Trojan.Gen.Ml - Nicht entfernbar!

ichhaueuch · 03.10.2010, 17:17

Hallo ,
ich wollte erstmal sagen das ich die Boardsuche und google verwendet habe.

So nun zu meinem Problem ich habe seit einer Zeit einen Virus drauf
namens Trojan.Gen.Ml der von meinem Anti Virus Programm
(Norton Anti Virus) angezeigt wird. Ich kann ihn aber nicht entfernen ,
wenn ich auf entfernen klicke steht da nur "Entfernen Fehlgeschlagen"

ich brauche dringend eure Hilfe und euer Rat

ich bedanke mich vielmals

hier das Ergebnis von HijackThis falls ihr das braucht:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:14:38, on 03.10.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18498)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Name\Program Files\DNA\btdna.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Name\Desktop\Neuer Ordner (6)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
R3 - URLSearchHook: Softonic Deutsch TC Toolbar - {f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - C:\Program Files\Softonic_Deutsch_TC\tbSoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Softonic Deutsch TC Toolbar - {f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - C:\Program Files\Softonic_Deutsch_TC\tbSoft.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Softonic Deutsch TC Toolbar - {f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - C:\Program Files\Softonic_Deutsch_TC\tbSoft.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Name\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - Startup: MultiRes.lnk = C:\Program Files\MultiRes\MultiRes.exe
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Name\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10211 bytes

Danke schonmal

Swisstreasure · 03.10.2010, 20:45

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Bitte poste mir den genauen Pfad des Fundes.

Schritt 2

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Schritt 3

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.

Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Gmer startet automatisch einen ersten Scan.

Sollte sich ein Fenster mit folgender Warnung öffnen:

Code:

ATTFilter

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

Unbedingt auf "No" klicken,
in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

.
Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
Wenn der Scan fertig ist, bleibt die Zeile leer.
Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

ichhaueuch · 04.10.2010, 13:02

So zu 1.

kann ich schonmal sagen das mein Norton Antivirus komischerweise
den Pfad nicht anzeigt! Ich bin mir aber ziemlich sicher das ich mal herausbekommen habe das es irgendeine "update.exe" ist.
Und ich mal den ganzen Pfad gefolgt bin aber die letzen Ordner nicht gefunden hatte!

Bei Norton Antivirus steht nur:

Trojan.Gen.Ml kann nicht aus einer nicht
unterstützen Datei entfernt werden.

Betroffener Bereich:

1 Datei

Details:

[Eingeschränktes Element (Berechtigung erforderlich)]

PS: Werde mich natürlich melden sobald ich weiter gemacht habe.

ichhaueuch · 04.10.2010, 19:46

Also mit alle Programme schliessen habe ich verstanden "Anwendungen" unter Task-Manager und alles was ich auf habe wie Ordner ...

Schritt 2 :

OTL.Txt :

(Name raus geschnitten)

Code:

ATTFilter

OTL logfile created on: 04.10.2010 19:49:43 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Name\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,16 Gb Total Space | 395,77 Gb Free Space | 68,69% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,83 Gb Free Space | 54,15% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: Name-PC
Current User Name: Name
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.10.04 13:46:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Name\Desktop\OTL.exe
PRC - [2010.10.02 18:51:54 | 002,937,528 | ---- | M] () -- C:\Programme\Pando Networks\Media Booster\PMB.exe
PRC - [2009.10.07 19:08:01 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Name\Program Files\DNA\btdna.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008.07.11 02:27:52 | 040,999,448 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2008.07.10 03:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.05.07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.08.23 22:35:32 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006.11.02 14:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.10.04 13:46:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Name\Desktop\OTL.exe
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008.01.21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.09.23 16:44:56 | 002,950,744 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\netsession_win_062a651.dll -- (Akamai)
SRV - [2010.04.28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010.03.28 16:47:30 | 000,246,520 | ---- | M] () [Disabled | Stopped] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010.03.18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010.03.18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010.03.18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2010.02.10 19:07:00 | 003,458,548 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.11.27 17:24:34 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008.10.07 15:49:34 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008.07.11 02:27:52 | 040,999,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2008.07.11 02:27:52 | 000,369,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS)
SRV - [2008.07.11 02:27:48 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2008.07.10 03:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.07.10 03:49:34 | 000,258,072 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.05.07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.08.23 22:35:32 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007.08.23 22:35:24 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2010.09.28 10:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101004.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010.09.28 10:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101004.003\NAVENG.SYS -- (NAVENG)
DRV - [2010.09.15 20:11:07 | 000,287,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20100915.004\IDSvix86.sys -- (IDSvix86)
DRV - [2010.05.26 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010.05.26 10:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010.04.28 07:44:02 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010.03.14 21:49:49 | 000,068,680 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva337.sys -- (XDva337)
DRV - [2010.02.03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.11.16 18:33:38 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009.10.29 18:33:45 | 000,229,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2009.02.19 12:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009.02.19 12:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009.02.19 12:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009.02.19 12:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009.02.19 12:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009.02.19 12:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009.01.09 18:46:08 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008.09.05 15:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008.07.30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008.07.10 03:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008.06.09 07:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.05.07 19:22:50 | 002,134,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.05.07 17:40:02 | 000,317,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.02.06 17:13:00 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008.02.05 02:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:21 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.11.30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007.11.30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007.11.30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007.03.12 03:12:00 | 000,256,000 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUSB54GCx86.sys -- (netr73)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2005.06.24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005.05.26 11:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005.05.26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2004.08.09 13:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.08.09 13:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004.07.19 16:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - C:\Programme\Softonic_Deutsch_TC\tbSoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - C:\Programme\Softonic_Deutsch_TC\tbSoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch TC Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2040433&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.trojaner-board.de/91425-t...tfernbar.html"
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {f1ae9383-9442-4e9c-ab8c-d441fd0021cf}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100827
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2040433&q="
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.03 19:21:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.03 19:21:05 | 000,000,000 | ---D | M]
 
