Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner , Windows Vista

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Alt 10.01.2013, 23:51   #1
GVU Trojaner , Windows Vista - Standard

GVU Trojaner , Windows Vista

Hallo liebes Trojaner-Board Forum.

Mein Sohn hat sich soeben den GVU Virus eingefangen , nach eigenen Aussagen kam der wohl vom Flashplayer aus rein. Habe in den letzten 2 Stunden dieses Forum durchstöbert nach Lösungen und möchte mich jetzt auch an die Lösung des Problems geben. der abgesicherte Modus mit Netzwerktreibern hat nicht funktioniert desshalb habe ich das ganze über ne CD Booten lassen , sodass ich nun auf dem reatogo.x.pe Desktop bin hier mein Scanbericht :OTL Logfile:
OTL logfile created on: 1/11/2013 12:02:47 AM - Run 
OTLPE by OldTimer - Version     Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files (x86)
Drive C: | 15.27 Gb Total Space | 2.15 Gb Free Space | 14.11% Space Free | Partition Type: NTFS
Drive H: | 916.24 Gb Total Space | 539.77 Gb Free Space | 58.91% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/09/28 08:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto] -- H:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/09/27 20:38:16 | 000,239,616 | ---- | M] (AMD) [Auto] -- H:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/09 18:40:10 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- H:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/20 12:46:26 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand] -- H:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/11/09 05:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- H:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/08/12 20:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- H:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012/02/13 21:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- H:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/11 14:58:08 | 000,066,872 | ---- | M] () [Auto] -- H:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/06/06 05:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- H:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/04 05:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto] -- H:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/09/27 21:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/27 20:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/08/24 08:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- H:\Windows\System32\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/23 18:37:02 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand] -- H:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/07/25 20:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- H:\Windows\System32\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/04/18 21:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- H:\Windows\System32\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/09 03:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto] -- H:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012/01/30 21:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- H:\Windows\System32\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 06:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- H:\Windows\System32\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 06:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- H:\Windows\System32\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 06:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- H:\Windows\System32\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2010/02/18 02:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- H:\Windows\System32\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV:64bit: - [2009/04/22 06:46:06 | 003,552,384 | ---- | M] () [Kernel | On_Demand] -- H:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/02/08 15:43:10 | 000,111,104 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\hxctlflt.sys -- (hxctlflt)
DRV:64bit: - [2009/02/02 13:59:18 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand] -- H:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:64bit: - [2006/10/09 21:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- H:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Pavilion&pf=cndt
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Pavilion&pf=cndt
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1cfd0b3c-af73-48e6-9340-4cc6527aaadf&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1cfd0b3c-af73-48e6-9340-4cc6527aaadf&affid=111585&searchtype=hp&babsrc=lnkry_nt
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 49 4D EC C0 27 CC 01  [binary data]
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1cfd0b3c-af73-48e6-9340-4cc6527aaadf&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1cfd0b3c-af73-48e6-9340-4cc6527aaadf&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Admin_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1cfd0b3c-af73-48e6-9340-4cc6527aaadf&affid=111585&searchtype=hp&babsrc=lnkry"
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\System32\Macromed\Flash\NPSWF64_11_5_502_146.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: H:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: H:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: H:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: H:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: H:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: H:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: H:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: H:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Users\Admin\AppData\Local\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Users\Admin\AppData\Local\Google\Update\\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: H:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: H:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/11 04:52:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/03 19:42:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 07:03:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/04 13:33:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/04 17:42:42 | 000,000,000 | ---D | M]
[2011/06/12 10:40:16 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2012/11/09 21:08:00 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cy2b21kg.default\extensions
[2012/03/18 08:05:48 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- H:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cy2b21kg.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2012/02/25 17:56:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- H:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cy2b21kg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/02/02 08:08:22 | 000,001,056 | ---- | M] () -- H:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cy2b21kg.default\searchplugins\icqplugin.xml
[2011/06/12 10:40:04 | 000,002,501 | ---- | M] () -- H:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cy2b21kg.default\searchplugins\SearchResults.xml
[2012/08/23 18:41:21 | 000,002,474 | ---- | M] () -- H:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cy2b21kg.default\searchplugins\Web Search.xml
[2012/04/11 09:33:47 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/29 12:16:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/05/18 17:03:47 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/04/11 09:33:47 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
File not found (No name found) -- 
[2012/01/29 11:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- H:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/29 09:02:49 | 000,001,392 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/29 08:50:55 | 000,002,252 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/29 09:02:49 | 000,001,153 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/29 09:02:49 | 000,006,805 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/06/12 10:40:04 | 000,002,501 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012/01/29 09:02:49 | 000,001,178 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/29 09:02:49 | 000,001,105 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - H:\Windows\System32\drivers\etc\hosts
O1 - Hosts:       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - H:\Users\Admin\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - H:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - H:\Users\Admin\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - H:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - H:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [SmartMenu] H:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] H:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVG_TRAY] H:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DATAMNGR] H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [DivXUpdate] H:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DVDAgent] H:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] H:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] H:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] H:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\Admin_ON_H..\Run: [DAEMON Tools Lite] H:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Admin_ON_H..\Run: [OutlookOnDesktop] H:\Program Files (x86)\Outlook on the Desktop\OutlookDesktop.exe (SMR Computer Services)
O4 - HKU\Admin_ON_H..\Run: [RGSC]  File not found
O4 - HKU\Admin_ON_H..\Run: [Steam] H:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\Admin_ON_H..\Run: [WMPNSCFG]  File not found
O4 - HKU\LocalService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_H..\Run: [WindowsWelcomeCenter] H:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_H..\Run: [WindowsWelcomeCenter] H:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - Startup: H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O4 - Startup: H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = H:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - H:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - H:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - H:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - H:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} -  File not found
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} -  File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - H:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - .DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - Admin_ON_H\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - Admin_ON_H\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - Admin_ON_H\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - Admin_ON_H\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - LocalService_ON_H\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - LocalService_ON_H\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - LocalService_ON_H\..Trusted Domains: soe.com ([]* in )
O15:64bit: - LocalService_ON_H\..Trusted Domains: sony.com ([]* in )
O15:64bit: - NetworkService_ON_H\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - NetworkService_ON_H\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - NetworkService_ON_H\..Trusted Domains: soe.com ([]* in )
O15:64bit: - NetworkService_ON_H\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/ (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll) - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll) - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\datamngr.dll) - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\iebho.dll) - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat ()
O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat ()
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{054774f1-6b55-11e0-a707-00261864bceb}\Shell - "" = AutoRun
O33 - MountPoints2\{054774f1-6b55-11e0-a707-00261864bceb}\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\{054774f1-6b55-11e0-a707-00261864bceb}\Shell\directx\command - "" = J:\DirectX9\dxsetup.exe
O33 - MountPoints2\{054774f1-6b55-11e0-a707-00261864bceb}\Shell\setup\command - "" = J:\setup.exe
O33 - MountPoints2\{7bce3397-45a5-11e1-825c-00261864bceb}\Shell - "" = AutoRun
O33 - MountPoints2\{7bce3397-45a5-11e1-825c-00261864bceb}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) - H:\Program Files (x86)\AVG\AVG2012\avgrsa.exe (AVG Technologies CZ, s.r.o.)
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/01/09 12:14:36 | 000,253,952 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ncrypt.dll
[2013/01/09 12:14:36 | 000,204,288 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ncrypt.dll
[2013/01/09 12:13:57 | 000,456,192 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\shlwapi.dll
[2013/01/01 09:07:12 | 000,000,000 | -HSD | C] -- H:\found.003
[2012/12/28 04:40:44 | 000,000,000 | ---D | C] -- H:\Users\Admin\Documents\Bioshock
[2012/12/28 04:40:44 | 000,000,000 | ---D | C] -- H:\Users\Admin\AppData\Roaming\Bioshock
[2012/12/28 04:11:56 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\2K Games
[2012/12/28 04:11:29 | 000,000,000 | ---D | C] -- H:\Users\Admin\AppData\Roaming\InstallShield
[2012/12/28 03:59:24 | 000,000,000 | ---D | C] -- H:\ProgramData\Media Center Programs
[2012/12/28 03:55:20 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- H:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/12/24 20:59:50 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/12/21 06:55:19 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- H:\Windows\System32\atmfd.dll
[2012/12/21 06:55:19 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\atmfd.dll
[2012/12/21 06:55:19 | 000,048,128 | ---- | C] (Adobe Systems) -- H:\Windows\System32\atmlib.dll
[2012/12/21 06:55:19 | 000,034,304 | ---- | C] (Adobe Systems) -- H:\Windows\SysWow64\atmlib.dll
[2012/12/15 07:01:16 | 000,000,000 | ---D | C] -- H:\Users\Admin\Documents\4A Games
[2012/12/15 06:59:46 | 000,000,000 | ---D | C] -- H:\Users\Admin\AppData\Local\4A Games
[2012/12/15 06:41:00 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\NVIDIA Corporation
[2012/12/15 06:39:51 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/12/12 15:50:27 | 000,054,376 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\WdfLdr.sys
[2012/12/12 15:50:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\Wdfres.dll
[2012/12/12 15:50:11 | 000,020,480 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\winusb.dll
[2012/12/12 15:50:07 | 000,194,048 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFPlatform.dll
[2012/12/12 15:50:05 | 000,744,448 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFx.dll
[2012/12/12 15:50:05 | 000,229,888 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFHost.exe
[2012/12/12 15:50:05 | 000,045,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFCoinstaller.dll
[2012/12/12 15:48:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtmled.dll
[2012/12/12 15:48:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\mshtmled.dll
[2012/12/12 15:48:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieui.dll
[2012/12/12 15:48:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ieui.dll
[2012/12/12 15:48:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieUnatt.exe
[2012/12/12 15:48:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ieUnatt.exe
[2012/12/12 15:48:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\url.dll
[2012/12/12 15:48:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\url.dll
[2012/12/12 15:48:07 | 002,312,704 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript9.dll
[2012/12/12 15:48:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\inetcpl.cpl
[2012/12/12 15:48:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\inetcpl.cpl
[2012/12/12 15:48:07 | 000,729,088 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeeds.dll
[2012/12/12 15:48:06 | 000,607,744 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\msfeeds.dll
[2012/12/12 15:48:05 | 001,800,704 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\jscript9.dll
[2012/12/12 15:48:05 | 000,816,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript.dll
[2012/12/12 15:48:05 | 000,717,824 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\jscript.dll
[2012/12/12 15:48:05 | 000,599,040 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\vbscript.dll
[2012/12/12 11:46:43 | 001,210,368 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\kernel32.dll
[2012/12/12 11:46:34 | 000,477,696 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dpnet.dll
[2012/12/12 11:46:34 | 000,376,320 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\dpnet.dll
[2012/12/12 11:46:34 | 000,068,096 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dpnathlp.dll
[2012/12/12 11:46:34 | 000,026,112 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dpnsvr.exe
[2012/12/12 11:46:34 | 000,023,040 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\dpnsvr.exe
[1 H:\Windows\*.tmp files -> H:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/01/10 16:04:11 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat
[2013/01/10 16:03:59 | 095,023,320 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/10 15:58:24 | 000,003,616 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 15:58:24 | 000,003,616 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 14:56:36 | 000,027,520 | ---- | M] () -- H:\Users\Admin\AppData\Local\dt.dat
[2013/01/10 14:55:04 | 000,002,890 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/10 14:55:04 | 000,000,886 | ---- | M] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/10 14:55:04 | 000,000,159 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.reg
[2013/01/10 14:55:04 | 000,000,066 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.bat
[2013/01/10 14:39:00 | 000,000,884 | ---- | M] () -- H:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/10 14:06:04 | 000,001,120 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-643971038-549652700-609112441-1000UA.job
[2013/01/10 13:21:30 | 105,642,360 | ---- | M] () -- H:\Windows\System32\drivers\AVG\incavi.avm
[2013/01/10 13:16:55 | 000,015,640 | ---- | M] () -- H:\Users\Admin\AppData\Local\d3d9caps.dat
[2013/01/09 18:40:10 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/09 18:40:10 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/09 14:49:24 | 000,398,320 | ---- | M] () -- H:\Windows\System32\FNTCACHE.DAT
[2013/01/09 12:54:33 | 001,538,358 | ---- | M] () -- H:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/09 12:54:33 | 000,671,212 | ---- | M] () -- H:\Windows\System32\perfh007.dat
[2013/01/09 12:54:33 | 000,631,942 | ---- | M] () -- H:\Windows\System32\perfh009.dat
[2013/01/09 12:54:33 | 000,144,380 | ---- | M] () -- H:\Windows\System32\perfc007.dat
[2013/01/09 12:54:33 | 000,118,568 | ---- | M] () -- H:\Windows\System32\perfc009.dat
[2013/01/08 02:14:46 | 009,290,588 | ---- | M] () -- H:\Users\Admin\Desktop\K.I.Z. - Hurensohn Episode 1 (lyrics) HQ.mp3
[2013/01/08 02:12:51 | 013,464,312 | ---- | M] () -- H:\Users\Admin\Desktop\London Elektricity - Just One Second.mp3
[2013/01/03 21:06:00 | 000,001,068 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-643971038-549652700-609112441-1000Core.job
[2013/01/01 11:33:12 | 000,687,953 | ---- | M] () -- H:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/12/29 19:32:37 | 000,002,090 | ---- | M] () -- H:\Users\Public\Desktop\BioShock.lnk
[2012/12/28 03:55:20 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- H:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/12/27 06:50:51 | 000,000,953 | ---- | M] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/12/24 20:59:50 | 000,000,772 | ---- | M] () -- H:\Users\Public\Desktop\CCleaner.lnk
[2012/12/24 20:59:50 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/12/17 09:49:28 | 000,002,285 | ---- | M] () -- H:\Users\Admin\Desktop\jschlaeg 17-12-2012.zip
[2012/12/17 08:57:47 | 000,029,202 | ---- | M] () -- H:\Users\Admin\Desktop\jschlaeg.pdf
[2012/12/16 08:31:20 | 000,048,128 | ---- | M] (Adobe Systems) -- H:\Windows\System32\atmlib.dll
[2012/12/16 08:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- H:\Windows\SysWow64\atmlib.dll
[2012/12/16 06:08:21 | 000,368,128 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\System32\atmfd.dll
[2012/12/16 05:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\atmfd.dll
[1 H:\Windows\*.tmp files -> H:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/01/10 14:56:36 | 000,027,520 | ---- | C] () -- H:\Users\Admin\AppData\Local\dt.dat
[2013/01/10 14:55:04 | 000,002,890 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/10 14:55:04 | 000,000,886 | ---- | C] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/10 14:55:04 | 000,000,159 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.reg
[2013/01/10 14:55:04 | 000,000,066 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.bat
[2013/01/10 14:54:50 | 095,023,320 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/08 02:14:22 | 009,290,588 | ---- | C] () -- H:\Users\Admin\Desktop\K.I.Z. - Hurensohn Episode 1 (lyrics) HQ.mp3
[2013/01/08 02:12:34 | 013,464,312 | ---- | C] () -- H:\Users\Admin\Desktop\London Elektricity - Just One Second.mp3
[2013/01/08 02:01:07 | 000,398,320 | ---- | C] () -- H:\Windows\System32\FNTCACHE.DAT
[2012/12/29 19:32:37 | 000,002,090 | ---- | C] () -- H:\Users\Public\Desktop\BioShock.lnk
[2012/12/17 09:49:24 | 000,002,285 | ---- | C] () -- H:\Users\Admin\Desktop\jschlaeg 17-12-2012.zip
[2012/12/17 08:57:45 | 000,029,202 | ---- | C] () -- H:\Users\Admin\Desktop\jschlaeg.pdf
[2012/12/12 15:50:52 | 000,000,003 | ---- | C] () -- H:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/12 15:50:52 | 000,000,003 | ---- | C] () -- H:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/10/13 12:18:52 | 000,021,840 | ---- | C] () -- H:\Windows\SysWow64\SIntfNT.dll
[2012/10/13 12:18:52 | 000,017,212 | ---- | C] () -- H:\Windows\SysWow64\SIntf32.dll
[2012/10/13 12:18:52 | 000,012,067 | ---- | C] () -- H:\Windows\SysWow64\SIntf16.dll
[2012/07/11 07:55:54 | 000,098,344 | ---- | C] () -- H:\Windows\unTMV.exe
[2012/04/17 06:03:52 | 000,000,000 | ---- | C] () -- H:\Windows\ativpsrm.bin
[2012/04/16 09:48:56 | 000,000,732 | ---- | C] () -- H:\Users\Admin\AppData\Local\d3d9caps64.dat
[2011/12/22 18:57:33 | 001,538,358 | ---- | C] () -- H:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/06 15:24:59 | 000,237,568 | ---- | C] () -- H:\Windows\SysWow64\lame_enc.dll
[2011/12/06 15:24:59 | 000,110,080 | ---- | C] () -- H:\Windows\SysWow64\advd.dll
[2011/12/06 15:24:59 | 000,023,040 | ---- | C] () -- H:\Windows\SysWow64\auth.dll
[2011/10/14 18:54:52 | 000,321,856 | ---- | C] () -- H:\Windows\SysWow64\nvStreaming.exe
[2011/09/28 10:44:14 | 000,179,271 | ---- | C] () -- H:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- H:\Windows\SysWow64\atipblag.dat
[2011/06/11 14:58:13 | 000,202,040 | ---- | C] () -- H:\Windows\SysWow64\PnkBstrB.exe
[2011/06/11 14:58:08 | 000,066,872 | ---- | C] () -- H:\Windows\SysWow64\PnkBstrA.exe
[2011/04/19 16:29:55 | 000,000,026 | ---- | C] () -- H:\Windows\NeoSetup.INI
[2011/03/29 07:17:22 | 000,000,056 | -H-- | C] () -- H:\Windows\SysWow64\ezsidmv.dat
[2011/03/24 10:26:29 | 000,117,248 | ---- | C] () -- H:\Windows\SysWow64\EhStorAuthn.dll
[2011/03/24 10:25:20 | 000,107,612 | ---- | C] () -- H:\Windows\SysWow64\StructuredQuerySchema.bin
[2011/03/24 10:24:23 | 000,368,640 | ---- | C] () -- H:\Windows\SysWow64\msjetoledb40.dll
[2011/03/23 11:24:57 | 000,009,728 | ---- | C] () -- H:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/23 04:23:17 | 000,015,640 | ---- | C] () -- H:\Users\Admin\AppData\Local\d3d9caps.dat
[2009/08/03 21:26:11 | 000,018,904 | ---- | C] () -- H:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/08/03 13:34:59 | 000,009,636 | ---- | C] () -- H:\Windows\SysWow64\ezdigsgn.dat
[2009/08/03 12:42:16 | 000,354,816 | ---- | C] () -- H:\Windows\SysWow64\pythoncom26.dll
[2009/08/03 12:42:16 | 000,108,032 | ---- | C] () -- H:\Windows\SysWow64\pywintypes26.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- H:\Windows\SysWow64\tcpmon.ini
[2007/04/27 03:43:58 | 000,120,200 | ---- | C] () -- H:\Windows\SysWow64\DLLDEV32i.dll
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- H:\Windows\bootstat.dat
[2006/11/02 10:02:31 | 000,197,632 | ---- | C] () -- H:\Windows\SysWow64\ir32_32.dll
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- H:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- H:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- H:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- H:\Windows\mib.bin
[2006/05/19 02:39:58 | 000,015,497 | ---- | C] () -- H:\Windows\snp2uvc.ini
========== LOP Check ==========
[2012/10/27 11:59:57 | 000,000,000 | ---D | M] -- H:\ProgramData\AMD
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Anwendungsdaten
[2012/02/04 08:31:00 | 000,000,000 | ---D | M] -- H:\ProgramData\AVG2012
[2012/09/23 12:51:09 | 000,000,000 | ---D | M] -- H:\ProgramData\boost_interprocess
[2011/12/12 09:05:50 | 000,000,000 | ---D | M] -- H:\ProgramData\CBL-Electronics
[2011/03/23 13:29:09 | 000,000,000 | -H-D | M] -- H:\ProgramData\Common Files
[2012/08/23 18:44:35 | 000,000,000 | ---D | M] -- H:\ProgramData\DAEMON Tools Lite
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Desktop
[2012/05/06 14:48:08 | 000,000,000 | ---D | M] -- H:\ProgramData\DFX
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Dokumente
[2011/08/30 15:09:09 | 000,000,000 | ---D | M] -- H:\ProgramData\Easybits GO
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favoriten
[2011/04/01 17:20:28 | 000,000,000 | ---D | M] -- H:\ProgramData\ICQ
[2011/03/23 14:49:31 | 000,000,000 | ---D | M] -- H:\ProgramData\Last.fm
[2011/12/24 07:50:54 | 000,000,000 | ---D | M] -- H:\ProgramData\MAGIX
[2013/01/10 13:23:01 | 000,000,000 | ---D | M] -- H:\ProgramData\MFAData
[2009/08/03 13:04:02 | 000,000,000 | ---D | M] -- H:\ProgramData\PC-Doctor for Windows
[2013/01/08 17:13:30 | 000,000,000 | ---D | M] -- H:\ProgramData\PMB Files
[2012/04/26 19:37:30 | 000,000,000 | ---D | M] -- H:\ProgramData\PWD
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Startmenü
[2009/08/03 13:17:18 | 000,000,000 | ---D | M] -- H:\ProgramData\Temp
[2011/03/30 08:46:06 | 000,000,000 | ---D | M] -- H:\ProgramData\TrackMania
[2012/05/22 07:24:26 | 000,000,000 | ---D | M] -- H:\ProgramData\TuneUp Software
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Vorlagen
[2011/04/13 16:12:48 | 000,000,000 | ---D | M] -- H:\ProgramData\WildTangent
[2012/05/22 07:24:03 | 000,000,000 | -HSD | M] -- H:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011/11/30 08:41:30 | 000,000,552 | ---- | M] () -- H:\Windows\Tasks\PCDRScheduledMaintenance.job
[2013/01/10 15:45:56 | 000,032,534 | ---- | M] () -- H:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
--- --- ---

