Diverse Trojaner vom Typ Trojan.Rodecap, Trojan.Dropper und Trojan.Agent! Brauche dringend Hilfe!

tantow · 01.08.2010, 07:35

Hallo zusammen!

Auf meinem Rechner scheinen sich mehrere Trojaner zu befinden.
Sowohl AVIR, Malwarebytes, Ad-Aware als auch AVG Anti Spyware zeigen diverse Trojaner an. Habe ise versucht mehrmals mit allen Programmen zu löschen, sind aber nach kurzer Zeit wieder da.

Hier der HJthis log:

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:26:31, on 01.08.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Sky\Desktop\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F3 - REG:win.ini: load=C:\Windows\logman.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [extensions.exe] C:\extensions.exe\extensions.exe
O4 - HKLM\..\Policies\Explorer\Run: [rsvp] C:\Windows\System32\drivers\rsvp.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\Users\Sky\AppData\Roaming\MICROS~1\esentutl.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [DllHst] C:\Windows\System\dllhst3g.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Esent Utl] C:\Windows\esentutl.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [rsvp] C:\Users\Sky\AppData\Roaming\rsvp.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Esent Utl] C:\Users\Sky\AppData\Local\Temp\esentutl.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Esent Utl] C:\Users\Sky\AppData\Local\Temp\esentutl.exe /waitservice (User 'Default user')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~3\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~3\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~3\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~3\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7620 bytes

--- --- ---

Hier noch den letzten Bericht von Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4370

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

01.08.2010 08:27:28
mbam-log-2010-08-01 (08-27-28).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 134955
Laufzeit: 6 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Rodecap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\esent utl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rsvp (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\esent utl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rsvp (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\...\AppData\Local\Temp\0.5556939488093923.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\...\AppData\Local\Temp\0.9015852088655786.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

ComboFix läuft bei mir leider wegen meines 64-Bit Systems nicht.

Ich danke allen schon einmal im Voraus für ihre Hilfe!

lg

Larusso · 01.08.2010, 10:42

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Bitte poste in Deiner nächsten Antwort
OTL.txt
Extras.txt

tantow · 01.08.2010, 11:54

Danke für die Antwort!

Hier die beiden Log-Dateien.

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 01.08.2010 12:44:28 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Sky\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 74,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 18,30 Gb Free Space | 37,47% Space Free | Partition Type: NTFS
Drive D: | 139,41 Gb Total Space | 89,32 Gb Free Space | 64,07% Space Free | Partition Type: NTFS
Drive E: | 98,57 Gb Total Space | 61,24 Gb Free Space | 62,13% Space Free | Partition Type: NTFS
Drive F: | 318,36 Gb Total Space | 159,46 Gb Free Space | 50,09% Space Free | Partition Type: NTFS
Drive G: | 46,90 Gb Total Space | 36,68 Gb Free Space | 78,21% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SKY-PC
Current User Name: Sky
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.01 12:41:03 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Sky\Desktop\OTL.exe
PRC - [2010.07.12 10:55:38 | 000,755,096 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWWSC.exe
PRC - [2010.04.23 00:59:41 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.04.15 10:16:48 | 000,288,064 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009.09.28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2007.05.30 14:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.01 12:41:03 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Sky\Desktop\OTL.exe
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009.07.14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010.07.12 10:55:38 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.04.23 00:59:41 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.09.28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007.08.24 07:59:20 | 000,068,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007.05.30 14:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) [Auto | Running] -- C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010.07.28 14:51:27 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.03.05 13:20:14 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.03.05 13:20:13 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.02.16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009.07.14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009.07.14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009.07.14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009.07.14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 01:58:24 | 000,507,392 | ---- | M] (ITETech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AF15BDA.sys -- (AF15BDA)
DRV:64bit: - [2007.05.30 14:10:42 | 000,014,072 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AvgAsC64.sys -- (AvgAsC64)
DRV - [2010.08.01 10:44:24 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\xvnvoem.sys -- (jdvkcqx)
DRV - [2007.05.30 14:10:42 | 000,012,024 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard64.sys -- (AVG Anti-Spyware Driver)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 6A 37 9E 1F AC CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.07.08 00:04:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.07.08 00:04:25 | 000,000,000 | ---D | M]
 
[2010.02.14 17:42:28 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\mozilla\Extensions
[2010.03.01 14:11:35 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\mozilla\Firefox\Profiles\gfo7ooo2.default\extensions
[2010.02.17 11:38:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPPDLicenseHelper.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.21 18:43:13 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKCU..\Run: [extensions.exe] C:\extensions.exe\extensions.exe (SOFTWIN S.R.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: DllHst = C:\Windows\System\dllhst3g.exe /waitservice File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.02.12 07:16:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: ciphdVol - (C:\Windows\system32\mmcated.dll) - C:\Windows\SysWow64\mmcated.dll File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.08.01 12:41:02 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Sky\Desktop\OTL.exe
[2010.08.01 11:37:48 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Sky\Desktop\TFC.exe
[2010.08.01 08:22:11 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Sky\Desktop\HiJackThis204.exe
[2010.07.31 15:01:45 | 000,000,000 | ---D | C] -- C:\Users\Sky\AppData\Roaming\Grisoft
[2010.07.31 15:01:39 | 000,014,072 | ---- | C] (GRISOFT, s.r.o.) -- C:\Windows\SysNative\drivers\AvgAsC64.sys
[2010.07.31 15:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Grisoft
[2010.07.31 15:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grisoft
[2010.07.30 21:08:12 | 000,000,000 | ---D | C] -- C:\Users\Sky\AppData\Local\Sunbelt Software
[2010.07.30 19:03:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010.07.30 19:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.07.30 19:02:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010.07.30 18:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.07.30 18:26:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.07.30 16:21:55 | 000,000,000 | ---D | C] -- C:\Users\Sky\AppData\Roaming\Malwarebytes
[2010.07.30 16:21:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.07.30 16:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.30 16:21:40 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.07.30 16:21:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.07.28 16:49:44 | 000,000,000 | ---D | C] -- C:\Users\Sky\Documents\StarCraft II
[2010.07.28 16:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010.07.28 16:49:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010.07.28 14:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2010.07.28 14:50:40 | 000,000,000 | ---D | C] -- C:\Users\Sky\AppData\Roaming\DAEMON Tools Pro
[2010.07.28 14:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2010.07.18 17:29:18 | 000,000,000 | ---D | C] -- C:\Users\Sky\Desktop\daria
[2010.07.11 09:01:22 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.06.23 01:12:55 | 000,000,000 | -H-D | C] -- C:\extensions.exe
[2010.06.10 16:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\BioWare
[2010.06.07 16:42:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2010.06.07 16:23:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2010.05.30 12:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SEGA Corporation
[2010.05.30 12:52:39 | 000,000,000 | ---D | C] -- C:\Users\Sky\Documents\Alpha Protocol
[2010.05.30 12:17:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010.05.18 09:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2010.05.17 23:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.05.17 21:07:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.05.10 17:21:27 | 000,000,000 | ---D | C] -- C:\Users\Sky\Documents\Sparbuch
[2010.05.10 16:46:22 | 000,000,000 | ---D | C] -- C:\Users\Sky\AppData\Local\Buhl
[2010.05.10 16:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH
[2010.05.10 16:13:14 | 000,000,000 | ---D | C] -- C:\Users\Sky\AppData\Local\Buhl Data Service
 
========== Files - Modified Within 90 Days ==========
 
[2010.08.01 12:45:12 | 002,097,152 | -HS- | M] () -- C:\Users\Sky\NTUSER.DAT
[2010.08.01 12:41:03 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Sky\Desktop\OTL.exe
[2010.08.01 12:22:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.01 11:46:34 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.08.01 11:46:34 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.08.01 11:46:34 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.08.01 11:46:34 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.08.01 11:46:34 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.08.01 11:44:59 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.01 11:44:59 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.01 11:39:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.01 11:39:19 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.01 11:38:33 | 002,651,204 | -H-- | M] () -- C:\Users\Sky\AppData\Local\IconCache.db
[2010.08.01 11:37:48 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Sky\Desktop\TFC.exe
[2010.08.01 10:44:24 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\xvnvoem.sys
[2010.08.01 10:41:14 | 000,731,136 | ---- | M] () -- C:\Users\Sky\Desktop\avenger.exe
[2010.08.01 08:46:11 | 000,001,541 | ---- | M] () -- C:\Users\Sky\Desktop\avgas - Verknüpfung.lnk
[2010.08.01 08:22:11 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Sky\Desktop\HiJackThis204.exe
[2010.07.30 19:03:15 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.07.30 18:26:35 | 000,001,228 | ---- | M] () -- C:\Users\Sky\Desktop\Spybot - Search & Destroy.lnk
[2010.07.30 16:21:46 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.28 19:28:04 | 000,000,791 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010.07.28 14:51:27 | 000,828,912 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010.07.12 10:55:38 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2010.06.28 17:16:02 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Sniper Ghost Warrior.lnk
[2010.06.11 14:53:32 | 000,409,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.05.31 08:59:02 | 000,000,000 | ---- | M] () -- C:\Windows\wiso.ini
[2010.05.23 02:37:29 | 000,008,704 | ---- | M] () -- C:\Users\Sky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.21 18:43:13 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
 
