Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
QFYZCG was könnte das sein?

QFYZCG was könnte das sein?


Log-Analyse und Auswertung: QFYZCG was könnte das sein?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 15.12.2009, 11:04   #1
josy1982
 
QFYZCG was könnte das sein? - Standard

QFYZCG was könnte das sein?


Hallo,

hatte eine Datei die eigentlich nicht mehr da ist gefunden namens QFYZCG.exe was könnte das sein? Hatte im vorfeld schonmal CCleaner laufen lassen trotzdem wird mir diese immer noch in der lofile als missing angezeigt. Ich kann diese auch so nicht dinden auf dem PC. Könnte das ne installationsleiche sein? wie auch immer nachfolgend die Auswertung.

Zitat:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:15, on 15.12.2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-9\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S---9\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S---0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S---0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QFYZCG - Unknown owner - C:\Users\xxxx\AppData\Local\Temp\QFYZCG.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 4612 bytes
Gemeint ist hier die zeile:

Zitat:
O23 - Service: QFYZCG - Unknown owner - C:\Users\xxxx\AppData\Local\Temp\QFYZCG.exe (file missing)


vielen dank für eure vorschläge


lg josy

Alt 15.12.2009, 13:22   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
QFYZCG was könnte das sein? - Standard

QFYZCG was könnte das sein?


Hallo,

der Dateiname scheint aus zufällig zusammengewürfelten Zeichen zu bestehen, deswegen kann man weder auf ein bestimmtes Programm oder einen bestimmten Schädling schließen.

Probier mal aus:
Bitte diese Liste beachten und abarbeiten. Beim Scan mit MalwareBytes auch alle externen Speicher (ext. Platten, USB-Sticks, ... mit anklemmen!! )

Wichtig für Benutzer mit Windows Vista und Windows 7: Bitte alle Tools per Rechtsklick => Als Admin ausführen!

Die Logfiles kannst Du zB alle in eine Datei zippen und auf File-Upload.net hochladen und hier verlinken, denn 1. sind manche Logfiles fürs Board nämlich zu groß und 2. kann ich mit einem Klick mir gleich alle auf einmal runterladen.
__________________

__________________
Alt 15.12.2009, 15:35   #3
josy1982
 
QFYZCG was könnte das sein? - Standard

QFYZCG was könnte das sein?


Hallo,

vielen Dank erstmal für die Antwort. Ich habe die Liste mal abgearbeitet leider geht bei mir RSIT nicht unter Windows 7 habe per rechtsklick als admin gestartet und dann bekomme ich folgendes:

http://img696.imageshack.us/i/unbenanntp.gif/
__________________
Alt 15.12.2009, 15:37   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
QFYZCG was könnte das sein? - Standard

QFYZCG was könnte das sein?


Dann bitte RSIT weglassen, mach später dann OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.12.2009, 15:54   #5
josy1982
 
QFYZCG was könnte das sein? - Standard

QFYZCG was könnte das sein?


Hallo,

so hier die Logs:

Zitat:
Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3364
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15.12.2009 15:46:41
mbam-log-2009-12-15 (15-46-41).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 199389
Laufzeit: 25 minute(s), 39 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Zitat:
OTL logfile created on: 15.12.2009 15:39:25 - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\xxxxx\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): c:\pagefile.sys 3100 3100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 448,51 Gb Free Space | 96,32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOxxxxxx7-PC
Current User Name: xxxxxx
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\xxxxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
PRC - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Programme\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)
PRC - C:\Programme\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\xxxxxxx\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (QFYZCG) -- File not found
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (hpqcxs08) -- C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (HPSLPSVC) -- C:\Programme\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.)
SRV - (hpqddsvc) -- C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\Windows\System32\HPZipm12.dll (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- C:\Windows\System32\HPZinw12.dll (Hewlett-Packard)