Geändert von Stormiex (11.01.2013 um 00:20 Uhr) Grund: Wegen des Scan Berichtes

Alt 11.01.2013, 00:25   #2
/// Malware-holic
GVU Trojaner , Windows Vista - Standard

GVU Trojaner , Windows Vista

meist kommen solche infektionen von illegalen Streamingseiten wie Kinox.to
Auch Pornoseiten sind möglich, bzw gehackte Pages.
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
O20:64bit: - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat ()
O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat ()
[2013/01/10 14:55:04 | 000,002,890 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/10 14:55:04 | 000,000,886 | ---- | C] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/10 14:55:04 | 000,000,159 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.reg
[2013/01/10 14:55:04 | 000,000,066 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.bat
[2013/01/10 14:54:50 | 095,023,320 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.pad
- H:\ProgramData\dsgsdgdsgdsgw.bat

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.
falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus


Alt 11.01.2013, 00:44   #3
GVU Trojaner , Windows Vista - Standard

GVU Trojaner , Windows Vista

Zitat von markusg Beitrag anzeigen
meist kommen solche infektionen von illegalen Streamingseiten wie Kinox.to
Auch Pornoseiten sind möglich, bzw gehackte Pages.
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
O20:64bit: - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat ()
O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat ()
[2013/01/10 14:55:04 | 000,002,890 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/10 14:55:04 | 000,000,886 | ---- | C] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/10 14:55:04 | 000,000,159 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.reg
[2013/01/10 14:55:04 | 000,000,066 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.bat
[2013/01/10 14:54:50 | 095,023,320 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.pad
- H:\ProgramData\dsgsdgdsgdsgw.bat

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.
falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
Könntest du mir bitte den Post linken habe ihn nach durchsuchen des Forums irgendwie nicht gefunden , tut mir jetzt schon Leid aber ich bin ein wenig langsamer. Ich bitte um Verständnis. Vielen Dank

Alt 11.01.2013, 00:46   #4
/// Malware-holic
GVU Trojaner , Windows Vista - Standard

GVU Trojaner , Windows Vista

1. reicht es, passagen eines posts zu zietieren, wenn man ne Frage hatt, dass macht die sache kürzer :-)
2. einfach die otl cd starten wie vorhin und den fix ausführen.
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
Mails bitte vorerst nach obiger Anleitung an
Wenn Ihr uns unterstützen möchtet

Alt 11.01.2013, 01:17   #5
GVU Trojaner , Windows Vista - Standard

GVU Trojaner , Windows Vista

Zitat von markusg Beitrag anzeigen
1. reicht es, passagen eines posts zu zietieren, wenn man ne Frage hatt, dass macht die sache kürzer :-)
2. einfach die otl cd starten wie vorhin und den fix ausführen.

nach dem einbinden ist mein OTLPE aber Tod . Heisst es funktioniert nichts mehr ausser das schließen des Fensters, so langsam glaube ich hab ein echtes Problem .

Okay hat sich eledigt Bericht kommt sofort.

So, ich nochmal.

Hier der Bericht:OTL Logfile:
OTL logfile created on: 1/11/2013 1:28:50 AM - Run 
OTLPE by OldTimer - Version     Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files (x86)
Drive C: | 15.27 Gb Total Space | 2.15 Gb Free Space | 14.11% Space Free | Partition Type: NTFS
Drive H: | 916.24 Gb Total Space | 539.77 Gb Free Space | 58.91% Space Free | Partition Type: NTFS
Drive I: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 14.92 Gb Total Space | 14.83 Gb Free Space | 99.42% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/09/28 08:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto] -- H:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/09/27 20:38:16 | 000,239,616 | ---- | M] (AMD) [Auto] -- H:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/09 18:40:10 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- H:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/20 12:46:26 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand] -- H:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/11/09 05:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- H:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/08/12 20:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- H:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012/02/13 21:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- H:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/11 14:58:08 | 000,066,872 | ---- | M] () [Auto] -- H:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/06/06 05:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- H:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/04 05:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto] -- H:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/09/27 21:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/27 20:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/08/24 08:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- H:\Windows\System32\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/23 18:37:02 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand] -- H:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/07/25 20:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- H:\Windows\System32\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/04/18 21:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- H:\Windows\System32\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/09 03:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto] -- H:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012/01/30 21:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- H:\Windows\System32\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 06:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- H:\Windows\System32\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 06:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- H:\Windows\System32\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 06:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- H:\Windows\System32\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2010/02/18 02:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- H:\Windows\System32\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV:64bit: - [2009/04/22 06:46:06 | 003,552,384 | ---- | M] () [Kernel | On_Demand] -- H:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/02/08 15:43:10 | 000,111,104 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\hxctlflt.sys -- (hxctlflt)
DRV:64bit: - [2009/02/02 13:59:18 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand] -- H:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:64bit: - [2006/10/09 21:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- H:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Pavilion&pf=cndt
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Pavilion&pf=cndt
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1cfd0b3c-af73-48e6-9340-4cc6527aaadf&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 49 4D EC C0 27 CC 01  [binary data]
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1cfd0b3c-af73-48e6-9340-4cc6527aaadf&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1cfd0b3c-af73-48e6-9340-4cc6527aaadf&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Admin_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\System32\Macromed\Flash\NPSWF64_11_5_502_146.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: H:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: H:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: H:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: H:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: H:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: H:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: H:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: H:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/11 04:52:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/03 19:42:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 07:03:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/04 13:33:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/04 17:42:42 | 000,000,000 | ---D | M]
[2012/04/11 09:33:47 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/29 12:16:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/05/18 17:03:47 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/04/11 09:33:47 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/01/29 11:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- H:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/29 09:02:49 | 000,001,392 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/29 08:50:55 | 000,002,252 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/29 09:02:49 | 000,001,153 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/29 09:02:49 | 000,006,805 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/06/12 10:40:04 | 000,002,501 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012/01/29 09:02:49 | 000,001,178 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/29 09:02:49 | 000,001,105 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - H:\Windows\System32\drivers\etc\hosts
O1 - Hosts:       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - H:\Users\Admin\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - H:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - H:\Users\Admin\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - H:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - H:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [SmartMenu] H:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] H:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVG_TRAY] H:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DATAMNGR] H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [DivXUpdate] H:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DVDAgent] H:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] H:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] H:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] H:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\Admin_ON_H..\Run: [DAEMON Tools Lite] H:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Admin_ON_H..\Run: [OutlookOnDesktop] H:\Program Files (x86)\Outlook on the Desktop\OutlookDesktop.exe (SMR Computer Services)
O4 - HKU\Admin_ON_H..\Run: [RGSC]  File not found
O4 - HKU\Admin_ON_H..\Run: [Steam] H:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\Admin_ON_H..\Run: [WMPNSCFG]  File not found
O4 - HKU\LocalService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_H..\Run: [WindowsWelcomeCenter] H:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_H..\Run: [WindowsWelcomeCenter] H:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - H:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - H:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} -  File not found
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} -  File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - H:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - .DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - Admin_ON_H\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - Admin_ON_H\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - Admin_ON_H\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - Admin_ON_H\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - LocalService_ON_H\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - LocalService_ON_H\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - LocalService_ON_H\..Trusted Domains: soe.com ([]* in )
O15:64bit: - LocalService_ON_H\..Trusted Domains: sony.com ([]* in )
O15:64bit: - NetworkService_ON_H\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - NetworkService_ON_H\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - NetworkService_ON_H\..Trusted Domains: soe.com ([]* in )
O15:64bit: - NetworkService_ON_H\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/ (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll) - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll) - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\datamngr.dll) - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\iebho.dll) - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat ()
O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat ()
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) - H:\Program Files (x86)\AVG\AVG2012\avgrsa.exe (AVG Technologies CZ, s.r.o.)
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/01/09 12:14:36 | 000,253,952 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ncrypt.dll
[2013/01/09 12:14:36 | 000,204,288 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ncrypt.dll
[2013/01/09 12:13:57 | 000,456,192 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\shlwapi.dll
[2013/01/01 09:07:12 | 000,000,000 | -HSD | C] -- H:\found.003
[2012/12/28 04:40:44 | 000,000,000 | ---D | C] -- H:\Users\Admin\Documents\Bioshock
[2012/12/28 04:40:44 | 000,000,000 | ---D | C] -- H:\Users\Admin\AppData\Roaming\Bioshock
[2012/12/28 04:11:56 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\2K Games
[2012/12/28 04:11:29 | 000,000,000 | ---D | C] -- H:\Users\Admin\AppData\Roaming\InstallShield
[2012/12/28 03:59:24 | 000,000,000 | ---D | C] -- H:\ProgramData\Media Center Programs
[2012/12/28 03:55:20 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- H:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/12/24 20:59:50 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/12/21 06:55:19 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- H:\Windows\System32\atmfd.dll
[2012/12/21 06:55:19 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\atmfd.dll
[2012/12/21 06:55:19 | 000,048,128 | ---- | C] (Adobe Systems) -- H:\Windows\System32\atmlib.dll
[2012/12/21 06:55:19 | 000,034,304 | ---- | C] (Adobe Systems) -- H:\Windows\SysWow64\atmlib.dll
[2012/12/15 07:01:16 | 000,000,000 | ---D | C] -- H:\Users\Admin\Documents\4A Games
[2012/12/15 06:59:46 | 000,000,000 | ---D | C] -- H:\Users\Admin\AppData\Local\4A Games
[2012/12/15 06:41:00 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\NVIDIA Corporation
[2012/12/15 06:39:51 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/12/12 15:50:27 | 000,054,376 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\WdfLdr.sys
[2012/12/12 15:50:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\Wdfres.dll
[2012/12/12 15:50:11 | 000,020,480 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\winusb.dll
[2012/12/12 15:50:07 | 000,194,048 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFPlatform.dll
[2012/12/12 15:50:05 | 000,744,448 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFx.dll
[2012/12/12 15:50:05 | 000,229,888 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFHost.exe
[2012/12/12 15:50:05 | 000,045,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFCoinstaller.dll
[2012/12/12 15:48:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtmled.dll
[2012/12/12 15:48:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\mshtmled.dll
[2012/12/12 15:48:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieui.dll
[2012/12/12 15:48:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ieui.dll
[2012/12/12 15:48:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieUnatt.exe
[2012/12/12 15:48:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ieUnatt.exe
[2012/12/12 15:48:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\url.dll
[2012/12/12 15:48:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\url.dll
[2012/12/12 15:48:07 | 002,312,704 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript9.dll
[2012/12/12 15:48:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\inetcpl.cpl
[2012/12/12 15:48:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\inetcpl.cpl
[2012/12/12 15:48:07 | 000,729,088 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeeds.dll
[2012/12/12 15:48:06 | 000,607,744 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\msfeeds.dll
[2012/12/12 15:48:05 | 001,800,704 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\jscript9.dll
[2012/12/12 15:48:05 | 000,816,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript.dll
[2012/12/12 15:48:05 | 000,717,824 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\jscript.dll
[2012/12/12 15:48:05 | 000,599,040 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\vbscript.dll
[2012/12/12 11:46:43 | 001,210,368 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\kernel32.dll
[2012/12/12 11:46:34 | 000,477,696 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dpnet.dll
[2012/12/12 11:46:34 | 000,376,320 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\dpnet.dll
[2012/12/12 11:46:34 | 000,068,096 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dpnathlp.dll
[2012/12/12 11:46:34 | 000,026,112 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dpnsvr.exe
[2012/12/12 11:46:34 | 000,023,040 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\dpnsvr.exe
[1 H:\Windows\*.tmp files -> H:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/01/10 16:04:11 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat
[2013/01/10 16:03:59 | 095,023,320 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/10 15:58:24 | 000,003,616 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 15:58:24 | 000,003,616 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 14:56:36 | 000,027,520 | ---- | M] () -- H:\Users\Admin\AppData\Local\dt.dat
[2013/01/10 14:55:04 | 000,002,890 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/10 14:55:04 | 000,000,886 | ---- | M] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/10 14:55:04 | 000,000,159 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.reg
[2013/01/10 14:55:04 | 000,000,066 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.bat
[2013/01/10 14:39:00 | 000,000,884 | ---- | M] () -- H:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/10 14:06:04 | 000,001,120 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-643971038-549652700-609112441-1000UA.job
[2013/01/10 13:21:30 | 105,642,360 | ---- | M] () -- H:\Windows\System32\drivers\AVG\incavi.avm
[2013/01/10 13:16:55 | 000,015,640 | ---- | M] () -- H:\Users\Admin\AppData\Local\d3d9caps.dat
[2013/01/09 18:40:10 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/09 18:40:10 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/09 14:49:24 | 000,398,320 | ---- | M] () -- H:\Windows\System32\FNTCACHE.DAT
[2013/01/09 12:54:33 | 001,538,358 | ---- | M] () -- H:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/09 12:54:33 | 000,671,212 | ---- | M] () -- H:\Windows\System32\perfh007.dat
[2013/01/09 12:54:33 | 000,631,942 | ---- | M] () -- H:\Windows\System32\perfh009.dat
[2013/01/09 12:54:33 | 000,144,380 | ---- | M] () -- H:\Windows\System32\perfc007.dat
[2013/01/09 12:54:33 | 000,118,568 | ---- | M] () -- H:\Windows\System32\perfc009.dat
[2013/01/08 02:14:46 | 009,290,588 | ---- | M] () -- H:\Users\Admin\Desktop\K.I.Z. - Hurensohn Episode 1 (lyrics) HQ.mp3
[2013/01/08 02:12:51 | 013,464,312 | ---- | M] () -- H:\Users\Admin\Desktop\London Elektricity - Just One Second.mp3
[2013/01/03 21:06:00 | 000,001,068 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-643971038-549652700-609112441-1000Core.job
[2013/01/01 11:33:12 | 000,687,953 | ---- | M] () -- H:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/12/29 19:32:37 | 000,002,090 | ---- | M] () -- H:\Users\Public\Desktop\BioShock.lnk
[2012/12/28 03:55:20 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- H:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/12/27 06:50:51 | 000,000,953 | ---- | M] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/12/24 20:59:50 | 000,000,772 | ---- | M] () -- H:\Users\Public\Desktop\CCleaner.lnk
[2012/12/24 20:59:50 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/12/17 09:49:28 | 000,002,285 | ---- | M] () -- H:\Users\Admin\Desktop\jschlaeg 17-12-2012.zip
[2012/12/17 08:57:47 | 000,029,202 | ---- | M] () -- H:\Users\Admin\Desktop\jschlaeg.pdf
[2012/12/16 08:31:20 | 000,048,128 | ---- | M] (Adobe Systems) -- H:\Windows\System32\atmlib.dll
[2012/12/16 08:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- H:\Windows\SysWow64\atmlib.dll
[2012/12/16 06:08:21 | 000,368,128 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\System32\atmfd.dll
[2012/12/16 05:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\atmfd.dll
[1 H:\Windows\*.tmp files -> H:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/01/10 14:56:36 | 000,027,520 | ---- | C] () -- H:\Users\Admin\AppData\Local\dt.dat
[2013/01/10 14:55:04 | 000,002,890 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/10 14:55:04 | 000,000,886 | ---- | C] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/10 14:55:04 | 000,000,159 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.reg
[2013/01/10 14:55:04 | 000,000,066 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.bat
[2013/01/10 14:54:50 | 095,023,320 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/08 02:14:22 | 009,290,588 | ---- | C] () -- H:\Users\Admin\Desktop\K.I.Z. - Hurensohn Episode 1 (lyrics) HQ.mp3
[2013/01/08 02:12:34 | 013,464,312 | ---- | C] () -- H:\Users\Admin\Desktop\London Elektricity - Just One Second.mp3
[2013/01/08 02:01:07 | 000,398,320 | ---- | C] () -- H:\Windows\System32\FNTCACHE.DAT
[2012/12/29 19:32:37 | 000,002,090 | ---- | C] () -- H:\Users\Public\Desktop\BioShock.lnk
[2012/12/17 09:49:24 | 000,002,285 | ---- | C] () -- H:\Users\Admin\Desktop\jschlaeg 17-12-2012.zip
[2012/12/17 08:57:45 | 000,029,202 | ---- | C] () -- H:\Users\Admin\Desktop\jschlaeg.pdf
[2012/12/12 15:50:52 | 000,000,003 | ---- | C] () -- H:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/12 15:50:52 | 000,000,003 | ---- | C] () -- H:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/10/13 12:18:52 | 000,021,840 | ---- | C] () -- H:\Windows\SysWow64\SIntfNT.dll
[2012/10/13 12:18:52 | 000,017,212 | ---- | C] () -- H:\Windows\SysWow64\SIntf32.dll
[2012/10/13 12:18:52 | 000,012,067 | ---- | C] () -- H:\Windows\SysWow64\SIntf16.dll
[2012/07/11 07:55:54 | 000,098,344 | ---- | C] () -- H:\Windows\unTMV.exe
[2012/04/17 06:03:52 | 000,000,000 | ---- | C] () -- H:\Windows\ativpsrm.bin
[2012/04/16 09:48:56 | 000,000,732 | ---- | C] () -- H:\Users\Admin\AppData\Local\d3d9caps64.dat
[2011/12/22 18:57:33 | 001,538,358 | ---- | C] () -- H:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/06 15:24:59 | 000,237,568 | ---- | C] () -- H:\Windows\SysWow64\lame_enc.dll
[2011/12/06 15:24:59 | 000,110,080 | ---- | C] () -- H:\Windows\SysWow64\advd.dll
[2011/12/06 15:24:59 | 000,023,040 | ---- | C] () -- H:\Windows\SysWow64\auth.dll
[2011/10/14 18:54:52 | 000,321,856 | ---- | C] () -- H:\Windows\SysWow64\nvStreaming.exe
[2011/09/28 10:44:14 | 000,179,271 | ---- | C] () -- H:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- H:\Windows\SysWow64\atipblag.dat
[2011/06/11 14:58:13 | 000,202,040 | ---- | C] () -- H:\Windows\SysWow64\PnkBstrB.exe
[2011/06/11 14:58:08 | 000,066,872 | ---- | C] () -- H:\Windows\SysWow64\PnkBstrA.exe
[2011/04/19 16:29:55 | 000,000,026 | ---- | C] () -- H:\Windows\NeoSetup.INI
[2011/03/29 07:17:22 | 000,000,056 | -H-- | C] () -- H:\Windows\SysWow64\ezsidmv.dat
[2011/03/24 10:26:29 | 000,117,248 | ---- | C] () -- H:\Windows\SysWow64\EhStorAuthn.dll
[2011/03/24 10:25:20 | 000,107,612 | ---- | C] () -- H:\Windows\SysWow64\StructuredQuerySchema.bin
[2011/03/24 10:24:23 | 000,368,640 | ---- | C] () -- H:\Windows\SysWow64\msjetoledb40.dll
[2011/03/23 11:24:57 | 000,009,728 | ---- | C] () -- H:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/23 04:23:17 | 000,015,640 | ---- | C] () -- H:\Users\Admin\AppData\Local\d3d9caps.dat
[2009/08/03 21:26:11 | 000,018,904 | ---- | C] () -- H:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/08/03 13:34:59 | 000,009,636 | ---- | C] () -- H:\Windows\SysWow64\ezdigsgn.dat
[2009/08/03 12:42:16 | 000,354,816 | ---- | C] () -- H:\Windows\SysWow64\pythoncom26.dll
[2009/08/03 12:42:16 | 000,108,032 | ---- | C] () -- H:\Windows\SysWow64\pywintypes26.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- H:\Windows\SysWow64\tcpmon.ini
[2007/04/27 03:43:58 | 000,120,200 | ---- | C] () -- H:\Windows\SysWow64\DLLDEV32i.dll
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- H:\Windows\bootstat.dat
[2006/11/02 10:02:31 | 000,197,632 | ---- | C] () -- H:\Windows\SysWow64\ir32_32.dll
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- H:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- H:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- H:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- H:\Windows\mib.bin
[2006/05/19 02:39:58 | 000,015,497 | ---- | C] () -- H:\Windows\snp2uvc.ini
========== LOP Check ==========
[2012/10/27 11:59:57 | 000,000,000 | ---D | M] -- H:\ProgramData\AMD
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Anwendungsdaten
[2012/02/04 08:31:00 | 000,000,000 | ---D | M] -- H:\ProgramData\AVG2012
[2012/09/23 12:51:09 | 000,000,000 | ---D | M] -- H:\ProgramData\boost_interprocess
[2011/12/12 09:05:50 | 000,000,000 | ---D | M] -- H:\ProgramData\CBL-Electronics
[2011/03/23 13:29:09 | 000,000,000 | -H-D | M] -- H:\ProgramData\Common Files
[2012/08/23 18:44:35 | 000,000,000 | ---D | M] -- H:\ProgramData\DAEMON Tools Lite
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Desktop
[2012/05/06 14:48:08 | 000,000,000 | ---D | M] -- H:\ProgramData\DFX
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Dokumente
[2011/08/30 15:09:09 | 000,000,000 | ---D | M] -- H:\ProgramData\Easybits GO
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favoriten
[2011/04/01 17:20:28 | 000,000,000 | ---D | M] -- H:\ProgramData\ICQ
[2011/03/23 14:49:31 | 000,000,000 | ---D | M] -- H:\ProgramData\Last.fm
[2011/12/24 07:50:54 | 000,000,000 | ---D | M] -- H:\ProgramData\MAGIX
[2013/01/10 13:23:01 | 000,000,000 | ---D | M] -- H:\ProgramData\MFAData
[2009/08/03 13:04:02 | 000,000,000 | ---D | M] -- H:\ProgramData\PC-Doctor for Windows
[2013/01/08 17:13:30 | 000,000,000 | ---D | M] -- H:\ProgramData\PMB Files
[2012/04/26 19:37:30 | 000,000,000 | ---D | M] -- H:\ProgramData\PWD
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Startmenü
[2009/08/03 13:17:18 | 000,000,000 | ---D | M] -- H:\ProgramData\Temp
[2011/03/30 08:46:06 | 000,000,000 | ---D | M] -- H:\ProgramData\TrackMania
[2012/05/22 07:24:26 | 000,000,000 | ---D | M] -- H:\ProgramData\TuneUp Software
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Vorlagen
[2011/04/13 16:12:48 | 000,000,000 | ---D | M] -- H:\ProgramData\WildTangent
[2012/05/22 07:24:03 | 000,000,000 | -HSD | M] -- H:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011/11/30 08:41:30 | 000,000,552 | ---- | M] () -- H:\Windows\Tasks\PCDRScheduledMaintenance.job
[2013/01/10 15:45:56 | 000,032,534 | ---- | M] () -- H:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< :OTL >
< O20:64bit: - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat () >
< O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat () >
< [2013/01/10 14:55:04 | 000,002,890 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.js >
Invalid Switch: 10 14:55:04 | 000,002,890 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.js
< [2013/01/10 14:55:04 | 000,000,886 | ---- | C] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk >
Invalid Switch: 10 14:55:04 | 000,000,886 | ---- | C] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk

< [2013/01/10 14:55:04 | 000,000,159 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.reg >
Invalid Switch: 10 14:55:04 | 000,000,159 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.reg

< [2013/01/10 14:55:04 | 000,000,066 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.bat >
Invalid Switch: 10 14:55:04 | 000,000,066 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.bat

< [2013/01/10 14:54:50 | 095,023,320 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.pad >
Invalid Switch: 10 14:54:50 | 095,023,320 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.pad

< :Files >
< - H:\ProgramData\dsgsdgdsgdsgw.bat >
< :Commands >
< [emptytemp] >

< End of report >
--- --- ---

So , hier nun der Report:OTL Logfile:
OTL logfile created on: 1/11/2013 1:28:50 AM - Run 
OTLPE by OldTimer - Version     Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files (x86)
Drive C: | 15.27 Gb Total Space | 2.15 Gb Free Space | 14.11% Space Free | Partition Type: NTFS
Drive H: | 916.24 Gb Total Space | 539.77 Gb Free Space | 58.91% Space Free | Partition Type: NTFS
Drive I: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 14.92 Gb Total Space | 14.83 Gb Free Space | 99.42% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/09/28 08:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto] -- H:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/09/27 20:38:16 | 000,239,616 | ---- | M] (AMD) [Auto] -- H:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/09 18:40:10 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- H:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/20 12:46:26 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand] -- H:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/11/09 05:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- H:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/08/12 20:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- H:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012/02/13 21:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- H:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/11 14:58:08 | 000,066,872 | ---- | M] () [Auto] -- H:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/06/06 05:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- H:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/04 05:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto] -- H:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/09/27 21:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/27 20:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/08/24 08:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- H:\Windows\System32\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/23 18:37:02 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand] -- H:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/07/25 20:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- H:\Windows\System32\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/04/18 21:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- H:\Windows\System32\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/09 03:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto] -- H:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012/01/30 21:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- H:\Windows\System32\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 06:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- H:\Windows\System32\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 06:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- H:\Windows\System32\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 06:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- H:\Windows\System32\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2010/02/18 02:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- H:\Windows\System32\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV:64bit: - [2009/04/22 06:46:06 | 003,552,384 | ---- | M] () [Kernel | On_Demand] -- H:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/02/08 15:43:10 | 000,111,104 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\hxctlflt.sys -- (hxctlflt)
DRV:64bit: - [2009/02/02 13:59:18 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand] -- H:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:64bit: - [2006/10/09 21:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- H:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Pavilion&pf=cndt
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Pavilion&pf=cndt
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1cfd0b3c-af73-48e6-9340-4cc6527aaadf&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 49 4D EC C0 27 CC 01  [binary data]
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1cfd0b3c-af73-48e6-9340-4cc6527aaadf&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1cfd0b3c-af73-48e6-9340-4cc6527aaadf&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Admin_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\System32\Macromed\Flash\NPSWF64_11_5_502_146.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: H:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: H:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: H:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: H:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: H:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: H:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: H:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: H:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/11 04:52:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/03 19:42:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 07:03:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/04 13:33:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/04 17:42:42 | 000,000,000 | ---D | M]
[2012/04/11 09:33:47 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/29 12:16:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/05/18 17:03:47 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/04/11 09:33:47 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/01/29 11:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- H:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/29 09:02:49 | 000,001,392 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/29 08:50:55 | 000,002,252 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/29 09:02:49 | 000,001,153 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/29 09:02:49 | 000,006,805 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/06/12 10:40:04 | 000,002,501 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012/01/29 09:02:49 | 000,001,178 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/29 09:02:49 | 000,001,105 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - H:\Windows\System32\drivers\etc\hosts
O1 - Hosts:       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - H:\Users\Admin\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - H:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - H:\Users\Admin\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - H:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - H:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [SmartMenu] H:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] H:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVG_TRAY] H:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DATAMNGR] H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [DivXUpdate] H:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DVDAgent] H:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] H:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] H:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] H:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\Admin_ON_H..\Run: [DAEMON Tools Lite] H:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Admin_ON_H..\Run: [OutlookOnDesktop] H:\Program Files (x86)\Outlook on the Desktop\OutlookDesktop.exe (SMR Computer Services)
O4 - HKU\Admin_ON_H..\Run: [RGSC]  File not found
O4 - HKU\Admin_ON_H..\Run: [Steam] H:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\Admin_ON_H..\Run: [WMPNSCFG]  File not found
O4 - HKU\LocalService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_H..\Run: [WindowsWelcomeCenter] H:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_H..\Run: [WindowsWelcomeCenter] H:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - H:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - H:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} -  File not found
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} -  File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - H:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - .DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - Admin_ON_H\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - Admin_ON_H\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - Admin_ON_H\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - Admin_ON_H\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - LocalService_ON_H\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - LocalService_ON_H\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - LocalService_ON_H\..Trusted Domains: soe.com ([]* in )
O15:64bit: - LocalService_ON_H\..Trusted Domains: sony.com ([]* in )
O15:64bit: - NetworkService_ON_H\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - NetworkService_ON_H\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - NetworkService_ON_H\..Trusted Domains: soe.com ([]* in )
O15:64bit: - NetworkService_ON_H\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/ (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll) - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll) - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\datamngr.dll) - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\iebho.dll) - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat ()
O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat ()
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) - H:\Program Files (x86)\AVG\AVG2012\avgrsa.exe (AVG Technologies CZ, s.r.o.)
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/01/09 12:14:36 | 000,253,952 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ncrypt.dll
[2013/01/09 12:14:36 | 000,204,288 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ncrypt.dll
[2013/01/09 12:13:57 | 000,456,192 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\shlwapi.dll
[2013/01/01 09:07:12 | 000,000,000 | -HSD | C] -- H:\found.003
[2012/12/28 04:40:44 | 000,000,000 | ---D | C] -- H:\Users\Admin\Documents\Bioshock
[2012/12/28 04:40:44 | 000,000,000 | ---D | C] -- H:\Users\Admin\AppData\Roaming\Bioshock
[2012/12/28 04:11:56 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\2K Games
[2012/12/28 04:11:29 | 000,000,000 | ---D | C] -- H:\Users\Admin\AppData\Roaming\InstallShield
[2012/12/28 03:59:24 | 000,000,000 | ---D | C] -- H:\ProgramData\Media Center Programs
[2012/12/28 03:55:20 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- H:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/12/24 20:59:50 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/12/21 06:55:19 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- H:\Windows\System32\atmfd.dll
[2012/12/21 06:55:19 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\atmfd.dll
[2012/12/21 06:55:19 | 000,048,128 | ---- | C] (Adobe Systems) -- H:\Windows\System32\atmlib.dll
[2012/12/21 06:55:19 | 000,034,304 | ---- | C] (Adobe Systems) -- H:\Windows\SysWow64\atmlib.dll
[2012/12/15 07:01:16 | 000,000,000 | ---D | C] -- H:\Users\Admin\Documents\4A Games
[2012/12/15 06:59:46 | 000,000,000 | ---D | C] -- H:\Users\Admin\AppData\Local\4A Games
[2012/12/15 06:41:00 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\NVIDIA Corporation
[2012/12/15 06:39:51 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/12/12 15:50:27 | 000,054,376 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\WdfLdr.sys
[2012/12/12 15:50:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\Wdfres.dll
[2012/12/12 15:50:11 | 000,020,480 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\winusb.dll
[2012/12/12 15:50:07 | 000,194,048 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFPlatform.dll
[2012/12/12 15:50:05 | 000,744,448 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFx.dll
[2012/12/12 15:50:05 | 000,229,888 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFHost.exe
[2012/12/12 15:50:05 | 000,045,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFCoinstaller.dll
[2012/12/12 15:48:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtmled.dll
[2012/12/12 15:48:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\mshtmled.dll
[2012/12/12 15:48:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieui.dll
[2012/12/12 15:48:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ieui.dll
[2012/12/12 15:48:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieUnatt.exe
[2012/12/12 15:48:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ieUnatt.exe
[2012/12/12 15:48:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\url.dll
[2012/12/12 15:48:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\url.dll
[2012/12/12 15:48:07 | 002,312,704 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript9.dll
[2012/12/12 15:48:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\inetcpl.cpl
[2012/12/12 15:48:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\inetcpl.cpl
[2012/12/12 15:48:07 | 000,729,088 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeeds.dll
[2012/12/12 15:48:06 | 000,607,744 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\msfeeds.dll
[2012/12/12 15:48:05 | 001,800,704 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\jscript9.dll
[2012/12/12 15:48:05 | 000,816,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript.dll
[2012/12/12 15:48:05 | 000,717,824 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\jscript.dll
[2012/12/12 15:48:05 | 000,599,040 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\vbscript.dll
[2012/12/12 11:46:43 | 001,210,368 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\kernel32.dll
[2012/12/12 11:46:34 | 000,477,696 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dpnet.dll
[2012/12/12 11:46:34 | 000,376,320 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\dpnet.dll
[2012/12/12 11:46:34 | 000,068,096 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dpnathlp.dll
[2012/12/12 11:46:34 | 000,026,112 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dpnsvr.exe
[2012/12/12 11:46:34 | 000,023,040 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\dpnsvr.exe
[1 H:\Windows\*.tmp files -> H:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/01/10 16:04:11 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat
[2013/01/10 16:03:59 | 095,023,320 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/10 15:58:24 | 000,003,616 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 15:58:24 | 000,003,616 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 14:56:36 | 000,027,520 | ---- | M] () -- H:\Users\Admin\AppData\Local\dt.dat
[2013/01/10 14:55:04 | 000,002,890 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/10 14:55:04 | 000,000,886 | ---- | M] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/10 14:55:04 | 000,000,159 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.reg
[2013/01/10 14:55:04 | 000,000,066 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.bat
[2013/01/10 14:39:00 | 000,000,884 | ---- | M] () -- H:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/10 14:06:04 | 000,001,120 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-643971038-549652700-609112441-1000UA.job
[2013/01/10 13:21:30 | 105,642,360 | ---- | M] () -- H:\Windows\System32\drivers\AVG\incavi.avm
[2013/01/10 13:16:55 | 000,015,640 | ---- | M] () -- H:\Users\Admin\AppData\Local\d3d9caps.dat
[2013/01/09 18:40:10 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/09 18:40:10 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/09 14:49:24 | 000,398,320 | ---- | M] () -- H:\Windows\System32\FNTCACHE.DAT
[2013/01/09 12:54:33 | 001,538,358 | ---- | M] () -- H:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/09 12:54:33 | 000,671,212 | ---- | M] () -- H:\Windows\System32\perfh007.dat
[2013/01/09 12:54:33 | 000,631,942 | ---- | M] () -- H:\Windows\System32\perfh009.dat
[2013/01/09 12:54:33 | 000,144,380 | ---- | M] () -- H:\Windows\System32\perfc007.dat
[2013/01/09 12:54:33 | 000,118,568 | ---- | M] () -- H:\Windows\System32\perfc009.dat
[2013/01/08 02:14:46 | 009,290,588 | ---- | M] () -- H:\Users\Admin\Desktop\K.I.Z. - Hurensohn Episode 1 (lyrics) HQ.mp3
[2013/01/08 02:12:51 | 013,464,312 | ---- | M] () -- H:\Users\Admin\Desktop\London Elektricity - Just One Second.mp3
[2013/01/03 21:06:00 | 000,001,068 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-643971038-549652700-609112441-1000Core.job
[2013/01/01 11:33:12 | 000,687,953 | ---- | M] () -- H:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/12/29 19:32:37 | 000,002,090 | ---- | M] () -- H:\Users\Public\Desktop\BioShock.lnk
[2012/12/28 03:55:20 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- H:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/12/27 06:50:51 | 000,000,953 | ---- | M] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/12/24 20:59:50 | 000,000,772 | ---- | M] () -- H:\Users\Public\Desktop\CCleaner.lnk
[2012/12/24 20:59:50 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/12/17 09:49:28 | 000,002,285 | ---- | M] () -- H:\Users\Admin\Desktop\jschlaeg 17-12-2012.zip
[2012/12/17 08:57:47 | 000,029,202 | ---- | M] () -- H:\Users\Admin\Desktop\jschlaeg.pdf
[2012/12/16 08:31:20 | 000,048,128 | ---- | M] (Adobe Systems) -- H:\Windows\System32\atmlib.dll
[2012/12/16 08:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- H:\Windows\SysWow64\atmlib.dll
[2012/12/16 06:08:21 | 000,368,128 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\System32\atmfd.dll
[2012/12/16 05:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\atmfd.dll
[1 H:\Windows\*.tmp files -> H:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/01/10 14:56:36 | 000,027,520 | ---- | C] () -- H:\Users\Admin\AppData\Local\dt.dat
[2013/01/10 14:55:04 | 000,002,890 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/10 14:55:04 | 000,000,886 | ---- | C] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/10 14:55:04 | 000,000,159 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.reg
[2013/01/10 14:55:04 | 000,000,066 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.bat
[2013/01/10 14:54:50 | 095,023,320 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/08 02:14:22 | 009,290,588 | ---- | C] () -- H:\Users\Admin\Desktop\K.I.Z. - Hurensohn Episode 1 (lyrics) HQ.mp3
[2013/01/08 02:12:34 | 013,464,312 | ---- | C] () -- H:\Users\Admin\Desktop\London Elektricity - Just One Second.mp3
[2013/01/08 02:01:07 | 000,398,320 | ---- | C] () -- H:\Windows\System32\FNTCACHE.DAT
[2012/12/29 19:32:37 | 000,002,090 | ---- | C] () -- H:\Users\Public\Desktop\BioShock.lnk
[2012/12/17 09:49:24 | 000,002,285 | ---- | C] () -- H:\Users\Admin\Desktop\jschlaeg 17-12-2012.zip
[2012/12/17 08:57:45 | 000,029,202 | ---- | C] () -- H:\Users\Admin\Desktop\jschlaeg.pdf
[2012/12/12 15:50:52 | 000,000,003 | ---- | C] () -- H:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/12 15:50:52 | 000,000,003 | ---- | C] () -- H:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/10/13 12:18:52 | 000,021,840 | ---- | C] () -- H:\Windows\SysWow64\SIntfNT.dll
[2012/10/13 12:18:52 | 000,017,212 | ---- | C] () -- H:\Windows\SysWow64\SIntf32.dll
[2012/10/13 12:18:52 | 000,012,067 | ---- | C] () -- H:\Windows\SysWow64\SIntf16.dll
[2012/07/11 07:55:54 | 000,098,344 | ---- | C] () -- H:\Windows\unTMV.exe
[2012/04/17 06:03:52 | 000,000,000 | ---- | C] () -- H:\Windows\ativpsrm.bin
[2012/04/16 09:48:56 | 000,000,732 | ---- | C] () -- H:\Users\Admin\AppData\Local\d3d9caps64.dat
[2011/12/22 18:57:33 | 001,538,358 | ---- | C] () -- H:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/06 15:24:59 | 000,237,568 | ---- | C] () -- H:\Windows\SysWow64\lame_enc.dll
[2011/12/06 15:24:59 | 000,110,080 | ---- | C] () -- H:\Windows\SysWow64\advd.dll
[2011/12/06 15:24:59 | 000,023,040 | ---- | C] () -- H:\Windows\SysWow64\auth.dll
[2011/10/14 18:54:52 | 000,321,856 | ---- | C] () -- H:\Windows\SysWow64\nvStreaming.exe
[2011/09/28 10:44:14 | 000,179,271 | ---- | C] () -- H:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- H:\Windows\SysWow64\atipblag.dat
[2011/06/11 14:58:13 | 000,202,040 | ---- | C] () -- H:\Windows\SysWow64\PnkBstrB.exe
[2011/06/11 14:58:08 | 000,066,872 | ---- | C] () -- H:\Windows\SysWow64\PnkBstrA.exe
[2011/04/19 16:29:55 | 000,000,026 | ---- | C] () -- H:\Windows\NeoSetup.INI
[2011/03/29 07:17:22 | 000,000,056 | -H-- | C] () -- H:\Windows\SysWow64\ezsidmv.dat
[2011/03/24 10:26:29 | 000,117,248 | ---- | C] () -- H:\Windows\SysWow64\EhStorAuthn.dll
[2011/03/24 10:25:20 | 000,107,612 | ---- | C] () -- H:\Windows\SysWow64\StructuredQuerySchema.bin
[2011/03/24 10:24:23 | 000,368,640 | ---- | C] () -- H:\Windows\SysWow64\msjetoledb40.dll
[2011/03/23 11:24:57 | 000,009,728 | ---- | C] () -- H:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/23 04:23:17 | 000,015,640 | ---- | C] () -- H:\Users\Admin\AppData\Local\d3d9caps.dat
[2009/08/03 21:26:11 | 000,018,904 | ---- | C] () -- H:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/08/03 13:34:59 | 000,009,636 | ---- | C] () -- H:\Windows\SysWow64\ezdigsgn.dat
[2009/08/03 12:42:16 | 000,354,816 | ---- | C] () -- H:\Windows\SysWow64\pythoncom26.dll
[2009/08/03 12:42:16 | 000,108,032 | ---- | C] () -- H:\Windows\SysWow64\pywintypes26.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- H:\Windows\SysWow64\tcpmon.ini
[2007/04/27 03:43:58 | 000,120,200 | ---- | C] () -- H:\Windows\SysWow64\DLLDEV32i.dll
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- H:\Windows\bootstat.dat
[2006/11/02 10:02:31 | 000,197,632 | ---- | C] () -- H:\Windows\SysWow64\ir32_32.dll
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- H:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- H:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- H:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- H:\Windows\mib.bin
[2006/05/19 02:39:58 | 000,015,497 | ---- | C] () -- H:\Windows\snp2uvc.ini
========== LOP Check ==========
[2012/10/27 11:59:57 | 000,000,000 | ---D | M] -- H:\ProgramData\AMD
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Anwendungsdaten
[2012/02/04 08:31:00 | 000,000,000 | ---D | M] -- H:\ProgramData\AVG2012
[2012/09/23 12:51:09 | 000,000,000 | ---D | M] -- H:\ProgramData\boost_interprocess
[2011/12/12 09:05:50 | 000,000,000 | ---D | M] -- H:\ProgramData\CBL-Electronics
[2011/03/23 13:29:09 | 000,000,000 | -H-D | M] -- H:\ProgramData\Common Files
[2012/08/23 18:44:35 | 000,000,000 | ---D | M] -- H:\ProgramData\DAEMON Tools Lite
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Desktop
[2012/05/06 14:48:08 | 000,000,000 | ---D | M] -- H:\ProgramData\DFX
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Dokumente
[2011/08/30 15:09:09 | 000,000,000 | ---D | M] -- H:\ProgramData\Easybits GO
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favoriten
[2011/04/01 17:20:28 | 000,000,000 | ---D | M] -- H:\ProgramData\ICQ
[2011/03/23 14:49:31 | 000,000,000 | ---D | M] -- H:\ProgramData\Last.fm
[2011/12/24 07:50:54 | 000,000,000 | ---D | M] -- H:\ProgramData\MAGIX
[2013/01/10 13:23:01 | 000,000,000 | ---D | M] -- H:\ProgramData\MFAData
[2009/08/03 13:04:02 | 000,000,000 | ---D | M] -- H:\ProgramData\PC-Doctor for Windows
[2013/01/08 17:13:30 | 000,000,000 | ---D | M] -- H:\ProgramData\PMB Files
[2012/04/26 19:37:30 | 000,000,000 | ---D | M] -- H:\ProgramData\PWD
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Startmenü
[2009/08/03 13:17:18 | 000,000,000 | ---D | M] -- H:\ProgramData\Temp
[2011/03/30 08:46:06 | 000,000,000 | ---D | M] -- H:\ProgramData\TrackMania
[2012/05/22 07:24:26 | 000,000,000 | ---D | M] -- H:\ProgramData\TuneUp Software
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Vorlagen
[2011/04/13 16:12:48 | 000,000,000 | ---D | M] -- H:\ProgramData\WildTangent
[2012/05/22 07:24:03 | 000,000,000 | -HSD | M] -- H:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011/11/30 08:41:30 | 000,000,552 | ---- | M] () -- H:\Windows\Tasks\PCDRScheduledMaintenance.job
[2013/01/10 15:45:56 | 000,032,534 | ---- | M] () -- H:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< :OTL >
< O20:64bit: - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat () >
< O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat () >
< [2013/01/10 14:55:04 | 000,002,890 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.js >
Invalid Switch: 10 14:55:04 | 000,002,890 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.js
< [2013/01/10 14:55:04 | 000,000,886 | ---- | C] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk >
Invalid Switch: 10 14:55:04 | 000,000,886 | ---- | C] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk

< [2013/01/10 14:55:04 | 000,000,159 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.reg >
Invalid Switch: 10 14:55:04 | 000,000,159 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.reg

< [2013/01/10 14:55:04 | 000,000,066 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.bat >
Invalid Switch: 10 14:55:04 | 000,000,066 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.bat

< [2013/01/10 14:54:50 | 095,023,320 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.pad >
Invalid Switch: 10 14:54:50 | 095,023,320 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.pad

< :Files >
< - H:\ProgramData\dsgsdgdsgdsgw.bat >
< :Commands >
< [emptytemp] >

< End of report >
--- --- ---

Geändert von Stormiex (11.01.2013 um 01:28 Uhr)

Alt 11.01.2013, 01:34   #6
GVU Trojaner , Windows Vista - Standard

GVU Trojaner , Windows Vista

So , hier nun der Report:OTL Logfile:
OTL logfile created on: 1/11/2013 1:28:50 AM - Run 
OTLPE by OldTimer - Version     Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files (x86)
Drive C: | 15.27 Gb Total Space | 2.15 Gb Free Space | 14.11% Space Free | Partition Type: NTFS
Drive H: | 916.24 Gb Total Space | 539.77 Gb Free Space | 58.91% Space Free | Partition Type: NTFS
Drive I: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 14.92 Gb Total Space | 14.83 Gb Free Space | 99.42% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/09/28 08:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto] -- H:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/09/27 20:38:16 | 000,239,616 | ---- | M] (AMD) [Auto] -- H:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/09 18:40:10 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- H:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/20 12:46:26 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand] -- H:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/11/09 05:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- H:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/08/12 20:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- H:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012/02/13 21:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- H:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/11 14:58:08 | 000,066,872 | ---- | M] () [Auto] -- H:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/06/06 05:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- H:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/04 05:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto] -- H:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/09/27 21:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/27 20:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/08/24 08:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- H:\Windows\System32\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/23 18:37:02 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand] -- H:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/07/25 20:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- H:\Windows\System32\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/04/18 21:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- H:\Windows\System32\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/09 03:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto] -- H:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012/01/30 21:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- H:\Windows\System32\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 06:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- H:\Windows\System32\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 06:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- H:\Windows\System32\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 06:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- H:\Windows\System32\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2010/02/18 02:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- H:\Windows\System32\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV:64bit: - [2009/04/22 06:46:06 | 003,552,384 | ---- | M] () [Kernel | On_Demand] -- H:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/02/08 15:43:10 | 000,111,104 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\hxctlflt.sys -- (hxctlflt)
DRV:64bit: - [2009/02/02 13:59:18 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand] -- H:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:64bit: - [2006/10/09 21:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- H:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1cfd0b3c-af73-48e6-9340-4cc6527aaadf&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 49 4D EC C0 27 CC 01  [binary data]
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1cfd0b3c-af73-48e6-9340-4cc6527aaadf&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1cfd0b3c-af73-48e6-9340-4cc6527aaadf&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Admin_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\System32\Macromed\Flash\NPSWF64_11_5_502_146.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: H:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: H:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: H:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: H:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: H:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: H:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: H:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: H:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/11 04:52:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/03 19:42:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 07:03:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/04 13:33:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/04 17:42:42 | 000,000,000 | ---D | M]
[2012/04/11 09:33:47 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/29 12:16:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/05/18 17:03:47 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/04/11 09:33:47 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/01/29 11:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- H:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/29 09:02:49 | 000,001,392 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/29 08:50:55 | 000,002,252 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/29 09:02:49 | 000,001,153 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/29 09:02:49 | 000,006,805 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/06/12 10:40:04 | 000,002,501 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012/01/29 09:02:49 | 000,001,178 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/29 09:02:49 | 000,001,105 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - H:\Windows\System32\drivers\etc\hosts
O1 - Hosts:       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - H:\Users\Admin\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - H:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - H:\Users\Admin\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - H:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - H:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [SmartMenu] H:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] H:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVG_TRAY] H:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DATAMNGR] H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [DivXUpdate] H:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DVDAgent] H:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] H:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] H:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] H:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\Admin_ON_H..\Run: [DAEMON Tools Lite] H:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Admin_ON_H..\Run: [OutlookOnDesktop] H:\Program Files (x86)\Outlook on the Desktop\OutlookDesktop.exe (SMR Computer Services)
O4 - HKU\Admin_ON_H..\Run: [RGSC]  File not found
O4 - HKU\Admin_ON_H..\Run: [Steam] H:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\Admin_ON_H..\Run: [WMPNSCFG]  File not found
O4 - HKU\LocalService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_H..\Run: [WindowsWelcomeCenter] H:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_H..\Run: [WindowsWelcomeCenter] H:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - H:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - H:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} -  File not found
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} -  File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - H:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - .DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - Admin_ON_H\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - Admin_ON_H\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - Admin_ON_H\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - Admin_ON_H\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - LocalService_ON_H\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - LocalService_ON_H\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - LocalService_ON_H\..Trusted Domains: soe.com ([]* in )
O15:64bit: - LocalService_ON_H\..Trusted Domains: sony.com ([]* in )
O15:64bit: - NetworkService_ON_H\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - NetworkService_ON_H\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - NetworkService_ON_H\..Trusted Domains: soe.com ([]* in )
O15:64bit: - NetworkService_ON_H\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/ (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll) - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll) - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\datamngr.dll) - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\iebho.dll) - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat ()
O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat ()
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) - H:\Program Files (x86)\AVG\AVG2012\avgrsa.exe (AVG Technologies CZ, s.r.o.)
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/01/09 12:14:36 | 000,253,952 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ncrypt.dll
[2013/01/09 12:14:36 | 000,204,288 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ncrypt.dll
[2013/01/09 12:13:57 | 000,456,192 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\shlwapi.dll
[2013/01/01 09:07:12 | 000,000,000 | -HSD | C] -- H:\found.003
[2012/12/28 04:40:44 | 000,000,000 | ---D | C] -- H:\Users\Admin\Documents\Bioshock
[2012/12/28 04:40:44 | 000,000,000 | ---D | C] -- H:\Users\Admin\AppData\Roaming\Bioshock
[2012/12/28 04:11:56 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\2K Games
[2012/12/28 04:11:29 | 000,000,000 | ---D | C] -- H:\Users\Admin\AppData\Roaming\InstallShield
[2012/12/28 03:59:24 | 000,000,000 | ---D | C] -- H:\ProgramData\Media Center Programs
[2012/12/28 03:55:20 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- H:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/12/24 20:59:50 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/12/21 06:55:19 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- H:\Windows\System32\atmfd.dll
[2012/12/21 06:55:19 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\atmfd.dll
[2012/12/21 06:55:19 | 000,048,128 | ---- | C] (Adobe Systems) -- H:\Windows\System32\atmlib.dll
[2012/12/21 06:55:19 | 000,034,304 | ---- | C] (Adobe Systems) -- H:\Windows\SysWow64\atmlib.dll
[2012/12/15 07:01:16 | 000,000,000 | ---D | C] -- H:\Users\Admin\Documents\4A Games
[2012/12/15 06:59:46 | 000,000,000 | ---D | C] -- H:\Users\Admin\AppData\Local\4A Games
[2012/12/15 06:41:00 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\NVIDIA Corporation
[2012/12/15 06:39:51 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/12/12 15:50:27 | 000,054,376 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\WdfLdr.sys
[2012/12/12 15:50:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\Wdfres.dll
[2012/12/12 15:50:11 | 000,020,480 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\winusb.dll
[2012/12/12 15:50:07 | 000,194,048 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFPlatform.dll
[2012/12/12 15:50:05 | 000,744,448 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFx.dll
[2012/12/12 15:50:05 | 000,229,888 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFHost.exe
[2012/12/12 15:50:05 | 000,045,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFCoinstaller.dll
[2012/12/12 15:48:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtmled.dll
[2012/12/12 15:48:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\mshtmled.dll
[2012/12/12 15:48:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieui.dll
[2012/12/12 15:48:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ieui.dll
[2012/12/12 15:48:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieUnatt.exe
[2012/12/12 15:48:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ieUnatt.exe
[2012/12/12 15:48:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\url.dll
[2012/12/12 15:48:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\url.dll
[2012/12/12 15:48:07 | 002,312,704 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript9.dll
[2012/12/12 15:48:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\inetcpl.cpl
[2012/12/12 15:48:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\inetcpl.cpl
[2012/12/12 15:48:07 | 000,729,088 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeeds.dll
[2012/12/12 15:48:06 | 000,607,744 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\msfeeds.dll
[2012/12/12 15:48:05 | 001,800,704 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\jscript9.dll
[2012/12/12 15:48:05 | 000,816,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript.dll
[2012/12/12 15:48:05 | 000,717,824 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\jscript.dll
[2012/12/12 15:48:05 | 000,599,040 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\vbscript.dll
[2012/12/12 11:46:43 | 001,210,368 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\kernel32.dll
[2012/12/12 11:46:34 | 000,477,696 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dpnet.dll
[2012/12/12 11:46:34 | 000,376,320 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\dpnet.dll
[2012/12/12 11:46:34 | 000,068,096 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dpnathlp.dll
[2012/12/12 11:46:34 | 000,026,112 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dpnsvr.exe
[2012/12/12 11:46:34 | 000,023,040 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\dpnsvr.exe
[1 H:\Windows\*.tmp files -> H:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/01/10 16:04:11 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat
[2013/01/10 16:03:59 | 095,023,320 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/10 15:58:24 | 000,003,616 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 15:58:24 | 000,003,616 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 14:56:36 | 000,027,520 | ---- | M] () -- H:\Users\Admin\AppData\Local\dt.dat
[2013/01/10 14:55:04 | 000,002,890 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/10 14:55:04 | 000,000,886 | ---- | M] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/10 14:55:04 | 000,000,159 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.reg
[2013/01/10 14:55:04 | 000,000,066 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.bat
[2013/01/10 14:39:00 | 000,000,884 | ---- | M] () -- H:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/10 14:06:04 | 000,001,120 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-643971038-549652700-609112441-1000UA.job
[2013/01/10 13:21:30 | 105,642,360 | ---- | M] () -- H:\Windows\System32\drivers\AVG\incavi.avm
[2013/01/10 13:16:55 | 000,015,640 | ---- | M] () -- H:\Users\Admin\AppData\Local\d3d9caps.dat
[2013/01/09 18:40:10 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/09 18:40:10 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/09 14:49:24 | 000,398,320 | ---- | M] () -- H:\Windows\System32\FNTCACHE.DAT
[2013/01/09 12:54:33 | 001,538,358 | ---- | M] () -- H:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/09 12:54:33 | 000,671,212 | ---- | M] () -- H:\Windows\System32\perfh007.dat
[2013/01/09 12:54:33 | 000,631,942 | ---- | M] () -- H:\Windows\System32\perfh009.dat
[2013/01/09 12:54:33 | 000,144,380 | ---- | M] () -- H:\Windows\System32\perfc007.dat
[2013/01/09 12:54:33 | 000,118,568 | ---- | M] () -- H:\Windows\System32\perfc009.dat
[2013/01/08 02:14:46 | 009,290,588 | ---- | M] () -- H:\Users\Admin\Desktop\K.I.Z. - Hurensohn Episode 1 (lyrics) HQ.mp3
[2013/01/08 02:12:51 | 013,464,312 | ---- | M] () -- H:\Users\Admin\Desktop\London Elektricity - Just One Second.mp3
[2013/01/03 21:06:00 | 000,001,068 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-643971038-549652700-609112441-1000Core.job
[2013/01/01 11:33:12 | 000,687,953 | ---- | M] () -- H:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/12/29 19:32:37 | 000,002,090 | ---- | M] () -- H:\Users\Public\Desktop\BioShock.lnk
[2012/12/28 03:55:20 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- H:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/12/27 06:50:51 | 000,000,953 | ---- | M] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/12/24 20:59:50 | 000,000,772 | ---- | M] () -- H:\Users\Public\Desktop\CCleaner.lnk
[2012/12/24 20:59:50 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/12/17 09:49:28 | 000,002,285 | ---- | M] () -- H:\Users\Admin\Desktop\jschlaeg 17-12-2012.zip
[2012/12/17 08:57:47 | 000,029,202 | ---- | M] () -- H:\Users\Admin\Desktop\jschlaeg.pdf
[2012/12/16 08:31:20 | 000,048,128 | ---- | M] (Adobe Systems) -- H:\Windows\System32\atmlib.dll
[2012/12/16 08:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- H:\Windows\SysWow64\atmlib.dll
[2012/12/16 06:08:21 | 000,368,128 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\System32\atmfd.dll
[2012/12/16 05:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\atmfd.dll
[1 H:\Windows\*.tmp files -> H:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/01/10 14:56:36 | 000,027,520 | ---- | C] () -- H:\Users\Admin\AppData\Local\dt.dat
[2013/01/10 14:55:04 | 000,002,890 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/10 14:55:04 | 000,000,886 | ---- | C] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/10 14:55:04 | 000,000,159 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.reg
[2013/01/10 14:55:04 | 000,000,066 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.bat
[2013/01/10 14:54:50 | 095,023,320 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/08 02:14:22 | 009,290,588 | ---- | C] () -- H:\Users\Admin\Desktop\K.I.Z. - Hurensohn Episode 1 (lyrics) HQ.mp3
[2013/01/08 02:12:34 | 013,464,312 | ---- | C] () -- H:\Users\Admin\Desktop\London Elektricity - Just One Second.mp3
[2013/01/08 02:01:07 | 000,398,320 | ---- | C] () -- H:\Windows\System32\FNTCACHE.DAT
[2012/12/29 19:32:37 | 000,002,090 | ---- | C] () -- H:\Users\Public\Desktop\BioShock.lnk
[2012/12/17 09:49:24 | 000,002,285 | ---- | C] () -- H:\Users\Admin\Desktop\jschlaeg 17-12-2012.zip
[2012/12/17 08:57:45 | 000,029,202 | ---- | C] () -- H:\Users\Admin\Desktop\jschlaeg.pdf
[2012/12/12 15:50:52 | 000,000,003 | ---- | C] () -- H:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/12 15:50:52 | 000,000,003 | ---- | C] () -- H:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/10/13 12:18:52 | 000,021,840 | ---- | C] () -- H:\Windows\SysWow64\SIntfNT.dll
[2012/10/13 12:18:52 | 000,017,212 | ---- | C] () -- H:\Windows\SysWow64\SIntf32.dll
[2012/10/13 12:18:52 | 000,012,067 | ---- | C] () -- H:\Windows\SysWow64\SIntf16.dll
[2012/07/11 07:55:54 | 000,098,344 | ---- | C] () -- H:\Windows\unTMV.exe
[2012/04/17 06:03:52 | 000,000,000 | ---- | C] () -- H:\Windows\ativpsrm.bin
[2012/04/16 09:48:56 | 000,000,732 | ---- | C] () -- H:\Users\Admin\AppData\Local\d3d9caps64.dat
[2011/12/22 18:57:33 | 001,538,358 | ---- | C] () -- H:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/06 15:24:59 | 000,237,568 | ---- | C] () -- H:\Windows\SysWow64\lame_enc.dll
[2011/12/06 15:24:59 | 000,110,080 | ---- | C] () -- H:\Windows\SysWow64\advd.dll
[2011/12/06 15:24:59 | 000,023,040 | ---- | C] () -- H:\Windows\SysWow64\auth.dll
[2011/10/14 18:54:52 | 000,321,856 | ---- | C] () -- H:\Windows\SysWow64\nvStreaming.exe
[2011/09/28 10:44:14 | 000,179,271 | ---- | C] () -- H:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- H:\Windows\SysWow64\atipblag.dat
[2011/06/11 14:58:13 | 000,202,040 | ---- | C] () -- H:\Windows\SysWow64\PnkBstrB.exe
[2011/06/11 14:58:08 | 000,066,872 | ---- | C] () -- H:\Windows\SysWow64\PnkBstrA.exe
[2011/04/19 16:29:55 | 000,000,026 | ---- | C] () -- H:\Windows\NeoSetup.INI
[2011/03/29 07:17:22 | 000,000,056 | -H-- | C] () -- H:\Windows\SysWow64\ezsidmv.dat
[2011/03/24 10:26:29 | 000,117,248 | ---- | C] () -- H:\Windows\SysWow64\EhStorAuthn.dll
[2011/03/24 10:25:20 | 000,107,612 | ---- | C] () -- H:\Windows\SysWow64\StructuredQuerySchema.bin
[2011/03/24 10:24:23 | 000,368,640 | ---- | C] () -- H:\Windows\SysWow64\msjetoledb40.dll
[2011/03/23 11:24:57 | 000,009,728 | ---- | C] () -- H:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/23 04:23:17 | 000,015,640 | ---- | C] () -- H:\Users\Admin\AppData\Local\d3d9caps.dat
[2009/08/03 21:26:11 | 000,018,904 | ---- | C] () -- H:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/08/03 13:34:59 | 000,009,636 | ---- | C] () -- H:\Windows\SysWow64\ezdigsgn.dat
[2009/08/03 12:42:16 | 000,354,816 | ---- | C] () -- H:\Windows\SysWow64\pythoncom26.dll
[2009/08/03 12:42:16 | 000,108,032 | ---- | C] () -- H:\Windows\SysWow64\pywintypes26.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- H:\Windows\SysWow64\tcpmon.ini
[2007/04/27 03:43:58 | 000,120,200 | ---- | C] () -- H:\Windows\SysWow64\DLLDEV32i.dll
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- H:\Windows\bootstat.dat
[2006/11/02 10:02:31 | 000,197,632 | ---- | C] () -- H:\Windows\SysWow64\ir32_32.dll
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- H:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- H:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- H:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- H:\Windows\mib.bin
[2006/05/19 02:39:58 | 000,015,497 | ---- | C] () -- H:\Windows\snp2uvc.ini
========== LOP Check ==========
[2012/10/27 11:59:57 | 000,000,000 | ---D | M] -- H:\ProgramData\AMD
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Anwendungsdaten
[2012/02/04 08:31:00 | 000,000,000 | ---D | M] -- H:\ProgramData\AVG2012
[2012/09/23 12:51:09 | 000,000,000 | ---D | M] -- H:\ProgramData\boost_interprocess
[2011/12/12 09:05:50 | 000,000,000 | ---D | M] -- H:\ProgramData\CBL-Electronics
[2011/03/23 13:29:09 | 000,000,000 | -H-D | M] -- H:\ProgramData\Common Files
[2012/08/23 18:44:35 | 000,000,000 | ---D | M] -- H:\ProgramData\DAEMON Tools Lite
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Desktop
[2012/05/06 14:48:08 | 000,000,000 | ---D | M] -- H:\ProgramData\DFX
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Dokumente
[2011/08/30 15:09:09 | 000,000,000 | ---D | M] -- H:\ProgramData\Easybits GO
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favoriten
[2011/04/01 17:20:28 | 000,000,000 | ---D | M] -- H:\ProgramData\ICQ
[2011/03/23 14:49:31 | 000,000,000 | ---D | M] -- H:\ProgramData\Last.fm
[2011/12/24 07:50:54 | 000,000,000 | ---D | M] -- H:\ProgramData\MAGIX
[2013/01/10 13:23:01 | 000,000,000 | ---D | M] -- H:\ProgramData\MFAData
[2009/08/03 13:04:02 | 000,000,000 | ---D | M] -- H:\ProgramData\PC-Doctor for Windows
[2013/01/08 17:13:30 | 000,000,000 | ---D | M] -- H:\ProgramData\PMB Files
[2012/04/26 19:37:30 | 000,000,000 | ---D | M] -- H:\ProgramData\PWD
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Startmenü
[2009/08/03 13:17:18 | 000,000,000 | ---D | M] -- H:\ProgramData\Temp
[2011/03/30 08:46:06 | 000,000,000 | ---D | M] -- H:\ProgramData\TrackMania
[2012/05/22 07:24:26 | 000,000,000 | ---D | M] -- H:\ProgramData\TuneUp Software
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Vorlagen
[2011/04/13 16:12:48 | 000,000,000 | ---D | M] -- H:\ProgramData\WildTangent
[2012/05/22 07:24:03 | 000,000,000 | -HSD | M] -- H:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011/11/30 08:41:30 | 000,000,552 | ---- | M] () -- H:\Windows\Tasks\PCDRScheduledMaintenance.job
[2013/01/10 15:45:56 | 000,032,534 | ---- | M] () -- H:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< :OTL >
< O20:64bit: - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat () >
< O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat () >
< [2013/01/10 14:55:04 | 000,002,890 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.js >
Invalid Switch: 10 14:55:04 | 000,002,890 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.js
< [2013/01/10 14:55:04 | 000,000,886 | ---- | C] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk >
Invalid Switch: 10 14:55:04 | 000,000,886 | ---- | C] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk

< [2013/01/10 14:55:04 | 000,000,159 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.reg >
Invalid Switch: 10 14:55:04 | 000,000,159 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.reg

< [2013/01/10 14:55:04 | 000,000,066 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.bat >
Invalid Switch: 10 14:55:04 | 000,000,066 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.bat

< [2013/01/10 14:54:50 | 095,023,320 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.pad >
Invalid Switch: 10 14:54:50 | 095,023,320 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.pad

< :Files >
< - H:\ProgramData\dsgsdgdsgdsgw.bat >
< :Commands >
< [emptytemp] >

< End of report >
--- --- ---

Alt 11.01.2013, 01:49   #7
/// Malware-holic
GVU Trojaner , Windows Vista - Standard

GVU Trojaner , Windows Vista

auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
O20:64bit: - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat ()
O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat ()
[2013/01/10 14:55:04 | 000,002,890 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/10 14:55:04 | 000,000,886 | ---- | M] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/10 14:55:04 | 000,000,159 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.reg

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
Mails bitte vorerst nach obiger Anleitung an
Wenn Ihr uns unterstützen möchtet

Alt 11.01.2013, 02:12   #8
GVU Trojaner , Windows Vista - Standard

GVU Trojaner , Windows Vista

Hier nun das Ergebnis vom zweiten Test :

