Mein Pc wird immer langsamer und hat Internet Probleme

nici8880 · 07.04.2010, 10:55

Ich habe das Problem , dass mein Computer in letzter Zeit immer langesamer wird und beim Internet auch sehr lange braucht zum laden
deswegen wollte ich mal meine Registery von euch checken lassen.

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:51:53, on 07.04.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\AVG\AVG9\avgui.exe
C:\Program Files (x86)\IncrediMail\bin\IncMail.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\JetAudio\JetAudio.exe
C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Presario&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.search.yahoo.com/?fr=avantsearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Presario&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Presario&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.1\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Paradiesbar.lnk = C:\Program Files (x86)\Paradiesbar\paradiesbar.exe
O4 - Global Startup: Windows Live Messenger .lnk = C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: RF - Formular ausfüllen - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RF - Formular speichern - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: RF - Menü anpassen - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Gatewaydienst auf Anwendungsebene (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Anmeldedienst (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Druckwarteschlange (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9651 bytes

Chris4You · 07.04.2010, 11:04

Hi,

das Log gibt nicht so viel her, daher:

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe

Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

Unter Extra Registry, wähle bitte Use SafeList

Klicke nun auf Run Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt

Poste die Logfiles hier in den Thread

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (http://www.gmer.net/#files), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein.
Falls GMER nicht läuft, in abgesicherten Modus probieren (F8 beim Booten)..

chris

nici8880 · 07.04.2010, 11:50

Code:

ATTFilter

OTL Extras logfile created on: 07.04.2010 12:09:01 - Run 1
OTL by OldTimer - Version 3.2.1.0     Folder = C:\Users\Max Mustermann\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 48,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581,64 Gb Total Space | 430,24 Gb Free Space | 73,97% Space Free | Partition Type: NTFS
Drive D: | 14,53 Gb Total Space | 1,83 Gb Free Space | 12,62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: Max Mustermann-PC
Current User Name: Max Mustermann
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 4C 68 18 93 48 74 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{480A85FC-0760-40D0-9A02-017A15F7FB04}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4A68CF4B-7CDA-456D-A40F-C8CCF795F6BE}" = rport=445 | protocol=6 | dir=out | app=system | 
"{607125D7-5E0B-4C9D-B724-C34FE91A864E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{73EC5883-C03A-4C4C-8D2A-4BCE154E9807}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{86665F40-CAD7-4A82-A977-1305AC7CCF01}" = lport=139 | protocol=6 | dir=in | app=system | 
"{899B71E5-2D22-459B-851A-8A8FA4F0D23A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9E94000B-E613-4D5E-A37A-19C8D036E774}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A9B185C2-46F6-475E-80E0-4BD772013F60}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AAF9BB7E-6F09-4F8D-9955-98841D5312F9}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CF844D89-9B81-4191-B41B-9C3C7F3B46E1}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========

nici8880 · 07.04.2010, 11:51

Code:

ATTFilter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F2FB70-0C16-4A18-A3D5-820BDECD333A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{0FFF3EF7-EFE2-4E13-ADD2-CAE11F61379D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{124589C6-25D1-41F2-AD27-C3A367E89B63}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{12FF39AF-DD38-4B32-9CA3-8232FAA281FA}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe | 
"{195276FD-4688-4FF5-95AF-19C901C1B149}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1C08CAE2-3E01-4287-BEB8-B2EA87F1B141}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{1D37CED7-7E78-4FA9-85A0-6220D192701C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1D57686F-1A1D-4B1F-A5E4-B4C02D261AC3}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{219FDA00-3EDF-4DCC-99C9-2F76F68E880B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{25E4F3C3-500C-44FA-B86A-B2A0B8CA54D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2F3CECDA-8E04-4DCA-B128-0E4E72C2092B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{39229AE9-0D07-4428-933D-66366F38EE34}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3A8886E9-712D-4286-8C04-467DAF001003}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{3DE3E335-3E84-40C5-8EB4-D5E18DB0A882}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{3F453B98-9379-479C-BA91-6411593B54A1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{40D67E30-CBC5-450B-AC75-43689E490CCF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{43552664-1E05-4C97-8FCD-D2BD32620EAD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{465B738F-61BE-477C-9EC2-C2D2D1955C0E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4929E1D6-1417-41A0-8209-6C1B520A3126}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4C6F158D-6098-4A72-803E-C3E737289F44}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4E2D1351-E5BA-4F60-8E9F-70DBE8185C96}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5B75A0FC-A79D-4B79-A926-680339611F7B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5E3D740F-D3D2-4EA5-B68D-5F327C888B32}" = protocol=17 | dir=in | app=c:\program files (x86)\gbridge llc\gbridge\gbvncviewer.exe | 
"{5F1F8AE5-2F20-4EE2-B039-54E9DEC65B6D}" = protocol=6 | dir=in | app=c:\program files (x86)\gbridge llc\gbridge\gbwinvnc.exe | 
"{6285980A-4871-4C02-A4BF-17DED994BC1F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{630F2D46-0514-4E73-9A53-F019640490E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6313A69C-EDBE-48B5-9F76-829B58E908D8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6DB53D23-9C52-422C-B782-7F2520E309FD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{708DED99-7D86-4FFF-A064-D56B2D494F25}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{765BC8A0-558D-4476-A2F6-643682160769}" = protocol=17 | dir=in | app=c:\program files (x86)\gbridge llc\gbridge\gbridge.exe | 
"{7A5BE9F8-8B10-403B-AA65-B950FCD083A9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{7E541012-B561-4AF4-AA75-ACEE0BAE35F5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{897F6FF2-2F5A-431E-A03B-92BACBA72D55}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{9097FBAE-4D67-4279-A26C-618F6A45D3D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9522C2A1-9C0B-4FAC-9321-5C58EF722F75}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe | 
"{9C3528F7-44AF-4DFA-9DD0-CF51FCF3BC24}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9F63312D-7BAD-47A7-9480-46183C2CFE57}" = protocol=6 | dir=in | app=c:\program files (x86)\gbridge llc\gbridge\gbridge.exe | 
"{A1439997-6D90-4F69-971E-577F4788831F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{A645408F-1E89-4B9A-95AD-137F92FD750E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A75CADC0-9D90-4901-B788-B9A958D66B68}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A85FBE65-150E-4F1A-B5D7-F3240E4B8611}" = protocol=17 | dir=in | app=c:\program files (x86)\gbridge llc\gbridge\gbwinvnc.exe | 
"{B7EB68C2-F07B-4EF9-8EB1-9B29B744A643}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{C9042AD6-931C-4FDA-BB9F-AA6AEA10BB77}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DB9E01FD-0D39-402C-8E5C-607A7BCE2902}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{DC17B549-25FF-4FCE-8132-022A8F5A4255}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DC63E51C-6910-4B49-B924-21E8F1179F82}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{E25CB12C-A365-4A03-B38D-788998606C3A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E2789153-EB76-4CF9-975D-788F2E1C1C3B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E2D0E9DB-F293-43C8-BE27-8915C628B436}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E879B06B-5791-4193-B2B5-24052A3C7A1E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E9030874-B57D-4672-8C40-7612B393D02F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{F43A4EDE-FA02-45FF-8BC3-CA2A5EC6D711}" = protocol=6 | dir=in | app=c:\program files (x86)\gbridge llc\gbridge\gbvncviewer.exe | 
"{F99F69DA-92A3-45B0-B804-24C3EB396EDE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FAE57FD8-522B-4289-9679-A360C73567EF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FCAB6E38-D435-4A17-A04A-0D9D933AAB38}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FE270CB7-C3C1-48EB-A632-6B54714F9AF4}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"TCP Query User{1F9E79AB-B516-4940-9599-D88F107E3650}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{2C5982B0-7604-44CE-B408-E157033AC576}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"TCP Query User{474A37F3-C551-4177-B35B-E8122507D8AA}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"TCP Query User{5D614940-2662-42AA-839F-6D1DA22CCEC1}C:\program files (x86)\ipaid-surfbar\ipaid_surfbar.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ipaid-surfbar\ipaid_surfbar.exe | 
"TCP Query User{7F133AE8-987C-4A60-8EE6-9E7B2075600A}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{8464E7D4-000D-41F6-907A-44E120498406}C:\program files (x86)\philips\intelligent agent\philips intelligent agent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\philips\intelligent agent\philips intelligent agent.exe | 
"TCP Query User{85453CEF-4729-48B3-9EAE-59A4456E8EE5}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{BA36D27F-ED0F-432E-816D-9BF6AB60FE43}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{E5F4DD26-4010-4E75-88C0-AB0EA0228146}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{E8FD76DB-1C39-49D5-945F-82B84D87B994}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{065D5FB8-9F43-415A-A65A-0601B1B35319}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{0E330300-786B-4F80-8D94-62758741303C}C:\program files (x86)\ipaid-surfbar\ipaid_surfbar.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ipaid-surfbar\ipaid_surfbar.exe | 
"UDP Query User{16A570EB-6679-4002-A23B-C10EAB88DF00}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{1A495209-8EAA-45DB-A465-C0B653588B58}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"UDP Query User{1A66E767-16FC-4768-9730-186FAC9DDADD}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{53B49742-9FD6-42AA-AEEA-7880F7B0F93F}C:\program files (x86)\philips\intelligent agent\philips intelligent agent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\philips\intelligent agent\philips intelligent agent.exe | 
"UDP Query User{C93BC4C7-5EFA-4C09-958F-7579717455E0}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"UDP Query User{E24437A7-C75B-48E5-B85B-01A8F64F25A9}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{EF5064B2-24B3-4017-833C-217AD5E9E602}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{F3F3ED0A-5029-41CE-BA69-7214CF593414}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AF2CB1FE-FD46-4D85-8C63-5C46E825E177}" = Logitech QuickCam
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"FEDA512DE1CA5C505592944B44643446C045502B" = Windows-Treiberpaket - Philips CL (phaudlwr) MEDIA  (06/02/2008 1.0.5.12)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardware Diagnose Tools
"SP6" = Logitech SetPoint 6.0
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.0 Build #1205 Banner Remover 0.7
"{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software
"{15382D89-6EF6-4D21-9484-B500F2B10E46}" = PhotoMail Maker
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{784BEA84-FA66-4B19-BB80-7B545F248AC6}" = HP Total Care Setup
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BECDEE0-7126-4F9B-8BE4-E72AEA79571B}" = ArcSoft WebCam Companion 2
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117837963}" = Elemental
"{83258E90-1F76-4E13-9F60-A0F8ED41E76F}" = PC Connectivity Solution
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E6B9529-4C75-4209-B0CD-33CD228EB5CE}" = UpdateStar
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}" = Watson
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B84739A3-F943-47E4-95D8-96381EF5AC48}" = HP Customer Experience Enhancements
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic VX
"{E6C773DF-41C4-4A4F-B6C5-7830FF10342F}" = Philips CamSuite
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6D5EED1-EB69-421C-A314-8998CA574C51}" = Philips SPC1030NC Webcam
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.21
"AVG9Uninstall" = AVG 9.0
"CC-Bar_is1" = CC-Bar
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EPSON Scanner" = EPSON Scan
"EPSON Stylus CX7300_CX8300_DX7400_DX8400 Benutzerhandbuch" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Handbuch
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"FileHippo.com" = FileHippo.com Update Checker
"Flatcast_is1" = Flatcast Viewer Plugin 5.2.2.454
"FormatFactory" = FormatFactory 2.30
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007-Testversion
"ICQToolbar" = ICQ Toolbar
"IncrediMail" = IncrediMail 2.0
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"IPaid-Surfbar" = IPaid-Surfbar
"make-euros.net paid4surf_is1" = make-euros.net paid4surf 4.2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Paradiesbar_is1" = Paradiesbar 2.1 Release Candidate
"Philips Intelligent Agent_is1" = Philips Intelligent Agent
"pywin32-py2.6" = Python 2.6 pywin32-212
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"TeamViewer 5" = TeamViewer 5
"TuneUp Utilities" = TuneUp Utilities
"tvbrowser" = TV-Browser 2.7.5
"ViewpointMediaPlayer" = Viewpoint Media Player
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AI RoboForm" = AI RoboForm
"Move Media Player" = Move Media Player
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

Chris4You · 07.04.2010, 19:05

Hi,

mit den Extras alleine kann ich nicht soviel anfangen, poste bitte noch das MAM-Log, das OTL-Log (nicht das Extra-Log) und das GMER-Log...

chris

nici8880 · 07.04.2010, 20:41

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3962

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

07.04.2010 14:04:17
mbam-log-2010-04-07 (14-04-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 292438
Laufzeit: 2 Stunde(n), 17 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

nici8880 · 07.04.2010, 21:07

Code:

ATTFilter

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-04-07 22:06:14
Windows 6.0.6002 Service Pack 2
Running: c4bj0hsg.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd60091b                      
Reg  HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd60091b@002567e15c8c         0xCD 0x56 0xB4 0x0C ...
Reg  HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd60091b (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd60091b@002567e15c8c             0xCD 0x56 0xB4 0x0C ...
Reg  HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd60091b (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd60091b@002567e15c8c             0xCD 0x56 0xB4 0x0C ...
Reg  HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0009dd60091b (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0009dd60091b@002567e15c8c             0xCD 0x56 0xB4 0x0C ...

---- EOF - GMER 1.0.15 ----

OTL logfile created on: 07.04.2010 21:43:42 - Run 2
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\nici8880\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 47,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581,64 Gb Total Space | 430,28 Gb Free Space | 73,98% Space Free | Partition Type: NTFS
Drive D: | 14,53 Gb Total Space | 1,74 Gb Free Space | 11,94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NICI8880-PC
Current User Name: nici8880
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\nici8880\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Program Files (x86)\IncrediMail\bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)

========== Modules (SafeList) ==========

MOD - C:\Users\nici8880\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (BthServ) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe (Logitech Inc.)
SRV - (avg9emc) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2010.03.29 05:42:29 | 000,000,000 | ---D | M]
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (ACPService) -- C:\Program Files (x86)\Philips\CamSuite\1.0.9.0\ACPService.exe ()
SRV - (LVSrvLauncher) -- C:\Programme\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()