========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdguard.sys (COMODO)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (hotcore3) -- C:\Windows\system32\DRIVERS\hotcore3.sys (Paragon Software Group)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (LgBttPort) -- C:\Windows\System32\drivers\lgbtport.sys (LG Electronics Inc.)
DRV - (LGVMODEM) -- C:\Windows\System32\drivers\lgvmodem.sys (LG Electronics Inc.)
DRV - (lgbusenum) -- C:\Windows\System32\drivers\lgbtbus.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (FlashUSB) -- C:\Windows\System32\drivers\FlashUsb.sys (Danish Wireless Design A/S)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = xxxxx://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D F9 00 xxxxx CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (824 bytes) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009.12.15 15:38:10 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxxxx\Desktop\OTL.exe
[2009.12.15 15:19:46 | 00,000,000 | ---D | C] -- C:\rsit
[2009.12.14 21:56:47 | 00,000,000 | ---D | C] -- C:\Users\xxxx\Documents\StarBurn
[2009.12.14 21:56:47 | 00,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\StarBurn
[2009.12.14 21:00:31 | 00,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\FileZilla
[2009.12.14 21:00:20 | 00,000,000 | ---D | C] -- C:\Programme\FileZilla FTP Client
[2009.12.14 18:52:47 | 00,000,000 | ---D | C] -- C:\Programme\Rocket Division Software
[2009.12.14 14:32:17 | 00,000,000 | ---D | C] -- C:\ProgramData\IObit
[2009.12.14 12:32:37 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009.12.14 12:30:28 | 00,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\OpenOffice.org
[2009.12.14 12:26:31 | 00,000,000 | ---D | C] -- C:\Users\xxxxxy\AppData\Roaming\vlc
[2009.12.14 12:25:59 | 00,000,000 | ---D | C] -- C:\Programme\VideoLAN
[2009.12.14 12:24:41 | 00,000,000 | ---D | C] -- C:\Programme\JRE
[2009.12.14 12:24:38 | 00,000,000 | ---D | C] -- C:\Programme\OpenOffice.org 3
[2009.12.14 12:04:19 | 00,000,000 | ---D | C] -- C:\Users\xxxxxxy\AppData\Roaming\GMX
[2009.12.14 12:04:19 | 00,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Local\GMX
[2009.12.14 12:04:19 | 00,000,000 | ---D | C] -- C:\ProgramData\GMX
[2009.12.14 12:03:03 | 00,000,000 | ---D | C] -- C:\Programme\GMX
[2009.12.14 02:03:19 | 00,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\ASCOMP Software
[2009.12.14 02:03:13 | 00,000,000 | ---D | C] -- C:\Programme\ASCOMP Software
[2009.12.13 20:19:38 | 00,000,000 | ---D | C] -- C:\ProgramData\Paragon
[2009.12.13 19:29:48 | 00,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\Microsoft_Corporation
[2009.12.13 19:25:10 | 00,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\Diagnostics
[2009.12.13 19:24:51 | 00,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Local\ElevatedDiagnostics
[2009.12.13 14:39:48 | 00,000,000 | ---D | C] -- C:\Programme\Inkscape
[2009.12.13 14:31:18 | 00,000,000 | ---D | C] -- C:\Users\josy\AppData\Local\Apps
[2009.12.12 23:50:35 | 00,000,000 | ---D | C] -- C:\Users\josy\Documents\LG Electronics
[2009.12.12 23:49:30 | 00,000,000 | -H-D | C] -- C:\Programme\InstallShield Installation Information
[2009.12.12 23:49:27 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\InstallShield
[2009.12.12 23:48:33 | 01,164,728 | ---- | C] (NuMedia Soft, Inc.) -- C:\Windows\System32\NMSDVDXU.dll
[2009.12.12 23:48:33 | 00,630,784 | ---- | C] (ComponentOne) -- C:\Windows\System32\vsflex8u.ocx
[2009.12.12 23:48:33 | 00,419,240 | ---- | C] (VideoSoft) -- C:\Windows\System32\Vsflex7L.ocx
[2009.12.12 23:48:33 | 00,244,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msflxgrd.ocx
[2009.12.12 23:48:27 | 00,000,000 | -H-D | C] -- C:\Users\xxxx\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
[2009.12.12 23:48:27 | 00,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\LG Electronics
[2009.12.12 23:40:03 | 00,000,000 | ---D | C] -- C:\Programme\MSXML 4.0
[2009.12.12 16:35:03 | 00,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2009.12.12 16:35:03 | 00,000,000 | ---D | C] -- C:\Users\xxxxxy\AppData\Roaming\HP
[2009.12.12 16:30:59 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\Hewlett-Packard
[2009.12.12 16:30:43 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\HP
[2009.12.12 16:29:07 | 00,000,000 | ---D | C] -- C:\Programme\HP
[2009.12.12 16:29:04 | 00,000,000 | -H-D | C] -- C:\Config.Msi
[2009.12.12 16:26:48 | 00,000,000 | ---D | C] -- C:\ProgramData\HP
[2009.12.12 16:26:42 | 00,452,408 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2009.12.12 16:26:41 | 00,675,840 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpowiav1.dll
[2009.12.12 16:26:41 | 00,573,440 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpotscl1.dll
[2009.12.12 16:26:41 | 00,303,104 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpovst01.dll
[2009.12.12 15:26:25 | 00,000,000 | ---D | C] -- C:\Users\jxxxxx\AppData\Local\Apple Computer
[2009.12.12 15:23:47 | 00,000,000 | ---D | C] -- C:\Programme\QuickTime
[2009.12.12 15:23:47 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009.12.12 15:23:32 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2009.12.12 15:23:23 | 00,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\Apple
[2009.12.12 15:23:20 | 00,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2009.12.12 15:23:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009.12.12 15:13:58 | 00,000,000 | ---D | C] -- C:\Programme\DIFX
[2009.12.12 15:13:55 | 00,016,896 | ---- | C] (Danish Wireless Design A/S) -- C:\Windows\System32\drivers\FlashUsb.sys
[2009.12.12 15:13:55 | 00,000,000 | ---D | C] -- C:\Programme\infineon
[2009.12.12 15:11:30 | 00,203,776 | ---- | C] (Iterated Systems, Inc.) -- C:\Windows\System32\clrviddc.dll
[2009.12.12 15:07:06 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2009.12.12 15:06:53 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2009.12.12 15:06:53 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2009.12.12 15:06:48 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\xing shared
[2009.12.12 15:06:08 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009.12.12 15:06:03 | 00,000,000 | ---D | C] -- C:\Programme\Real
[2009.12.12 15:05:58 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\Real
[2009.12.12 15:05:57 | 00,000,000 | ---D | C] -- C:\ProgramData\Real
[2009.12.12 15:05:41 | 00,000,000 | ---D | C] -- C:\Users\xxxxx\AppData\Roaming\Real
[2009.12.12 14:59:47 | 00,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Local\Downloaded Installations