[2008.11.08 13:05:30 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\mozilla\Extensions
[2010.10.04 19:49:12 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions
[2010.05.09 16:42:09 | 000,000,000 | ---D | M] (Remove It Permanently) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322}
[2010.09.17 18:45:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.17 18:45:39 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.09.17 18:45:39 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.07.23 12:00:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.07.10 15:44:46 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2010.07.24 16:50:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.05.22 21:05:14 | 000,000,000 | ---D | M] (Softonic Deutsch TC Toolbar) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\{f1ae9383-9442-4e9c-ab8c-d441fd0021cf}
[2010.09.17 18:45:39 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\nasanightlaunch@example.com
[2008.11.08 13:05:51 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\toolbar_extras@de.yahoo.com
[2010.04.21 12:45:26 | 000,000,941 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\conduit.xml
[2010.05.08 14:55:39 | 000,000,828 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin-1.xml
[2010.05.08 14:55:39 | 000,000,828 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin-2.xml
[2010.05.08 14:55:39 | 000,000,828 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin-3.xml
[2010.05.08 14:55:39 | 000,000,828 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin-4.xml
[2010.05.08 14:55:39 | 000,000,828 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin-5.xml
[2010.03.19 17:08:25 | 000,000,950 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin-6.xml
[2010.05.08 14:56:31 | 000,000,950 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin-7.xml
[2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin.xml
[2010.05.08 14:55:39 | 000,001,759 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\live-search.xml
[2009.09.02 15:26:26 | 000,002,137 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\MyStart Search.xml
[2010.05.08 14:55:39 | 000,003,970 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\sweetim.xml
[2010.10.03 19:21:05 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.07.15 11:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.10 17:12:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.03 19:58:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.10.02 18:51:54 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010.09.14 23:32:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 23:32:39 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.14 23:32:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.14 23:32:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.14 23:32:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.09 16:27:58 | 000,001,095 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 bin-layer.de
O1 - Hosts: 127.0.0.1 layer-ads.de
O1 - Hosts: 127.0.0.1 imgserv.sponsorads.de
O1 - Hosts: 127.0.0.1 hxxp://www.qzmeds.com/index2.html?c=79&kw=germ
O1 - Hosts: 127.0.0.1 hxxp://www.travian.de/?ad=10235_2222201222&ce_cid=000xQF75l5I11IvkOa2zmFNTOm000000
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (Softonic Deutsch TC Toolbar) - {f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - C:\Programme\Softonic_Deutsch_TC\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch TC Toolbar) - {f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - C:\Programme\Softonic_Deutsch_TC\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch TC Toolbar) - {F1AE9383-9442-4E9C-AB8C-D441FD0021CF} - C:\Programme\Softonic_Deutsch_TC\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ALUAlert] C:\Programme\Symantec\LiveUpdate\ALUNOTIFY.EXE (Symantec Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Name\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiRes.lnk = C:\Programme\MultiRes\MultiRes.exe (EnTech Taiwan)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Name\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Name\Desktop\Sonstiges\Yod'm 3D\desktopwallpaper0.bmp
