-03-03 03:06	40960	----a-w-	c:\windows\system32\atiuxp64.dll
2011-09-08 16:51 . 2011-09-08 16:51	31744	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2011-09-08 16:51 . 2011-09-08 16:51	38912	----a-w-	c:\windows\system32\atiu9p64.dll
2011-09-08 16:51 . 2010-03-03 03:06	29184	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2011-09-08 16:51 . 2011-09-08 16:51	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2011-09-08 16:51 . 2011-09-08 16:51	54784	----a-w-	c:\windows\system32\atimpc64.dll
2011-09-08 16:51 . 2011-09-08 16:51	54784	----a-w-	c:\windows\system32\amdpcom64.dll
2011-09-08 16:50 . 2011-09-08 16:50	53760	----a-w-	c:\windows\SysWow64\atimpc32.dll
2011-09-08 16:50 . 2011-09-08 16:50	53760	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2011-09-08 05:27 . 2011-09-08 05:27	49152	----a-r-	c:\users\User\AppData\Roaming\Microsoft\Installer\{3B11379A-9196-4228-981A-BB255E13109E}\NewShortcut1_29B2294D06B14A06AB493E8234734B3B.exe
2011-09-02 06:30 . 2011-09-02 06:30	55064	----a-w-	c:\windows\system32\LMouFiltCoInst.dll
2011-09-02 06:30 . 2011-09-02 06:30	60696	----a-w-	c:\windows\system32\drivers\LMouFilt.Sys
2011-09-02 06:30 . 2011-09-02 06:30	1845528	----a-w-	c:\windows\system32\LkmdfCoInst.dll
2011-09-02 06:30 . 2011-09-02 06:30	66840	----a-w-	c:\windows\system32\drivers\LHidFilt.Sys
2011-08-31 17:12 . 2002-01-17 02:06	1698408	----a-w-	c:\windows\RtlExUpd.dll
2011-08-30 15:28 . 2011-09-21 08:28	3069032	----a-w-	c:\windows\system32\drivers\RTKVHD64.sys
2011-08-30 14:41 . 2011-09-21 08:28	1501696	----a-w-	c:\windows\system32\RCoRes64.dat
2011-08-30 11:37 . 2011-09-21 08:28	2518632	----a-w-	c:\windows\system32\RtPgEx64.dll
2011-08-24 11:30 . 2011-09-21 08:28	3201128	----a-w-	c:\windows\system32\RtkAPO64.dll
2011-08-23 15:00 . 2011-09-21 08:28	603984	----a-w-	c:\windows\system32\KAAPORT64.dll
2011-08-23 10:06 . 2011-09-21 08:28	97896	----a-w-	c:\windows\system32\RCoInst64.dll
2011-08-19 12:54 . 2011-09-21 08:28	1881704	----a-w-	c:\windows\system32\RtkApi64.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-04 281768]
"StartCCC"="d:\ati\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"EMSTOQkqCSJFM.exe"=c:\programdata\EMSTOQkqCSJFM.exe
.
R1 ebltmaas;ebltmaas;c:\windows\system32\drivers\ebltmaas.sys [x]
R1 itbkknre;itbkknre;c:\windows\system32\drivers\itbkknre.sys [x]
R1 mdehqriy;mdehqriy;c:\windows\system32\drivers\mdehqriy.sys [x]
R1 munccreo;munccreo;c:\windows\system32\drivers\munccreo.sys [x]
R1 ofjfhbyw;ofjfhbyw;c:\windows\system32\drivers\ofjfhbyw.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 136176]
R2 OMSI download service;Sony Ericsson OMSI download service;d:\sony ericsson pc suite\SupServ.exe [2009-04-30 90112]
R3 dump_wmimmc;dump_wmimmc;d:\rappelz\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 136176]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [x]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [x]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [x]
R3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\DRIVERS\s1029bus.sys [x]
R3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1029mdfl.sys [x]
R3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1029mdm.sys [x]
R3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1029mgmt.sys [x]
R3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1029nd5.sys [x]
R3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1029obex.sys [x]
R3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1029unic.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-04 135336]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-11-01 2072896]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-31 11856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - TUNEUPUTILITIESDRV
*Deregistered* - NisDrv
*Deregistered* - PCTSDInjDriver64
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 16:15]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-04 16:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 134416]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=100607&mntrId=fce321e700000000000090e6babb5a06
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\wyfk3u7a.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.Facebook.com
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=fce321e700000000000090e6babb5a06&tlver=1.4.31.6&instlRef=sst&&q=
FF - prefs.js: network.proxy.ftp - 64.85.167.155
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.http - 64.85.167.155
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 64.85.167.155
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 64.85.167.155
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-FoxTab Audio Converter - c:\program files (x86)\FoxTabAudioConverter\Uninstall\Uninstall.exe
AddRemove-PhotoFiltre - d:\photofiltre\Uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2319240022-3882638533-3402307709-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:52,aa,73,e4,fe,66,66,c4,5f,7a,9f,08,41,ee,29,19,a6,b3,b2,f0,68,28,38,
   4d,32,7e,4e,ef,98,48,31,08,7a,6f,7e,46,3a,b3,b1,dc,ef,83,e7,8a,d2,5e,09,f8,\
"??"=hex:98,5b,4d,fb,d2,58,93,ad,72,99,b2,f1,04,08,34,36
.
[HKEY_USERS\S-1-5-21-2319240022-3882638533-3402307709-1000\Software\SecuROM\License information*]
"datasecu"=hex:51,b3,9d,36,16,ed,17,90,28,1e,2a,92,a4,32,d9,84,41,78,3a,24,0a,
   6a,75,7c,e2,51,9a,7d,5e,3e,df,56,07,4c,33,e2,95,45,28,db,69,0e,9b,55,e7,65,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-11-07  13:19:18
ComboFix-quarantined-files.txt  2011-11-07 12:19
.
Vor Suchlauf: 11 Verzeichnis(se), 32.158.367.744 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 31.825.002.496 Bytes frei
.
- - End Of File - - CD67F05D9FA675F660E1ABC6F3B4B8D8