[2009.12.12 14:59:16 | 00,000,000 | ---D | C] -- C:\KP500
[2009.12.12 14:58:30 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4r.dll
[2009.12.12 14:58:30 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll
[2009.12.12 14:58:22 | 00,000,000 | ---D | C] -- C:\ProgramData\LGMOBILEAX
[2009.12.12 14:57:57 | 00,000,000 | ---D | C] -- C:\Programme\XMedia Recode
[2009.12.12 14:57:44 | 00,000,000 | ---D | C] -- C:\Programme\XN Resource Editor
[2009.12.12 14:54:23 | 00,000,000 | ---D | C] -- C:\Programme\BonkEnc
[2009.12.12 12:54:34 | 00,000,000 | ---D | C] -- C:\Programme\LG Electronics
[2009.12.12 12:51:33 | 00,040,560 | ---- | C] (Paragon Software Group) -- C:\Windows\System32\drivers\hotcore3.sys
[2009.12.12 12:51:33 | 00,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2009.12.12 12:51:25 | 00,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Local\Adobe
[2009.12.12 12:51:16 | 00,000,000 | ---D | C] -- C:\Programme\Paragon Software
[2009.12.12 12:49:53 | 00,000,000 | ---D | C] -- C:\Windows\System32\custom matrices
[2009.12.12 12:49:49 | 00,000,000 | ---D | C] -- C:\Windows\System32\C2MP
[2009.12.12 12:49:21 | 00,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\TweakNow RegCleaner
[2009.12.12 12:49:21 | 00,000,000 | ---D | C] -- C:\Programme\TweakNow RegCleaner
[2009.12.12 12:48:46 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2009.12.12 12:48:44 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2009.12.12 12:48:44 | 00,000,000 | ---D | C] -- C:\Programme\Adobe
[2009.12.12 12:23:50 | 00,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2009.12.12 02:16:12 | 00,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\GlarySoft
[2009.12.12 02:04:37 | 00,000,000 | R-SD | C] -- C:\Users\xxxxxxxx\Documents\My Stationery
[2009.12.12 01:51:49 | 03,474,384 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des
[2009.12.12 01:51:24 | 00,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npptNT2.sys
[2009.12.12 01:51:23 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\INCA Shared
[2009.12.12 01:43:49 | 00,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight
[2009.12.12 01:43:12 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2009.12.12 01:43:07 | 00,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition
[2009.12.12 01:42:39 | 00,000,000 | ---D | C] -- C:\Programme\Microsoft
[2009.12.12 01:42:28 | 00,000,000 | ---D | C] -- C:\Users\xxxxxxxx\Documents\microsoft
[2009.12.12 01:42:15 | 00,000,000 | ---D | C] -- C:\Programme\Windows Live SkyDrive
[2009.12.12 01:42:04 | 00,000,000 | ---D | C] -- C:\Programme\Windows Live
[2009.12.12 01:41:45 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2009.12.12 01:36:10 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009.12.12 01:36:10 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009.12.12 01:36:10 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009.12.12 01:36:10 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009.12.12 01:36:03 | 00,000,000 | ---D | C] -- C:\Programme\Java
[2009.12.12 01:35:51 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\Windows Live
[2009.12.12 01:34:56 | 00,000,000 | ---D | C] -- C:\Users\xxxxxxxx\AppData\Roaming\Malwarebytes
[2009.12.12 01:34:52 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009.12.12 01:34:51 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.12.12 01:34:50 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009.12.12 01:34:50 | 00,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2009.12.12 01:33:56 | 00,000,000 | ---D | C] -- C:\Programme\Glary Utilities
[2009.12.12 01:33:39 | 00,000,000 | ---D | C] -- C:\Programme\CCleaner
[2009.12.12 01:33:04 | 00,000,000 | ---D | C] -- C:\Programme\IZArc
[2009.12.12 01:31:32 | 00,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Roaming\Ashampoo
[2009.12.12 01:31:16 | 00,000,000 | ---D | C] -- C:\Users\xxxx\AppData\Local\ashampoo
[2009.12.12 01:31:16 | 00,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[2009.12.12 01:31:03 | 00,000,000 | ---D | C] -- C:\Programme\Ashampoo
[2009.12.12 01:30:29 | 00,000,000 | ---D | C] -- C:\Users\xxxxxxx\Sicherheit
[2009.12.12 01:22:55 | 00,000,000 | ---D | C] -- C:\Programme\Gameforge4D
[2009.12.12 01:19:13 | 00,000,000 | ---D | C] -- C:\Programme\VirusTotalUploader2
[2009.12.12 00:19:48 | 00,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2009.12.12 00:19:47 | 00,171,552 | ---- | C] (COMODO) -- C:\Windows\System32\guard32.dll
[2009.12.12 00:19:47 | 00,128,376 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2009.12.12 00:19:47 | 00,074,328 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2009.12.12 00:19:47 | 00,029,520 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2009.12.12 00:19:41 | 00,000,000 | ---D | C] -- C:\Programme\COMODO
[2009.12.12 00:17:34 | 00,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2009.12.12 00:16:55 | 00,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2009.12.12 00:12:29 | 11,515,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2009.12.12 00:12:29 | 00,795,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpinst.exe
[2009.12.12 00:12:29 | 00,076,392 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2009.12.12 00:12:29 | 00,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2009.12.12 00:12:28 | 00,000,000 | ---D | C] -- C:\Programme\Metin2_Germany
[2009.12.12 00:12:27 | 14,064,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2009.12.12 00:12:27 | 09,333,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2009.12.12 00:12:27 | 04,147,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvencodemft.dll
[2009.12.12 00:12:27 | 04,001,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2009.12.12 00:12:27 | 02,243,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2009.12.12 00:12:27 | 01,989,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2009.12.12 00:12:27 | 00,289,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll
[2009.12.12 00:12:24 | 11,381,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2009.12.12 00:12:24 | 01,249,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2009.12.12 00:12:24 | 00,182,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod178.dll
[2009.12.12 00:12:24 | 00,182,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2009.12.12 00:12:21 | 00,000,000 | ---D | C] -- C:\NVIDIA
[2009.12.12 00:04:51 | 00,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2009.12.12 00:04:51 | 00,000,000 | ---D | C] -- C:\Programme\Intel
[2009.12.12 00:04:42 | 00,000,000 | ---D | C] -- C:\Intel