========== Driver Services (SafeList) ==========

DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgRkx64) -- C:\Windows\SysNative\Drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\Drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\DRIVERS\klif.sys (Kaspersky Lab)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\DRIVERS\klim6.sys (Kaspersky Lab)
DRV:64bit: - (phaudlwr) -- C:\Windows\SysNative\DRIVERS\phaudlwr.sys (Philips Applied Technologies)
DRV:64bit: - (KLBG) -- C:\Windows\SysNative\DRIVERS\klbg.sys (Kaspersky Lab)
DRV:64bit: - (gbridge) -- C:\Windows\SysNative\DRIVERS\gbridge64.sys (Gbridge LLC)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\DRIVERS\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\DRIVERS\kl1.sys (Kaspersky Lab)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\Drivers\BTHport.sys (Microsoft Corporation)
DRV:64bit: - (RFCOMM) Bluetooth-Gerät (RFCOMM-Protokoll-TDI) -- C:\Windows\SysNative\DRIVERS\rfcomm.sys (Microsoft Corporation)
DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\DRIVERS\BthEnum.sys (Microsoft Corporation)
DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\Drivers\BTHUSB.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys (Microsoft Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (btnetBUs) -- C:\Windows\SysNative\Drivers\btnetBus.sys ()
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\DRIVERS\uimx64.sys (Windows (R) 2000 DDK provider)
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys (EnTech Taiwan)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (SPC1030) USB2.0 PC Camera (SPC1030) -- C:\Windows\SysNative\DRIVERS\spc1030.sys ()
DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\DRIVERS\teamviewervpn.sys (TeamViewer GmbH)
DRV:64bit: - (usbvideo) USB-Videogerät (WDM) -- C:\Windows\SysNative\Drivers\usbvideo.sys (Microsoft Corporation)
DRV:64bit: - (BthPan) Bluetooth-Gerät (PAN) -- C:\Windows\SysNative\DRIVERS\bthpan.sys (Microsoft Corporation)
DRV:64bit: - (LVcKap64) -- C:\Windows\SysNative\DRIVERS\LVcKap64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (LVMVDrv) -- C:\Windows\SysNative\DRIVERS\LVMVDrv.sys (Logitech Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (PCDSRVC{F36B3A4C-F95654BD-06000000}_0) -- c:\Programme\PC-Doctor for Windows\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (SPC1030) USB2.0 PC Camera (SPC1030) -- C:\Windows\spc1030.ini ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Presario&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Presario&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Presario&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.search.yahoo.com/?fr=avantsearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010.04.07 10:27:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.03 16:26:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.05 21:10:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010.03.28 19:56:24 | 000,000,000 | ---D | M]