O24 - Desktop BackupWallPaper: C:\Users\Name\Desktop\Sonstiges\Yod'm 3D\desktopwallpaper0.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.04.20 17:30:38 | 000,000,076 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - C:\Windows\System32\fmcodec.DLL (Fox Magic Software)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.SP54 - C:\Windows\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP55 - C:\Windows\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP56 - C:\Windows\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP57 - C:\Windows\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP58 - C:\Windows\System32\SP5X_32.DLL (Sunplus)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.10.04 19:45:21 | 000,000,000 | ---D | C] -- C:\Programme\Skype
[2010.10.04 19:45:21 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.10.04 17:39:18 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Sachen-Mitnehmen
[2010.10.04 17:12:10 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Backups
[2010.10.04 15:43:12 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Neuer Ordner (8)
[2010.10.04 15:43:03 | 000,000,000 | ---D | C] -- C:\xampp
[2010.10.04 15:37:46 | 053,670,736 | ---- | C] (Apache Friends) -- C:\Users\Name\Desktop\xampp-win32-1.7.3.exe
[2010.10.04 14:07:36 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Neuer Ordner (7)
[2010.10.04 13:46:09 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Name\Desktop\OTL.exe
[2010.10.03 19:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010.10.03 19:08:25 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager
[2010.10.03 18:13:56 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Neuer Ordner (6)
[2010.10.03 12:57:30 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Neuer Ordner (5)
[2010.10.02 23:11:05 | 000,000,000 | ---D | C] -- C:\Programme\MultiRes
[2010.10.02 22:41:15 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Warrock Mod
[2010.10.02 21:56:00 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Local\Softonic_Deutsch_TC
[2010.10.02 21:27:09 | 000,000,000 | ---D | C] -- C:\War Rock
[2010.10.02 17:40:01 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Pokemon
[2010.10.02 17:06:24 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Pokemon Platin Save Editor
[2010.10.01 19:19:10 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\XnView
[2010.10.01 19:17:56 | 000,000,000 | ---D | C] -- C:\Programme\XnView
[2010.09.29 01:28:25 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Wbb2.1
[2010.09.27 17:33:08 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Warrock Hack
[2010.09.25 15:07:51 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Neuer Ordner (4)
[2010.09.23 18:52:27 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Pokereich.tk
[2010.09.23 16:49:56 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Neuer Ordner (3)
[2010.09.22 16:57:09 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Wbblite
[2010.09.21 17:55:54 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Neuer Ordner (2)
[2010.09.11 22:51:50 | 000,000,000 | ---D | C] -- C:\Users\Name\Documents\NFS Carbon
[2010.09.11 22:17:18 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Neuer Ordner
[2010.09.11 22:07:50 | 000,000,000 | ---D | C] -- C:\Programme\Electronic Arts
[2010.09.11 17:41:30 | 000,000,000 | ---D | C] -- C:\Programme\Datel
[2010.09.10 19:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NFS Underground Demo
[2010.09.06 17:13:42 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Local\PackageAware
[2010.08.22 17:14:57 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\IrfanView
[2010.08.22 17:14:56 | 000,000,000 | ---D | C] -- C:\Programme\IrfanView
[2010.08.19 23:53:35 | 000,000,000 | ---D | C] -- C:\Pokewitch
[2010.08.06 22:22:30 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\Sony
[2010.08.06 22:22:30 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Local\Sony
[2010.08.04 20:21:21 | 000,000,000 | ---D | C] -- C:\Users\Name\Documents\Navicat
[2010.08.04 19:51:08 | 000,000,000 | ---D | C] -- C:\Programme\Metin2_Germany2
[2010.08.02 19:31:47 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Videos & Musik von Youtube Converter
[2010.08.02 00:16:02 | 000,000,000 | ---D | C] -- C:\GMouse20
[2010.07.26 20:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2010.07.24 16:50:19 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.23 11:57:24 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2
[2010.07.11 10:24:59 | 000,000,000 | ---D | C] -- C:\Users\Name\Documents\GTA San Andreas User Files
[2010.07.10 15:40:42 | 000,000,000 | ---D | C] -- C:\Fraps
[2010.07.07 17:02:22 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Local\TeamSpeak 3 Client
 