[2009.12.11 23:56:38 | 00,000,000 | ---D | C] -- C:\Users\xxxxxxx\AppData\Roaming\Macromedia
[2009.12.11 23:56:38 | 00,000,000 | ---D | C] -- C:\Users\xxxxxxx\AppData\Roaming\Adobe
[2009.12.11 23:56:37 | 00,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2009.12.11 23:50:21 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009.12.11 23:48:56 | 02,613,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009.12.11 23:48:56 | 01,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2009.12.11 23:48:56 | 00,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2009.12.11 23:48:56 | 00,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2009.12.11 23:48:56 | 00,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009.12.11 23:48:56 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009.12.11 23:48:56 | 00,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009.12.11 23:48:55 | 12,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009.12.11 23:48:52 | 00,000,000 | ---D | C] -- C:\Users\xxxxxxx\AppData\Roaming\GrabPro
[2009.12.11 23:48:52 | 00,000,000 | ---D | C] -- C:\downloads
[2009.12.11 23:48:49 | 00,000,000 | ---D | C] -- C:\Programme\Orbitdownloader
[2009.12.11 23:48:49 | 00,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Orbit
[2009.12.11 23:48:48 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009.12.11 23:42:23 | 00,000,000 | ---D | C] -- C:\Users\xxxxxxxxx\AppData\Roaming\AVG9
[2009.12.11 23:39:12 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009.12.11 23:39:12 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009.12.11 23:39:06 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009.12.11 23:38:57 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009.12.11 23:38:55 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009.12.11 23:38:55 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009.12.11 23:38:52 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2009.12.11 23:38:52 | 00,000,000 | ---D | C] -- C:\Programme\AVG
[2009.12.11 23:38:16 | 00,000,000 | -HSD | C] -- C:\Windows\Installer
[2009.12.11 23:28:57 | 00,000,000 | R--D | C] -- C:\Users\x\Searches
[2009.12.11 23:28:48 | 00,000,000 | ---D | C] -- C:\Users\x\AppData\Roaming\Identities
[2009.12.11 23:28:47 | 00,000,000 | R--D | C] -- C:\Users\x\Contacts
[2009.12.11 23:28:42 | 00,000,000 | ---D | C] -- C:\Users\x\AppData\Local\VirtualStore
[2009.12.11 23:28:40 | 00,000,000 | --SD | C] -- C:\Users\x\AppData\Roaming\Microsoft
[2009.12.11 23:28:40 | 00,000,000 | R--D | C] -- C:\Users\x\Videos
[2009.12.11 23:28:40 | 00,000,000 | R--D | C] -- C:\Users\x\Saved Games
[2009.12.11 23:28:40 | 00,000,000 | R--D | C] -- C:\Users\x\Pictures
[2009.12.11 23:28:40 | 00,000,000 | R--D | C] -- C:\Users\x\Music
[2009.12.11 23:28:40 | 00,000,000 | R--D | C] -- C:\Users\x\Links
[2009.12.11 23:28:40 | 00,000,000 | R--D | C] -- C:\Users\x\Favorites
[2009.12.11 23:28:40 | 00,000,000 | R--D | C] -- C:\Users\x\Downloads
[2009.12.11 23:28:40 | 00,000,000 | R--D | C] -- C:\Users\x\Documents
[2009.12.11 23:28:40 | 00,000,000 | R--D | C] -- C:\Users\x\Desktop
[2009.12.11 23:28:40 | 00,000,000 | -HSD | C] -- C:\Users\x\Vorlagen
[2009.12.11 23:28:40 | 00,000,000 | -HSD | C] -- C:\Users\x\AppData\Local\Verlauf
[2009.12.11 23:28:40 | 00,000,000 | -HSD | C] -- C:\Users\x\AppData\Local\Temporary Internet Files
[2009.12.11 23:28:40 | 00,000,000 | -HSD | C] -- C:\Users\x\Startmenü
[2009.12.11 23:28:40 | 00,000,000 | -HSD | C] -- C:\Users\x\SendTo
[2009.12.11 23:28:40 | 00,000,000 | -HSD | C] -- C:\Users\x\Recent
[2009.12.11 23:28:40 | 00,000,000 | -HSD | C] -- C:\Users\x\Netzwerkumgebung
[2009.12.11 23:28:40 | 00,000,000 | -HSD | C] -- C:\Users\x\Lokale Einstellungen
[2009.12.11 23:28:40 | 00,000,000 | -HSD | C] -- C:\Users\x\Documents\Eigene Videos
[2009.12.11 23:28:40 | 00,000,000 | -HSD | C] -- C:\Users\x\Documents\Eigene Musik
[2009.12.11 23:28:40 | 00,000,000 | -HSD | C] -- C:\Users\x\Eigene Dateien
[2009.12.11 23:28:40 | 00,000,000 | -HSD | C] -- C:\Users\x\Documents\Eigene Bilder
[2009.12.11 23:28:40 | 00,000,000 | -HSD | C] -- C:\Users\x\Druckumgebung
[2009.12.11 23:28:40 | 00,000,000 | -HSD | C] -- C:\Users\x\Cookies
[2009.12.11 23:28:40 | 00,000,000 | -HSD | C] -- C:\Users\x\AppData\Local\Anwendungsdaten
[2009.12.11 23:28:40 | 00,000,000 | -HSD | C] -- C:\Users\x\Anwendungsdaten
[2009.12.11 23:28:40 | 00,000,000 | -H-D | C] -- C:\Users\x\AppData
[2009.12.11 23:28:40 | 00,000,000 | ---D | C] -- C:\Users\x\AppData\Local\Temp
[2009.12.11 23:28:40 | 00,000,000 | ---D | C] -- C:\Users\x\AppData\Local\Microsoft
[2009.12.11 23:28:40 | 00,000,000 | ---D | C] -- C:\Users\x\AppData\Roaming\Media Center Programs
[2009.12.11 23:28:25 | 00,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2009.12.11 23:28:25 | 00,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2009.12.11 23:28:25 | 00,000,000 | -HSD | C] -- C:\Recovery
[2009.12.11 23:28:25 | 00,000,000 | -HSD | C] -- C:\Programme
[2009.12.11 23:28:25 | 00,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2009.12.11 23:28:25 | 00,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2009.12.11 23:28:25 | 00,000,000 | -HSD | C] -- C:\Users\xc\Documents\Eigene Videos
[2009.12.11 23:28:25 | 00,000,000 | -HSD | C] -- C:\Users\x\Documents\Eigene Musik
[2009.12.11 23:28:25 | 00,000,000 | -HSD | C] -- C:\Users\x\Documents\Eigene Bilder
[2009.12.11 23:28:25 | 00,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2009.12.11 23:28:25 | 00,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2009.12.11 23:28:25 | 00,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2009.12.11 23:22:43 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2009.12.11 23:20:13 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch
[2009.12.11 23:19:56 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009.12.11 23:19:08 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2009.12.03 12:20:56 | 04,254,224 | ---- | C] (Trolltech AS) -- C:\Windows\System32\qtp-mt334.dll
[2009.12.03 12:20:38 | 00,249,872 | ---- | C] (Paragon Software Group) -- C:\Windows\System32\prgiso.dll
[2009.11.20 20:33:00 | 12,685,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2009.11.20 20:33:00 | 01,323,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2009.11.20 20:33:00 | 00,812,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2009.11.20 20:33:00 | 00,122,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
[2009.11.20 20:33:00 | 00,110,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2009.11.20 20:33:00 | 00,066,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll

========== Files - Modified Within 30 Days ==========

[2009.12.15 15:42:52 | 02,097,152 | -HS- | M] () -- C:\Users\xxxxx\NTUSER.DAT
[2009.12.15 15:25:36 | 00,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009.12.15 15:25:36 | 00,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009.12.15 15:01:04 | 01,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009.12.15 15:01:04 | 00,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2009.12.15 15:01:04 | 00,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009.12.15 15:01:04 | 00,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2009.12.15 15:01:04 | 00,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009.12.15 14:59:09 | 46,651,868 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009.12.15 14:56:37 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.12.15 14:56:35 | 25,160,33536 | -HS- | M] () -- C:\hiberfil.sys
[2009.12.15 10:51:42 | 02,806,304 | -H-- | M] () -- C:\Users\xxxx\AppData\Local\IconCache.db
[2009.12.14 23:49:06 | 00,123,979 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009.12.14 21:00:25 | 00,001,950 | ---- | M] () -- C:\Users\xxxx\Desktop\FileZilla Client.lnk
[2009.12.14 20:17:12 | 00,001,272 | ---- | M] () -- C:\Users\xxx\Desktop\Snipping Tool.lnk
[2009.12.14 19:27:16 | 00,001,029 | ---- | M] () -- C:\Users\xx\Desktop\XMedia Recode.lnk
[2009.12.14 18:52:57 | 00,721,904 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2009.12.14 18:52:56 | 00,001,216 | ---- | M] () -- C:\Users\xxxx\Desktop\StarBurn.lnk
[2009.12.14 14:56:10 | 00,283,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.12.14 13:01:44 | 00,061,736 | ---- | M] () -- C:\Users\xxxxx\AppData\Local\GDIPFONTCACHEV1.DAT
[2009.12.14 12:26:09 | 00,001,028 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2009.12.14 12:25:12 | 00,001,102 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
[2009.12.14 12:03:16 | 00,001,357 | ---- | M] () -- C:\Users\Public\Desktop\GMX MultiMessenger.lnk
[2009.12.14 02:03:14 | 00,002,098 | ---- | M] () -- C:\Users\xxxx\Desktop\Files Suite.lnk
[2009.12.13 20:48:50 | 00,006,608 | ---- | M] () -- C:\bootsqm.dat
[2009.12.13 19:29:25 | 00,001,468 | ---- | M] () -- C:\Users\xxx\Desktop\Windows PowerShell ISE.lnk
[2009.12.13 15:27:42 | 00,062,464 | ---- | M] () -- C:\Users\xxx\AppData\Local\WebpageIcons.db
[2009.12.13 14:51:39 | 00,000,969 | ---- | M] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2009.12.12 23:48:46 | 00,001,216 | ---- | M] () -- C:\Users\xxxxx\Desktop\LG PC Suite III.lnk
[2009.12.12 22:20:03 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxxx\Desktop\OTL.exe
[2009.12.12 16:34:37 | 00,245,523 | ---- | M] () -- C:\Windows\hpoins19.dat
[2009.12.12 16:33:40 | 00,000,438 | ---- | M] () -- C:\Windows\win.ini
[2009.12.12 16:33:28 | 00,000,194 | ---- | M] () -- C:\Windows\tasks\SidebarExecute.job
[2009.12.12 16:31:40 | 00,002,069 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009.12.12 15:16:08 | 00,002,412 | ---- | M] () -- C:\Windows\System32\lgAxconfig.ini
[2009.12.12 15:15:11 | 00,000,819 | ---- | M] () -- C:\Users\xxxxxx\Desktop\LGMobile update.lnk
[2009.12.12 15:11:17 | 00,203,776 | ---- | M] (Iterated Systems, Inc.) -- C:\Windows\System32\clrviddc.dll
[2009.12.12 15:07:06 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2009.12.12 15:06:53 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2009.12.12 15:06:53 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2009.12.12 15:06:08 | 00,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll
[2009.12.12 15:06:08 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll
[2009.12.12 15:06:08 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009.12.12 14:57:45 | 00,001,007 | ---- | M] () -- C:\Users\xxxxx\Desktop\XN Resource Editor.lnk
[2009.12.12 14:54:29 | 00,000,953 | ---- | M] () -- C:\Users\Public\Desktop\BonkEnc Audio Encoder.lnk
[2009.12.12 12:51:33 | 00,002,389 | ---- | M] () -- C:\Users\Public\Desktop\Paragon Partition Manager™ 10.0 Personal.lnk
[2009.12.12 12:49:23 | 00,001,056 | ---- | M] () -- C:\Users\Public\Desktop\TweakNow RegCleaner.lnk
[2009.12.12 01:45:51 | 00,002,077 | ---- | M] () -- C:\Users\xxxxxx\Desktop\Säubern.lnk
[2009.12.12 01:43:08 | 00,000,020 | ---- | M] () -- C:\Windows\H÷u
[2009.12.12 01:36:04 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009.12.12 01:36:04 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009.12.12 01:36:04 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009.12.12 01:36:04 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009.12.12 01:34:55 | 00,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.12.12 01:33:59 | 00,000,312 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2009.12.12 01:33:58 | 00,000,962 | ---- | M] () -- C:\Users\xxxx\Desktop\Glary Utilities.lnk
[2009.12.12 01:33:40 | 00,001,835 | ---- | M] () -- C:\Users\xxxy\Desktop\CCleaner.lnk
[2009.12.12 01:33:07 | 00,001,779 | ---- | M] () -- C:\Users\xxx\Desktop\IZArc.lnk
[2009.12.12 01:31:14 | 00,001,089 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Photo Commander 6.lnk
[2009.12.12 01:29:37 | 00,001,130 | ---- | M] () -- C:\Users\Public\Desktop\CABAL Online.lnk
[2009.12.12 01:19:14 | 00,001,997 | ---- | M] () -- C:\Users\xxxy\Desktop\VirusTotal Uploader 2.0.lnk
[2009.12.12 00:31:50 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.12.12 00:20:55 | 00,001,117 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2009.12.12 00:19:41 | 00,171,552 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
[2009.12.12 00:19:41 | 00,128,376 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2009.12.12 00:19:41 | 00,074,328 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2009.12.12 00:19:41 | 00,029,520 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2009.12.12 00:13:10 | 00,001,019 | ---- | M] () -- C:\Users\xxxx\Desktop\Metin2 DE.lnk
[2009.12.11 23:51:18 | 00,524,288 | -HS- | M] () -- C:\Users\xxx\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009.12.11 23:51:18 | 00,524,288 | -HS- | M] () -- C:\Users\xx\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009.12.11 23:51:18 | 00,065,536 | -HS- | M] () -- C:\Users\xxx\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009.12.11 23:39:12 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009.12.11 23:39:12 | 00,001,816 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2009.12.11 23:39:11 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009.12.11 23:38:57 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009.12.11 23:38:55 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009.12.11 23:38:55 | 00,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009.12.11 23:38:55 | 00,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009.12.11 23:38:55 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009.12.11 23:28:40 | 00,000,020 | -HS- | M] () -- C:\Users\xxxxx\ntuser.ini
[2009.12.11 23:23:27 | 00,052,953 | ---- | M] () -- C:\Windows\System32\license.rtf
[2009.12.03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009.12.03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009.12.03 12:20:56 | 04,254,224 | ---- | M] (Trolltech AS) -- C:\Windows\System32\qtp-mt334.dll
[2009.12.03 12:20:38 | 00,249,872 | ---- | M] (Paragon Software Group) -- C:\Windows\System32\prgiso.dll
[2009.12.03 12:20:38 | 00,040,560 | ---- | M] (Paragon Software Group) -- C:\Windows\System32\drivers\hotcore3.sys
[2009.11.21 03:34:54 | 14,064,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2009.11.21 03:34:54 | 11,515,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2009.11.21 03:34:54 | 11,381,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2009.11.21 03:34:54 | 09,333,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2009.11.21 03:34:54 | 04,241,000 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2009.11.21 03:34:54 | 04,147,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvencodemft.dll
[2009.11.21 03:34:54 | 04,001,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2009.11.21 03:34:54 | 02,243,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2009.11.21 03:34:54 | 01,989,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2009.11.21 03:34:54 | 01,249,896 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2009.11.21 03:34:54 | 00,795,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dpinst.exe
[2009.11.21 03:34:54 | 00,289,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdecodemft.dll
[2009.11.21 03:34:54 | 00,182,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcod178.dll
[2009.11.21 03:34:54 | 00,182,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2009.11.21 03:34:54 | 00,076,392 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2009.11.21 03:34:54 | 00,010,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2009.11.21 03:34:54 | 00,007,133 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2009.11.20 20:33:30 | 00,272,278 | ---- | M] () -- C:\Windows\System32\NvApps.xml
[2009.11.20 20:33:30 | 00,064,882 | ---- | M] () -- C:\Windows\System32\NvwsApps.xml
[2009.11.20 20:33:00 | 12,685,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2009.11.20 20:33:00 | 01,323,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2009.11.20 20:33:00 | 00,812,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2009.11.20 20:33:00 | 00,122,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
[2009.11.20 20:33:00 | 00,110,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2009.11.20 20:33:00 | 00,066,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2009.11.19 08:22:46 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