========== Files Created - No Company Name ==========
 
[2010.08.01 10:44:24 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\xvnvoem.sys
[2010.08.01 10:41:14 | 000,731,136 | ---- | C] () -- C:\Users\Sky\Desktop\avenger.exe
[2010.08.01 08:46:11 | 000,001,541 | ---- | C] () -- C:\Users\Sky\Desktop\avgas - Verknüpfung.lnk
[2010.07.31 12:28:36 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2010.07.30 19:03:15 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.07.30 18:26:35 | 000,001,228 | ---- | C] () -- C:\Users\Sky\Desktop\Spybot - Search & Destroy.lnk
[2010.07.30 16:21:46 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.28 19:12:44 | 000,000,791 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010.07.18 19:01:59 | 000,000,000 | ---- | C] () -- C:\Users\Sky\Sti_Trace.log
[2010.06.28 17:16:02 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Sniper Ghost Warrior.lnk
[2010.05.31 08:59:02 | 000,000,000 | ---- | C] () -- C:\Windows\wiso.ini
[2010.03.27 21:04:50 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010.03.27 21:04:50 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010.03.27 21:04:50 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010.02.22 21:13:52 | 000,127,085 | ---- | C] () -- C:\Windows\SysWow64\RTKFMSOURCE.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
========== LOP Check ==========
 
[2010.02.13 16:39:38 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\Awem
[2010.07.18 19:16:09 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\Canon
[2010.02.28 14:30:10 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\DAEMON Tools Lite
[2010.07.28 15:00:44 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\DAEMON Tools Pro
[2010.03.01 14:11:34 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\Free Download Manager
[2010.07.31 15:01:45 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\Grisoft
[2010.06.27 12:35:00 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\ICQ
[2010.04.06 15:41:25 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\My Games
[2010.03.22 21:00:19 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\Opera
[2010.03.09 20:17:07 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\ProtectDisc
[2010.05.02 13:26:49 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\Ubisoft
[2010.04.14 16:13:40 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\XRay Engine
[2010.07.07 13:19:10 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2010.08.01 11:39:19 | 000,001,884 | ---- | M] () -- C:\aaw7boot.log
[2009.02.12 07:16:40 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009.06.17 12:01:46 | 000,000,211 | -H-- | M] () -- C:\Boot.BAK
[2010.02.12 21:46:49 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved
[2001.03.28 11:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2009.07.14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010.02.12 21:46:51 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009.02.12 07:16:40 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010.08.01 11:39:19 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2009.02.12 07:16:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009.02.12 07:16:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008.12.01 14:35:52 | 000,086,016 | ---- | M] (Infotriever) -- C:\NPInforbit32.dll
[2008.12.01 14:35:44 | 000,000,165 | ---- | M] () -- C:\NPInforbit32.xpt
[2001.03.28 11:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009.02.12 07:34:34 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2010.08.01 11:39:19 | 4294,172,672 | -HS- | M] () -- C:\pagefile.sys
[2009.03.11 22:20:13 | 000,000,569 | ---- | M] () -- C:\RHDSetup.log
[2010.02.12 22:08:19 | 000,171,136 | RHS- | M] () -- C:\w7ldr
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2009.07.14 07:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 07:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 07:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 07:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009.06.10 22:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009.07.14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\user32.dll /md5 >
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2009.07.14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 01.08.2010 12:44:28 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Sky\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 74,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 18,30 Gb Free Space | 37,47% Space Free | Partition Type: NTFS
Drive D: | 139,41 Gb Total Space | 89,32 Gb Free Space | 64,07% Space Free | Partition Type: NTFS
Drive E: | 98,57 Gb Total Space | 61,24 Gb Free Space | 62,13% Space Free | Partition Type: NTFS
Drive F: | 318,36 Gb Total Space | 159,46 Gb Free Space | 50,09% Space Free | Partition Type: NTFS
Drive G: | 46,90 Gb Total Space | 36,68 Gb Free Space | 78,21% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SKY-PC
Current User Name: Sky
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.js[@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.js [@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~3\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~3\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460" = Canon MP460
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}" = Alpha Protocol
"{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"IrfanView" = IrfanView (remove only)
"Jack Keane" = Jack Keane
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"netloader" = netloader
"Overclocked" = Overclocked
"Sniper Ghost Warrior_is1" = Sniper Ghost Warrior
"StarCraft II" = StarCraft II
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.06.2010 14:01:11 | Computer Name = Sky-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 10.53.3374.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ae8    Startzeit: 
01cb0af97dacd7c8    Endzeit: 18    Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe

Berichts-ID:
 a0cbbed1-7715-11df-aafb-665544336040  
 
Error - 22.06.2010 19:22:42 | Computer Name = Sky-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 10.53.3374.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: a3c    Startzeit: 
01cb125fe26edae0    Endzeit: 10    Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe

Berichts-ID:
 0c218319-7e55-11df-8f07-665544336040  
 
Error - 23.06.2010 07:32:23 | Computer Name = Sky-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: daorigins.exe, Version: 1.3.11253.0,
 Zeitstempel: 0x4b70580a  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x3bc  Startzeit der fehlerhaften Anwendung: 0x01cb12c1053ec920  Pfad der
 fehlerhaften Anwendung: D:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: fd216fc0-7eba-11df-abde-665544336040
 
Error - 25.06.2010 11:06:10 | Computer Name = Sky-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: opera.exe, Version: 10.54.3423.0,
 Zeitstempel: 0x4c189f8f  Name des fehlerhaften Moduls: Opera.dll, Version: 10.54.3423.0,
 Zeitstempel: 0x4c189fcd  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00222660  ID des fehlerhaften
 Prozesses: 0x1398  Startzeit der fehlerhaften Anwendung: 0x01cb146c24d8824c  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Opera\opera.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Opera\Opera.dll  Berichtskennung: 2faf0144-806b-11df-a6df-665544336040
 
Error - 26.06.2010 17:53:46 | Computer Name = Sky-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: daorigins.exe, Version: 1.3.11253.0,
 Zeitstempel: 0x4b70580a  Name des fehlerhaften Moduls: daorigins.exe, Version: 1.3.11253.0,
 Zeitstempel: 0x4b70580a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0041bc64  ID des fehlerhaften
 Prozesses: 0x80c  Startzeit der fehlerhaften Anwendung: 0x01cb1578debb1320  Pfad der
 fehlerhaften Anwendung: D:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe
Pfad
 des fehlerhaften Moduls: D:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe
Berichtskennung:
 4b00e360-816d-11df-a658-665544336040
 
Error - 27.06.2010 13:37:38 | Computer Name = Sky-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: daorigins.exe, Version: 1.3.11253.0,
 Zeitstempel: 0x4b70580a  Name des fehlerhaften Moduls: daorigins.exe, Version: 1.3.11253.0,
 Zeitstempel: 0x4b70580a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00004480  ID des fehlerhaften
 Prozesses: 0xb2c  Startzeit der fehlerhaften Anwendung: 0x01cb161a4a02c780  Pfad der
 fehlerhaften Anwendung: D:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe
Pfad
 des fehlerhaften Moduls: D:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe
Berichtskennung:
 ad9510f0-8212-11df-b9b8-665544336040
 
Error - 10.07.2010 11:47:24 | Computer Name = Sky-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 0.09132484642455219.exe, Version:
 123.21.15.83, Zeitstempel: 0x491f4a61  Name des fehlerhaften Moduls: 0.09132484642455219.exe,
 Version: 123.21.15.83, Zeitstempel: 0x491f4a61  Ausnahmecode: 0xc0000096  Fehleroffset:
 0x000020fb  ID des fehlerhaften Prozesses: 0x894  Startzeit der fehlerhaften Anwendung:
 0x01cb20472f9129b4  Pfad der fehlerhaften Anwendung: C:\Users\Sky\AppData\Local\Temp\0.09132484642455219.exe
Pfad
 des fehlerhaften Moduls: C:\Users\Sky\AppData\Local\Temp\0.09132484642455219.exe
Berichtskennung:
 6e64565c-8c3a-11df-ba5c-665544336040
 