========== Files - Modified Within 90 Days ==========
 
[2010.10.04 19:49:07 | 003,932,160 | -HS- | M] () -- C:\Users\Name\NTUSER.DAT
[2010.10.04 18:47:54 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.04 18:47:54 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.04 18:42:34 | 000,000,534 | ---- | M] () -- C:\Windows\tasks\Norton AntiVirus Online - Systemprüfung ausführen - Name.job
[2010.10.04 18:42:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.04 18:42:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.04 18:41:55 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.04 18:00:01 | 000,065,536 | -HS- | M] () -- C:\Users\Name\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.10.04 18:00:00 | 000,524,288 | -HS- | M] () -- C:\Users\Name\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.10.04 17:59:46 | 001,871,188 | -H-- | M] () -- C:\Users\Name\AppData\Local\IconCache.db
[2010.10.04 17:46:42 | 008,345,892 | ---- | M] () -- C:\Users\Name\Desktop\Pokereich.tk.rar
[2010.10.04 15:46:17 | 000,922,649 | ---- | M] () -- C:\Users\Name\Desktop\7z465.rar
[2010.10.04 15:46:09 | 000,939,956 | ---- | M] () -- C:\Users\Name\Desktop\7z465.exe
[2010.10.04 15:40:25 | 053,670,736 | ---- | M] (Apache Friends) -- C:\Users\Name\Desktop\xampp-win32-1.7.3.exe
[2010.10.04 13:46:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Name\Desktop\OTL.exe
[2010.10.03 19:36:07 | 000,000,808 | ---- | M] () -- C:\Users\Name\Desktop\CCleaner.lnk
[2010.10.03 19:21:06 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.10.03 19:10:38 | 000,000,892 | ---- | M] () -- C:\Users\Name\Desktop\TaskMan - Verknüpfung.lnk
[2010.10.03 12:54:54 | 000,000,862 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiRes.lnk
[2010.10.02 21:33:14 | 000,000,572 | ---- | M] () -- C:\Users\Public\Desktop\War Rock.lnk
[2010.10.02 21:15:31 | 684,385,904 | ---- | M] () -- C:\Users\Name\War_Rock_20100921.exe
[2010.10.02 17:16:02 | 001,741,234 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.10.02 17:16:02 | 000,737,696 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.02 17:16:02 | 000,697,424 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.02 17:16:02 | 000,168,994 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.02 17:16:02 | 000,143,140 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.01 22:14:14 | 000,001,536 | ---- | M] () -- C:\Users\Name\Desktop\NO$GBA.INP
[2010.09.28 15:55:20 | 000,000,937 | ---- | M] () -- C:\Users\Name\Desktop\HackSearcher Version 3.0 - Verknüpfung.lnk
[2010.09.27 16:43:23 | 000,541,948 | ---- | M] () -- C:\Users\Name\Desktop\sasasd.png
[2010.09.27 16:37:03 | 000,000,915 | ---- | M] () -- C:\Users\Name\Desktop\FileZilla.lnk
[2010.09.27 16:20:18 | 000,013,037 | ---- | M] () -- C:\Users\Name\Desktop\vorschau.png
[2010.09.26 19:49:39 | 000,000,562 | ---- | M] () -- C:\Users\Name\Desktop\xampp-control - Verknüpfung.lnk
[2010.09.25 17:25:23 | 000,000,680 | ---- | M] () -- C:\Users\Name\AppData\Local\d3d9caps.dat
[2010.09.23 17:14:57 | 000,001,868 | ---- | M] () -- C:\Users\Name\Desktop\Paint.NET.lnk
[2010.09.22 17:21:33 | 000,070,144 | ---- | M] () -- C:\Users\Name\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.18 00:07:19 | 000,006,983 | ---- | M] () -- C:\Users\Name\Desktop\NO$GBA.CHT
[2010.09.14 13:16:14 | 000,000,680 | RHS- | M] () -- C:\Users\Name\ntuser.pol
[2010.09.12 15:52:58 | 000,326,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.09.12 02:09:26 | 000,524,288 | -HS- | M] () -- C:\Users\Name\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.09.11 22:45:48 | 000,000,058 | ---- | M] () -- C:\Windows\nfsc_patch.ini
[2010.09.11 22:43:49 | 000,001,975 | ---- | M] () -- C:\Users\Name\Desktop\Need for Speed™ Carbon.lnk
[2010.08.21 19:25:03 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.08.18 23:15:40 | 000,000,109 | ---- | M] () -- C:\Windows\GMouse.ini
[2010.08.08 12:44:06 | 000,000,832 | ---- | M] () -- C:\Users\Name\Desktop\RocketDock.lnk
[2010.08.05 13:12:55 | 000,000,600 | ---- | M] () -- C:\Users\Name\AppData\Local\PUTTY.RND
[2010.07.28 18:41:07 | 000,084,856 | ---- | M] () -- C:\Users\Name\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.07.14 18:07:41 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010.07.12 19:05:23 | 000,006,034 | -HS- | M] () -- C:\Users\Name\Desktop\Folder.jpg
[2010.07.12 19:05:23 | 000,006,034 | -HS- | M] () -- C:\Users\Name\Desktop\AlbumArt_{9543C7FD-ADCD-4F57-86EE-9416AF06967E}_Large.jpg
[2010.07.12 19:05:23 | 000,002,025 | -HS- | M] () -- C:\Users\Name\Desktop\AlbumArtSmall.jpg
[2010.07.12 19:05:23 | 000,002,025 | -HS- | M] () -- C:\Users\Name\Desktop\AlbumArt_{9543C7FD-ADCD-4F57-86EE-9416AF06967E}_Small.jpg
 