PS: Ich würde die OTL Datei sehr gern hochladen nur mein PC findet grad keine hab jegliche Laufwerke absuchen lassenOTL Logfile:
OTL logfile created on: 1/11/2013 2:06:33 AM - Run 
OTLPE by OldTimer - Version     Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files (x86)
Drive C: | 15.27 Gb Total Space | 2.15 Gb Free Space | 14.11% Space Free | Partition Type: NTFS
Drive H: | 916.24 Gb Total Space | 539.77 Gb Free Space | 58.91% Space Free | Partition Type: NTFS
Drive I: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 14.92 Gb Total Space | 14.83 Gb Free Space | 99.42% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/09/28 08:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto] -- H:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/09/27 20:38:16 | 000,239,616 | ---- | M] (AMD) [Auto] -- H:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/09 18:40:10 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- H:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/20 12:46:26 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand] -- H:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/11/09 05:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- H:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/08/12 20:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- H:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012/02/13 21:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- H:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/11 14:58:08 | 000,066,872 | ---- | M] () [Auto] -- H:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/06/06 05:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- H:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/04 05:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto] -- H:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/09/27 21:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/27 20:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/08/24 08:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- H:\Windows\System32\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/23 18:37:02 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand] -- H:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/07/25 20:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- H:\Windows\System32\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/04/18 21:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- H:\Windows\System32\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/09 03:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto] -- H:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012/01/30 21:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- H:\Windows\System32\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 06:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- H:\Windows\System32\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 06:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- H:\Windows\System32\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 06:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- H:\Windows\System32\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2010/02/18 02:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- H:\Windows\System32\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV:64bit: - [2009/04/22 06:46:06 | 003,552,384 | ---- | M] () [Kernel | On_Demand] -- H:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/02/08 15:43:10 | 000,111,104 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\hxctlflt.sys -- (hxctlflt)
DRV:64bit: - [2009/02/02 13:59:18 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand] -- H:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:64bit: - [2006/10/09 21:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- H:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1cfd0b3c-af73-48e6-9340-4cc6527aaadf&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 49 4D EC C0 27 CC 01  [binary data]
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1cfd0b3c-af73-48e6-9340-4cc6527aaadf&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1cfd0b3c-af73-48e6-9340-4cc6527aaadf&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Admin_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\System32\Macromed\Flash\NPSWF64_11_5_502_146.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: H:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: H:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: H:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: H:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: H:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: H:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: H:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: H:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/11 04:52:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/03 19:42:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 07:03:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/04 13:33:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/04 17:42:42 | 000,000,000 | ---D | M]
[2012/04/11 09:33:47 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/29 12:16:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/05/18 17:03:47 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/04/11 09:33:47 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/01/29 11:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- H:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/29 09:02:49 | 000,001,392 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/29 08:50:55 | 000,002,252 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/29 09:02:49 | 000,001,153 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/29 09:02:49 | 000,006,805 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/06/12 10:40:04 | 000,002,501 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012/01/29 09:02:49 | 000,001,178 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/29 09:02:49 | 000,001,105 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - H:\Windows\System32\drivers\etc\hosts
O1 - Hosts:       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - H:\Users\Admin\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - H:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - H:\Users\Admin\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - H:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - H:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [SmartMenu] H:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] H:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVG_TRAY] H:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DATAMNGR] H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [DivXUpdate] H:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DVDAgent] H:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] H:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] H:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] H:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\Admin_ON_H..\Run: [DAEMON Tools Lite] H:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Admin_ON_H..\Run: [OutlookOnDesktop] H:\Program Files (x86)\Outlook on the Desktop\OutlookDesktop.exe (SMR Computer Services)
O4 - HKU\Admin_ON_H..\Run: [RGSC]  File not found
O4 - HKU\Admin_ON_H..\Run: [Steam] H:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\Admin_ON_H..\Run: [WMPNSCFG]  File not found
O4 - HKU\LocalService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_H..\Run: [WindowsWelcomeCenter] H:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_H..\Run: [WindowsWelcomeCenter] H:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - H:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - H:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} -  File not found
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} -  File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - H:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - .DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - Admin_ON_H\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - Admin_ON_H\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - Admin_ON_H\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - Admin_ON_H\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - LocalService_ON_H\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - LocalService_ON_H\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - LocalService_ON_H\..Trusted Domains: soe.com ([]* in )
O15:64bit: - LocalService_ON_H\..Trusted Domains: sony.com ([]* in )
O15:64bit: - NetworkService_ON_H\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - NetworkService_ON_H\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - NetworkService_ON_H\..Trusted Domains: soe.com ([]* in )
O15:64bit: - NetworkService_ON_H\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/ (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll) - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll) - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\datamngr.dll) - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\iebho.dll) - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat ()
O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat ()
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) - H:\Program Files (x86)\AVG\AVG2012\avgrsa.exe (AVG Technologies CZ, s.r.o.)
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/01/11 01:37:57 | 000,000,000 | -HSD | C] -- H:\RECYCLER
[2013/01/09 12:14:36 | 000,253,952 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ncrypt.dll
[2013/01/09 12:14:36 | 000,204,288 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ncrypt.dll
[2013/01/09 12:13:57 | 000,456,192 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\shlwapi.dll
[2013/01/01 09:07:12 | 000,000,000 | -HSD | C] -- H:\found.003
[2012/12/28 04:40:44 | 000,000,000 | ---D | C] -- H:\Users\Admin\Documents\Bioshock
[2012/12/28 04:40:44 | 000,000,000 | ---D | C] -- H:\Users\Admin\AppData\Roaming\Bioshock
[2012/12/28 04:11:56 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\2K Games
[2012/12/28 04:11:29 | 000,000,000 | ---D | C] -- H:\Users\Admin\AppData\Roaming\InstallShield
[2012/12/28 03:59:24 | 000,000,000 | ---D | C] -- H:\ProgramData\Media Center Programs
[2012/12/28 03:55:20 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- H:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/12/24 20:59:50 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/12/21 06:55:19 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- H:\Windows\System32\atmfd.dll
[2012/12/21 06:55:19 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\atmfd.dll
[2012/12/21 06:55:19 | 000,048,128 | ---- | C] (Adobe Systems) -- H:\Windows\System32\atmlib.dll
[2012/12/21 06:55:19 | 000,034,304 | ---- | C] (Adobe Systems) -- H:\Windows\SysWow64\atmlib.dll
[2012/12/15 07:01:16 | 000,000,000 | ---D | C] -- H:\Users\Admin\Documents\4A Games
[2012/12/15 06:59:46 | 000,000,000 | ---D | C] -- H:\Users\Admin\AppData\Local\4A Games
[2012/12/15 06:41:00 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\NVIDIA Corporation
[2012/12/15 06:39:51 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/12/12 15:50:27 | 000,054,376 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\WdfLdr.sys
[2012/12/12 15:50:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\Wdfres.dll
[2012/12/12 15:50:11 | 000,020,480 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\winusb.dll
[2012/12/12 15:50:07 | 000,194,048 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFPlatform.dll
[2012/12/12 15:50:05 | 000,744,448 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFx.dll
[2012/12/12 15:50:05 | 000,229,888 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFHost.exe
[2012/12/12 15:50:05 | 000,045,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFCoinstaller.dll
[2012/12/12 15:48:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtmled.dll
[2012/12/12 15:48:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\mshtmled.dll
[2012/12/12 15:48:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieui.dll
[2012/12/12 15:48:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ieui.dll
[2012/12/12 15:48:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieUnatt.exe
[2012/12/12 15:48:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ieUnatt.exe
[2012/12/12 15:48:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\url.dll
[2012/12/12 15:48:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\url.dll
[2012/12/12 15:48:07 | 002,312,704 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript9.dll
[2012/12/12 15:48:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\inetcpl.cpl
[2012/12/12 15:48:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\inetcpl.cpl
[2012/12/12 15:48:07 | 000,729,088 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeeds.dll
[2012/12/12 15:48:06 | 000,607,744 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\msfeeds.dll
[2012/12/12 15:48:05 | 001,800,704 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\jscript9.dll
[2012/12/12 15:48:05 | 000,816,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript.dll
[2012/12/12 15:48:05 | 000,717,824 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\jscript.dll
[2012/12/12 15:48:05 | 000,599,040 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\vbscript.dll
[2012/12/12 11:46:43 | 001,210,368 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\kernel32.dll
[2012/12/12 11:46:34 | 000,477,696 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dpnet.dll
[2012/12/12 11:46:34 | 000,376,320 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\dpnet.dll
[2012/12/12 11:46:34 | 000,068,096 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dpnathlp.dll
[2012/12/12 11:46:34 | 000,026,112 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dpnsvr.exe
[2012/12/12 11:46:34 | 000,023,040 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\dpnsvr.exe
[1 H:\Windows\*.tmp files -> H:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/01/10 16:04:11 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat
[2013/01/10 16:03:59 | 095,023,320 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/10 15:58:24 | 000,003,616 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 15:58:24 | 000,003,616 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 14:56:36 | 000,027,520 | ---- | M] () -- H:\Users\Admin\AppData\Local\dt.dat
[2013/01/10 14:55:04 | 000,002,890 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/10 14:55:04 | 000,000,886 | ---- | M] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/10 14:55:04 | 000,000,159 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.reg
[2013/01/10 14:55:04 | 000,000,066 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.bat
[2013/01/10 14:39:00 | 000,000,884 | ---- | M] () -- H:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/10 14:06:04 | 000,001,120 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-643971038-549652700-609112441-1000UA.job
[2013/01/10 13:21:30 | 105,642,360 | ---- | M] () -- H:\Windows\System32\drivers\AVG\incavi.avm
[2013/01/10 13:16:55 | 000,015,640 | ---- | M] () -- H:\Users\Admin\AppData\Local\d3d9caps.dat
[2013/01/09 18:40:10 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/09 18:40:10 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/09 14:49:24 | 000,398,320 | ---- | M] () -- H:\Windows\System32\FNTCACHE.DAT
[2013/01/09 12:54:33 | 001,538,358 | ---- | M] () -- H:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/09 12:54:33 | 000,671,212 | ---- | M] () -- H:\Windows\System32\perfh007.dat
[2013/01/09 12:54:33 | 000,631,942 | ---- | M] () -- H:\Windows\System32\perfh009.dat
[2013/01/09 12:54:33 | 000,144,380 | ---- | M] () -- H:\Windows\System32\perfc007.dat
[2013/01/09 12:54:33 | 000,118,568 | ---- | M] () -- H:\Windows\System32\perfc009.dat
[2013/01/08 02:14:46 | 009,290,588 | ---- | M] () -- H:\Users\Admin\Desktop\K.I.Z. - Hurensohn Episode 1 (lyrics) HQ.mp3
[2013/01/08 02:12:51 | 013,464,312 | ---- | M] () -- H:\Users\Admin\Desktop\London Elektricity - Just One Second.mp3
[2013/01/03 21:06:00 | 000,001,068 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-643971038-549652700-609112441-1000Core.job
[2013/01/01 11:33:12 | 000,687,953 | ---- | M] () -- H:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/12/29 19:32:37 | 000,002,090 | ---- | M] () -- H:\Users\Public\Desktop\BioShock.lnk
[2012/12/28 03:55:20 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- H:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/12/27 06:50:51 | 000,000,953 | ---- | M] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/12/24 20:59:50 | 000,000,772 | ---- | M] () -- H:\Users\Public\Desktop\CCleaner.lnk
[2012/12/24 20:59:50 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/12/17 09:49:28 | 000,002,285 | ---- | M] () -- H:\Users\Admin\Desktop\jschlaeg 17-12-2012.zip
[2012/12/17 08:57:47 | 000,029,202 | ---- | M] () -- H:\Users\Admin\Desktop\jschlaeg.pdf
[2012/12/16 08:31:20 | 000,048,128 | ---- | M] (Adobe Systems) -- H:\Windows\System32\atmlib.dll
[2012/12/16 08:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- H:\Windows\SysWow64\atmlib.dll
[2012/12/16 06:08:21 | 000,368,128 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\System32\atmfd.dll
[2012/12/16 05:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\atmfd.dll
[1 H:\Windows\*.tmp files -> H:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/01/10 14:56:36 | 000,027,520 | ---- | C] () -- H:\Users\Admin\AppData\Local\dt.dat
[2013/01/10 14:55:04 | 000,002,890 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/10 14:55:04 | 000,000,886 | ---- | C] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/10 14:55:04 | 000,000,159 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.reg
[2013/01/10 14:55:04 | 000,000,066 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.bat
[2013/01/10 14:54:50 | 095,023,320 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/08 02:14:22 | 009,290,588 | ---- | C] () -- H:\Users\Admin\Desktop\K.I.Z. - Hurensohn Episode 1 (lyrics) HQ.mp3
[2013/01/08 02:12:34 | 013,464,312 | ---- | C] () -- H:\Users\Admin\Desktop\London Elektricity - Just One Second.mp3
[2013/01/08 02:01:07 | 000,398,320 | ---- | C] () -- H:\Windows\System32\FNTCACHE.DAT
[2012/12/29 19:32:37 | 000,002,090 | ---- | C] () -- H:\Users\Public\Desktop\BioShock.lnk
[2012/12/17 09:49:24 | 000,002,285 | ---- | C] () -- H:\Users\Admin\Desktop\jschlaeg 17-12-2012.zip
[2012/12/17 08:57:45 | 000,029,202 | ---- | C] () -- H:\Users\Admin\Desktop\jschlaeg.pdf
[2012/12/12 15:50:52 | 000,000,003 | ---- | C] () -- H:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/12 15:50:52 | 000,000,003 | ---- | C] () -- H:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/10/13 12:18:52 | 000,021,840 | ---- | C] () -- H:\Windows\SysWow64\SIntfNT.dll
[2012/10/13 12:18:52 | 000,017,212 | ---- | C] () -- H:\Windows\SysWow64\SIntf32.dll
[2012/10/13 12:18:52 | 000,012,067 | ---- | C] () -- H:\Windows\SysWow64\SIntf16.dll
[2012/07/11 07:55:54 | 000,098,344 | ---- | C] () -- H:\Windows\unTMV.exe
[2012/04/17 06:03:52 | 000,000,000 | ---- | C] () -- H:\Windows\ativpsrm.bin
[2012/04/16 09:48:56 | 000,000,732 | ---- | C] () -- H:\Users\Admin\AppData\Local\d3d9caps64.dat
[2011/12/22 18:57:33 | 001,538,358 | ---- | C] () -- H:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/06 15:24:59 | 000,237,568 | ---- | C] () -- H:\Windows\SysWow64\lame_enc.dll
[2011/12/06 15:24:59 | 000,110,080 | ---- | C] () -- H:\Windows\SysWow64\advd.dll
[2011/12/06 15:24:59 | 000,023,040 | ---- | C] () -- H:\Windows\SysWow64\auth.dll
[2011/10/14 18:54:52 | 000,321,856 | ---- | C] () -- H:\Windows\SysWow64\nvStreaming.exe
[2011/09/28 10:44:14 | 000,179,271 | ---- | C] () -- H:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- H:\Windows\SysWow64\atipblag.dat
[2011/06/11 14:58:13 | 000,202,040 | ---- | C] () -- H:\Windows\SysWow64\PnkBstrB.exe
[2011/06/11 14:58:08 | 000,066,872 | ---- | C] () -- H:\Windows\SysWow64\PnkBstrA.exe
[2011/04/19 16:29:55 | 000,000,026 | ---- | C] () -- H:\Windows\NeoSetup.INI
[2011/03/29 07:17:22 | 000,000,056 | -H-- | C] () -- H:\Windows\SysWow64\ezsidmv.dat
[2011/03/24 10:26:29 | 000,117,248 | ---- | C] () -- H:\Windows\SysWow64\EhStorAuthn.dll
[2011/03/24 10:25:20 | 000,107,612 | ---- | C] () -- H:\Windows\SysWow64\StructuredQuerySchema.bin
[2011/03/24 10:24:23 | 000,368,640 | ---- | C] () -- H:\Windows\SysWow64\msjetoledb40.dll
[2011/03/23 11:24:57 | 000,009,728 | ---- | C] () -- H:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/23 04:23:17 | 000,015,640 | ---- | C] () -- H:\Users\Admin\AppData\Local\d3d9caps.dat
[2009/08/03 21:26:11 | 000,018,904 | ---- | C] () -- H:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/08/03 13:34:59 | 000,009,636 | ---- | C] () -- H:\Windows\SysWow64\ezdigsgn.dat
[2009/08/03 12:42:16 | 000,354,816 | ---- | C] () -- H:\Windows\SysWow64\pythoncom26.dll
[2009/08/03 12:42:16 | 000,108,032 | ---- | C] () -- H:\Windows\SysWow64\pywintypes26.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- H:\Windows\SysWow64\tcpmon.ini
[2007/04/27 03:43:58 | 000,120,200 | ---- | C] () -- H:\Windows\SysWow64\DLLDEV32i.dll
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- H:\Windows\bootstat.dat
[2006/11/02 10:02:31 | 000,197,632 | ---- | C] () -- H:\Windows\SysWow64\ir32_32.dll
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- H:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- H:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- H:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- H:\Windows\mib.bin
[2006/05/19 02:39:58 | 000,015,497 | ---- | C] () -- H:\Windows\snp2uvc.ini
========== LOP Check ==========
[2012/10/27 11:59:57 | 000,000,000 | ---D | M] -- H:\ProgramData\AMD
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Anwendungsdaten
[2012/02/04 08:31:00 | 000,000,000 | ---D | M] -- H:\ProgramData\AVG2012
[2012/09/23 12:51:09 | 000,000,000 | ---D | M] -- H:\ProgramData\boost_interprocess
[2011/12/12 09:05:50 | 000,000,000 | ---D | M] -- H:\ProgramData\CBL-Electronics
[2011/03/23 13:29:09 | 000,000,000 | -H-D | M] -- H:\ProgramData\Common Files
[2012/08/23 18:44:35 | 000,000,000 | ---D | M] -- H:\ProgramData\DAEMON Tools Lite
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Desktop
[2012/05/06 14:48:08 | 000,000,000 | ---D | M] -- H:\ProgramData\DFX
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Dokumente
[2011/08/30 15:09:09 | 000,000,000 | ---D | M] -- H:\ProgramData\Easybits GO
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favoriten
[2011/04/01 17:20:28 | 000,000,000 | ---D | M] -- H:\ProgramData\ICQ
[2011/03/23 14:49:31 | 000,000,000 | ---D | M] -- H:\ProgramData\Last.fm
[2011/12/24 07:50:54 | 000,000,000 | ---D | M] -- H:\ProgramData\MAGIX
[2013/01/10 13:23:01 | 000,000,000 | ---D | M] -- H:\ProgramData\MFAData
[2009/08/03 13:04:02 | 000,000,000 | ---D | M] -- H:\ProgramData\PC-Doctor for Windows
[2013/01/08 17:13:30 | 000,000,000 | ---D | M] -- H:\ProgramData\PMB Files
[2012/04/26 19:37:30 | 000,000,000 | ---D | M] -- H:\ProgramData\PWD
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Startmenü
[2009/08/03 13:17:18 | 000,000,000 | ---D | M] -- H:\ProgramData\Temp
[2011/03/30 08:46:06 | 000,000,000 | ---D | M] -- H:\ProgramData\TrackMania
[2012/05/22 07:24:26 | 000,000,000 | ---D | M] -- H:\ProgramData\TuneUp Software
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Vorlagen
[2011/04/13 16:12:48 | 000,000,000 | ---D | M] -- H:\ProgramData\WildTangent
[2012/05/22 07:24:03 | 000,000,000 | -HSD | M] -- H:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011/11/30 08:41:30 | 000,000,552 | ---- | M] () -- H:\Windows\Tasks\PCDRScheduledMaintenance.job
[2013/01/10 15:45:56 | 000,032,534 | ---- | M] () -- H:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< :OTL >
< O20:64bit: - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat () >
< O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat () >
< [2013/01/10 14:55:04 | 000,002,890 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.js >
Invalid Switch: 10 14:55:04 | 000,002,890 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.js
< [2013/01/10 14:55:04 | 000,000,886 | ---- | M] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk >
Invalid Switch: 10 14:55:04 | 000,000,886 | ---- | M] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk

< [2013/01/10 14:55:04 | 000,000,159 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.reg >
Invalid Switch: 10 14:55:04 | 000,000,159 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.reg