Error - 10.07.2010 11:47:24 | Computer Name = Sky-PC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
 werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
 gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern, oder
 der Datenträger fehlt.  Das Programm 0.09132484642455219.exe wurde wegen dieses Fehlers
 geschlossen.    Programm: 0.09132484642455219.exe  Datei:     Der Fehlerwert ist im Abschnitt
 "Zusätzliche Dateien" aufgelistet.  Benutzeraktion  1. Öffnen Sie die Datei erneut.
Diese
 Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird,
 wenn das Programm erneut ausgeführt wird.  2.  Wenn Sie weiterhin nicht auf die Datei
 zugreifen können und   - diese sich im Netzwerk befindet,   dann sollte der Netzwerkadministrator
 überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem 
Server hergestellt werden kann.   - diese sich auf einem Wechseldatenträger, wie z.
 B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig
 in den Computer eingelegt ist.  3. Überprüfen und reparieren Sie das Dateisystem,
 indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben
 Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK
 /F ein, und drücken Sie die EINGABETASTE.  4. Stellen Sie die Datei von einer Sicherungskopie
 wieder her, wenn das Problem weiterhin besteht.  5. Überprüfen Sie, ob andere Dateien
 auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist,
 ist der Datenträger eventuell beschädigt.   Wenden Sie sich an den Administrator 
oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, 
wenn es sich um eine Festplatte handelt.    Zusätzliche Daten  Fehlerwert: 00000000  Datenträgertyp:
 0
 
Error - 20.07.2010 09:25:55 | Computer Name = Sky-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: service.exe, Version: 8.2.0.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: service.exe, Version: 8.2.0.0, Zeitstempel:
 0x2a425e19  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00008000  ID des fehlerhaften Prozesses:
 0x904  Startzeit der fehlerhaften Anwendung: 0x01cb280f13a50750  Pfad der fehlerhaften
 Anwendung: C:\Users\Sky\AppData\Local\Temp\service.exe  Pfad des fehlerhaften Moduls:
 C:\Users\Sky\AppData\Local\Temp\service.exe  Berichtskennung: 530cbf50-9402-11df-b207-665544336040
 
Error - 22.07.2010 16:35:26 | Computer Name = Sky-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: service.exe, Version: 5.5.0.31, Zeitstempel:
 0x42bab159  Name des fehlerhaften Moduls: service.exe, Version: 5.5.0.31, Zeitstempel:
 0x42bab159  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000012c1  ID des fehlerhaften Prozesses:
 0x558  Startzeit der fehlerhaften Anwendung: 0x01cb29dd68f86894  Pfad der fehlerhaften
 Anwendung: C:\Users\Sky\AppData\Local\Temp\service.exe  Pfad des fehlerhaften Moduls:
 C:\Users\Sky\AppData\Local\Temp\service.exe  Berichtskennung: a89c049c-95d0-11df-a7e5-665544336040
 
[ System Events ]
Error - 23.07.2010 12:40:36 | Computer Name = Sky-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 26.07.2010 05:46:40 | Computer Name = Sky-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 26.07.2010 08:50:33 | Computer Name = Sky-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 26.07.2010 12:27:47 | Computer Name = Sky-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 26.07.2010 12:28:17 | Computer Name = Sky-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 27.07.2010 01:33:01 | Computer Name = Sky-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 27.07.2010 06:44:52 | Computer Name = Sky-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 27.07.2010 10:49:40 | Computer Name = Sky-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 28.07.2010 01:11:26 | Computer Name = Sky-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 28.07.2010 07:41:03 | Computer Name = Sky-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
 
< End of report >

--- --- ---

Larusso · 01.08.2010, 11:59

Hy, bitte ändere alle Zugangspasswörter von einem sauberen Rechner aus.

Bitte lasse die Dateien aus der Code-Box bei Virustotal überprüfen

Code:

ATTFilter

C:\Windows\SysWow64\drivers\xvnvoem.sys
C:\extensions.exe\extensions.exe

Also gehe wie hier beschrieben vor:

Öffne diese Webseite: virustotal
Klicke auf "Durchsuchen"
Suche die Datei auf deinem Rechner--> Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox)
"Senden der Datei"
Warte, bis der Scandurchlauf aller Virenscanner beendet ist
Auf "Compact" klicken (Links oben zu finden)
Ein neuer Tab dürfte sich öffnen.
Den Inhalt komplett kopieren und hier einfügen

Sollte die Datei als schädlich erkannt werden bitte noch nicht entfernen

tantow · 01.08.2010, 21:01

i gg empfangen 2010.07.29 01:07:18 (UTC)Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2010.07.29.00 2010.07.28 Win-Trojan/Avenger.61440
AntiVir 8.2.4.26 2010.07.28 -
Antiy-AVL 2.0.3.7 2010.07.28 Hoax/Win32.Agent.gen
Authentium 5.2.0.5 2010.07.28 -
Avast 4.8.1351.0 2010.07.28 -
Avast5 5.0.332.0 2010.07.28 -
AVG 9.0.0.851 2010.07.28 -
BitDefender 7.2 2010.07.29 -
CAT-QuickHeal 11.00 2010.07.28 Trojan.Agent.ATV
ClamAV 0.96.0.3-git 2010.07.29 -
Comodo 5574 2010.07.29 -
DrWeb 5.0.2.03300 2010.07.29 -
Emsisoft 5.0.0.34 2010.07.29 -
eTrust-Vet 36.1.7745 2010.07.28 -
F-Prot 4.6.1.107 2010.07.28 -
F-Secure 9.0.15370.0 2010.07.29 -
Fortinet 4.1.143.0 2010.07.28 -
GData 21 2010.07.29 -
Ikarus T3.1.1.84.0 2010.07.29 -
Jiangmin 13.0.900 2010.07.28 Hoax.Agent.f
Kaspersky 7.0.0.125 2010.07.28 -
McAfee 5.400.0.1158 2010.07.29 -
McAfee-GW-Edition 2010.1 2010.07.28 -
Microsoft 1.6004 2010.07.28 -
NOD32 5321 2010.07.28 -
Norman 6.05.11 2010.07.28 -
nProtect 2010-07-28.02 2010.07.28 Trojan/W32.Agent.61440.JQ
Panda 10.0.2.7 2010.07.28 Rootkit/Agent.LNB
PCTools 7.0.3.5 2010.07.29 -
Prevx 3.0 2010.07.29 -
Rising 22.58.02.04 2010.07.28 -
Sophos 4.55.0 2010.07.29 -
Sunbelt 6655 2010.07.28 -
SUPERAntiSpyware 4.40.0.1006 2010.07.29 -
Symantec 20101.1.1.7 2010.07.29 -
TheHacker 6.5.2.1.326 2010.07.27 -
TrendMicro 9.120.0.1004 2010.07.27 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.29 -
VBA32 3.12.12.6 2010.07.28 -
ViRobot 2010.7.28.3960 2010.07.28 Hoax..Agent.61440
VirusBuster 5.0.27.0 2010.07.28 -

weitere Informationen
File size: 61440 bytes
MD5 : 589312a3b46721c5a751e4d5222a89be
SHA1 : 3a497d3968a4f6e3c648d196da38e5f98e75ec30
SHA256: 03cbe6df7f5605a3659ffe27a1184a8d9066436a17d7bac9cceb122de74f69ae
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xD394 timedatestamp.....: 0x476B398B (Fri Dec 21 04:56:59 2007) machinetype.......: 0x14C (Intel I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x400 0xD756 0xD780 5.52 e0dc8fff10e3a7c6343455cd02a67954 .rdata 0xDB80 0x10E 0x180 3.44 d2fd0bc28e070ccc67879e04b7cd5302 .data 0xDD00 0xC0 0x100 0.04 66a415a49d751cb335895306ecfb3389 INIT 0xDE00 0x376 0x380 5.17 79cc3d62ef3ba8053786e08dc9b6cddc .reloc 0xE180 0xE2C 0xE80 6.60 4f845320301140370066cbceee4c5e4c ( 0 imports ) ( 0 exports ) 
TrID : File type identification Clipper DOS Executable (33.3%) Generic Win/DOS Executable (33.0%) DOS Executable Generic (33.0%) VXD Driver (0.5%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
ThreatExpert: <a href="hxxp://www.threatexpert.com/report.aspx?md5=589312a3b46721c5a751e4d5222a89be" target="_blank">hxxp://www.threatexpert.com/report.aspx?md5=589312a3b46721c5a751e4d5222a89be</a>
ssdeep: 768:UzNrXvTHr4DU6K5H5VLvDcLugwoMcq5+x7J1uQ9VP:QTG2VrOuN+lJpP
sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned 
Prevx Info: <a href="hxxp://info.prevx.com/aboutprogramtext.asp?PX5=0D0120F6002DA0A9F00500511CA22500289EA8D6" target="_blank">hxxp://info.prevx.com/aboutprogramtext.asp?PX5=0D0120F6002DA0A9F00500511CA22500289EA8D6</a>
PEiD : -
CWSandbox: <a href="hxxp://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=589312a3b46721c5a751e4d5222a89be" target="_blank">hxxp://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=589312a3b46721c5a751e4d5222a89be</a>
RDS : NSRL Reference Data Set -