[2010.03.19 11:34:16 | 000,000,000 | ---D | M] -- C:\Users\nici8880\AppData\Roaming\mozilla\Extensions
[2009.12.30 00:35:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nici8880\AppData\Roaming\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2010.01.27 23:35:13 | 000,000,000 | ---D | M] -- C:\Users\nici8880\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2010.04.07 10:30:36 | 000,000,000 | ---D | M] -- C:\Users\nici8880\AppData\Roaming\mozilla\Firefox\Profiles\2de1okzx.default\extensions
[2010.04.03 16:27:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\nici8880\AppData\Roaming\mozilla\Firefox\Profiles\2de1okzx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.12.30 00:45:29 | 000,000,000 | ---D | M] -- C:\Users\nici8880\AppData\Roaming\mozilla\SeaMonkey\Profiles\wftq9zok.default\extensions
[2010.04.07 10:30:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.03.29 21:19:34 | 000,381,182 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 13133 more lines...
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108835
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: RF - Formular ausfüllen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RF - Formular speichern - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: RF - Menü anpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: RF - Formular ausfüllen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RF - Formular speichern - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: RF - Menü anpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.216.127.130 82.212.63.122
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\sbhook64.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\kloehk.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Value error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\klogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\deskscapes.dll (Stardock Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\nici8880\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\nici8880\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{cef4c8f2-be4f-11de-a838-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cef4c8f2-be4f-11de-a838-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.07 12:07:21 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Desktop\mbam-installer
[2010.04.07 11:34:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.07 11:23:23 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\Agent.OMZ.Fix.exe
[2010.04.07 11:23:22 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.C.exe
[2010.04.07 11:23:22 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\404Fix.exe
[2010.04.07 11:23:22 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\o4Patch.exe
[2010.04.07 11:23:21 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\VACFix.exe
[2010.04.07 11:23:21 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.exe
[2010.04.07 11:23:19 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\VCCLSID.exe
[2010.04.07 11:23:19 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\SrchSTS.exe
[2010.04.07 11:23:19 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swxcacls.exe
[2010.04.07 11:23:18 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swreg.exe
[2010.04.07 11:23:18 | 000,053,248 | ---- | C] (hxxp://www.beyondlogic.org) -- C:\Windows\SysWow64\Process.exe
[2010.04.07 11:22:59 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Desktop\SmitfraudFix
[2010.04.07 10:28:59 | 000,012,976 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010.04.07 10:28:58 | 000,056,008 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2010.04.07 10:28:57 | 000,316,936 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010.04.07 10:28:53 | 000,269,320 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010.04.07 10:28:52 | 000,035,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010.04.07 10:28:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010.04.07 10:26:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010.04.06 11:19:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Siber Systems
[2010.04.05 21:11:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.04.05 21:10:38 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.04.05 21:10:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.04.05 21:10:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.04.05 21:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010.04.03 16:26:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010.04.03 15:34:18 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010.04.03 15:34:18 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Local\AOL
[2010.04.03 15:07:16 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\QuickStoresToolbar
[2010.04.03 15:07:09 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2010.04.03 11:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Application Data
[2010.04.03 11:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010.04.02 19:43:18 | 000,000,000 | ---D | C] -- C:\Users\nici8880\{45e5254f-ebdd-4557-a41d-303da2ba363a}
[2010.04.02 19:36:09 | 000,238,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2010.04.02 14:19:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CC-Bar
[2010.04.02 01:24:15 | 004,332,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVStWiz.exe
[2010.04.02 01:09:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010.04.02 01:08:38 | 000,612,384 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2010.04.02 00:49:59 | 000,239,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1910.dll
[2010.04.01 23:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.1
[2010.03.31 14:46:27 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010.03.31 14:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010.03.31 07:31:36 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010.03.31 07:31:36 | 001,147,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010.03.31 07:31:36 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010.03.31 07:31:36 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010.03.31 07:31:36 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010.03.31 07:31:36 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010.03.31 07:31:35 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010.03.31 07:31:35 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010.03.31 07:31:35 | 001,062,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010.03.31 07:31:35 | 000,700,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.03.31 07:31:35 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010.03.31 07:31:35 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.03.31 07:31:35 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010.03.31 07:31:35 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.03.31 07:31:35 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.03.31 07:31:35 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.03.31 07:31:35 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010.03.31 07:31:35 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.03.31 07:31:35 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010.03.31 07:31:35 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010.03.31 07:31:35 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010.03.31 07:31:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010.03.31 07:31:35 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010.03.31 07:31:35 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010.03.31 07:31:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010.03.31 07:31:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010.03.31 07:31:35 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010.03.31 07:31:35 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010.03.31 07:31:35 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010.03.31 07:31:35 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010.03.31 07:31:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010.03.31 07:31:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.03.31 07:31:35 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.03.29 00:26:02 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\BitDefender
[2010.03.29 00:21:11 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\BitDefender
[2010.03.29 00:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2010.03.29 00:21:10 | 000,000,000 | ---D | C] -- C:\Programme\BitDefender
[2010.03.29 00:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BitDefender
[2010.03.28 23:51:43 | 000,143,360 | ---- | C] (Info-ZIP) -- C:\Windows\SysWow64\vbuzip10.dll
[2010.03.28 23:51:42 | 000,147,456 | ---- | C] (Info-ZIP) -- C:\Windows\SysWow64\Vbzip11.dll
[2010.03.28 23:51:40 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\Windows\SysWow64\aamd532.dll
[2010.03.28 23:51:33 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbar332.dll
[2010.03.28 23:51:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Spyware Scanner
[2010.03.28 18:56:37 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Documents\FFOutput
[2010.03.28 18:27:17 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\PC Suite
[2010.03.28 13:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.03.28 12:06:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.03.28 12:00:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010.03.28 11:50:40 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Tracing
[2010.03.28 01:47:15 | 000,000,000 | ---D | C] -- C:\FBackup
[2010.03.28 01:47:03 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL
[2010.03.28 01:47:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe
[2010.03.28 01:47:03 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE
[2010.03.28 01:47:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\regsvr.exe
[2010.03.28 01:47:03 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe
[2010.03.28 00:35:11 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010.03.28 00:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2010.03.27 23:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld
[2010.03.27 23:54:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eScan
[2010.03.27 22:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010.03.27 22:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010.03.27 22:42:19 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\QuickScan
[2010.03.27 22:25:43 | 000,000,000 | ---D | C] -- C:\rsit
[2010.03.25 23:58:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2010.03.25 11:20:14 | 000,000,000 | ---D | C] -- C:\Programme\Alwil Software
[2010.03.25 11:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.03.24 19:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010.03.22 21:52:41 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\Download Manager
[2010.03.22 21:14:45 | 000,012,744 | R--- | C] (EnTech Taiwan) -- C:\Windows\SysNative\drivers\Entech64.sys
[2010.03.22 21:14:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Futuremark Shared
[2010.03.22 21:14:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Futuremark
[2010.03.22 19:35:36 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Documents\Eigene Google Gadgets
[2010.03.22 19:18:57 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\Gbridge
[2010.03.22 19:18:11 | 000,000,000 | ---D | C] -- C:\Users\nici8880\{218f454e-d30a-4f1b-afa5-d7798f2aafff}
[2010.03.22 19:17:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gbridge LLC
[2010.03.22 18:38:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Speedbit
[2010.03.21 17:43:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegCleaner
[2010.03.19 23:40:13 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\Move Networks
[2010.03.19 15:54:38 | 000,066,560 | ---- | C] (Nokia) -- C:\Windows\SysNative\nmwcdclsx64.dll
[2010.03.19 15:54:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia
[2010.03.19 15:54:16 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys
[2010.03.19 15:52:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2010.03.19 15:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2010.03.19 15:29:50 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010.03.18 10:10:55 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010.03.18 10:10:55 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010.03.18 09:51:01 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2010.03.18 09:51:01 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\corpol.dll
[2010.03.18 09:51:00 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2010.03.18 09:51:00 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advpack.dll
[2010.03.18 09:51:00 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2010.03.18 09:51:00 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\advpack.dll
[2010.03.18 09:51:00 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2010.03.18 09:51:00 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2010.03.18 09:51:00 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2010.03.18 09:51:00 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2010.03.18 09:51:00 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\corpol.dll
[2010.03.18 09:50:59 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2010.03.18 09:50:59 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2010.03.18 09:50:59 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2010.03.18 09:50:59 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2010.03.18 09:50:59 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2010.03.18 09:50:59 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2010.03.18 09:50:59 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2010.03.18 09:50:59 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010.03.18 09:50:59 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2010.03.18 09:50:58 | 000,508,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2010.03.18 09:50:58 | 000,481,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2010.03.18 09:50:58 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010.03.18 09:50:58 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2010.03.18 09:50:58 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2010.03.18 09:50:58 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2010.03.18 09:50:58 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2010.03.18 09:50:58 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2010.03.18 09:50:57 | 000,271,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2010.03.18 09:50:57 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2010.03.18 09:50:57 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2010.03.18 09:50:57 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2010.03.18 09:50:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2010.03.18 09:50:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.03.18 09:50:57 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2010.03.18 09:50:57 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.03.18 09:50:57 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010.03.18 09:50:56 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010.03.18 09:50:56 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010.03.18 09:50:56 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinFXDocObj.exe