========== Files Created - No Company Name ==========
 
[2010.10.04 17:46:38 | 008,345,892 | ---- | C] () -- C:\Users\Name\Desktop\Pokereich.tk.rar
[2010.10.04 15:46:17 | 000,922,649 | ---- | C] () -- C:\Users\Name\Desktop\7z465.rar
[2010.10.04 15:46:05 | 000,939,956 | ---- | C] () -- C:\Users\Name\Desktop\7z465.exe
[2010.10.03 19:36:07 | 000,000,808 | ---- | C] () -- C:\Users\Name\Desktop\CCleaner.lnk
[2010.10.03 19:21:06 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.10.03 19:10:38 | 000,000,892 | ---- | C] () -- C:\Users\Name\Desktop\TaskMan - Verknüpfung.lnk
[2010.10.02 23:12:54 | 000,000,862 | ---- | C] () -- C:\Users\Name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiRes.lnk
[2010.10.02 21:33:14 | 000,000,572 | ---- | C] () -- C:\Users\Public\Desktop\War Rock.lnk
[2010.10.02 20:41:57 | 684,385,904 | ---- | C] () -- C:\Users\Name\War_Rock_20100921.exe
[2010.10.02 18:41:47 | 000,006,983 | ---- | C] () -- C:\Users\Name\Desktop\NO$GBA.CHT
[2010.10.02 18:41:27 | 000,001,536 | ---- | C] () -- C:\Users\Name\Desktop\NO$GBA.INP
[2010.10.01 15:43:27 | 3219,312,640 | -HS- | C] () -- C:\hiberfil.sys
[2010.09.28 15:55:20 | 000,000,937 | ---- | C] () -- C:\Users\Name\Desktop\HackSearcher Version 3.0 - Verknüpfung.lnk
[2010.09.27 16:43:21 | 000,541,948 | ---- | C] () -- C:\Users\Name\Desktop\sasasd.png
[2010.09.27 16:37:03 | 000,000,915 | ---- | C] () -- C:\Users\Name\Desktop\FileZilla.lnk
[2010.09.27 16:20:17 | 000,013,037 | ---- | C] () -- C:\Users\Name\Desktop\vorschau.png
[2010.09.26 19:49:39 | 000,000,562 | ---- | C] () -- C:\Users\Name\Desktop\xampp-control - Verknüpfung.lnk
[2010.09.23 17:13:34 | 000,001,868 | ---- | C] () -- C:\Users\Name\Desktop\Paint.NET.lnk
[2010.09.14 13:09:11 | 000,000,680 | RHS- | C] () -- C:\Users\Name\ntuser.pol
[2010.09.11 22:43:49 | 000,001,975 | ---- | C] () -- C:\Users\Name\Desktop\Need for Speed™ Carbon.lnk
[2010.09.11 22:27:20 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2010.08.08 12:44:06 | 000,000,832 | ---- | C] () -- C:\Users\Name\Desktop\RocketDock.lnk
[2010.08.04 20:21:00 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
[2010.08.02 00:19:38 | 000,000,109 | ---- | C] () -- C:\Windows\GMouse.ini
[2010.07.14 18:07:41 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.07.12 19:05:23 | 000,006,034 | -HS- | C] () -- C:\Users\Name\Desktop\AlbumArt_{9543C7FD-ADCD-4F57-86EE-9416AF06967E}_Large.jpg
[2010.07.12 19:05:23 | 000,002,025 | -HS- | C] () -- C:\Users\Name\Desktop\AlbumArt_{9543C7FD-ADCD-4F57-86EE-9416AF06967E}_Small.jpg
[2010.05.22 20:54:09 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.02.12 22:36:04 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.02.12 22:22:30 | 000,598,016 | ---- | C] () -- C:\Windows\System32\viscomqtde.dll
[2010.02.12 22:22:30 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.11.22 01:58:42 | 000,000,600 | ---- | C] () -- C:\Users\Name\AppData\Local\PUTTY.RND
[2009.11.20 15:25:57 | 001,073,152 | ---- | C] () -- C:\Windows\System32\libmysql_c.dll
[2009.11.16 18:33:38 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.08.01 19:56:29 | 000,000,552 | ---- | C] () -- C:\Users\Name\AppData\Local\d3d8caps.dat
[2009.06.07 13:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll
[2009.01.01 19:54:11 | 000,000,680 | ---- | C] () -- C:\Users\Name\AppData\Local\d3d9caps.dat
[2008.10.31 15:02:29 | 000,070,144 | ---- | C] () -- C:\Users\Name\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.09 19:36:23 | 000,159,992 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.08.08 15:49:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.05.16 02:14:50 | 000,000,963 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2010.02.12 22:52:18 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\AnvSoft
[2008.10.09 14:55:05 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Buhl Data Service GmbH
[2010.02.14 15:40:05 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\CrystalButton
[2009.12.08 19:57:24 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\DMCache
[2010.10.04 19:52:41 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\DNA
[2010.07.24 16:50:19 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.03 17:55:13 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\FileZilla
[2010.10.04 16:56:47 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Free Download Manager
[2010.05.08 16:53:04 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\GlarySoft
[2010.09.16 19:41:50 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\ICQ
[2010.08.22 17:14:57 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\IrfanView
[2008.12.18 19:36:30 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\McLoad
[2010.03.19 15:51:35 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\OCS
[2010.03.19 15:51:41 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Opera
[2010.08.06 22:22:30 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Sony
[2010.08.08 20:27:32 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\TeamViewer
[2010.05.02 17:18:28 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\TS3Client
[2010.05.08 14:15:03 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\TuneUp Software
[2008.11.08 17:46:47 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Ulead Systems
[2010.10.01 19:19:23 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\XnView
[2010.10.04 17:59:55 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.08.04 11:38:09 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010.10.04 18:41:55 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2009.10.22 17:42:02 | 739,748,241 | ---- | M] (Igor Pavlov) -- C:\InstantServer_Uploaded_by_Raven[www.metin2u.tk].exe
[2008.12.07 14:43:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008.12.07 14:43:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.10.04 18:41:53 | 3533,127,680 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010.04.03 14:34:16 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006.10.26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2006.10.26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
[2010.04.17 01:45:28 | 000,307,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
[2009.04.20 17:30:35 | 000,001,658 | -H-- | M] () -- C:\Users\Name\AppData\Roaming\Microsoft\LastFlashConfig.WFC
 
< %PROGRAMFILES%\*.* >
[2008.01.21 04:43:21 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 04:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008.01.21 04:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\user32.dll /md5 >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-04 12:46:22
 
========== Files - Unicode (All) ==========
[2010.07.07 17:25:11 | 000,000,000 | ---D | M](C:\Users\Name\Documents\?? ???) -- C:\Users\Name\Documents\넥슨 플러그
[2010.07.07 17:25:11 | 000,000,000 | ---D | C](C:\Users\Name\Documents\?? ???) -- C:\Users\Name\Documents\넥슨 플러그
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0059.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0054.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0053.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0049.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0047.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0042.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0036.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0031.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0029.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0020.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0018.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0014.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0002.avi:TOC.WMV
< End of report >