Datei file-1268879_exe empfangen 2010.08.01 17:27:08 (UTC)Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2010.08.01.00 2010.07.31 -
AntiVir 8.2.4.32 2010.07.30 -
Antiy-AVL 2.0.3.7 2010.07.30 -
Authentium 5.2.0.5 2010.07.31 -
Avast 4.8.1351.0 2010.08.01 -
Avast5 5.0.332.0 2010.08.01 -
AVG 9.0.0.851 2010.08.01 -
BitDefender 7.2 2010.08.01 -
CAT-QuickHeal 11.00 2010.07.31 -
ClamAV 0.96.0.3-git 2010.08.01 -
Comodo 5609 2010.08.01 Heur.Packed.Unknown
DrWeb 5.0.2.03300 2010.08.01 Trojan.PWS.SpySweep.25
Emsisoft 5.0.0.34 2010.07.30 -
eSafe 7.0.17.0 2010.08.01 -
eTrust-Vet 36.1.7753 2010.07.31 -
F-Prot 4.6.1.107 2010.07.31 -
F-Secure 9.0.15370.0 2010.08.01 -
Fortinet 4.1.143.0 2010.08.01 -
GData 21 2010.08.01 -
Ikarus T3.1.1.84.0 2010.08.01 -
Jiangmin 13.0.900 2010.08.01 -
Kaspersky 7.0.0.125 2010.08.01 -
McAfee 5.400.0.1158 2010.08.01 -
McAfee-GW-Edition 2010.1 2010.07.30 -
Microsoft 1.6004 2010.08.01 -
NOD32 5331 2010.08.01 a variant of Win32/Kryptik.FUC
Norman 6.05.11 2010.08.01 -
nProtect 2010-08-01.01 2010.08.01 -
Panda 10.0.2.7 2010.08.01 -
PCTools 7.0.3.5 2010.08.01 -
Prevx 3.0 2010.08.01 -
Rising 22.58.05.04 2010.07.31 -
Sophos 4.56.0 2010.08.01 -
Sunbelt 6671 2010.08.01 -
SUPERAntiSpyware 4.40.0.1006 2010.08.01 -
Symantec 20101.1.1.7 2010.08.01 -
TheHacker 6.5.2.1.328 2010.07.30 -
TrendMicro 9.120.0.1004 2010.08.01 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.01 -
VBA32 3.12.12.7 2010.07.30 -
ViRobot 2010.7.31.3965 2010.08.01 -
VirusBuster 5.0.27.0 2010.08.01 -

weitere Informationen
File size: 142336 bytes
MD5 : 19c08f129b107b09d489b41e53b2aa84
SHA1 : 79d6aa38baa310562cfa1b30e2b58a5988bbb3c1
SHA256: b59202f0f8af888e3a24e9a26b3f7d2f1f97fd9fa1a0888f30ddc7c8594ebe42
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x75F70 timedatestamp.....: 0x4927C6F0 (Sat Nov 22 09:46:40 2008) machinetype.......: 0x14C (Intel I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0x1000 0x53000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0x54000 0x23000 0x22200 7.95 2bcb8dc91d6c8b0699fb4881e025b7df .rsrc 0x77000 0x1000 0x600 4.24 7538eb5eb149b61fbf869fea6fcf289c ( 2 imports ) > kernel32.dll: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess > user32.dll: EndPaint ( 0 exports ) 
TrID : File type identification Generic Win/DOS Executable (49.9%) DOS Executable Generic (49.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Symantec reputation: Suspicious.Insight hxxp://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
ssdeep: 3072:0q4VusWuMyPvCmIfwxbZjB4PWziPzGmZ2luvB8jZy1EtQYhNdC:07VRpHRIy9jBPzozrZ+2BaZiES+
sigcheck: publisher....: SOFTWIN S.R.L. copyright....: 1219-2848 product......: ______ description..: BitDefender Management Console original name: inxqs.exe internal name: _____ file version.: 30.8.118.113 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned 
PEiD : -
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
RDS : NSRL Reference Data Set -

Larusso · 01.08.2010, 21:33

Welche Datei ist der erste Scan ?

Datei file-1268879_exe ?

tantow · 01.08.2010, 21:39

C:\Windows\SysWow64\drivers\xvnvoem.sys

also Datei file-1268879_exe ist der 2. Scan.

Larusso · 02.08.2010, 10:14

Ich wollte aber folgende gescannt haben

Zitat:

C:\extensions.exe\extensions.exe

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Bitte poste in Deiner nächsten Antwort
Auswertung VT
OTL.txt

tantow · 02.08.2010, 10:36

Hi!

Hatte alles so gemacht, wie du beschrieben hast.

C:\Windows\SysWow64\drivers\xvnvoem.sys:

Datei gg empfangen 2010.07.29 01:07:18 (UTC)Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2010.07.29.00 2010.07.28 Win-Trojan/Avenger.61440
AntiVir 8.2.4.26 2010.07.28 -
Antiy-AVL 2.0.3.7 2010.07.28 Hoax/Win32.Agent.gen
Authentium 5.2.0.5 2010.07.28 -
Avast 4.8.1351.0 2010.07.28 -
Avast5 5.0.332.0 2010.07.28 -
AVG 9.0.0.851 2010.07.28 -
BitDefender 7.2 2010.07.29 -
CAT-QuickHeal 11.00 2010.07.28 Trojan.Agent.ATV
ClamAV 0.96.0.3-git 2010.07.29 -
Comodo 5574 2010.07.29 -
DrWeb 5.0.2.03300 2010.07.29 -
Emsisoft 5.0.0.34 2010.07.29 -
eTrust-Vet 36.1.7745 2010.07.28 -
F-Prot 4.6.1.107 2010.07.28 -
F-Secure 9.0.15370.0 2010.07.29 -
Fortinet 4.1.143.0 2010.07.28 -
GData 21 2010.07.29 -
Ikarus T3.1.1.84.0 2010.07.29 -
Jiangmin 13.0.900 2010.07.28 Hoax.Agent.f
Kaspersky 7.0.0.125 2010.07.28 -
McAfee 5.400.0.1158 2010.07.29 -
McAfee-GW-Edition 2010.1 2010.07.28 -
Microsoft 1.6004 2010.07.28 -
NOD32 5321 2010.07.28 -
Norman 6.05.11 2010.07.28 -
nProtect 2010-07-28.02 2010.07.28 Trojan/W32.Agent.61440.JQ
Panda 10.0.2.7 2010.07.28 Rootkit/Agent.LNB
PCTools 7.0.3.5 2010.07.29 -
Prevx 3.0 2010.07.29 -
Rising 22.58.02.04 2010.07.28 -
Sophos 4.55.0 2010.07.29 -
Sunbelt 6655 2010.07.28 -
SUPERAntiSpyware 4.40.0.1006 2010.07.29 -
Symantec 20101.1.1.7 2010.07.29 -
TheHacker 6.5.2.1.326 2010.07.27 -
TrendMicro 9.120.0.1004 2010.07.27 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.29 -
VBA32 3.12.12.6 2010.07.28 -
ViRobot 2010.7.28.3960 2010.07.28 Hoax..Agent.61440
VirusBuster 5.0.27.0 2010.07.28 -

weitere Informationen
File size: 61440 bytes
MD5 : 589312a3b46721c5a751e4d5222a89be
SHA1 : 3a497d3968a4f6e3c648d196da38e5f98e75ec30
SHA256: 03cbe6df7f5605a3659ffe27a1184a8d9066436a17d7bac9cceb122de74f69ae
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0xD394 timedatestamp.....: 0x476B398B (Fri Dec 21 04:56:59 2007) machinetype.......: 0x14C (Intel I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x400 0xD756 0xD780 5.52 e0dc8fff10e3a7c6343455cd02a67954 .rdata 0xDB80 0x10E 0x180 3.44 d2fd0bc28e070ccc67879e04b7cd5302 .data 0xDD00 0xC0 0x100 0.04 66a415a49d751cb335895306ecfb3389 INIT 0xDE00 0x376 0x380 5.17 79cc3d62ef3ba8053786e08dc9b6cddc .reloc 0xE180 0xE2C 0xE80 6.60 4f845320301140370066cbceee4c5e4c ( 0 imports ) ( 0 exports ) 
TrID : File type identification Clipper DOS Executable (33.3%) Generic Win/DOS Executable (33.0%) DOS Executable Generic (33.0%) VXD Driver (0.5%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
ThreatExpert: <a href="hxxp://www.threatexpert.com/report.aspx?md5=589312a3b46721c5a751e4d5222a89be" target="_blank">hxxp://www.threatexpert.com/report.aspx?md5=589312a3b46721c5a751e4d5222a89be</a>
ssdeep: 768:UzNrXvTHr4DU6K5H5VLvDcLugwoMcq5+x7J1uQ9VP:QTG2VrOuN+lJpP
sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned 
Prevx Info: <a href="hxxp://info.prevx.com/aboutprogramtext.asp?PX5=0D0120F6002DA0A9F00500511CA22500289EA8D6" target="_blank">hxxp://info.prevx.com/aboutprogramtext.asp?PX5=0D0120F6002DA0A9F00500511CA22500289EA8D6</a>
PEiD : -
CWSandbox: <a href="hxxp://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=589312a3b46721c5a751e4d5222a89be" target="_blank">hxxp://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=589312a3b46721c5a751e4d5222a89be</a>
RDS : NSRL Reference Data Set -