[2010.03.18 09:50:56 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinFXDocObj.exe
[2010.03.18 09:50:56 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2010.03.18 09:50:56 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PDMSetup.exe
[2010.03.18 09:50:56 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2010.03.18 09:50:56 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2010.03.18 09:50:56 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetDepNx.exe
[2010.03.18 09:50:56 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2010.03.18 09:50:56 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2010.03.18 09:50:55 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2010.03.18 09:50:55 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2010.03.18 09:50:55 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2010.03.18 09:50:54 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2010.03.18 09:50:54 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2010.03.18 09:50:54 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010.03.18 09:50:54 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010.03.18 09:50:54 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2010.03.18 09:50:54 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2010.03.18 09:50:54 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PDMSetup.exe
[2010.03.18 09:50:54 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2010.03.18 09:50:54 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2010.03.18 09:50:54 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetDepNx.exe
[2010.03.17 01:06:42 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Documents\Xilisoft Corporation
[2010.03.17 01:06:40 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Application Data
[2010.03.17 01:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xilisoft
[2010.03.17 01:00:23 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Desktop\Avatar.German 2009.3D.Aufbruch.nach.Pandora.Line DubbedDVDSCREENER.XviD
[2010.03.16 12:28:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MozBackup
[2010.03.15 12:58:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Logishrd
[2010.03.15 01:25:48 | 000,000,000 | ---D | C] -- C:\Programme\Logitech
[2010.03.15 01:24:01 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\Logitech
[2010.03.15 01:24:01 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\Logishrd
[2010.03.11 12:16:30 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\Avant Profiles
[2010.03.11 00:14:12 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Documents\WebCam Media
[2010.03.11 00:14:07 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Documents\WebCam Albums
[2010.03.11 00:11:53 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Local\ArcSoft
[2010.03.11 00:11:51 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\ArcSoft
[2010.03.11 00:11:48 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2010.03.11 00:11:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2010.03.11 00:11:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
[2010.03.11 00:09:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Philips
[2010.03.11 00:08:16 | 000,000,000 | ---D | C] -- C:\Programme\DIFX
[2010.03.11 00:07:29 | 001,919,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wdfcoinstaller01005.dll
[2010.03.11 00:07:19 | 000,000,000 | ---D | C] -- C:\Programme\Philips
[2010.03.11 00:07:15 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Documents\My Philips SPC1030NC Webcam Pictures
[2010.03.11 00:06:35 | 000,319,488 | ---- | C] (Philips) -- C:\Windows\SysWow64\stvspc.ax
[2010.03.11 00:06:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SPC1030NC
[2010.03.11 00:06:23 | 000,000,000 | ---D | C] -- C:\Windows\Philips
[2010.03.11 00:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Philips
[2010.03.10 23:38:06 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010.03.10 23:38:06 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010.03.10 23:38:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010.03.10 23:38:05 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010.03.09 12:27:33 | 000,008,704 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\E_GCINST.DLL
[2010.03.09 12:27:31 | 000,081,408 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBCEE.DLL
[2010.03.06 01:18:25 | 005,521,408 | ---- | C] (Jeffrey Harris) -- C:\Users\nici8880\SharePod.exe
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.04.07 21:44:32 | 008,126,464 | ---- | M] () -- C:\Users\nici8880\ntuser.dat
[2010.04.07 21:36:17 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.07 21:36:16 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.04.07 21:36:16 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.04.07 21:36:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.07 13:41:22 | 058,637,906 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010.04.07 12:40:57 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.07 12:40:57 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.07 11:38:32 | 000,001,964 | ---- | M] () -- C:\Users\nici8880\Desktop\HiJackThis.lnk
[2010.04.07 11:34:28 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.07 11:23:48 | 000,001,434 | ---- | M] () -- C:\Windows\SysWow64\tmp.reg
[2010.04.07 10:48:32 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.04.07 10:48:32 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.04.07 10:48:32 | 000,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.04.07 10:48:32 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.04.07 10:48:31 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.04.07 10:41:10 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.07 10:40:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.07 10:29:00 | 000,012,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010.04.07 10:29:00 | 000,001,655 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010.04.07 10:28:58 | 000,316,936 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010.04.07 10:28:58 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2010.04.07 10:28:54 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010.04.07 10:28:53 | 000,035,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010.04.07 10:28:52 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010.04.07 02:07:30 | 000,524,288 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{e89cff25-3a91-11df-bf04-00248ca96ef0}.TMContainer00000000000000000001.regtrans-ms
[2010.04.07 02:07:30 | 000,065,536 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{e89cff25-3a91-11df-bf04-00248ca96ef0}.TM.blf
[2010.04.07 02:07:27 | 004,278,804 | -H-- | M] () -- C:\Users\nici8880\AppData\Local\IconCache.db
[2010.04.05 21:10:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.04.05 21:10:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.04.05 21:10:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.04.05 21:10:25 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2010.04.03 16:26:45 | 000,001,744 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.04.03 16:15:45 | 000,068,243 | ---- | M] () -- C:\Users\nici8880\bookmarks.html
[2010.04.03 16:07:19 | 009,182,984 | R--- | M] () -- C:\Users\nici8880\Documents\Firefox 3.6.3 (de) - 2010-04-03.pcv
[2010.04.03 16:07:19 | 009,182,984 | ---- | M] () -- C:\Users\nici8880\Firefox 3.6.3 (de) - 2010-04-03.pcv
[2010.04.03 15:07:18 | 000,000,191 | ---- | M] () -- C:\Users\nici8880\Desktop\QuickStores.url
[2010.04.03 15:02:44 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.04.03 15:02:44 | 000,001,873 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.04.03 12:00:22 | 000,000,036 | ---- | M] () -- C:\Users\nici8880\AppData\Local\housecall.guid.cache
[2010.04.02 20:34:19 | 000,000,680 | ---- | M] () -- C:\Users\nici8880\AppData\Local\d3d9caps.dat
[2010.04.02 01:08:47 | 000,525,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010.04.01 15:17:42 | 000,034,632 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2010.04.01 15:11:42 | 000,025,928 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2010.04.01 15:11:38 | 000,021,320 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2010.04.01 15:11:34 | 000,036,168 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2010.04.01 15:11:26 | 000,030,024 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2010.03.31 14:46:27 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010.03.31 14:41:44 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2010.03.31 09:23:05 | 000,038,804 | ---- | M] () -- C:\Users\nici8880\Desktop\a3ubiisb43i.jpg
[2010.03.31 09:21:26 | 000,053,549 | ---- | M] () -- C:\Users\nici8880\Desktop\9060t8qfv93.gif
[2010.03.31 09:15:43 | 000,062,111 | ---- | M] () -- C:\Users\nici8880\Desktop\ypml8i7ywd3.gif
[2010.03.31 09:14:40 | 000,018,282 | ---- | M] () -- C:\Users\nici8880\Desktop\v3ialvs4659.gif
[2010.03.31 09:10:36 | 000,057,498 | ---- | M] () -- C:\Users\nici8880\Desktop\yg6rebghqc4.gif
[2010.03.31 09:08:54 | 000,030,460 | ---- | M] () -- C:\Users\nici8880\Desktop\e7n70oh4rfn.gif
[2010.03.31 08:42:41 | 000,015,039 | ---- | M] () -- C:\Users\nici8880\Desktop\id07qo9bg8s.gif
[2010.03.31 08:42:01 | 000,026,312 | ---- | M] () -- C:\Users\nici8880\Desktop\m6w7t18c13r.jpg
[2010.03.31 08:37:54 | 000,012,317 | ---- | M] () -- C:\Users\nici8880\Desktop\9ucicxigug2.gif
[2010.03.31 08:32:26 | 000,150,568 | ---- | M] () -- C:\Users\nici8880\Desktop\5wjl3v8nk6j.gif
[2010.03.30 01:24:20 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.03.29 21:46:11 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv
[2010.03.29 21:19:34 | 000,381,182 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.03.29 17:59:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.03.29 13:34:39 | 000,008,704 | ---- | M] () -- C:\Users\nici8880\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.29 12:28:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\ab_bl.sig
[2010.03.29 10:40:04 | 000,000,016 | ---- | M] () -- C:\Windows\SysNative\asdict.dat
[2010.03.29 10:40:04 | 000,000,004 | ---- | M] () -- C:\Windows\SysNative\aspdict-en.dat
[2010.03.29 10:36:00 | 000,000,025 | ---- | M] () -- C:\Users\nici8880\AppData\Roaming\bdfvconp.ini
[2010.03.28 20:04:52 | 000,524,288 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{e89cff25-3a91-11df-bf04-00248ca96ef0}.TMContainer00000000000000000002.regtrans-ms
[2010.03.28 19:02:59 | 000,524,288 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{c1d7cc60-3a83-11df-843f-00248ca96ef0}.TMContainer00000000000000000002.regtrans-ms
[2010.03.28 19:02:59 | 000,524,288 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{c1d7cc60-3a83-11df-843f-00248ca96ef0}.TMContainer00000000000000000001.regtrans-ms
[2010.03.28 19:02:59 | 000,065,536 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{c1d7cc60-3a83-11df-843f-00248ca96ef0}.TM.blf
[2010.03.28 17:49:10 | 000,524,288 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{a5d2f094-3a77-11df-9e80-00248ca96ef0}.TMContainer00000000000000000002.regtrans-ms
[2010.03.28 17:49:10 | 000,524,288 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{a5d2f094-3a77-11df-9e80-00248ca96ef0}.TMContainer00000000000000000001.regtrans-ms
[2010.03.28 17:49:10 | 000,065,536 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{a5d2f094-3a77-11df-9e80-00248ca96ef0}.TM.blf
[2010.03.28 16:47:50 | 000,524,288 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{29874273-3a68-11df-8d4b-00248ca96ef0}.TMContainer00000000000000000001.regtrans-ms
[2010.03.28 16:47:50 | 000,065,536 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{29874273-3a68-11df-8d4b-00248ca96ef0}.TM.blf
[2010.03.28 16:11:15 | 000,524,288 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{29874273-3a68-11df-8d4b-00248ca96ef0}.TMContainer00000000000000000002.regtrans-ms
[2010.03.28 15:28:02 | 000,524,288 | -HS- | M] () -- C:\Users\nici8880\NTUSER.DAT{15820bbe-34c2-11df-b845-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010.03.28 15:28:02 | 000,065,536 | -HS- | M] () -- C:\Users\nici8880\NTUSER.DAT{15820bbe-34c2-11df-b845-806e6f6e6963}.TM.blf
[2010.03.28 11:33:03 | 000,000,732 | ---- | M] () -- C:\Users\nici8880\AppData\Local\d3d9caps64.dat
[2010.03.26 22:28:39 | 000,000,063 | ---- | M] () -- C:\Users\nici8880\Desktop\Heimatmelodie.pls
[2010.03.25 23:59:39 | 000,143,387 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2010.03.25 23:59:38 | 000,104,987 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2010.03.25 11:21:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010.03.24 21:27:32 | 000,000,032 | ---- | M] () -- C:\Windows\0
[2010.03.24 19:55:13 | 000,000,192 | ---- | M] () -- C:\Windows\win.ini
[2010.03.23 13:52:15 | 3067,838,464 | ---- | M] () -- C:\Users\nici8880\Documents\mydiscimage.iso
[2010.03.22 21:08:15 | 000,000,005 | ---- | M] () -- C:\Users\nici8880\AppData\Roaming\closedListSW.awt
[2010.03.22 02:26:39 | 000,524,288 | -HS- | M] () -- C:\Users\nici8880\NTUSER.DAT{15820bbe-34c2-11df-b845-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010.03.21 10:20:35 | 004,194,304 | ---- | M] () -- C:\Users\nici8880\NTUSER.DAT_tureg_old
[2010.03.21 10:20:34 | 000,524,288 | -HS- | M] () -- C:\Users\nici8880\NTUSER.DAT{0c0b15cb-0b6a-11df-ae73-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010.03.21 10:20:34 | 000,065,536 | -HS- | M] () -- C:\Users\nici8880\NTUSER.DAT{0c0b15cb-0b6a-11df-ae73-806e6f6e6963}.TM.blf
[2010.03.19 16:02:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\0
[2010.03.17 16:54:36 | 000,612,384 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2010.03.17 01:28:39 | 000,000,204 | ---- | M] () -- C:\Users\nici8880\Documents\Dokument.rtf
[2010.03.16 12:24:36 | 000,035,938 | ---- | M] () -- C:\Users\nici8880\bookmarks-2010-03-16.json
[2010.03.16 08:51:59 | 000,239,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1910.dll
[2010.03.16 08:51:59 | 000,009,832 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2010.03.16 02:09:00 | 004,332,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NVStWiz.exe
[2010.03.12 11:26:42 | 000,657,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvuninst.exe
[2010.03.11 00:18:22 | 000,087,936 | ---- | M] () -- C:\Users\nici8880\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.03.11 00:16:39 | 000,338,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.03.11 00:12:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_phaudlwr_01005.Wdf
[2010.03.11 00:10:10 | 000,000,207 | ---- | M] () -- C:\ProgramData\CamSuite.ini
[2010.03.11 00:03:37 | 000,614,424 | ---- | M] () -- C:\spc1030-001.raw
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