Extras.Txt :

Code:

ATTFilter

OTL Extras logfile created on: 04.10.2010 19:49:43 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Name\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,16 Gb Total Space | 395,77 Gb Free Space | 68,69% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,83 Gb Free Space | 54,15% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: Name-PC
Current User Name: Name
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"AntiVirusDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1257661164-1137624066-1645535895-1001]
"EnableNotificationsRef" = 5
"EnableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{117D5882-2BE2-46EA-81F9-3A6A83148310}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{19F9EC2C-1410-401D-AFAD-CE854E0E989B}" = lport=49158 | protocol=6 | dir=in | name=akamai netsession interface | 
"{1BE3D8DE-B279-469D-B02A-EFC602052786}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface | 
"{AC25BDB5-3206-43C4-A4F9-1EB90997E92D}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{E9603A03-DA38-4820-8349-9526FB9E936E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{EE7F4357-08CF-4E5F-B29E-BC0ED717E312}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05BD6362-2791-4F81-8DF1-6CEC8C35B343}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{1A303F31-98A8-406C-A0AA-89F96E264BE5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{1BA5EC7B-4E6D-4514-BB0A-3474B6C77D89}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{1DC1F069-95A3-472C-96C3-F36B50E85811}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{255F0879-68E2-4D6F-A800-AAA1F084469C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{258DA858-D0BA-4287-AFCE-DE68E8068828}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{26CCA863-4016-4700-9C4B-AB77EB788576}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{299DAE5B-BD5C-464D-933F-9A1109E06A5E}" = protocol=17 | dir=in | app=c:\programdata\nexon\ngm\ngm.exe | 
"{371D9033-D17C-4F8C-B0AE-AE95A720D024}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{3883A522-A662-42BA-A4A0-FCF8ACEBD480}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{442B90A3-358D-4442-8C56-540705095AD1}" = protocol=17 | dir=in | app=c:\nexon\nexonplug\nmservice.exe | 
"{44DA55D9-B665-4EEE-9ECD-86B427C135CA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{45AB1897-5EFF-47FB-AF45-5B45C1AD16E4}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{46C78A5C-7ACC-481B-B471-5912358FE1CD}" = protocol=17 | dir=in | app=c:\nexon\nexonplug\nmservice.exe | 
"{4A682C5B-255A-4F90-99CE-140070EE0850}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{50F415F5-52F8-444E-882E-9672AB3B3E3A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{5270CA1A-B1D0-4C14-91DB-10805CF3214C}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{52A00A05-F2A2-47A9-9EC6-8BD160115EEC}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{5625156C-2546-4C12-877F-BF342DEF9F38}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{5AC59CBB-F2C5-49EB-8DFB-AC53DAE962B7}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{62421C5C-8824-41C2-A84E-231A2391082D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{653D3D8F-980B-4752-9C6F-091063C05021}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{66675EA0-E6C0-4514-8F0B-ABBAAE4F16D2}" = protocol=6 | dir=in | app=c:\programdata\nexon\common\nmservice.exe | 
"{74BD58D8-DF17-4F8A-B1DD-C90621CC67EA}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{75084A91-08D1-413D-92D6-16B7E4D4E43E}" = protocol=6 | dir=in | app=c:\programdata\nexon\common\nmservice.exe | 
"{75A252BD-A244-493B-8C15-A48545214925}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{82BCA3AC-2D19-4577-B9C6-648F20D2AD51}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{83598253-E930-465B-8E09-7596ECDA466D}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{8505CE8C-9FB9-4CB4-816E-D0EE3F40DE2F}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{86F2FFE1-C09D-4F96-AAD5-BFFE96F872F8}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{8A2C929B-FC6D-4F2B-87BB-904F08A97AB1}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{8D2EA81F-5892-433E-B713-1610A6F4FBED}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{90C7113E-2646-4D32-847C-D278FFFF66D7}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{95B569AF-B910-4CAC-AF83-F4A0B7590BE9}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{9B8CC944-131C-4A69-AA11-ACEC70A76D7D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{A157F7D1-F6DE-4241-8CCD-2F9DB64D293F}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{AC6CBBE4-2671-4AF2-AAEC-D23F53F9E068}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{AF342B1D-B1A8-484D-B4F0-FED86575A741}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{B88D4394-74E0-41AD-9B01-F180CDF54B0E}" = protocol=6 | dir=in | app=c:\nexon\nexonplug\nmservice.exe | 