C:\extensions.exe\extensions.exe:

Datei file-1268879_exe empfangen 2010.08.01 17:27:08 (UTC)Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2010.08.01.00 2010.07.31 -
AntiVir 8.2.4.32 2010.07.30 -
Antiy-AVL 2.0.3.7 2010.07.30 -
Authentium 5.2.0.5 2010.07.31 -
Avast 4.8.1351.0 2010.08.01 -
Avast5 5.0.332.0 2010.08.01 -
AVG 9.0.0.851 2010.08.01 -
BitDefender 7.2 2010.08.01 -
CAT-QuickHeal 11.00 2010.07.31 -
ClamAV 0.96.0.3-git 2010.08.01 -
Comodo 5609 2010.08.01 Heur.Packed.Unknown
DrWeb 5.0.2.03300 2010.08.01 Trojan.PWS.SpySweep.25
Emsisoft 5.0.0.34 2010.07.30 -
eSafe 7.0.17.0 2010.08.01 -
eTrust-Vet 36.1.7753 2010.07.31 -
F-Prot 4.6.1.107 2010.07.31 -
F-Secure 9.0.15370.0 2010.08.01 -
Fortinet 4.1.143.0 2010.08.01 -
GData 21 2010.08.01 -
Ikarus T3.1.1.84.0 2010.08.01 -
Jiangmin 13.0.900 2010.08.01 -
Kaspersky 7.0.0.125 2010.08.01 -
McAfee 5.400.0.1158 2010.08.01 -
McAfee-GW-Edition 2010.1 2010.07.30 -
Microsoft 1.6004 2010.08.01 -
NOD32 5331 2010.08.01 a variant of Win32/Kryptik.FUC
Norman 6.05.11 2010.08.01 -
nProtect 2010-08-01.01 2010.08.01 -
Panda 10.0.2.7 2010.08.01 -
PCTools 7.0.3.5 2010.08.01 -
Prevx 3.0 2010.08.01 -
Rising 22.58.05.04 2010.07.31 -
Sophos 4.56.0 2010.08.01 -
Sunbelt 6671 2010.08.01 -
SUPERAntiSpyware 4.40.0.1006 2010.08.01 -
Symantec 20101.1.1.7 2010.08.01 -
TheHacker 6.5.2.1.328 2010.07.30 -
TrendMicro 9.120.0.1004 2010.08.01 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.01 -
VBA32 3.12.12.7 2010.07.30 -
ViRobot 2010.7.31.3965 2010.08.01 -
VirusBuster 5.0.27.0 2010.08.01 -

weitere Informationen
File size: 142336 bytes
MD5 : 19c08f129b107b09d489b41e53b2aa84
SHA1 : 79d6aa38baa310562cfa1b30e2b58a5988bbb3c1
SHA256: b59202f0f8af888e3a24e9a26b3f7d2f1f97fd9fa1a0888f30ddc7c8594ebe42
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x75F70 timedatestamp.....: 0x4927C6F0 (Sat Nov 22 09:46:40 2008) machinetype.......: 0x14C (Intel I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0x1000 0x53000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0x54000 0x23000 0x22200 7.95 2bcb8dc91d6c8b0699fb4881e025b7df .rsrc 0x77000 0x1000 0x600 4.24 7538eb5eb149b61fbf869fea6fcf289c ( 2 imports ) > kernel32.dll: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess > user32.dll: EndPaint ( 0 exports ) 
TrID : File type identification Generic Win/DOS Executable (49.9%) DOS Executable Generic (49.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Symantec reputation: Suspicious.Insight hxxp://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
ssdeep: 3072:0q4VusWuMyPvCmIfwxbZjB4PWziPzGmZ2luvB8jZy1EtQYhNdC:07VRpHRIy9jBPzozrZ+2BaZiES+
sigcheck: publisher....: SOFTWIN S.R.L. copyright....: 1219-2848 product......: ______ description..: BitDefender Management Console original name: inxqs.exe internal name: _____ file version.: 30.8.118.113 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned 
PEiD : -
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
RDS : NSRL Reference Data Set -

OTL:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 02.08.2010 11:21:18 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Sky\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 80,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 17,84 Gb Free Space | 36,53% Space Free | Partition Type: NTFS
Drive D: | 139,41 Gb Total Space | 89,32 Gb Free Space | 64,07% Space Free | Partition Type: NTFS
Drive E: | 98,57 Gb Total Space | 61,24 Gb Free Space | 62,13% Space Free | Partition Type: NTFS
Drive F: | 318,36 Gb Total Space | 159,46 Gb Free Space | 50,09% Space Free | Partition Type: NTFS
Drive G: | 46,90 Gb Total Space | 36,68 Gb Free Space | 78,21% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SKY-PC
Current User Name: Sky
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.01 12:41:03 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Sky\Desktop\OTL.exe
PRC - [2010.07.12 10:55:38 | 000,755,096 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWWSC.exe
PRC - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.04.23 00:59:41 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009.09.28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2007.05.30 14:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.01 12:41:03 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Sky\Desktop\OTL.exe
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009.07.14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010.07.12 10:55:38 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.04.23 00:59:41 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.09.28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007.08.24 07:59:20 | 000,068,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007.05.30 14:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) [Auto | Running] -- C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010.07.28 14:51:27 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.03.05 13:20:14 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.03.05 13:20:13 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.02.16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009.07.14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009.07.14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009.07.14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009.07.14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 01:58:24 | 000,507,392 | ---- | M] (ITETech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AF15BDA.sys -- (AF15BDA)
DRV:64bit: - [2007.05.30 14:10:42 | 000,014,072 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AvgAsC64.sys -- (AvgAsC64)
DRV - [2010.08.01 10:44:24 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\xvnvoem.sys -- (jdvkcqx)
DRV - [2007.05.30 14:10:42 | 000,012,024 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard64.sys -- (AVG Anti-Spyware Driver)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 6A 37 9E 1F AC CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.07.08 00:04:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.07.08 00:04:25 | 000,000,000 | ---D | M]
 
[2010.02.14 17:42:28 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\mozilla\Extensions
[2010.03.01 14:11:35 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\mozilla\Firefox\Profiles\gfo7ooo2.default\extensions
[2010.02.17 11:38:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPPDLicenseHelper.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.21 18:43:13 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKCU..\Run: [extensions.exe] C:\extensions.exe\extensions.exe (SOFTWIN S.R.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: DllHst = C:\Windows\System\dllhst3g.exe /waitservice File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.02.12 07:16:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: ciphdVol - (C:\Windows\system32\mmcated.dll) - C:\Windows\SysWow64\mmcated.dll File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.08.01 12:41:02 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Sky\Desktop\OTL.exe
[2010.08.01 11:37:48 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Sky\Desktop\TFC.exe
[2010.08.01 08:22:11 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Sky\Desktop\HiJackThis204.exe
[2010.07.31 15:01:45 | 000,000,000 | ---D | C] -- C:\Users\Sky\AppData\Roaming\Grisoft
[2010.07.31 15:01:39 | 000,014,072 | ---- | C] (GRISOFT, s.r.o.) -- C:\Windows\SysNative\drivers\AvgAsC64.sys
[2010.07.31 15:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Grisoft
[2010.07.31 15:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grisoft
[2010.07.30 21:08:12 | 000,000,000 | ---D | C] -- C:\Users\Sky\AppData\Local\Sunbelt Software
[2010.07.30 19:03:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010.07.30 19:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.07.30 19:02:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010.07.30 18:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.07.30 18:26:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.07.30 16:21:55 | 000,000,000 | ---D | C] -- C:\Users\Sky\AppData\Roaming\Malwarebytes
[2010.07.30 16:21:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.07.30 16:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.30 16:21:40 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.07.30 16:21:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.07.28 16:49:44 | 000,000,000 | ---D | C] -- C:\Users\Sky\Documents\StarCraft II
[2010.07.28 16:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010.07.28 16:49:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010.07.28 14:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2010.07.28 14:50:40 | 000,000,000 | ---D | C] -- C:\Users\Sky\AppData\Roaming\DAEMON Tools Pro
[2010.07.28 14:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2010.07.18 17:29:18 | 000,000,000 | ---D | C] -- C:\Users\Sky\Desktop\daria
[2010.07.11 09:01:22 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.06.23 01:12:55 | 000,000,000 | -H-D | C] -- C:\extensions.exe
[2010.06.10 16:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\BioWare
[2010.06.07 16:42:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2010.06.07 16:23:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2010.05.30 12:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SEGA Corporation
[2010.05.30 12:52:39 | 000,000,000 | ---D | C] -- C:\Users\Sky\Documents\Alpha Protocol
[2010.05.30 12:17:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010.05.18 09:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2010.05.17 23:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.05.17 21:07:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.05.10 17:21:27 | 000,000,000 | ---D | C] -- C:\Users\Sky\Documents\Sparbuch
[2010.05.10 16:46:22 | 000,000,000 | ---D | C] -- C:\Users\Sky\AppData\Local\Buhl
[2010.05.10 16:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH
[2010.05.10 16:13:14 | 000,000,000 | ---D | C] -- C:\Users\Sky\AppData\Local\Buhl Data Service
 