========== Files Created - No Company Name ==========

[2009.12.14 21:00:25 | 00,001,950 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2009.12.14 20:17:12 | 00,001,272 | ---- | C] () -- C:\Users\xxx\Desktop\Snipping Tool.lnk
[2009.12.14 19:27:16 | 00,001,029 | ---- | C] () -- C:\Users\xxxx\Desktop\XMedia Recode.lnk
[2009.12.14 18:52:57 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.12.14 18:52:56 | 00,001,216 | ---- | C] () -- C:\Users\Public\Desktop\StarBurn.lnk
[2009.12.14 12:26:09 | 00,001,028 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2009.12.14 12:25:12 | 00,001,102 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
[2009.12.14 12:03:16 | 00,001,357 | ---- | C] () -- C:\Users\Public\Desktop\GMX MultiMessenger.lnk
[2009.12.14 02:03:14 | 00,002,098 | ---- | C] () -- C:\Users\xxxxx\Desktop\Files Suite.lnk
[2009.12.13 20:48:50 | 00,006,608 | ---- | C] () -- C:\bootsqm.dat
[2009.12.13 19:29:25 | 00,001,468 | ---- | C] () -- C:\Users\xxx\Desktop\Windows PowerShell ISE.lnk
[2009.12.13 15:25:13 | 00,062,464 | ---- | C] () -- C:\Users\xxx\AppData\Local\WebpageIcons.db
[2009.12.13 14:51:39 | 00,000,969 | ---- | C] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2009.12.12 23:48:46 | 00,001,216 | ---- | C] () -- C:\Users\xxxx\Desktop\LG PC Suite III.lnk
[2009.12.12 16:33:28 | 00,000,194 | ---- | C] () -- C:\Windows\tasks\SidebarExecute.job
[2009.12.12 16:31:40 | 00,002,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2009.12.12 16:27:00 | 00,001,342 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.12.12 16:26:59 | 00,245,523 | ---- | C] () -- C:\Windows\hpoins19.dat
[2009.12.12 16:26:59 | 00,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2009.12.12 15:00:59 | 00,000,819 | ---- | C] () -- C:\Users\xxxxx\Desktop\LGMobile update.lnk
[2009.12.12 14:58:30 | 00,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2009.12.12 14:58:30 | 00,002,412 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2009.12.12 14:57:45 | 00,001,007 | ---- | C] () -- C:\Users\xxxxx\Desktop\XN Resource Editor.lnk
[2009.12.12 14:54:29 | 00,000,953 | ---- | C] () -- C:\Users\Public\Desktop\BonkEnc Audio Encoder.lnk
[2009.12.12 12:51:33 | 00,002,389 | ---- | C] () -- C:\Users\Public\Desktop\Paragon Partition Manager™ 10.0 Personal.lnk
[2009.12.12 12:49:23 | 00,001,056 | ---- | C] () -- C:\Users\Public\Desktop\TweakNow RegCleaner.lnk
[2009.12.12 01:51:24 | 00,005,174 | ---- | C] () -- C:\Windows\System32\nppt9x.vxd
[2009.12.12 01:45:01 | 00,002,077 | ---- | C] () -- C:\Users\xxxxx\Desktop\Säubern.lnk
[2009.12.12 01:43:07 | 00,000,020 | ---- | C] () -- C:\Windows\H÷u
[2009.12.12 01:34:55 | 00,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.12.12 01:33:59 | 00,000,312 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2009.12.12 01:33:58 | 00,000,962 | ---- | C] () -- C:\Users\xxx\Desktop\Glary Utilities.lnk
[2009.12.12 01:33:40 | 00,001,835 | ---- | C] () -- C:\Users\xxx\Desktop\CCleaner.lnk
[2009.12.12 01:33:07 | 00,001,779 | ---- | C] () -- C:\Users\xxx\Desktop\IZArc.lnk
[2009.12.12 01:31:14 | 00,001,089 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Photo Commander 6.lnk
[2009.12.12 01:29:37 | 00,001,130 | ---- | C] () -- C:\Users\Public\Desktop\CABAL Online.lnk
[2009.12.12 01:19:14 | 00,001,997 | ---- | C] () -- C:\Users\xxxx\Desktop\VirusTotal Uploader 2.0.lnk
[2009.12.12 00:20:55 | 00,001,117 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2009.12.12 00:13:10 | 00,001,019 | ---- | C] () -- C:\Users\xxxxx\Desktop\Metin2 DE.lnk
[2009.12.12 00:12:29 | 00,007,133 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2009.12.11 23:39:12 | 00,001,816 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2009.12.11 23:38:55 | 46,651,868 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009.12.11 23:38:55 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009.12.11 23:38:55 | 00,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009.12.11 23:38:55 | 00,123,979 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009.12.11 23:38:55 | 00,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2009.12.11 23:28:40 | 02,097,152 | -HS- | C] () -- C:\Users\xxxx\NTUSER.DAT
[2009.12.11 23:28:40 | 00,524,288 | -HS- | C] () -- C:\Users\xxxx\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009.12.11 23:28:40 | 00,524,288 | -HS- | C] () -- C:\Users\xxxx\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2009.12.11 23:28:40 | 00,065,536 | -HS- | C] () -- C:\Users\xxx\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2009.12.11 23:28:40 | 00,000,020 | -HS- | C] () -- C:\Users\xxxxx\ntuser.ini
[2009.12.11 23:19:56 | 25,160,33536 | -HS- | C] () -- C:\hiberfil.sys
[2009.11.20 20:33:30 | 00,272,278 | ---- | C] () -- C:\Windows\System32\NvApps.xml
[2009.11.20 20:33:30 | 00,064,882 | ---- | C] () -- C:\Windows\System32\NvwsApps.xml
[2009.09.07 16:29:44 | 04,455,865 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009.09.06 15:52:04 | 00,828,611 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009.09.02 21:23:04 | 00,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009.09.02 21:22:58 | 00,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009.09.02 21:22:40 | 00,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009.09.02 21:22:18 | 00,146,944 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009.09.02 21:22:10 | 00,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009.09.02 21:22:06 | 00,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009.09.02 21:22:00 | 00,484,864 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009.09.02 17:45:34 | 00,829,781 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.09.02 17:38:44 | 00,425,040 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009.09.02 17:35:12 | 00,557,003 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009.09.02 17:01:48 | 00,146,098 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009.08.25 19:07:36 | 00,328,334 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009.07.14 00:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.02 18:11:26 | 00,098,304 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009.06.02 18:11:16 | 00,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.01.10 23:17:32 | 00,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009.01.10 23:16:56 | 00,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009.01.10 23:16:50 | 00,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009.01.10 23:16:14 | 00,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009.01.10 23:15:54 | 00,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009.01.10 23:15:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2009.01.10 23:15:32 | 00,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009.01.10 23:15:28 | 00,246,784 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009.01.10 23:15:12 | 00,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009.01.10 23:14:08 | 00,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009.01.10 23:14:06 | 00,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2008.12.03 23:11:50 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.11.06 17:37:32 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.06 17:34:00 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2007.10.13 10:30:20 | 00,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2007.07.10 18:10:12 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:671329E4
< End of report >
Zitat:
OTL Extras logfile created on: 15.12.2009 15:39:25 - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Users\xxxx\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): c:\pagefile.sys 3100 3100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 448,51 Gb Free Space | 96,32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: x
Current User Name: xx
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4B407A54-6CF2-42B5-B419-E900B2E36972}" = 1500
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{986A654F-F1E4-11DD-9FCA-005056C00008}" = Paragon Partition Manager™ 10.0 Personal
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A2101ACC-DC36-42AA-A576-6FD6A8D466DA}" = 1500_Help
"{A4C6B32D-5088-40AF-B74D-CDABEF144F04}" = 1500Trb
"{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D137B59C-551C-4659-8AA8-206FA650BF40}" = LG USB Modem Drivers
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo Photo Commander 6_is1" = Ashampoo Photo Commander 6.50
"AVG9Uninstall" = AVG Free 9.0
"CABAL Online_is1" = CABAL Online
"CCleaner" = CCleaner
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.9.0
"COMODO Internet Security" = COMODO Internet Security
"Files Suite_is1" = Files Suite v1.2
"FileZilla Client" = FileZilla Client 3.3.0.1
"Glary Utilities_is1" = Glary Utilities 2.17.0.776
"GMX MultiMessenger" = GMX MultiMessenger
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"Inkscape" = Inkscape 0.47
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Orbit_is1" = Orbit Downloader
"Photo Commander Plugin Installation" = Photo Commander Plugin Installation
"RealPlayer 12.0" = RealPlayer
"StarBurn_is1" = StarBurn Version 12r10 (Build 0x20091021)
"TweakNow RegCleaner_is1" = TweakNow RegCleaner
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 2.1.7.3
"XN Resource Editor_is1" = XNResourceEditor 3.0.0.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12.12.2009 14:22:43 | Computer Name = xxxxxxxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16404,
Zeitstempel: 0x4a765076 Name des fehlerhaften Moduls: IZArcCM.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4aa0b172 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0455b2c0
ID
des fehlerhaften Prozesses: 0x464 Startzeit der fehlerhaften Anwendung: 0x01ca7b5754266dba
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
IZArcCM.dll Berichtskennung: 565aa8d6-e74b-11de-92ac-00196680db34