"{BAEE822B-4692-4E30-BF98-E44F21D64009}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{BD070A6A-0C31-4063-A97F-48880C7CCD8C}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{C5B6B294-BA5D-45A1-80A8-9636AAE28B36}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{C5DC6E69-FF7F-4C01-A872-3BB56D6AD0A3}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{CCDAD491-683A-4B4E-B9E3-F0426429BF43}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{D089AF72-4201-4380-9F3A-95121BD2621F}" = protocol=17 | dir=in | app=c:\programdata\nexon\common\nmservice.exe | 
"{D39951C0-74E3-40CD-B63C-2BEB2A225D39}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{DD88D1C2-8B6B-4B5B-9868-6DA535BDB85D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{E269A40F-514A-49F5-9956-A78C66EED504}" = protocol=6 | dir=in | app=c:\nexon\nexonplug\nmservice.exe | 
"{E32D55B1-CD9E-45D8-AE28-B13FF4E6401E}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{EC5F39AC-0B86-4C12-B673-E52A30CF2D0B}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{F66DDEBA-F40E-416B-AACB-73D09F9E2836}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{F8580DAA-0F09-4612-9BC4-F1064D183760}" = protocol=17 | dir=in | app=c:\programdata\nexon\common\nmservice.exe | 
"{F906666B-6C4E-4D81-88DB-E1DB66D690F3}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{FEB688CC-9C18-4BB9-9F20-AEAC9A8461BF}" = protocol=6 | dir=in | app=c:\programdata\nexon\ngm\ngm.exe | 
"{FFFC08BF-EDC9-4E32-92AD-36B42A5F90C3}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"TCP Query User{0A26E5AA-E161-40D2-81A8-C3B46CF6195F}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{17C938EE-9549-44FE-B0DD-A54D0E14E01C}C:\users\name\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\name\program files\dna\btdna.exe | 
"TCP Query User{1D069E31-D03D-4ED6-9160-257B55161747}C:\users\name\desktop\china client\china client\mc.exe" = protocol=6 | dir=in | app=c:\users\name\desktop\china client\china client\mc.exe | 
"TCP Query User{2B5F1504-C904-459B-8BAE-3EF345A76551}D:\program files\metin2_germany\tunamt2_de_s2.exe" = protocol=6 | dir=in | app=d:\program files\metin2_germany\tunamt2_de_s2.exe | 
"TCP Query User{2EF868D9-071E-4FD0-8BE3-D5B51999392B}C:\program files\edgmt2\edgmt2.dll" = protocol=6 | dir=in | app=c:\program files\edgmt2\edgmt2.dll | 
"TCP Query User{2F64E11F-D24E-4923-B40D-1A39CEA897DE}C:\users\name\desktop\sogmt2_patcher\metin2client.bin" = protocol=6 | dir=in | app=c:\users\name\desktop\sogmt2_patcher\metin2client.bin | 
"TCP Query User{2F81409D-A868-467A-83C5-06C7362219BF}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe | 
"TCP Query User{30156BAD-5293-4F9D-9566-AFA7D1E214FC}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"TCP Query User{359289FA-4DB8-4E13-9662-FC257BA1B2AB}C:\users\name\desktop\sonstiges\sogmt2_patcher\metin2client.bin" = protocol=6 | dir=in | app=c:\users\name\desktop\sonstiges\sogmt2_patcher\metin2client.bin | 
"TCP Query User{397E0C3A-10F4-42FB-A3A8-6DF0FBB22B05}C:\users\name\desktop\xtrememt2\metin2client.bin" = protocol=6 | dir=in | app=c:\users\name\desktop\xtrememt2\metin2client.bin | 
"TCP Query User{3CCF6697-A76B-44F6-B4F4-7CE4BE17DA60}C:\users\name\desktop\sogmt2 verändert\sogmt2.exe" = protocol=6 | dir=in | app=c:\users\name\desktop\sogmt2 verändert\sogmt2.exe | 
"TCP Query User{44905C6A-DAB3-4BF1-A494-1DD7244351E8}C:\users\name\desktop\sonstiges\sogmt2_patcher\sogmt2.exe" = protocol=6 | dir=in | app=c:\users\name\desktop\sonstiges\sogmt2_patcher\sogmt2.exe | 
"TCP Query User{4776C577-5445-49C4-AF42-C29AD44B018C}C:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2client.bin | 
"TCP Query User{5C51DAC8-A81F-4726-BB2C-161BD77F4DF6}C:\users\name\desktop\stayalive2\metin2.bin" = protocol=6 | dir=in | app=c:\users\name\desktop\stayalive2\metin2.bin | 
"TCP Query User{5F1B748E-E314-4FE2-9154-FCFD37FFACB9}C:\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2.bin | 
"TCP Query User{5F693B75-71A3-4601-BD66-DB9973EE091E}C:\users\name\desktop\metin2_germany\metin_longjuyt2_server2.exe" = protocol=6 | dir=in | app=c:\users\name\desktop\metin2_germany\metin_longjuyt2_server2.exe | 
"TCP Query User{65F0F5AE-29AF-4D6B-A1FA-BBADB2616069}C:\program files\edgmt2\mc.exe" = protocol=6 | dir=in | app=c:\program files\edgmt2\mc.exe | 