< :Files >
< :Commands >
< [emptytemp] >

< End of report >
--- --- ---

_OTL kommt sofort hier erstmal das Ergebnis des zweiten Durchlaufs:OTL Logfile:
OTL logfile created on: 1/11/2013 2:06:33 AM - Run 
OTLPE by OldTimer - Version     Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files (x86)
Drive C: | 15.27 Gb Total Space | 2.15 Gb Free Space | 14.11% Space Free | Partition Type: NTFS
Drive H: | 916.24 Gb Total Space | 539.77 Gb Free Space | 58.91% Space Free | Partition Type: NTFS
Drive I: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 14.92 Gb Total Space | 14.83 Gb Free Space | 99.42% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/09/28 08:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto] -- H:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/09/27 20:38:16 | 000,239,616 | ---- | M] (AMD) [Auto] -- H:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/09 18:40:10 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- H:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/20 12:46:26 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand] -- H:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/11/09 05:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- H:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/08/12 20:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- H:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012/02/13 21:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- H:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/11 14:58:08 | 000,066,872 | ---- | M] () [Auto] -- H:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/06/06 05:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- H:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/04 05:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto] -- H:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/09/27 21:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/27 20:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/08/24 08:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- H:\Windows\System32\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/23 18:37:02 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand] -- H:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/07/25 20:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- H:\Windows\System32\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/04/18 21:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- H:\Windows\System32\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/09 03:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto] -- H:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012/01/30 21:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- H:\Windows\System32\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 06:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- H:\Windows\System32\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 06:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- H:\Windows\System32\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 06:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- H:\Windows\System32\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2010/02/18 02:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- H:\Windows\System32\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV:64bit: - [2009/04/22 06:46:06 | 003,552,384 | ---- | M] () [Kernel | On_Demand] -- H:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/02/08 15:43:10 | 000,111,104 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\hxctlflt.sys -- (hxctlflt)
DRV:64bit: - [2009/02/02 13:59:18 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand] -- H:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:64bit: - [2006/10/09 21:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- H:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Pavilion&pf=cndt
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Pavilion&pf=cndt
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1cfd0b3c-af73-48e6-9340-4cc6527aaadf&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 49 4D EC C0 27 CC 01  [binary data]
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1cfd0b3c-af73-48e6-9340-4cc6527aaadf&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1cfd0b3c-af73-48e6-9340-4cc6527aaadf&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Admin_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\System32\Macromed\Flash\NPSWF64_11_5_502_146.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: H:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: H:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: H:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: H:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: H:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: H:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: H:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: H:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/11 04:52:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/03 19:42:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 07:03:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/04 13:33:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/04 17:42:42 | 000,000,000 | ---D | M]
[2012/04/11 09:33:47 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/29 12:16:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/05/18 17:03:47 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/04/11 09:33:47 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/01/29 11:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- H:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/29 09:02:49 | 000,001,392 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/29 08:50:55 | 000,002,252 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/29 09:02:49 | 000,001,153 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/29 09:02:49 | 000,006,805 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/06/12 10:40:04 | 000,002,501 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012/01/29 09:02:49 | 000,001,178 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/29 09:02:49 | 000,001,105 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - H:\Windows\System32\drivers\etc\hosts
O1 - Hosts:       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - H:\Users\Admin\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - H:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - H:\Users\Admin\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - H:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - H:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [SmartMenu] H:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] H:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVG_TRAY] H:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DATAMNGR] H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [DivXUpdate] H:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DVDAgent] H:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] H:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] H:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] H:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\Admin_ON_H..\Run: [DAEMON Tools Lite] H:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Admin_ON_H..\Run: [OutlookOnDesktop] H:\Program Files (x86)\Outlook on the Desktop\OutlookDesktop.exe (SMR Computer Services)
O4 - HKU\Admin_ON_H..\Run: [RGSC]  File not found
O4 - HKU\Admin_ON_H..\Run: [Steam] H:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\Admin_ON_H..\Run: [WMPNSCFG]  File not found
O4 - HKU\LocalService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_H..\Run: [WindowsWelcomeCenter] H:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_H..\Run: [WindowsWelcomeCenter] H:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - H:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - H:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} -  File not found
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} -  File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - H:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - .DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - Admin_ON_H\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - Admin_ON_H\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - Admin_ON_H\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - Admin_ON_H\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - LocalService_ON_H\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - LocalService_ON_H\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - LocalService_ON_H\..Trusted Domains: soe.com ([]* in )
O15:64bit: - LocalService_ON_H\..Trusted Domains: sony.com ([]* in )
O15:64bit: - NetworkService_ON_H\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - NetworkService_ON_H\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - NetworkService_ON_H\..Trusted Domains: soe.com ([]* in )
O15:64bit: - NetworkService_ON_H\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/ (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll) - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll) - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\datamngr.dll) - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\iebho.dll) - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat ()
O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat ()
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) - H:\Program Files (x86)\AVG\AVG2012\avgrsa.exe (AVG Technologies CZ, s.r.o.)
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/01/11 01:37:57 | 000,000,000 | -HSD | C] -- H:\RECYCLER
[2013/01/09 12:14:36 | 000,253,952 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ncrypt.dll
[2013/01/09 12:14:36 | 000,204,288 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ncrypt.dll
[2013/01/09 12:13:57 | 000,456,192 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\shlwapi.dll
[2013/01/01 09:07:12 | 000,000,000 | -HSD | C] -- H:\found.003
[2012/12/28 04:40:44 | 000,000,000 | ---D | C] -- H:\Users\Admin\Documents\Bioshock
[2012/12/28 04:40:44 | 000,000,000 | ---D | C] -- H:\Users\Admin\AppData\Roaming\Bioshock
[2012/12/28 04:11:56 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\2K Games
[2012/12/28 04:11:29 | 000,000,000 | ---D | C] -- H:\Users\Admin\AppData\Roaming\InstallShield
[2012/12/28 03:59:24 | 000,000,000 | ---D | C] -- H:\ProgramData\Media Center Programs
[2012/12/28 03:55:20 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- H:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/12/24 20:59:50 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/12/21 06:55:19 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- H:\Windows\System32\atmfd.dll
[2012/12/21 06:55:19 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\atmfd.dll
[2012/12/21 06:55:19 | 000,048,128 | ---- | C] (Adobe Systems) -- H:\Windows\System32\atmlib.dll
[2012/12/21 06:55:19 | 000,034,304 | ---- | C] (Adobe Systems) -- H:\Windows\SysWow64\atmlib.dll
[2012/12/15 07:01:16 | 000,000,000 | ---D | C] -- H:\Users\Admin\Documents\4A Games
[2012/12/15 06:59:46 | 000,000,000 | ---D | C] -- H:\Users\Admin\AppData\Local\4A Games
[2012/12/15 06:41:00 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\NVIDIA Corporation
[2012/12/15 06:39:51 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/12/12 15:50:27 | 000,054,376 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\WdfLdr.sys
[2012/12/12 15:50:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\Wdfres.dll
[2012/12/12 15:50:11 | 000,020,480 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\winusb.dll
[2012/12/12 15:50:07 | 000,194,048 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFPlatform.dll
[2012/12/12 15:50:05 | 000,744,448 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFx.dll
[2012/12/12 15:50:05 | 000,229,888 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFHost.exe
[2012/12/12 15:50:05 | 000,045,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFCoinstaller.dll
[2012/12/12 15:48:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtmled.dll
[2012/12/12 15:48:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\mshtmled.dll
[2012/12/12 15:48:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieui.dll
[2012/12/12 15:48:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ieui.dll
[2012/12/12 15:48:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieUnatt.exe
[2012/12/12 15:48:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ieUnatt.exe
[2012/12/12 15:48:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\url.dll
[2012/12/12 15:48:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\url.dll
[2012/12/12 15:48:07 | 002,312,704 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript9.dll
[2012/12/12 15:48:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\inetcpl.cpl
[2012/12/12 15:48:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\inetcpl.cpl
[2012/12/12 15:48:07 | 000,729,088 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeeds.dll
[2012/12/12 15:48:06 | 000,607,744 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\msfeeds.dll
[2012/12/12 15:48:05 | 001,800,704 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\jscript9.dll
[2012/12/12 15:48:05 | 000,816,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript.dll
[2012/12/12 15:48:05 | 000,717,824 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\jscript.dll
[2012/12/12 15:48:05 | 000,599,040 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\vbscript.dll
[2012/12/12 11:46:43 | 001,210,368 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\kernel32.dll
[2012/12/12 11:46:34 | 000,477,696 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dpnet.dll
[2012/12/12 11:46:34 | 000,376,320 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\dpnet.dll
[2012/12/12 11:46:34 | 000,068,096 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dpnathlp.dll
[2012/12/12 11:46:34 | 000,026,112 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dpnsvr.exe
[2012/12/12 11:46:34 | 000,023,040 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\dpnsvr.exe
[1 H:\Windows\*.tmp files -> H:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/01/10 16:04:11 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat
[2013/01/10 16:03:59 | 095,023,320 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/10 15:58:24 | 000,003,616 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 15:58:24 | 000,003,616 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 14:56:36 | 000,027,520 | ---- | M] () -- H:\Users\Admin\AppData\Local\dt.dat
[2013/01/10 14:55:04 | 000,002,890 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/10 14:55:04 | 000,000,886 | ---- | M] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/10 14:55:04 | 000,000,159 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.reg
[2013/01/10 14:55:04 | 000,000,066 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.bat
[2013/01/10 14:39:00 | 000,000,884 | ---- | M] () -- H:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/10 14:06:04 | 000,001,120 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-643971038-549652700-609112441-1000UA.job
[2013/01/10 13:21:30 | 105,642,360 | ---- | M] () -- H:\Windows\System32\drivers\AVG\incavi.avm
[2013/01/10 13:16:55 | 000,015,640 | ---- | M] () -- H:\Users\Admin\AppData\Local\d3d9caps.dat
[2013/01/09 18:40:10 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/09 18:40:10 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/09 14:49:24 | 000,398,320 | ---- | M] () -- H:\Windows\System32\FNTCACHE.DAT
[2013/01/09 12:54:33 | 001,538,358 | ---- | M] () -- H:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/09 12:54:33 | 000,671,212 | ---- | M] () -- H:\Windows\System32\perfh007.dat
[2013/01/09 12:54:33 | 000,631,942 | ---- | M] () -- H:\Windows\System32\perfh009.dat
[2013/01/09 12:54:33 | 000,144,380 | ---- | M] () -- H:\Windows\System32\perfc007.dat
[2013/01/09 12:54:33 | 000,118,568 | ---- | M] () -- H:\Windows\System32\perfc009.dat
[2013/01/08 02:14:46 | 009,290,588 | ---- | M] () -- H:\Users\Admin\Desktop\K.I.Z. - Hurensohn Episode 1 (lyrics) HQ.mp3
[2013/01/08 02:12:51 | 013,464,312 | ---- | M] () -- H:\Users\Admin\Desktop\London Elektricity - Just One Second.mp3
[2013/01/03 21:06:00 | 000,001,068 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-643971038-549652700-609112441-1000Core.job
[2013/01/01 11:33:12 | 000,687,953 | ---- | M] () -- H:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/12/29 19:32:37 | 000,002,090 | ---- | M] () -- H:\Users\Public\Desktop\BioShock.lnk
[2012/12/28 03:55:20 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- H:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/12/27 06:50:51 | 000,000,953 | ---- | M] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/12/24 20:59:50 | 000,000,772 | ---- | M] () -- H:\Users\Public\Desktop\CCleaner.lnk
[2012/12/24 20:59:50 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/12/17 09:49:28 | 000,002,285 | ---- | M] () -- H:\Users\Admin\Desktop\jschlaeg 17-12-2012.zip
[2012/12/17 08:57:47 | 000,029,202 | ---- | M] () -- H:\Users\Admin\Desktop\jschlaeg.pdf
[2012/12/16 08:31:20 | 000,048,128 | ---- | M] (Adobe Systems) -- H:\Windows\System32\atmlib.dll
[2012/12/16 08:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- H:\Windows\SysWow64\atmlib.dll
[2012/12/16 06:08:21 | 000,368,128 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\System32\atmfd.dll
[2012/12/16 05:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\atmfd.dll
[1 H:\Windows\*.tmp files -> H:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/01/10 14:56:36 | 000,027,520 | ---- | C] () -- H:\Users\Admin\AppData\Local\dt.dat
[2013/01/10 14:55:04 | 000,002,890 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/10 14:55:04 | 000,000,886 | ---- | C] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/10 14:55:04 | 000,000,159 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.reg
[2013/01/10 14:55:04 | 000,000,066 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.bat
[2013/01/10 14:54:50 | 095,023,320 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/08 02:14:22 | 009,290,588 | ---- | C] () -- H:\Users\Admin\Desktop\K.I.Z. - Hurensohn Episode 1 (lyrics) HQ.mp3
[2013/01/08 02:12:34 | 013,464,312 | ---- | C] () -- H:\Users\Admin\Desktop\London Elektricity - Just One Second.mp3
[2013/01/08 02:01:07 | 000,398,320 | ---- | C] () -- H:\Windows\System32\FNTCACHE.DAT
[2012/12/29 19:32:37 | 000,002,090 | ---- | C] () -- H:\Users\Public\Desktop\BioShock.lnk
[2012/12/17 09:49:24 | 000,002,285 | ---- | C] () -- H:\Users\Admin\Desktop\jschlaeg 17-12-2012.zip
[2012/12/17 08:57:45 | 000,029,202 | ---- | C] () -- H:\Users\Admin\Desktop\jschlaeg.pdf
[2012/12/12 15:50:52 | 000,000,003 | ---- | C] () -- H:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/12 15:50:52 | 000,000,003 | ---- | C] () -- H:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/10/13 12:18:52 | 000,021,840 | ---- | C] () -- H:\Windows\SysWow64\SIntfNT.dll
[2012/10/13 12:18:52 | 000,017,212 | ---- | C] () -- H:\Windows\SysWow64\SIntf32.dll
[2012/10/13 12:18:52 | 000,012,067 | ---- | C] () -- H:\Windows\SysWow64\SIntf16.dll
[2012/07/11 07:55:54 | 000,098,344 | ---- | C] () -- H:\Windows\unTMV.exe
[2012/04/17 06:03:52 | 000,000,000 | ---- | C] () -- H:\Windows\ativpsrm.bin
[2012/04/16 09:48:56 | 000,000,732 | ---- | C] () -- H:\Users\Admin\AppData\Local\d3d9caps64.dat
[2011/12/22 18:57:33 | 001,538,358 | ---- | C] () -- H:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/06 15:24:59 | 000,237,568 | ---- | C] () -- H:\Windows\SysWow64\lame_enc.dll
[2011/12/06 15:24:59 | 000,110,080 | ---- | C] () -- H:\Windows\SysWow64\advd.dll
[2011/12/06 15:24:59 | 000,023,040 | ---- | C] () -- H:\Windows\SysWow64\auth.dll
[2011/10/14 18:54:52 | 000,321,856 | ---- | C] () -- H:\Windows\SysWow64\nvStreaming.exe
[2011/09/28 10:44:14 | 000,179,271 | ---- | C] () -- H:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- H:\Windows\SysWow64\atipblag.dat
[2011/06/11 14:58:13 | 000,202,040 | ---- | C] () -- H:\Windows\SysWow64\PnkBstrB.exe
[2011/06/11 14:58:08 | 000,066,872 | ---- | C] () -- H:\Windows\SysWow64\PnkBstrA.exe
[2011/04/19 16:29:55 | 000,000,026 | ---- | C] () -- H:\Windows\NeoSetup.INI
[2011/03/29 07:17:22 | 000,000,056 | -H-- | C] () -- H:\Windows\SysWow64\ezsidmv.dat
[2011/03/24 10:26:29 | 000,117,248 | ---- | C] () -- H:\Windows\SysWow64\EhStorAuthn.dll
[2011/03/24 10:25:20 | 000,107,612 | ---- | C] () -- H:\Windows\SysWow64\StructuredQuerySchema.bin
[2011/03/24 10:24:23 | 000,368,640 | ---- | C] () -- H:\Windows\SysWow64\msjetoledb40.dll
[2011/03/23 11:24:57 | 000,009,728 | ---- | C] () -- H:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/23 04:23:17 | 000,015,640 | ---- | C] () -- H:\Users\Admin\AppData\Local\d3d9caps.dat
[2009/08/03 21:26:11 | 000,018,904 | ---- | C] () -- H:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/08/03 13:34:59 | 000,009,636 | ---- | C] () -- H:\Windows\SysWow64\ezdigsgn.dat
[2009/08/03 12:42:16 | 000,354,816 | ---- | C] () -- H:\Windows\SysWow64\pythoncom26.dll
[2009/08/03 12:42:16 | 000,108,032 | ---- | C] () -- H:\Windows\SysWow64\pywintypes26.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- H:\Windows\SysWow64\tcpmon.ini
[2007/04/27 03:43:58 | 000,120,200 | ---- | C] () -- H:\Windows\SysWow64\DLLDEV32i.dll
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- H:\Windows\bootstat.dat
[2006/11/02 10:02:31 | 000,197,632 | ---- | C] () -- H:\Windows\SysWow64\ir32_32.dll
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- H:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- H:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- H:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- H:\Windows\mib.bin
[2006/05/19 02:39:58 | 000,015,497 | ---- | C] () -- H:\Windows\snp2uvc.ini
========== LOP Check ==========
[2012/10/27 11:59:57 | 000,000,000 | ---D | M] -- H:\ProgramData\AMD
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Anwendungsdaten
[2012/02/04 08:31:00 | 000,000,000 | ---D | M] -- H:\ProgramData\AVG2012
[2012/09/23 12:51:09 | 000,000,000 | ---D | M] -- H:\ProgramData\boost_interprocess
[2011/12/12 09:05:50 | 000,000,000 | ---D | M] -- H:\ProgramData\CBL-Electronics
[2011/03/23 13:29:09 | 000,000,000 | -H-D | M] -- H:\ProgramData\Common Files
[2012/08/23 18:44:35 | 000,000,000 | ---D | M] -- H:\ProgramData\DAEMON Tools Lite
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Desktop
[2012/05/06 14:48:08 | 000,000,000 | ---D | M] -- H:\ProgramData\DFX
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Dokumente
[2011/08/30 15:09:09 | 000,000,000 | ---D | M] -- H:\ProgramData\Easybits GO
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favoriten
[2011/04/01 17:20:28 | 000,000,000 | ---D | M] -- H:\ProgramData\ICQ
[2011/03/23 14:49:31 | 000,000,000 | ---D | M] -- H:\ProgramData\Last.fm
[2011/12/24 07:50:54 | 000,000,000 | ---D | M] -- H:\ProgramData\MAGIX
[2013/01/10 13:23:01 | 000,000,000 | ---D | M] -- H:\ProgramData\MFAData
[2009/08/03 13:04:02 | 000,000,000 | ---D | M] -- H:\ProgramData\PC-Doctor for Windows
[2013/01/08 17:13:30 | 000,000,000 | ---D | M] -- H:\ProgramData\PMB Files
[2012/04/26 19:37:30 | 000,000,000 | ---D | M] -- H:\ProgramData\PWD
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Startmenü
[2009/08/03 13:17:18 | 000,000,000 | ---D | M] -- H:\ProgramData\Temp
[2011/03/30 08:46:06 | 000,000,000 | ---D | M] -- H:\ProgramData\TrackMania
[2012/05/22 07:24:26 | 000,000,000 | ---D | M] -- H:\ProgramData\TuneUp Software
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Vorlagen
[2011/04/13 16:12:48 | 000,000,000 | ---D | M] -- H:\ProgramData\WildTangent
[2012/05/22 07:24:03 | 000,000,000 | -HSD | M] -- H:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011/11/30 08:41:30 | 000,000,552 | ---- | M] () -- H:\Windows\Tasks\PCDRScheduledMaintenance.job
[2013/01/10 15:45:56 | 000,032,534 | ---- | M] () -- H:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< :OTL >
< O20:64bit: - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat () >
< O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat () >
< [2013/01/10 14:55:04 | 000,002,890 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.js >
Invalid Switch: 10 14:55:04 | 000,002,890 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.js
< [2013/01/10 14:55:04 | 000,000,886 | ---- | M] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk >
Invalid Switch: 10 14:55:04 | 000,000,886 | ---- | M] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk

< [2013/01/10 14:55:04 | 000,000,159 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.reg >
Invalid Switch: 10 14:55:04 | 000,000,159 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.reg

< :Files >
< :Commands >
< [emptytemp] >

< End of report >
--- --- ---

Alt 11.01.2013, 02:15   #9
GVU Trojaner , Windows Vista - Standard

GVU Trojaner , Windows Vista

_OTL kommt sofort hier erstmal das Ergebnis des zweiten Durchlaufs:OTL Logfile:

Ausserdem konnte ich doch nicht die _OTL finden leider

OTL logfile created on: 1/11/2013 2:06:33 AM - Run 
OTLPE by OldTimer - Version     Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files (x86)
Drive C: | 15.27 Gb Total Space | 2.15 Gb Free Space | 14.11% Space Free | Partition Type: NTFS
Drive H: | 916.24 Gb Total Space | 539.77 Gb Free Space | 58.91% Space Free | Partition Type: NTFS
Drive I: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 14.92 Gb Total Space | 14.83 Gb Free Space | 99.42% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/09/28 08:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto] -- H:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/09/27 20:38:16 | 000,239,616 | ---- | M] (AMD) [Auto] -- H:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/09 18:40:10 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- H:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/20 12:46:26 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand] -- H:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/11/09 05:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- H:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/08/12 20:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- H:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012/02/13 21:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- H:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/11 14:58:08 | 000,066,872 | ---- | M] () [Auto] -- H:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/06/06 05:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled] -- H:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/04 05:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto] -- H:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/09/27 21:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/27 20:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/08/24 08:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- H:\Windows\System32\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/23 18:37:02 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand] -- H:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/07/25 20:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- H:\Windows\System32\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/04/18 21:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot] -- H:\Windows\System32\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/09 03:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto] -- H:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012/01/30 21:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- H:\Windows\System32\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 06:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- H:\Windows\System32\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 06:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- H:\Windows\System32\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 06:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand] -- H:\Windows\System32\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2010/02/18 02:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- H:\Windows\System32\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV:64bit: - [2009/04/22 06:46:06 | 003,552,384 | ---- | M] () [Kernel | On_Demand] -- H:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/02/08 15:43:10 | 000,111,104 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\hxctlflt.sys -- (hxctlflt)
DRV:64bit: - [2009/02/02 13:59:18 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand] -- H:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:64bit: - [2006/10/09 21:09:03 | 000,742,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nvm60x64.sys -- (NVENETFD)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- H:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1cfd0b3c-af73-48e6-9340-4cc6527aaadf&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 49 4D EC C0 27 CC 01  [binary data]
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1cfd0b3c-af73-48e6-9340-4cc6527aaadf&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Admin_ON_H\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=1cfd0b3c-af73-48e6-9340-4cc6527aaadf&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\Admin_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\System32\Macromed\Flash\NPSWF64_11_5_502_146.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: H:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: H:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: H:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: H:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: H:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: H:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: H:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: H:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/11 04:52:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/03 19:42:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 07:03:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/04 13:33:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/04 17:42:42 | 000,000,000 | ---D | M]
[2012/04/11 09:33:47 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/29 12:16:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/05/18 17:03:47 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/04/11 09:33:47 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/01/29 11:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- H:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/01/29 09:02:49 | 000,001,392 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/29 08:50:55 | 000,002,252 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/29 09:02:49 | 000,001,153 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/29 09:02:49 | 000,006,805 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/06/12 10:40:04 | 000,002,501 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012/01/29 09:02:49 | 000,001,178 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/29 09:02:49 | 000,001,105 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - H:\Windows\System32\drivers\etc\hosts
O1 - Hosts:       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - H:\Users\Admin\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - H:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - H:\Users\Admin\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - H:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - H:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [SmartMenu] H:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Windows Defender] H:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVG_TRAY] H:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DATAMNGR] H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [DivXUpdate] H:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DVDAgent] H:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] H:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] H:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] H:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\Admin_ON_H..\Run: [DAEMON Tools Lite] H:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Admin_ON_H..\Run: [OutlookOnDesktop] H:\Program Files (x86)\Outlook on the Desktop\OutlookDesktop.exe (SMR Computer Services)
O4 - HKU\Admin_ON_H..\Run: [RGSC]  File not found
O4 - HKU\Admin_ON_H..\Run: [Steam] H:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\Admin_ON_H..\Run: [WMPNSCFG]  File not found
O4 - HKU\LocalService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_H..\Run: [WindowsWelcomeCenter] H:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_H..\Run: [WindowsWelcomeCenter] H:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - H:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - H:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} -  File not found
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} -  File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - H:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - .DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - Admin_ON_H\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - Admin_ON_H\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - Admin_ON_H\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - Admin_ON_H\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - LocalService_ON_H\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - LocalService_ON_H\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - LocalService_ON_H\..Trusted Domains: soe.com ([]* in )
O15:64bit: - LocalService_ON_H\..Trusted Domains: sony.com ([]* in )
O15:64bit: - NetworkService_ON_H\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - NetworkService_ON_H\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - NetworkService_ON_H\..Trusted Domains: soe.com ([]* in )
O15:64bit: - NetworkService_ON_H\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/ (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - H:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll) - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll) - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\datamngr.dll) - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\iebho.dll) - H:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat ()
O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat ()
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) - H:\Program Files (x86)\AVG\AVG2012\avgrsa.exe (AVG Technologies CZ, s.r.o.)
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/01/11 01:37:57 | 000,000,000 | -HSD | C] -- H:\RECYCLER
[2013/01/09 12:14:36 | 000,253,952 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ncrypt.dll
[2013/01/09 12:14:36 | 000,204,288 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ncrypt.dll
[2013/01/09 12:13:57 | 000,456,192 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\shlwapi.dll
[2013/01/01 09:07:12 | 000,000,000 | -HSD | C] -- H:\found.003
[2012/12/28 04:40:44 | 000,000,000 | ---D | C] -- H:\Users\Admin\Documents\Bioshock
[2012/12/28 04:40:44 | 000,000,000 | ---D | C] -- H:\Users\Admin\AppData\Roaming\Bioshock
[2012/12/28 04:11:56 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\2K Games
[2012/12/28 04:11:29 | 000,000,000 | ---D | C] -- H:\Users\Admin\AppData\Roaming\InstallShield
[2012/12/28 03:59:24 | 000,000,000 | ---D | C] -- H:\ProgramData\Media Center Programs
[2012/12/28 03:55:20 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- H:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/12/24 20:59:50 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/12/21 06:55:19 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- H:\Windows\System32\atmfd.dll
[2012/12/21 06:55:19 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\atmfd.dll
[2012/12/21 06:55:19 | 000,048,128 | ---- | C] (Adobe Systems) -- H:\Windows\System32\atmlib.dll
[2012/12/21 06:55:19 | 000,034,304 | ---- | C] (Adobe Systems) -- H:\Windows\SysWow64\atmlib.dll
[2012/12/15 07:01:16 | 000,000,000 | ---D | C] -- H:\Users\Admin\Documents\4A Games
[2012/12/15 06:59:46 | 000,000,000 | ---D | C] -- H:\Users\Admin\AppData\Local\4A Games
[2012/12/15 06:41:00 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\NVIDIA Corporation
[2012/12/15 06:39:51 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/12/12 15:50:27 | 000,054,376 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\drivers\WdfLdr.sys
[2012/12/12 15:50:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\Wdfres.dll
[2012/12/12 15:50:11 | 000,020,480 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\winusb.dll
[2012/12/12 15:50:07 | 000,194,048 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFPlatform.dll
[2012/12/12 15:50:05 | 000,744,448 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFx.dll
[2012/12/12 15:50:05 | 000,229,888 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFHost.exe
[2012/12/12 15:50:05 | 000,045,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WUDFCoinstaller.dll
[2012/12/12 15:48:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\mshtmled.dll
[2012/12/12 15:48:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\mshtmled.dll
[2012/12/12 15:48:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieui.dll
[2012/12/12 15:48:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ieui.dll
[2012/12/12 15:48:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieUnatt.exe
[2012/12/12 15:48:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ieUnatt.exe
[2012/12/12 15:48:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\url.dll
[2012/12/12 15:48:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\url.dll
[2012/12/12 15:48:07 | 002,312,704 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript9.dll
[2012/12/12 15:48:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\inetcpl.cpl
[2012/12/12 15:48:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\inetcpl.cpl
[2012/12/12 15:48:07 | 000,729,088 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeeds.dll
[2012/12/12 15:48:06 | 000,607,744 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\msfeeds.dll
[2012/12/12 15:48:05 | 001,800,704 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\jscript9.dll
[2012/12/12 15:48:05 | 000,816,640 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript.dll
[2012/12/12 15:48:05 | 000,717,824 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\jscript.dll
[2012/12/12 15:48:05 | 000,599,040 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\vbscript.dll
[2012/12/12 11:46:43 | 001,210,368 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\kernel32.dll
[2012/12/12 11:46:34 | 000,477,696 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dpnet.dll
[2012/12/12 11:46:34 | 000,376,320 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\dpnet.dll
[2012/12/12 11:46:34 | 000,068,096 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dpnathlp.dll
[2012/12/12 11:46:34 | 000,026,112 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\dpnsvr.exe
[2012/12/12 11:46:34 | 000,023,040 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\dpnsvr.exe
[1 H:\Windows\*.tmp files -> H:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/01/10 16:04:11 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat
[2013/01/10 16:03:59 | 095,023,320 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/10 15:58:24 | 000,003,616 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 15:58:24 | 000,003,616 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/10 14:56:36 | 000,027,520 | ---- | M] () -- H:\Users\Admin\AppData\Local\dt.dat
[2013/01/10 14:55:04 | 000,002,890 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/10 14:55:04 | 000,000,886 | ---- | M] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/10 14:55:04 | 000,000,159 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.reg
[2013/01/10 14:55:04 | 000,000,066 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.bat
[2013/01/10 14:39:00 | 000,000,884 | ---- | M] () -- H:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/10 14:06:04 | 000,001,120 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-643971038-549652700-609112441-1000UA.job
[2013/01/10 13:21:30 | 105,642,360 | ---- | M] () -- H:\Windows\System32\drivers\AVG\incavi.avm
[2013/01/10 13:16:55 | 000,015,640 | ---- | M] () -- H:\Users\Admin\AppData\Local\d3d9caps.dat
[2013/01/09 18:40:10 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/09 18:40:10 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/09 14:49:24 | 000,398,320 | ---- | M] () -- H:\Windows\System32\FNTCACHE.DAT
[2013/01/09 12:54:33 | 001,538,358 | ---- | M] () -- H:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/09 12:54:33 | 000,671,212 | ---- | M] () -- H:\Windows\System32\perfh007.dat
[2013/01/09 12:54:33 | 000,631,942 | ---- | M] () -- H:\Windows\System32\perfh009.dat
[2013/01/09 12:54:33 | 000,144,380 | ---- | M] () -- H:\Windows\System32\perfc007.dat
[2013/01/09 12:54:33 | 000,118,568 | ---- | M] () -- H:\Windows\System32\perfc009.dat
[2013/01/08 02:14:46 | 009,290,588 | ---- | M] () -- H:\Users\Admin\Desktop\K.I.Z. - Hurensohn Episode 1 (lyrics) HQ.mp3
[2013/01/08 02:12:51 | 013,464,312 | ---- | M] () -- H:\Users\Admin\Desktop\London Elektricity - Just One Second.mp3
[2013/01/03 21:06:00 | 000,001,068 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-643971038-549652700-609112441-1000Core.job
[2013/01/01 11:33:12 | 000,687,953 | ---- | M] () -- H:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/12/29 19:32:37 | 000,002,090 | ---- | M] () -- H:\Users\Public\Desktop\BioShock.lnk
[2012/12/28 03:55:20 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- H:\Windows\SysWow64\CmdLineExt_x64.dll
[2012/12/27 06:50:51 | 000,000,953 | ---- | M] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/12/24 20:59:50 | 000,000,772 | ---- | M] () -- H:\Users\Public\Desktop\CCleaner.lnk
[2012/12/24 20:59:50 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/12/17 09:49:28 | 000,002,285 | ---- | M] () -- H:\Users\Admin\Desktop\jschlaeg 17-12-2012.zip
[2012/12/17 08:57:47 | 000,029,202 | ---- | M] () -- H:\Users\Admin\Desktop\jschlaeg.pdf
[2012/12/16 08:31:20 | 000,048,128 | ---- | M] (Adobe Systems) -- H:\Windows\System32\atmlib.dll
[2012/12/16 08:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- H:\Windows\SysWow64\atmlib.dll
[2012/12/16 06:08:21 | 000,368,128 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\System32\atmfd.dll
[2012/12/16 05:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\atmfd.dll
[1 H:\Windows\*.tmp files -> H:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/01/10 14:56:36 | 000,027,520 | ---- | C] () -- H:\Users\Admin\AppData\Local\dt.dat
[2013/01/10 14:55:04 | 000,002,890 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/10 14:55:04 | 000,000,886 | ---- | C] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/10 14:55:04 | 000,000,159 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.reg
[2013/01/10 14:55:04 | 000,000,066 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.bat
[2013/01/10 14:54:50 | 095,023,320 | ---- | C] () -- H:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/08 02:14:22 | 009,290,588 | ---- | C] () -- H:\Users\Admin\Desktop\K.I.Z. - Hurensohn Episode 1 (lyrics) HQ.mp3
[2013/01/08 02:12:34 | 013,464,312 | ---- | C] () -- H:\Users\Admin\Desktop\London Elektricity - Just One Second.mp3
[2013/01/08 02:01:07 | 000,398,320 | ---- | C] () -- H:\Windows\System32\FNTCACHE.DAT
[2012/12/29 19:32:37 | 000,002,090 | ---- | C] () -- H:\Users\Public\Desktop\BioShock.lnk
[2012/12/17 09:49:24 | 000,002,285 | ---- | C] () -- H:\Users\Admin\Desktop\jschlaeg 17-12-2012.zip
[2012/12/17 08:57:45 | 000,029,202 | ---- | C] () -- H:\Users\Admin\Desktop\jschlaeg.pdf
[2012/12/12 15:50:52 | 000,000,003 | ---- | C] () -- H:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/12 15:50:52 | 000,000,003 | ---- | C] () -- H:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/10/13 12:18:52 | 000,021,840 | ---- | C] () -- H:\Windows\SysWow64\SIntfNT.dll
[2012/10/13 12:18:52 | 000,017,212 | ---- | C] () -- H:\Windows\SysWow64\SIntf32.dll
[2012/10/13 12:18:52 | 000,012,067 | ---- | C] () -- H:\Windows\SysWow64\SIntf16.dll
[2012/07/11 07:55:54 | 000,098,344 | ---- | C] () -- H:\Windows\unTMV.exe
[2012/04/17 06:03:52 | 000,000,000 | ---- | C] () -- H:\Windows\ativpsrm.bin
[2012/04/16 09:48:56 | 000,000,732 | ---- | C] () -- H:\Users\Admin\AppData\Local\d3d9caps64.dat
[2011/12/22 18:57:33 | 001,538,358 | ---- | C] () -- H:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/06 15:24:59 | 000,237,568 | ---- | C] () -- H:\Windows\SysWow64\lame_enc.dll
[2011/12/06 15:24:59 | 000,110,080 | ---- | C] () -- H:\Windows\SysWow64\advd.dll
[2011/12/06 15:24:59 | 000,023,040 | ---- | C] () -- H:\Windows\SysWow64\auth.dll
[2011/10/14 18:54:52 | 000,321,856 | ---- | C] () -- H:\Windows\SysWow64\nvStreaming.exe
[2011/09/28 10:44:14 | 000,179,271 | ---- | C] () -- H:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- H:\Windows\SysWow64\atipblag.dat
[2011/06/11 14:58:13 | 000,202,040 | ---- | C] () -- H:\Windows\SysWow64\PnkBstrB.exe
[2011/06/11 14:58:08 | 000,066,872 | ---- | C] () -- H:\Windows\SysWow64\PnkBstrA.exe
[2011/04/19 16:29:55 | 000,000,026 | ---- | C] () -- H:\Windows\NeoSetup.INI
[2011/03/29 07:17:22 | 000,000,056 | -H-- | C] () -- H:\Windows\SysWow64\ezsidmv.dat
[2011/03/24 10:26:29 | 000,117,248 | ---- | C] () -- H:\Windows\SysWow64\EhStorAuthn.dll
[2011/03/24 10:25:20 | 000,107,612 | ---- | C] () -- H:\Windows\SysWow64\StructuredQuerySchema.bin
[2011/03/24 10:24:23 | 000,368,640 | ---- | C] () -- H:\Windows\SysWow64\msjetoledb40.dll
[2011/03/23 11:24:57 | 000,009,728 | ---- | C] () -- H:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/23 04:23:17 | 000,015,640 | ---- | C] () -- H:\Users\Admin\AppData\Local\d3d9caps.dat
[2009/08/03 21:26:11 | 000,018,904 | ---- | C] () -- H:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009/08/03 13:34:59 | 000,009,636 | ---- | C] () -- H:\Windows\SysWow64\ezdigsgn.dat
[2009/08/03 12:42:16 | 000,354,816 | ---- | C] () -- H:\Windows\SysWow64\pythoncom26.dll
[2009/08/03 12:42:16 | 000,108,032 | ---- | C] () -- H:\Windows\SysWow64\pywintypes26.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- H:\Windows\SysWow64\tcpmon.ini
[2007/04/27 03:43:58 | 000,120,200 | ---- | C] () -- H:\Windows\SysWow64\DLLDEV32i.dll
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- H:\Windows\bootstat.dat
[2006/11/02 10:02:31 | 000,197,632 | ---- | C] () -- H:\Windows\SysWow64\ir32_32.dll
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- H:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- H:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- H:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- H:\Windows\mib.bin
[2006/05/19 02:39:58 | 000,015,497 | ---- | C] () -- H:\Windows\snp2uvc.ini
========== LOP Check ==========
[2012/10/27 11:59:57 | 000,000,000 | ---D | M] -- H:\ProgramData\AMD
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Anwendungsdaten
[2012/02/04 08:31:00 | 000,000,000 | ---D | M] -- H:\ProgramData\AVG2012
[2012/09/23 12:51:09 | 000,000,000 | ---D | M] -- H:\ProgramData\boost_interprocess
[2011/12/12 09:05:50 | 000,000,000 | ---D | M] -- H:\ProgramData\CBL-Electronics
[2011/03/23 13:29:09 | 000,000,000 | -H-D | M] -- H:\ProgramData\Common Files
[2012/08/23 18:44:35 | 000,000,000 | ---D | M] -- H:\ProgramData\DAEMON Tools Lite
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Desktop
[2012/05/06 14:48:08 | 000,000,000 | ---D | M] -- H:\ProgramData\DFX
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Dokumente
[2011/08/30 15:09:09 | 000,000,000 | ---D | M] -- H:\ProgramData\Easybits GO
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favoriten
[2011/04/01 17:20:28 | 000,000,000 | ---D | M] -- H:\ProgramData\ICQ
[2011/03/23 14:49:31 | 000,000,000 | ---D | M] -- H:\ProgramData\Last.fm
[2011/12/24 07:50:54 | 000,000,000 | ---D | M] -- H:\ProgramData\MAGIX
[2013/01/10 13:23:01 | 000,000,000 | ---D | M] -- H:\ProgramData\MFAData
[2009/08/03 13:04:02 | 000,000,000 | ---D | M] -- H:\ProgramData\PC-Doctor for Windows
[2013/01/08 17:13:30 | 000,000,000 | ---D | M] -- H:\ProgramData\PMB Files
[2012/04/26 19:37:30 | 000,000,000 | ---D | M] -- H:\ProgramData\PWD
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Startmenü
[2009/08/03 13:17:18 | 000,000,000 | ---D | M] -- H:\ProgramData\Temp
[2011/03/30 08:46:06 | 000,000,000 | ---D | M] -- H:\ProgramData\TrackMania
[2012/05/22 07:24:26 | 000,000,000 | ---D | M] -- H:\ProgramData\TuneUp Software
[2011/03/21 02:12:50 | 000,000,000 | -HSD | M] -- H:\ProgramData\Vorlagen
[2011/04/13 16:12:48 | 000,000,000 | ---D | M] -- H:\ProgramData\WildTangent
[2012/05/22 07:24:03 | 000,000,000 | -HSD | M] -- H:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011/11/30 08:41:30 | 000,000,552 | ---- | M] () -- H:\Windows\Tasks\PCDRScheduledMaintenance.job
[2013/01/10 15:45:56 | 000,032,534 | ---- | M] () -- H:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< :OTL >
< O20:64bit: - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat () >
< O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - H:\ProgramData\dsgsdgdsgdsgw.bat () >
< [2013/01/10 14:55:04 | 000,002,890 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.js >
Invalid Switch: 10 14:55:04 | 000,002,890 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.js
< [2013/01/10 14:55:04 | 000,000,886 | ---- | M] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk >
Invalid Switch: 10 14:55:04 | 000,000,886 | ---- | M] () -- H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk

< [2013/01/10 14:55:04 | 000,000,159 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.reg >
Invalid Switch: 10 14:55:04 | 000,000,159 | ---- | M] () -- H:\ProgramData\dsgsdgdsgdsgw.reg

< :Files >
< :Commands >
< [emptytemp] >

< End of report >
--- --- ---

also einen Ordner _OTL findet mein PC nicht , nur eine Text Datei die im Hauptsystemlaufwerkl iegt.

Geändert von Stormiex (11.01.2013 um 02:24 Uhr)

Alt 11.01.2013, 16:38   #10
/// Malware-holic
GVU Trojaner , Windows Vista - Standard

GVU Trojaner , Windows Vista

das ist nicht das Ergebniss, das ist ein Scan, ausführen solltest du einen Fix.
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
Mails bitte vorerst nach obiger Anleitung an
Wenn Ihr uns unterstützen möchtet

Alt 11.01.2013, 18:24   #11
GVU Trojaner , Windows Vista - Standard

GVU Trojaner , Windows Vista

sorry hier nochmal der bericht :

========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\PROGRA~3\dsgsdgdsgdsgw.bat deleted successfully.
H:\ProgramData\dsgsdgdsgdsgw.bat moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\PROGRA~3\dsgsdgdsgdsgw.bat deleted successfully.
File H:\ProgramData\dsgsdgdsgdsgw.bat not found.
H:\ProgramData\dsgsdgdsgdsgw.js moved successfully.
H:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk moved successfully.
H:\ProgramData\dsgsdgdsgdsgw.reg moved successfully.
========== FILES ==========
========== COMMANDS ==========


User: Admin
->Temp folder emptied: 10714830 bytes
->Temporary Internet Files folder emptied: 7137592 bytes
->Java cache emptied: 22391749 bytes
->FireFox cache emptied: 48410563 bytes
->Google Chrome cache emptied: 146960781 bytes
->Apple Safari cache emptied: 67076096 bytes
->Flash cache emptied: 1393 bytes

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

User: Gast

User: Public

Total Flash Files Cleaned = 289.00 mb


User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Gast

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 78854280 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

Total Files Cleaned = 75.00 mb

OTLPE by OldTimer - Version log created on 01112013_181930

Alt 11.01.2013, 19:19   #12
/// Malware-holic
GVU Trojaner , Windows Vista - Standard

GVU Trojaner , Windows Vista

du bist wieder im normalen Modus? Inet geht?
download tdss killer:
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
Mails bitte vorerst nach obiger Anleitung an
Wenn Ihr uns unterstützen möchtet

Alt 11.01.2013, 20:13   #13
GVU Trojaner , Windows Vista - Standard

GVU Trojaner , Windows Vista

wenn du von normalen modus sprichst heisst dass dann dass ich den Pc nicht mehr von der CD Starten soll sondern wieder über Floppy Disk starten soll oder ? Wenn ja dann muss ich sagen dass ich nun eine eingeschränkte Internetleitung vorfinde womit sich nicht ins Internet gehen lässt.

Alt 11.01.2013, 20:51   #14
/// Malware-holic
GVU Trojaner , Windows Vista - Standard

GVU Trojaner , Windows Vista

über deine Festplatte, genau
im normalen Modus.
nutzt du lan oder wlan? falls du nen laptop hast, prüfe ob wlan aktiv ist, und du im richtigen netz bist
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
Mails bitte vorerst nach obiger Anleitung an
Wenn Ihr uns unterstützen möchtet

Alt 11.01.2013, 20:58   #15
GVU Trojaner , Windows Vista - Standard

GVU Trojaner , Windows Vista

Alles gut , hat sich behoben seit dem ich die CD rausgenommen habe. Bin jetzt mit dem PC online versuche dass was du mir empfohlen hast


Themen zu GVU Trojaner , Windows Vista
abgesicherte, aussagen, bandoo, booten, desktop, durchs, eingefangen, flashplayer, funktionier, funktioniert, gefangen, gen, gvu-trojaner, lösungen, modus, netzwerk, netzwerktreiber, plug-in, schonmal, stunde, stunden, troja, trojaner, trojaner-board, virus, vista, windows, windows vista

Ähnliche Themen: GVU Trojaner , Windows Vista

  1. GVU Trojaner auf Windows Vista
    Log-Analyse und Auswertung - 19.04.2014 (12)
  2. GVU - Trojaner in Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 09.12.2013 (2)
  3. Windows Vista Trojaner
    Log-Analyse und Auswertung - 09.10.2013 (17)
  4. GVU Trojaner auf windows vista
    Plagegeister aller Art und deren Bekämpfung - 02.09.2013 (1)
  5. Windows Vista GVU-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 25.08.2013 (1)
  6. gvu trojaner windows vista
    Plagegeister aller Art und deren Bekämpfung - 21.08.2013 (23)
  7. GVU Trojaner Windows Vista
    Log-Analyse und Auswertung - 22.07.2013 (1)
  8. GVU/Trojaner Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 09.05.2013 (5)
  9. GVU-Trojaner auf Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 27.03.2013 (1)
  10. GVU- Trojaner Windows Vista
    Log-Analyse und Auswertung - 20.01.2013 (7)
  11. GVU Trojaner 2.07 auf Windows Vista
    Log-Analyse und Auswertung - 28.10.2012 (24)
  12. BKA Trojaner 1.15 (Windows Vista)
    Log-Analyse und Auswertung - 05.10.2012 (37)
  13. GUV Trojaner Windows Vista
    Log-Analyse und Auswertung - 01.08.2012 (3)
  14. Windows Vista GVU Trojaner
    Plagegeister aller Art und deren Bekämpfung - 27.05.2012 (8)
  15. Infiziert mit Windows-Verschlüsselungs Trojaner -Mail mit Telefonrechnung - windows vista
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (12)
  16. BKA-Trojaner Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (1)
  17. Windows Vista Home Premium 32-Bit Trojaner Windows gesperrt 50€ zahlen.
    Log-Analyse und Auswertung - 23.01.2012 (1)

Zum Thema GVU Trojaner , Windows Vista - Hallo liebes Trojaner-Board Forum. Mein Sohn hat sich soeben den GVU Virus eingefangen , nach eigenen Aussagen kam der wohl vom Flashplayer aus rein. Habe in den letzten 2 Stunden - GVU Trojaner , Windows Vista...
Du betrachtest: GVU Trojaner , Windows Vista auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.