========== Files - Modified Within 90 Days ==========
 
[2010.08.02 11:21:41 | 002,097,152 | -HS- | M] () -- C:\Users\Sky\NTUSER.DAT
[2010.08.02 08:16:42 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.02 08:16:42 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.02 08:15:43 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.08.02 08:15:43 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.08.02 08:15:43 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.08.02 08:15:43 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.08.02 08:15:43 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.08.02 08:11:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.02 08:11:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.02 08:11:15 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.02 00:44:24 | 002,651,432 | -H-- | M] () -- C:\Users\Sky\AppData\Local\IconCache.db
[2010.08.01 12:41:03 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Sky\Desktop\OTL.exe
[2010.08.01 11:37:48 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Sky\Desktop\TFC.exe
[2010.08.01 10:44:24 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\xvnvoem.sys
[2010.08.01 10:41:14 | 000,731,136 | ---- | M] () -- C:\Users\Sky\Desktop\avenger.exe
[2010.08.01 08:46:11 | 000,001,541 | ---- | M] () -- C:\Users\Sky\Desktop\avgas - Verknüpfung.lnk
[2010.08.01 08:22:11 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Sky\Desktop\HiJackThis204.exe
[2010.07.30 19:03:15 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.07.30 18:26:35 | 000,001,228 | ---- | M] () -- C:\Users\Sky\Desktop\Spybot - Search & Destroy.lnk
[2010.07.30 16:21:46 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.28 19:28:04 | 000,000,791 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010.07.28 14:51:27 | 000,828,912 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010.07.12 10:55:38 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2010.06.28 17:16:02 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Sniper Ghost Warrior.lnk
[2010.06.11 14:53:32 | 000,409,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.05.31 08:59:02 | 000,000,000 | ---- | M] () -- C:\Windows\wiso.ini
[2010.05.23 02:37:29 | 000,008,704 | ---- | M] () -- C:\Users\Sky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.21 18:43:13 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
 
========== Files Created - No Company Name ==========
 
[2010.08.01 10:44:24 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\xvnvoem.sys
[2010.08.01 10:41:14 | 000,731,136 | ---- | C] () -- C:\Users\Sky\Desktop\avenger.exe
[2010.08.01 08:46:11 | 000,001,541 | ---- | C] () -- C:\Users\Sky\Desktop\avgas - Verknüpfung.lnk
[2010.07.31 12:28:36 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2010.07.30 19:03:15 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.07.30 18:26:35 | 000,001,228 | ---- | C] () -- C:\Users\Sky\Desktop\Spybot - Search & Destroy.lnk
[2010.07.30 16:21:46 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.28 19:12:44 | 000,000,791 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010.07.18 19:01:59 | 000,000,000 | ---- | C] () -- C:\Users\Sky\Sti_Trace.log
[2010.06.28 17:16:02 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Sniper Ghost Warrior.lnk
[2010.05.31 08:59:02 | 000,000,000 | ---- | C] () -- C:\Windows\wiso.ini
[2010.03.27 21:04:50 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010.03.27 21:04:50 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010.03.27 21:04:50 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010.02.22 21:13:52 | 000,127,085 | ---- | C] () -- C:\Windows\SysWow64\RTKFMSOURCE.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
========== LOP Check ==========
 
[2010.02.13 16:39:38 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\Awem
[2010.07.18 19:16:09 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\Canon
[2010.02.28 14:30:10 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\DAEMON Tools Lite
[2010.07.28 15:00:44 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\DAEMON Tools Pro
[2010.03.01 14:11:34 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\Free Download Manager
[2010.07.31 15:01:45 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\Grisoft
[2010.06.27 12:35:00 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\ICQ
[2010.04.06 15:41:25 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\My Games
[2010.03.22 21:00:19 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\Opera
[2010.03.09 20:17:07 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\ProtectDisc
[2010.05.02 13:26:49 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\Ubisoft
[2010.04.14 16:13:40 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\XRay Engine
[2010.07.07 13:19:10 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2010.08.02 08:11:14 | 000,002,332 | ---- | M] () -- C:\aaw7boot.log
[2009.02.12 07:16:40 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009.06.17 12:01:46 | 000,000,211 | -H-- | M] () -- C:\Boot.BAK
[2010.02.12 21:46:49 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved
[2001.03.28 11:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2009.07.14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010.02.12 21:46:51 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009.02.12 07:16:40 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010.08.02 08:11:15 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2009.02.12 07:16:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009.02.12 07:16:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008.12.01 14:35:52 | 000,086,016 | ---- | M] (Infotriever) -- C:\NPInforbit32.dll
[2008.12.01 14:35:44 | 000,000,165 | ---- | M] () -- C:\NPInforbit32.xpt
[2001.03.28 11:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009.02.12 07:34:34 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2010.08.02 08:11:15 | 4294,172,672 | -HS- | M] () -- C:\pagefile.sys
[2009.03.11 22:20:13 | 000,000,569 | ---- | M] () -- C:\RHDSetup.log
[2010.02.12 22:08:19 | 000,171,136 | RHS- | M] () -- C:\w7ldr
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2009.07.14 07:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 07:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 07:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 07:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009.06.10 22:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009.07.14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\user32.dll /md5 >
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2009.07.14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

--- --- ---

mfg

Larusso · 02.08.2010, 11:07

Seltsam, die scheint mir nich so ganz zu wollen

Schritt 1

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
[2010.08.01 10:44:24 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\xvnvoem.sys
[2010.06.23 01:12:55 | 000,000,000 | -H-D | C] -- C:\extensions.exe
O36 - AppCertDlls: ciphdVol - (C:\Windows\system32\mmcated.dll) - C:\Windows\SysWow64\mmcated.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - Reg Error: Key error. File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: DllHst = C:\Windows\System\dllhst3g.exe /waitservice File not found
O4 - HKCU..\Run: [extensions.exe] C:\extensions.exe\extensions.exe (SOFTWIN S.R.L.)
DRV - [2010.08.01 10:44:24 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\xvnvoem.sys -- (jdvkcqx)

:services
:files
:reg
:Commands
[purity]
[emptytemp]
[reboot]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
Klick auf .
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Grundreinigung mit SUPERAntiSpyware

Bitte lade Dir SUPERAntiSpyware FREE Edition herunter.
Das Programm ist geeignet für: Windows 98, 98SE, ME, 2000, 2003, XP und Vista.
Installiere das Programm und lasse das Programm die neuesten Definition und Updates laden.
Eine bebilderte Anleitung findest Du hier.
Schließe alle Anwendungen inkl. Browser.
Öffne SUPERAntiSpyware und klicke auf Ihren Computer durchsuchen.
Setze ein Häkchen bei Kompletter Scan und klicke auf Weiter.
Wenn der Suchlauf beendet ist, wird Dir eine Übersicht mit den Funden angezeigt, die Du mit OK zur Kenntnis nimmst.
Achte darauf, dass bei allen Funden ein Häkchen steht, klicke dann auf Weiter und OK.
Klicke auf Fertig stellen, was Dich ins Hauptfenster bringt.
Es kann sein, dass Dein Rechner neu gestartet werden muss, um Malware mit dem Neustart vom System zu entfernen.
Um das Logfile zu erhalten, musst du erst auf Präferenzen und dann auf den Statistiken und Protokolle klicken.
Klicke auf das datierte Logfile, drücke auf Protokoll anzeigen. Nun erscheint ein Textfenster.
Bitte kopiere diesen Bericht hier in den Thread.

Schritt 3

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
Dein Anti-Virus-Programm während des Scans deaktivieren.
Button drücken.
- Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User: müssen das Installieren eines ActiveX Elements erlauben.
Setze den einen Hacken bei Yes, i accept the Terms of Use.
Drücke den Button.
Warte bis die Komponenten herunter geladen wurden.
Setze einen Haken bei "Remove found threads" und "Scan archives".
drücken.
Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde

Klicke Finish.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
Logfile hier posten.

Schritt 4

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.

Bitte poste in Deiner nächsten Antwort
OTL Fix Log
SASW Log
ESET Log
OTL.txt
Extras.txt

tantow · 03.08.2010, 17:30

So, hoffe hab alles richtig gemacht.
War, soweit ich das erkannt habe nur einen infizierten File gefunden.