nici8880 · 07.04.2010, 21:12

========== Files Created - No Company Name ==========

[2010.04.07 11:38:32 | 000,001,964 | ---- | C] () -- C:\Users\nici8880\Desktop\HiJackThis.lnk
[2010.04.07 11:34:28 | 000,000,814 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.07 11:24:58 | 000,041,827 | ---- | C] () -- C:\Users\nici8880\Desktop\spyfalcon.reg
[2010.04.07 11:23:47 | 000,001,434 | ---- | C] () -- C:\Windows\SysWow64\tmp.reg
[2010.04.07 11:23:20 | 000,075,776 | ---- | C] () -- C:\Windows\SysWow64\WS2Fix.exe
[2010.04.07 11:23:19 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\dumphive.exe
[2010.04.07 11:23:18 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2010.04.07 10:29:00 | 000,001,655 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010.04.07 10:28:52 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010.04.07 10:28:51 | 058,637,906 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010.04.07 10:21:39 | 000,001,580 | ---- | C] () -- C:\Users\nici8880\Desktop\CHANGELOG
[2010.04.07 10:21:39 | 000,000,026 | ---- | C] () -- C:\Users\nici8880\Desktop\arl-version
[2010.04.03 16:26:45 | 000,001,744 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.04.03 16:15:44 | 000,068,243 | ---- | C] () -- C:\Users\nici8880\bookmarks.html
[2010.04.03 16:13:29 | 009,182,984 | R--- | C] () -- C:\Users\nici8880\Documents\Firefox 3.6.3 (de) - 2010-04-03.pcv
[2010.04.03 16:07:06 | 009,182,984 | ---- | C] () -- C:\Users\nici8880\Firefox 3.6.3 (de) - 2010-04-03.pcv
[2010.04.03 15:07:18 | 000,000,191 | ---- | C] () -- C:\Users\nici8880\Desktop\QuickStores.url
[2010.04.03 15:02:44 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.04.03 12:00:22 | 000,000,036 | ---- | C] () -- C:\Users\nici8880\AppData\Local\housecall.guid.cache
[2010.04.02 21:31:30 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.04.02 21:30:17 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.04.02 20:34:19 | 000,000,680 | ---- | C] () -- C:\Users\nici8880\AppData\Local\d3d9caps.dat
[2010.04.02 00:50:11 | 000,009,832 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010.03.31 09:23:03 | 000,038,804 | ---- | C] () -- C:\Users\nici8880\Desktop\a3ubiisb43i.jpg
[2010.03.31 09:21:24 | 000,053,549 | ---- | C] () -- C:\Users\nici8880\Desktop\9060t8qfv93.gif
[2010.03.31 09:15:40 | 000,062,111 | ---- | C] () -- C:\Users\nici8880\Desktop\ypml8i7ywd3.gif
[2010.03.31 09:14:35 | 000,018,282 | ---- | C] () -- C:\Users\nici8880\Desktop\v3ialvs4659.gif
[2010.03.31 09:10:35 | 000,057,498 | ---- | C] () -- C:\Users\nici8880\Desktop\yg6rebghqc4.gif
[2010.03.31 09:08:50 | 000,030,460 | ---- | C] () -- C:\Users\nici8880\Desktop\e7n70oh4rfn.gif
[2010.03.31 08:42:41 | 000,015,039 | ---- | C] () -- C:\Users\nici8880\Desktop\id07qo9bg8s.gif
[2010.03.31 08:42:01 | 000,026,312 | ---- | C] () -- C:\Users\nici8880\Desktop\m6w7t18c13r.jpg
[2010.03.31 08:37:54 | 000,012,317 | ---- | C] () -- C:\Users\nici8880\Desktop\9ucicxigug2.gif
[2010.03.31 08:32:24 | 000,150,568 | ---- | C] () -- C:\Users\nici8880\Desktop\5wjl3v8nk6j.gif
[2010.03.29 12:28:15 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\ab_bl.sig
[2010.03.29 12:07:08 | 000,008,704 | ---- | C] () -- C:\Users\nici8880\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.29 10:40:04 | 000,000,016 | ---- | C] () -- C:\Windows\SysNative\asdict.dat
[2010.03.29 10:40:04 | 000,000,004 | ---- | C] () -- C:\Windows\SysNative\aspdict-en.dat
[2010.03.29 10:36:00 | 000,000,025 | ---- | C] () -- C:\Users\nici8880\AppData\Roaming\bdfvconp.ini
[2010.03.29 10:35:47 | 000,000,052 | ---- | C] () -- C:\Windows\SysNative\ashttpstats.csv
[2010.03.28 23:51:43 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\actskn43.ocx
[2010.03.28 23:51:34 | 000,569,368 | ---- | C] () -- C:\Windows\SysWow64\olelib.tlb
[2010.03.28 19:47:33 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\ntuser.dat{e89cff25-3a91-11df-bf04-00248ca96ef0}.TMContainer00000000000000000002.regtrans-ms
[2010.03.28 19:47:33 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\ntuser.dat{e89cff25-3a91-11df-bf04-00248ca96ef0}.TMContainer00000000000000000001.regtrans-ms
[2010.03.28 19:47:33 | 000,065,536 | -HS- | C] () -- C:\Users\nici8880\ntuser.dat{e89cff25-3a91-11df-bf04-00248ca96ef0}.TM.blf
[2010.03.28 18:06:56 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\ntuser.dat{a5d2f094-3a77-11df-9e80-00248ca96ef0}.TMContainer00000000000000000002.regtrans-ms
[2010.03.28 18:06:56 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\ntuser.dat{a5d2f094-3a77-11df-9e80-00248ca96ef0}.TMContainer00000000000000000001.regtrans-ms
[2010.03.28 18:06:56 | 000,065,536 | -HS- | C] () -- C:\Users\nici8880\ntuser.dat{a5d2f094-3a77-11df-9e80-00248ca96ef0}.TM.blf
[2010.03.28 18:03:40 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\ntuser.dat{c1d7cc60-3a83-11df-843f-00248ca96ef0}.TMContainer00000000000000000002.regtrans-ms
[2010.03.28 18:03:40 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\ntuser.dat{c1d7cc60-3a83-11df-843f-00248ca96ef0}.TMContainer00000000000000000001.regtrans-ms
[2010.03.28 18:03:40 | 000,065,536 | -HS- | C] () -- C:\Users\nici8880\ntuser.dat{c1d7cc60-3a83-11df-843f-00248ca96ef0}.TM.blf
[2010.03.28 15:30:35 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\ntuser.dat{29874273-3a68-11df-8d4b-00248ca96ef0}.TMContainer00000000000000000002.regtrans-ms
[2010.03.28 15:30:35 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\ntuser.dat{29874273-3a68-11df-8d4b-00248ca96ef0}.TMContainer00000000000000000001.regtrans-ms
[2010.03.28 15:30:35 | 000,065,536 | -HS- | C] () -- C:\Users\nici8880\ntuser.dat{29874273-3a68-11df-8d4b-00248ca96ef0}.TM.blf
[2010.03.28 12:00:55 | 000,004,182 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistMSI1E66.txt
[2010.03.28 12:00:51 | 000,010,662 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistUI1E6A.txt
[2010.03.28 12:00:50 | 000,011,208 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistUI1E66.txt
[2010.03.28 00:23:38 | 000,000,732 | ---- | C] () -- C:\Users\nici8880\AppData\Local\d3d9caps64.dat
[2010.03.26 22:28:24 | 000,000,063 | ---- | C] () -- C:\Users\nici8880\Desktop\Heimatmelodie.pls
[2010.03.25 23:59:39 | 000,143,387 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2010.03.25 23:59:38 | 000,104,987 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2010.03.25 23:40:12 | 000,004,985 | ---- | C] () -- C:\Users\nici8880\Desktop\deutsch.lng
[2010.03.25 11:21:26 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010.03.25 11:20:49 | 000,369,206 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistMSI1553.txt
[2010.03.25 11:20:45 | 000,011,402 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistUI1553.txt
[2010.03.25 10:49:00 | 000,441,672 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistMSI7D02.txt
[2010.03.25 10:48:59 | 000,011,706 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistUI7D02.txt
[2010.03.23 13:49:33 | 3067,838,464 | ---- | C] () -- C:\Users\nici8880\Documents\mydiscimage.iso