Error - 12.12.2009 19:03:39 | Computer Name = xxxxxxxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16404,
Zeitstempel: 0x4a765076 Name des fehlerhaften Moduls: IZArcCM.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4aa0b172 Ausnahmecode: 0xc0000005 Fehleroffset: 0x04eeb2c0
ID
des fehlerhaften Prozesses: 0xc10 Startzeit der fehlerhaften Anwendung: 0x01ca7b7bd81175f1
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
IZArcCM.dll Berichtskennung: 951a7fed-e772-11de-ba88-00196680db34

Error - 13.12.2009 14:33:48 | Computer Name = xxxxxxxx-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16404,
Zeitstempel: 0x4a765076 Name des fehlerhaften Moduls: IZArcCM.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4aa0b172 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0554b2c0
ID
des fehlerhaften Prozesses: 0xfb0 Startzeit der fehlerhaften Anwendung: 0x01ca7bf6f9ad60d7
Pfad
der fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls:
IZArcCM.dll Berichtskennung: 0d2fdfaf-e816-11de-befa-00196680db34

Error - 14.12.2009 19:37:09 | Computer Name = xxxxxxxx-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "HijackThis" konnte nicht heruntergefahren
werden.

[ System Events ]
Error - 15.12.2009 05:52:52 | Computer Name = xxxxxxxx-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 15.12.2009 05:52:52 | Computer Name = xxxxxxxx-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 15.12.2009 05:52:53 | Computer Name = xxxxxxxx-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 15.12.2009 05:52:53 | Computer Name = xxxxxxxx-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 15.12.2009 09:56:34 | Computer Name = xxxxxxxx-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.

Error - 15.12.2009 09:57:38 | Computer Name = xxxxxxxx-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-2147023143.

Error - 15.12.2009 09:57:40 | Computer Name = xxxxxxxx-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 15.12.2009 09:57:40 | Computer Name = xxxxxxxx-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 15.12.2009 09:57:40 | Computer Name = xxxxxxxx-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 15.12.2009 09:57:40 | Computer Name = xxxxxxxx-PC | Source = WMPNetworkSvc | ID = 866306
Description =


< End of report >


Alt 16.12.2009, 00:49   #6
josy1982
 
QFYZCG was könnte das sein? - Standard

QFYZCG was könnte das sein?