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/03/2010 at 05:30 AM

Application Version : 4.41.1000

Core Rules Database Version : 5303
Trace Rules Database Version: 3115

Scan type : Complete Scan
Total Scan Time : 07:18:44

Memory items scanned : 488
Memory threats detected : 0
Registry items scanned : 13437
Registry threats detected : 0
File items scanned : 33472
File threats detected : 0

All processes killed
========== OTL ==========
C:\Windows\SysWOW64\drivers\xvnvoem.sys moved successfully.
Folder C:\extensions.exe\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\ciphdVol:C:\Windows\system32\mmcated.dll deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\DllHst deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\extensions.exe deleted successfully.
C:\extensions.exe\extensions.exe moved successfully.
Service jdvkcqx stopped successfully!
Service jdvkcqx deleted successfully!
File C:\Windows\system32\drivers\xvnvoem.sys not found.
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Sky
->Temp folder emptied: 469740 bytes
->Temporary Internet Files folder emptied: 3728576 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 20289687 bytes
->Flash cache emptied: 3339 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1120 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 123436 bytes

Total Files Cleaned = 23,00 mb

OTL by OldTimer - Version 3.2.9.1 log created on 08022010_220603

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 03.08.2010 18:19:18 - Run 3
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Sky\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 18,49 Gb Free Space | 37,87% Space Free | Partition Type: NTFS
Drive D: | 139,41 Gb Total Space | 89,32 Gb Free Space | 64,07% Space Free | Partition Type: NTFS
Drive E: | 98,57 Gb Total Space | 61,24 Gb Free Space | 62,13% Space Free | Partition Type: NTFS
Drive F: | 318,36 Gb Total Space | 159,46 Gb Free Space | 50,09% Space Free | Partition Type: NTFS
Drive G: | 46,90 Gb Total Space | 36,68 Gb Free Space | 78,21% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SKY-PC
Current User Name: Sky
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.js[@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.js [@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~3\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~3\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460" = Canon MP460
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}" = Alpha Protocol
"{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"IrfanView" = IrfanView (remove only)
"Jack Keane" = Jack Keane
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"netloader" = netloader
"Overclocked" = Overclocked
"Sniper Ghost Warrior_is1" = Sniper Ghost Warrior
"StarCraft II" = StarCraft II
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.06.2010 19:22:42 | Computer Name = Sky-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 10.53.3374.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: a3c    Startzeit: 
01cb125fe26edae0    Endzeit: 10    Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe

Berichts-ID:
 0c218319-7e55-11df-8f07-665544336040  
 
Error - 23.06.2010 07:32:23 | Computer Name = Sky-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: daorigins.exe, Version: 1.3.11253.0,
 Zeitstempel: 0x4b70580a  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x3bc  Startzeit der fehlerhaften Anwendung: 0x01cb12c1053ec920  Pfad der
 fehlerhaften Anwendung: D:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: fd216fc0-7eba-11df-abde-665544336040
 
Error - 25.06.2010 11:06:10 | Computer Name = Sky-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: opera.exe, Version: 10.54.3423.0,
 Zeitstempel: 0x4c189f8f  Name des fehlerhaften Moduls: Opera.dll, Version: 10.54.3423.0,
 Zeitstempel: 0x4c189fcd  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00222660  ID des fehlerhaften
 Prozesses: 0x1398  Startzeit der fehlerhaften Anwendung: 0x01cb146c24d8824c  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Opera\opera.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Opera\Opera.dll  Berichtskennung: 2faf0144-806b-11df-a6df-665544336040
 
Error - 26.06.2010 17:53:46 | Computer Name = Sky-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: daorigins.exe, Version: 1.3.11253.0,
 Zeitstempel: 0x4b70580a  Name des fehlerhaften Moduls: daorigins.exe, Version: 1.3.11253.0,
 Zeitstempel: 0x4b70580a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0041bc64  ID des fehlerhaften
 Prozesses: 0x80c  Startzeit der fehlerhaften Anwendung: 0x01cb1578debb1320  Pfad der
 fehlerhaften Anwendung: D:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe
Pfad
 des fehlerhaften Moduls: D:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe
Berichtskennung:
 4b00e360-816d-11df-a658-665544336040
 
Error - 27.06.2010 13:37:38 | Computer Name = Sky-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: daorigins.exe, Version: 1.3.11253.0,
 Zeitstempel: 0x4b70580a  Name des fehlerhaften Moduls: daorigins.exe, Version: 1.3.11253.0,
 Zeitstempel: 0x4b70580a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00004480  ID des fehlerhaften
 Prozesses: 0xb2c  Startzeit der fehlerhaften Anwendung: 0x01cb161a4a02c780  Pfad der
 fehlerhaften Anwendung: D:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe
Pfad
 des fehlerhaften Moduls: D:\Program Files (x86)\Dragon Age\bin_ship\daorigins.exe
Berichtskennung:
 ad9510f0-8212-11df-b9b8-665544336040
 
Error - 10.07.2010 11:47:24 | Computer Name = Sky-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 0.09132484642455219.exe, Version:
 123.21.15.83, Zeitstempel: 0x491f4a61  Name des fehlerhaften Moduls: 0.09132484642455219.exe,
 Version: 123.21.15.83, Zeitstempel: 0x491f4a61  Ausnahmecode: 0xc0000096  Fehleroffset:
 0x000020fb  ID des fehlerhaften Prozesses: 0x894  Startzeit der fehlerhaften Anwendung:
 0x01cb20472f9129b4  Pfad der fehlerhaften Anwendung: C:\Users\Sky\AppData\Local\Temp\0.09132484642455219.exe
Pfad
 des fehlerhaften Moduls: C:\Users\Sky\AppData\Local\Temp\0.09132484642455219.exe
Berichtskennung:
 6e64565c-8c3a-11df-ba5c-665544336040
 
Error - 10.07.2010 11:47:24 | Computer Name = Sky-PC | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
 werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
 gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern, oder
 der Datenträger fehlt.  Das Programm 0.09132484642455219.exe wurde wegen dieses Fehlers
 geschlossen.    Programm: 0.09132484642455219.exe  Datei:     Der Fehlerwert ist im Abschnitt
 "Zusätzliche Dateien" aufgelistet.  Benutzeraktion  1. Öffnen Sie die Datei erneut.
Diese
 Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird,
 wenn das Programm erneut ausgeführt wird.  2.  Wenn Sie weiterhin nicht auf die Datei
 zugreifen können und   - diese sich im Netzwerk befindet,   dann sollte der Netzwerkadministrator
 überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem 
Server hergestellt werden kann.   - diese sich auf einem Wechseldatenträger, wie z.
 B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig
 in den Computer eingelegt ist.  3. Überprüfen und reparieren Sie das Dateisystem,
 indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben
 Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK
 /F ein, und drücken Sie die EINGABETASTE.  4. Stellen Sie die Datei von einer Sicherungskopie
 wieder her, wenn das Problem weiterhin besteht.  5. Überprüfen Sie, ob andere Dateien
 auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist,
 ist der Datenträger eventuell beschädigt.   Wenden Sie sich an den Administrator 
oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, 
wenn es sich um eine Festplatte handelt.    Zusätzliche Daten  Fehlerwert: 00000000  Datenträgertyp:
 0
 
Error - 20.07.2010 09:25:55 | Computer Name = Sky-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: service.exe, Version: 8.2.0.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: service.exe, Version: 8.2.0.0, Zeitstempel:
 0x2a425e19  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00008000  ID des fehlerhaften Prozesses:
 0x904  Startzeit der fehlerhaften Anwendung: 0x01cb280f13a50750  Pfad der fehlerhaften
 Anwendung: C:\Users\Sky\AppData\Local\Temp\service.exe  Pfad des fehlerhaften Moduls:
 C:\Users\Sky\AppData\Local\Temp\service.exe  Berichtskennung: 530cbf50-9402-11df-b207-665544336040
 
Error - 22.07.2010 16:35:26 | Computer Name = Sky-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: service.exe, Version: 5.5.0.31, Zeitstempel:
 0x42bab159  Name des fehlerhaften Moduls: service.exe, Version: 5.5.0.31, Zeitstempel:
 0x42bab159  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000012c1  ID des fehlerhaften Prozesses:
 0x558  Startzeit der fehlerhaften Anwendung: 0x01cb29dd68f86894  Pfad der fehlerhaften
 Anwendung: C:\Users\Sky\AppData\Local\Temp\service.exe  Pfad des fehlerhaften Moduls:
 C:\Users\Sky\AppData\Local\Temp\service.exe  Berichtskennung: a89c049c-95d0-11df-a7e5-665544336040
 
Error - 28.07.2010 08:51:07 | Computer Name = Sky-PC | Source = VSS | ID = 8194
Description = 
 
[ System Events ]
Error - 27.07.2010 01:33:01 | Computer Name = Sky-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 27.07.2010 06:44:52 | Computer Name = Sky-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 27.07.2010 10:49:40 | Computer Name = Sky-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 28.07.2010 01:11:26 | Computer Name = Sky-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 28.07.2010 07:41:03 | Computer Name = Sky-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 28.07.2010 08:55:32 | Computer Name = Sky-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 28.07.2010 09:21:45 | Computer Name = Sky-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 28.07.2010 13:07:40 | Computer Name = Sky-PC | Source = ap7wzrjt | ID = 262153
Description = 
 
Error - 29.07.2010 01:13:20 | Computer Name = Sky-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 29.07.2010 09:25:26 | Computer Name = Sky-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
 
< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 03.08.2010 18:19:18 - Run 3
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Sky\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 18,49 Gb Free Space | 37,87% Space Free | Partition Type: NTFS
Drive D: | 139,41 Gb Total Space | 89,32 Gb Free Space | 64,07% Space Free | Partition Type: NTFS
Drive E: | 98,57 Gb Total Space | 61,24 Gb Free Space | 62,13% Space Free | Partition Type: NTFS
Drive F: | 318,36 Gb Total Space | 159,46 Gb Free Space | 50,09% Space Free | Partition Type: NTFS
Drive G: | 46,90 Gb Total Space | 36,68 Gb Free Space | 78,21% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SKY-PC
Current User Name: Sky
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.01 12:41:03 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Sky\Desktop\OTL.exe
PRC - [2010.07.12 10:55:38 | 000,755,096 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWWSC.exe
PRC - [2010.06.30 14:52:22 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.04.23 00:59:41 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.04.15 10:16:48 | 000,288,064 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009.09.28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2007.05.30 14:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.01 12:41:03 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Sky\Desktop\OTL.exe
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.06.29 19:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009.07.14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009.07.14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010.07.12 10:55:38 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.04.23 00:59:41 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.09.28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2007.08.24 07:59:20 | 000,068,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007.05.30 14:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) [Auto | Running] -- C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010.07.28 14:51:27 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.03.05 13:20:14 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.03.05 13:20:13 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.02.17 20:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2010.02.17 20:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2010.02.16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009.07.14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009.07.14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009.07.14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009.07.14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.03 01:58:24 | 000,507,392 | ---- | M] (ITETech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AF15BDA.sys -- (AF15BDA)
DRV:64bit: - [2007.05.30 14:10:42 | 000,014,072 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AvgAsC64.sys -- (AvgAsC64)
DRV - [2007.05.30 14:10:42 | 000,012,024 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard64.sys -- (AVG Anti-Spyware Driver)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 6A 37 9E 1F AC CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.07.08 00:04:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.07.08 00:04:25 | 000,000,000 | ---D | M]
 
[2010.02.14 17:42:28 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\mozilla\Extensions
[2010.03.01 14:11:35 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\mozilla\Firefox\Profiles\gfo7ooo2.default\extensions
[2010.02.17 11:38:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPPDLicenseHelper.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.21 18:43:13 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.02.12 07:16:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.03 14:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010.08.02 22:09:27 | 000,000,000 | ---D | C] -- C:\Users\Sky\AppData\Roaming\SUPERAntiSpyware.com
[2010.08.02 22:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.08.02 22:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010.08.02 22:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010.08.02 22:06:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.01 12:41:02 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Sky\Desktop\OTL.exe
[2010.08.01 11:37:48 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Sky\Desktop\TFC.exe
[2010.08.01 08:22:11 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Sky\Desktop\HiJackThis204.exe
[2010.07.31 15:01:45 | 000,000,000 | ---D | C] -- C:\Users\Sky\AppData\Roaming\Grisoft
[2010.07.31 15:01:39 | 000,014,072 | ---- | C] (GRISOFT, s.r.o.) -- C:\Windows\SysNative\drivers\AvgAsC64.sys
[2010.07.31 15:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Grisoft
[2010.07.31 15:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grisoft
[2010.07.30 21:08:12 | 000,000,000 | ---D | C] -- C:\Users\Sky\AppData\Local\Sunbelt Software
[2010.07.30 19:03:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010.07.30 19:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.07.30 19:02:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010.07.30 18:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.07.30 18:26:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.07.30 16:21:55 | 000,000,000 | ---D | C] -- C:\Users\Sky\AppData\Roaming\Malwarebytes
[2010.07.30 16:21:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.07.30 16:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.30 16:21:40 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.07.30 16:21:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.07.28 16:49:44 | 000,000,000 | ---D | C] -- C:\Users\Sky\Documents\StarCraft II
[2010.07.28 16:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010.07.28 16:49:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010.07.28 14:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2010.07.28 14:50:40 | 000,000,000 | ---D | C] -- C:\Users\Sky\AppData\Roaming\DAEMON Tools Pro
[2010.07.28 14:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2010.07.18 17:29:18 | 000,000,000 | ---D | C] -- C:\Users\Sky\Desktop\daria
[2010.07.14 05:57:34 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010.07.11 09:01:22 | 000,000,000 | ---D | C] -- C:\Windows\Sun
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.03 18:20:54 | 002,097,152 | -HS- | M] () -- C:\Users\Sky\NTUSER.DAT
[2010.08.03 18:15:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.03 14:47:48 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.03 14:47:48 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.02 22:11:23 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.08.02 22:11:23 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.08.02 22:11:23 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.08.02 22:11:23 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.08.02 22:11:23 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.08.02 22:09:21 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.08.02 22:07:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.02 22:07:01 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.02 22:06:14 | 002,652,710 | -H-- | M] () -- C:\Users\Sky\AppData\Local\IconCache.db
[2010.08.01 12:41:03 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Sky\Desktop\OTL.exe
[2010.08.01 11:37:48 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Sky\Desktop\TFC.exe
[2010.08.01 10:41:14 | 000,731,136 | ---- | M] () -- C:\Users\Sky\Desktop\avenger.exe
[2010.08.01 08:46:11 | 000,001,541 | ---- | M] () -- C:\Users\Sky\Desktop\avgas - Verknüpfung.lnk
[2010.08.01 08:22:11 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Sky\Desktop\HiJackThis204.exe
[2010.07.30 19:03:15 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.07.30 18:26:35 | 000,001,228 | ---- | M] () -- C:\Users\Sky\Desktop\Spybot - Search & Destroy.lnk
[2010.07.30 16:21:46 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.28 19:28:04 | 000,000,791 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010.07.28 14:51:27 | 000,828,912 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010.07.12 10:55:38 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
 
========== Files Created - No Company Name ==========
 
[2010.08.02 22:09:21 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.08.01 10:41:14 | 000,731,136 | ---- | C] () -- C:\Users\Sky\Desktop\avenger.exe
[2010.08.01 08:46:11 | 000,001,541 | ---- | C] () -- C:\Users\Sky\Desktop\avgas - Verknüpfung.lnk
[2010.07.31 12:28:36 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2010.07.30 19:03:15 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.07.30 18:26:35 | 000,001,228 | ---- | C] () -- C:\Users\Sky\Desktop\Spybot - Search & Destroy.lnk
[2010.07.30 16:21:46 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.28 19:12:44 | 000,000,791 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010.07.18 19:01:59 | 000,000,000 | ---- | C] () -- C:\Users\Sky\Sti_Trace.log
[2010.05.31 08:59:02 | 000,000,000 | ---- | C] () -- C:\Windows\wiso.ini
[2010.03.27 21:04:50 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010.03.27 21:04:50 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010.03.27 21:04:50 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010.02.22 21:13:52 | 000,127,085 | ---- | C] () -- C:\Windows\SysWow64\RTKFMSOURCE.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >

--- --- ---

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=5ff9bbd61da2744e84aacafca49b2b66
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-03 04:03:26
# local_time=2010-08-03 06:03:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 196864 23180870 232896 0
# compatibility_mode=5893 16776573 100 94 173 33245277 0 0
# compatibility_mode=8192 67108863 100 0 80 80 0 0
# scanned=157744
# found=1
# cleaned=1
# scan_time=11801
C:\_OTL\MovedFiles\08022010_220603\C_extensions.exe\extensions.exe a variant of Win32/Kryptik.FUC trojan (deleted - quarantined) 00000000000000000000000000000000 C

mfg

Larusso · 03.08.2010, 17:36

Noch Probleme ?

tantow · 03.08.2010, 17:38

Wie meinst du das?

Larusso · 03.08.2010, 17:41

Was ist daran unverständlich. Deine privaten Probleme tangiern mich weniger.

Macht der Rechner noch Probleme

tantow · 03.08.2010, 17:45

Nein macht er nicht.

Besten Dank!

01.08.2010, 21:33	#6
Larusso /// Selecta Jahrusso	Diverse Trojaner vom Typ Trojan.Rodecap, Trojan.Dropper und Trojan.Agent! Brauche dringend Hilfe! Welche Datei ist der erste Scan ? Datei file-1268879_exe ? __________________ --> Diverse Trojaner vom Typ Trojan.Rodecap, Trojan.Dropper und Trojan.Agent! Brauche dringend Hilfe!

03.08.2010, 17:36	#12
Larusso /// Selecta Jahrusso	Diverse Trojaner vom Typ Trojan.Rodecap, Trojan.Dropper und Trojan.Agent! Brauche dringend Hilfe! Noch Probleme ? __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

Diverse Trojaner vom Typ Trojan.Rodecap, Trojan.Dropper und Trojan.Agent! Brauche dringend Hilfe!

Log-Analyse und Auswertung: Diverse Trojaner vom Typ Trojan.Rodecap, Trojan.Dropper und Trojan.Agent! Brauche dringend Hilfe!