[2010.03.22 21:08:15 | 000,000,005 | ---- | C] () -- C:\Users\nici8880\AppData\Roaming\closedListSW.awt
[2010.03.21 19:35:29 | 000,367,220 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistMSI576F.txt
[2010.03.21 19:35:28 | 000,013,994 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistUI576F.txt
[2010.03.21 10:21:40 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\NTUSER.DAT{15820bbe-34c2-11df-b845-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010.03.21 10:21:40 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\NTUSER.DAT{15820bbe-34c2-11df-b845-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010.03.21 10:21:40 | 000,065,536 | -HS- | C] () -- C:\Users\nici8880\NTUSER.DAT{15820bbe-34c2-11df-b845-806e6f6e6963}.TM.blf
[2010.03.21 00:05:48 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.21 00:05:47 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.19 16:02:19 | 000,000,032 | ---- | C] () -- C:\Windows\0
[2010.03.19 16:02:19 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\0
[2010.03.18 09:56:15 | 000,057,667 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2010.03.18 09:56:15 | 000,057,667 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2010.03.17 01:28:39 | 000,000,204 | ---- | C] () -- C:\Users\nici8880\Documents\Dokument.rtf
[2010.03.16 12:24:36 | 000,035,938 | ---- | C] () -- C:\Users\nici8880\bookmarks-2010-03-16.json
[2010.03.15 01:25:20 | 000,434,236 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistMSI4044.txt
[2010.03.15 01:25:19 | 000,015,526 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistUI4044.txt
[2010.03.11 00:12:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_phaudlwr_01005.Wdf
[2010.03.11 00:09:50 | 000,000,207 | ---- | C] () -- C:\ProgramData\CamSuite.ini
[2010.03.11 00:03:37 | 000,614,424 | ---- | C] () -- C:\spc1030-001.raw
[2010.03.08 03:30:09 | 000,001,936 | ---- | C] () -- C:\Users\nici8880\Für einen guten Freund ein Gedicht.rtf
[2010.03.06 13:54:54 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.03.03 17:44:18 | 000,001,370 | ---- | C] () -- C:\Users\nici8880\IncrediMail Exported Contacts (csv format).csv
[2010.02.26 23:20:58 | 000,000,017 | ---- | C] () -- C:\Windows\gd.ini
[2010.02.21 23:45:19 | 000,000,554 | ---- | C] () -- C:\Users\nici8880\Reftausch Text.txt
[2010.02.15 23:16:23 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010.02.15 23:00:56 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX8400DEFGIPS.ini
[2010.02.12 12:58:45 | 000,329,101 | ---- | C] () -- C:\Users\nici8880\img009.jpg
[2010.02.05 15:01:21 | 000,001,197 | ---- | C] () -- C:\Users\nici8880\Brief an Angelique.rtf
[2010.01.28 14:12:14 | 000,000,027 | ---- | C] () -- C:\Users\nici8880\.gtkrc-2.0
[2010.01.28 14:11:31 | 000,000,218 | ---- | C] () -- C:\Users\nici8880\.recently-used.xbel
[2010.01.27 21:55:27 | 000,000,054 | ---- | C] () -- C:\Windows\Player.INI
[2010.01.27 19:38:15 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\NTUSER.DAT{0c0b15cb-0b6a-11df-ae73-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
[2010.01.27 19:38:14 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\NTUSER.DAT{0c0b15cb-0b6a-11df-ae73-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
[2010.01.27 19:38:14 | 000,065,536 | -HS- | C] () -- C:\Users\nici8880\NTUSER.DAT{0c0b15cb-0b6a-11df-ae73-806e6f6e6963}.TM.blf
[2010.01.27 19:37:06 | 000,000,000 | -H-- | C] () -- C:\Users\nici8880\NTUSER.DAT_tureg_new.LOG2
[2010.01.27 19:37:06 | 000,000,000 | -H-- | C] () -- C:\Users\nici8880\NTUSER.DAT_tureg_new.LOG1
[2010.01.19 01:44:43 | 000,000,077 | ---- | C] () -- C:\Windows\nwplayer.ini
[2010.01.07 01:46:14 | 000,000,622 | ---- | C] () -- C:\Windows\DMN.INI
[2009.12.11 02:21:00 | 000,000,106 | ---- | C] () -- C:\Windows\Podcasts.INI
[2009.12.05 19:52:10 | 000,000,760 | ---- | C] () -- C:\Users\nici8880\AppData\Roaming\setup_ldm.iss
[2009.12.03 13:25:02 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.12.03 13:23:26 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.12.02 01:47:02 | 000,000,111 | ---- | C] () -- C:\Windows\wininit.ini
[2009.11.26 23:42:17 | 000,000,704 | ---- | C] () -- C:\ProgramData\Installer.log
[2009.11.26 23:31:41 | 000,001,120 | ---- | C] () -- C:\Windows\_delis32.ini
[2009.11.22 14:21:32 | 000,423,490 | ---- | C] () -- C:\Users\nici8880\Danksagung von Onkel Manfred.jpg
[2009.11.07 10:54:01 | 000,000,870 | ---- | C] () -- C:\Windows\disney.ini
[2009.11.07 10:52:58 | 000,000,025 | ---- | C] () -- C:\Windows\Dgs_32.dll
[2009.11.02 12:51:09 | 001,002,132 | ---- | C] () -- C:\Users\nici8880\Totesanzeige Onkel Manfred.jpg
[2009.11.02 12:50:39 | 000,000,000 | ---- | C] () -- C:\Users\nici8880\Sti_Trace.log
[2009.10.25 10:24:40 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.10.23 15:27:45 | 000,001,556 | ---- | C] () -- C:\Users\nici8880\AppData\Roaming\wklnhst.dat
[2009.10.23 15:21:35 | 000,033,280 | ---- | C] () -- C:\Users\nici8880\Anleitung.doc
[2009.10.23 15:18:23 | 000,196,096 | ---- | C] () -- C:\Program Files (x86)\b1guninst100.exe
[2009.10.23 15:17:25 | 000,000,167 | ---- | C] () -- C:\Users\nici8880\udownload.dat
[2009.10.21 18:45:40 | 000,417,828 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistMSI1B3C.txt
[2009.10.21 18:45:40 | 000,011,426 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistUI1B3C.txt
[2009.10.21 16:51:32 | 000,000,020 | -HS- | C] () -- C:\Users\nici8880\ntuser.ini
[2009.10.21 16:51:31 | 008,126,464 | ---- | C] () -- C:\Users\nici8880\ntuser.dat
[2009.10.21 16:51:31 | 004,194,304 | ---- | C] () -- C:\Users\nici8880\NTUSER.DAT_tureg_old
[2009.10.21 16:51:31 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2009.10.21 16:51:31 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2009.10.21 16:51:31 | 000,262,144 | -H-- | C] () -- C:\Users\nici8880\ntuser.dat.LOG1
[2009.10.21 16:51:31 | 000,065,536 | -HS- | C] () -- C:\Users\nici8880\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2009.10.21 16:51:31 | 000,000,000 | -H-- | C] () -- C:\Users\nici8880\ntuser.dat.LOG2
[2009.05.19 06:10:11 | 000,354,816 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll
[2009.05.19 06:10:11 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll
[2009.03.02 12:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.03.02 12:33:32 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.10.08 17:46:14 | 000,851,968 | ---- | C] () -- C:\Windows\SysWow64\Dll_Volume_Ctrl.dll
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2006.05.19 10:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\spc1030.ini
[2005.08.18 15:23:22 | 000,293,376 | RHS- | C] () -- C:\Users\nici8880\AppData\Roaming\plugin.dat
[1999.11.11 03:39:00 | 000,481,792 | ---- | C] () -- C:\Windows\SysWow64\RFFTW2dll.dll
[1999.01.27 14:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\SysWow64\indounin.dll
[1997.06.13 08:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:513A4CFC
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp

FC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
< End of report >

Chris4You · 08.04.2010, 06:55

Hi,

du hast bereits CF laufen lassen (hat der was gefunden, dann Log posten), weiterhin Kaspersky und AVG am Laufen. Einen davon solltest Du deinstallieren.

Weiterhin ist "NoLowDiskSpaceChecks = 1" ausgeschaltet (d.h. Windows warnt nicht, wenn der Speicher auf Platte ausgeht).

Sonst sieht das Log sauber aus. Beide Scanner kontrollieren allerdings je nach Einstellung auch den Internetverkehr, daher für einen entscheiden und den anderen deinstallieren.

Wegen Rootkit probieren wir noch Dr. Web (Gmer ist sauber):
http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

chris

nici8880 · 09.04.2010, 17:24

Code:

ATTFilter

Scanstatistiken
-----------------------------------------------------------------------------
Gescannt: 39775
Infiziert: 0
Modifikationen: 0
Verdächtig: 0
Adware: 0
Dialer: 0
Scherzprogramme: 0
Riskware: 0
Hacktools: 1
Desinfiziert: 0
Gelöscht: 0
Umbenannt: 0
Verschoben: 0
Ignoriert: 0
Geschwindigkeit:: 1498 Kb/s
Dauer:: 00:21:21
-----------------------------------------------------------------------------

C:\Windows\system32\drivers\etc\hosts - Verschieben nicht möglich
C:\Windows\SysWOW64\Process.exe - nicht desinfizierbar - gelöscht

Chris4You · 10.04.2010, 17:31

Hi,

Lade das Host-file (C:\WINDOWS\system32\drivers\etc\hosts) in einen Texteditor (im Explorer drauf klicken, rechte Maus, senden an -> editor).
Kopiere den Inhalt und poste ihn hier...

chris

nici8880 · 10.04.2010, 19:35

Lieber Chris

Ich habe zwar die Datei gefunden in meinem System aber die geht nicht zum einfügen hier da es zu lang ist was soll ich nun tun ????

Gruß nici8880

Chris4You · 10.04.2010, 20:42

Hi,

Fileuplod:
http://www.file-upload.net/, File hochladen und den Link (mit Löschlink) als "PrivateMail" an mich...

Hast Du eine "Immunisierung" mal durchgeführt?
Was macht der Rechner?

chris

Chris4You · 11.04.2010, 08:00

Hi,

es wurde eine Immunisierung von Spybot durchgeführt, das ist Ok.
Was macht der Rechnerß

chris

nici8880 · 11.04.2010, 11:09

Der macht immer noch so komische zicken ka warum hmmm weiss nicht mehr weiter der bleibt immer wieder alle 2-5 sek stehen aber nur ab und zu und dann geht es normal weiter wie bisher ist schon komisch obwohl der Rechner neu ist habe ihn letztes Jahr im Oktober gekauft beim Mediamarkt um 499 €

Gruß nici8880

Mein Pc wird immer langsamer und hat Internet Probleme

Log-Analyse und Auswertung: Mein Pc wird immer langsamer und hat Internet Probleme