Hallo,

ich habe mal noch bisschen gesucht und das einzigste was ich noch gefunden habe ist der wert in der Registry mehr ist nicht vorhanden. Da ich aber nicht weiss was das ist mag ich es auch nicht entfernen. Ich poste es mal dazu.

Zitat:
Schlüsselname: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QFYZCG
Klassenname: <KEINE KLASSE>
Letzter Schreibzugriff: 13.12.2009 - 19:32
Wert 0
Name: Type
Typ: REG_DWORD
Daten: 0x110

Wert 1
Name: Start
Typ: REG_DWORD
Daten: 0x3

Wert 2
Name: ErrorControl
Typ: REG_DWORD
Daten: 0x1

Wert 3
Name: ImagePath
Typ: REG_EXPAND_SZ
Daten: C:\Users\josy\AppData\Local\Temp\QFYZCG.exe

Wert 4
Name: DisplayName
Typ: REG_SZ
Daten: QFYZCG

Wert 5
Name: ObjectName
Typ: REG_SZ
Daten: LocalSystem

Alt 16.12.2009, 09:26   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
QFYZCG was könnte das sein? - Standard

QFYZCG was könnte das sein?


Sieht unauffällig aus. Hast Du mal den Rootkit-Revealer oder ein ähnliches Tool ausgeführt?
Die erzeugen gern solche zufälligen Dateinamen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 16.12.2009, 12:16   #8
josy1982
 
QFYZCG was könnte das sein? - Standard

QFYZCG was könnte das sein?


Hallo,


also die Datei QFYZCG war keine zufällig generierte da sie fest in der Registry eingetragen war und als fester Dienst ( konnte man unter Systemsteuerung>Verwaltung>Dienste Sehen). Das einzigste war das dieser Dienst oder Service gar nicht mehr vorhanden ist/war. Es kann durchaus von einem Programm kommen das ich mal deinstalliert habe. Wie auch immer nach entfernen des Registry wertes sieht das alles wieder ganz gut aus. Denke auch es war kein schäfling. Der einzigste Rottkit scanner den ich benutze ist der RootkitBuster. Aber ja den Rootkit-Revealer hatte ich mal vor ner Woche laufen lassen aber das der hier einen Systemdienst anlegt mit manuellem Start glaube ich eher nicht.

LG josy

Alt 16.12.2009, 12:35   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
QFYZCG was könnte das sein? - Standard

QFYZCG was könnte das sein?


Zitat:
also die Datei QFYZCG war keine zufällig generierte da sie fest in der Registry eingetragen war und als fester Dienst (
Natürlich war das zufällig generiert. Es ist kein Problem, einen zufälligen String zu erzeugen, das als Dateinamen zu benutzen und so auch in der Registry bzw. Diensteliste einzutragen

Genau dieses Verhalten kenn ich vom Rootkitrevealer (zufällige Großbuchstaben als Systemdienst) - probier das Tool nochmal aus, Du wirst dann eine ähnliche neue Datei bzw. ähnlichen neuen Dienst haben (sollte man auch im Taskmanager sehen, wenn der Rootkitrevealer gestartet ist)
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu QFYZCG was könnte das sein?
acrobat, adobe, avg, avg free, bho, comodo, datei, downloader, e-mail, explorer, free, hijack, hijackthis, internet, internet explorer, internet security, local\temp, logfile, micro, microsoft, nvidia, object, plug-in, security, software, system, system32, temp, windows


« CPU Auslasstung > Prozesse beginnen mit ash zugriffsverweigerung und svdhost.exe | Trojaner - isser weg? »


Ähnliche Themen: QFYZCG was könnte das sein?


  1. Es erschien eine Seite der Bundesrepublik Deutschland(ganz komische,könnte Trojanerseite gewesen sein)
    Plagegeister aller Art und deren Bekämpfung - 07.01.2014 (20)
  2. rundll32.exe jeden alle jeden 2ten systemstart die ganze zeit am laufen. was könnte das sein?
    Plagegeister aller Art und deren Bekämpfung - 18.11.2013 (17)
  3. Frisches Windows 7 64-Bit System, mit zwei laufenden csrss.exe Prozessen, deren Dateipfad unbekannt ist. Könnte das Malware sein?
    Plagegeister aller Art und deren Bekämpfung - 27.07.2013 (3)
  4. Hohe CPU-Auslastung, was könnte (hier) die Ursache sein? Ein Trojaner?
    Log-Analyse und Auswertung - 22.06.2013 (11)
  5. Spammail über Googlemail geöffnet (Könnte mein Rechner jetzt infiziert sein?)
    Überwachung, Datenschutz und Spam - 10.01.2013 (12)
  6. Frage an Arne: Warum könnte ZA besser sein als die Windows Firewall?
    Antiviren-, Firewall- und andere Schutzprogramme - 28.11.2011 (1)
  7. Was könnte das sein ? Genau Beschreibung im Thread Dringend.
    Plagegeister aller Art und deren Bekämpfung - 06.04.2011 (5)
  8. Was könnte das sein?
    Plagegeister aller Art und deren Bekämpfung - 04.01.2011 (1)
  9. Hackerangriff, Trojaner, oder was könnte es sein?
    Plagegeister aller Art und deren Bekämpfung - 24.07.2010 (1)
  10. Was könnte es wohl sein??
    Mülltonne - 03.05.2008 (0)
  11. Bin mir nicht sicher aber könnte sein
    Log-Analyse und Auswertung - 12.12.2007 (1)
  12. kann jemand mir sagen was das sein könnte???
    Plagegeister aller Art und deren Bekämpfung - 11.12.2006 (4)
  13. Wer könnte das mal durchgehen?
    Log-Analyse und Auswertung - 02.01.2006 (6)
  14. ich könnte verzweifeln !
    Log-Analyse und Auswertung - 11.10.2005 (2)
  15. ***Stop***Fehler!!!!Was könnte das sein???
    Alles rund um Windows - 29.09.2005 (2)
  16. könnte das nen trojaner sein?
    Log-Analyse und Auswertung - 19.09.2005 (1)
  17. Könnte ein Trojaner sein
    Plagegeister aller Art und deren Bekämpfung - 28.07.2003 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema QFYZCG was könnte das sein? - Hallo, hatte eine Datei die eigentlich nicht mehr da ist gefunden namens QFYZCG.exe was könnte das sein? Hatte im vorfeld schonmal CCleaner laufen lassen trotzdem wird mir diese immer noch - QFYZCG was könnte das sein?...
Archiv
Du betrachtest: QFYZCG was könnte das sein? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131