--- --- ---

markusg · 07.11.2011, 13:25

öffne computer, c: qoobox, rechtsklick quarantain, mit winrar zip oder nem andern pack programm packen und nach anleitung hochladen.
http://www.trojaner-board.de/54791-a...ner-board.html

Apxzor · 07.11.2011, 13:36

gut ich hoffe ich habe es nach anleitung richtig hochgeladen

Apxzor · 07.11.2011, 13:42

werde heute abend wieder on sein hoffe so um kurz nach halb 11 muss zur arbeit bis heut abend

markusg · 07.11.2011, 15:28

malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Apxzor · 07.11.2011, 23:24

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8110

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

07.11.2011 23:23:56
mbam-log-2011-11-07 (23-23-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 378930
Laufzeit: 34 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Qoobox\quarantine\C\programdata\6dss92c31apgjk.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\programdata\emstoqkqcsjfm.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\User\AppData\LocalLow\Sun\Java\deployment\cache\6.0\36\61f53824-7a5d6e45 (Trojan.Inject.adb) -> Quarantined and deleted successfully.
c:\Users\User\Desktop\quarantine\C\programdata\6dss92c31apgjk.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\User\Desktop\quarantine\C\programdata\emstoqkqcsjfm.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Apxzor · 08.11.2011, 12:09

also ich habe grade nochmal meinen pc durchsucht und in der programmData befinden sich noch die viren obwohl Malwarebytes die gelöscht hat. ist das normal?

markusg · 08.11.2011, 12:13

malwarebytes hat nur funde im qoobox ordner.
poste mir ein neues otl log

07.11.2011, 12:45	#3
markusg /// Malware-holic	$Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ - Standard$ Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ lade unhide: http://filepony.de/download-unhide/ doppelklicken, dateien werden sichtbar __________________ __________________

Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\

Log-Analyse und Auswertung: Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\