"TCP Query User{71A58A13-3140-436B-A6A8-F40C6A3BCA8A}C:\users\name\desktop\sonstiges\sogmt2_patcher\metin2client.bin" = protocol=6 | dir=in | app=c:\users\name\desktop\sonstiges\sogmt2_patcher\metin2client.bin | 
"TCP Query User{7974C369-DEB3-48AB-879E-8F195B242BEE}C:\users\name\desktop\xtrememt2\xtrememt2.exe" = protocol=6 | dir=in | app=c:\users\name\desktop\xtrememt2\xtrememt2.exe | 
"TCP Query User{7D55F631-F50D-4261-826B-F144CAA5731F}C:\users\name\desktop\sonstiges\sogmt2_patcher\sogmt2.exe" = protocol=6 | dir=in | app=c:\users\name\desktop\sonstiges\sogmt2_patcher\sogmt2.exe | 
"TCP Query User{865E2ECA-71D6-48AB-ADDE-6F495EBBFDA9}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{8C61FB44-5AC7-47EC-AA31-2E162808B180}C:\program files\metin2_germany2\mc.exe" = protocol=6 | dir=in | app=c:\program files\metin2_germany2\mc.exe | 
"TCP Query User{91E15453-5560-49AD-9B2B-DA8E3DB86DD1}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{938B6926-C2E7-49E0-8AFB-E63095B06641}C:\users\name\appdata\local\virtualstore\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\users\name\appdata\local\virtualstore\program files\metin2_germany\metin2.bin | 
"TCP Query User{96F25078-06C5-4BB8-8305-B5D4C48FB835}C:\users\name\desktop\sogmt2_patcher\metin2client.bin" = protocol=6 | dir=in | app=c:\users\name\desktop\sogmt2_patcher\metin2client.bin | 
"TCP Query User{98180747-83FC-4605-A326-D8A3A936CD2F}D:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=d:\program files\metin2_germany\metin2.bin | 
"TCP Query User{99245EEC-FE8D-45DB-BF83-370C555AC2FC}C:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2client.bin | 
"TCP Query User{9DACF877-25C9-417F-B4BD-2BF4AE87C785}C:\program files\american conquest\dmcr.exe" = protocol=6 | dir=in | app=c:\program files\american conquest\dmcr.exe | 
"TCP Query User{9E005E01-72A5-4A51-8A2B-3D4D3705BA25}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{9E152C0B-02DE-4D54-B876-2043531C74D6}C:\users\name\desktop\portmap.exe" = protocol=6 | dir=in | app=c:\users\name\desktop\portmap.exe | 
"TCP Query User{9E930373-9426-4221-9850-E03D43FA55D7}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{A5F718E4-81CB-409B-84BE-ED1ECB8760E1}C:\users\name\desktop\stayalive2\metin2.bin" = protocol=6 | dir=in | app=c:\users\name\desktop\stayalive2\metin2.bin | 
"TCP Query User{AF178E75-E060-469D-B852-D33536E208F5}C:\program files\metin2_germany\mc.exe" = protocol=6 | dir=in | app=c:\program files\metin2_germany\mc.exe | 
"TCP Query User{AF385ABB-E6E8-488A-89A0-39EB24E2CA88}D:\program files\dmcr.exe" = protocol=6 | dir=in | app=d:\program files\dmcr.exe | 
"TCP Query User{B9905519-EC19-4E3C-8C0D-AB7E19F886E5}C:\users\name\desktop\sonstiges2\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\users\name\desktop\sonstiges2\metin2_germany\metin2.bin | 
"TCP Query User{C1ED7794-6432-4117-8D94-5B9950BCEE72}C:\users\name\desktop\metin2 homepage erstellen oder andere spiele seite\china client\china client\mc.exe" = protocol=6 | dir=in | app=c:\users\name\desktop\metin2 homepage erstellen oder andere spiele seite\china client\china client\mc.exe | 
"TCP Query User{C7E9E1D6-E5C6-4918-8593-8800D512560D}C:\program files\edgmt2\edgmt2.dll" = protocol=6 | dir=in | app=c:\program files\edgmt2\edgmt2.dll | 
"TCP Query User{D0CC26D7-5F96-42D1-A96E-2342B35363D3}C:\users\name\desktop\sonstiges\stayalive2\stayalive2 ohne patch.exe" = protocol=6 | dir=in | app=c:\users\name\desktop\sonstiges\stayalive2\stayalive2 ohne patch.exe | 
"TCP Query User{D1601224-6FCD-4565-9E00-D14A56934A94}C:\program files\free download manager\fdmwi.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdmwi.exe | 
"TCP Query User{DD2368B9-7FDA-4448-8179-5F88E858DD25}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{DFC9A664-4F9B-4857-A882-37F4CEB89DFC}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{E810C06D-86BB-45F1-B0F2-516F34353112}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{E99C3D24-8A12-4E70-AE9D-09FF8915FF19}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe | 
"TCP Query User{EB84C35E-26C7-4245-B56F-94B01F56E455}D:\program files\metin2_germany\mc.exe" = protocol=6 | dir=in | app=d:\program files\metin2_germany\mc.exe | 
"TCP Query User{EF2D921D-2312-4042-80F4-1738B5F84D69}C:\users\name\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\name\program files\dna\btdna.exe | 
"TCP Query User{F04CF7F7-A9C9-4A0E-8C71-79F43344A95E}C:\users\name\appdata\local\virtualstore\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\users\name\appdata\local\virtualstore\program files\metin2_germany\metin2.bin | 
"TCP Query User{F6192D2B-F92E-4800-A7B5-C6B2B2491D9B}C:\program files\metin2_germany\sogmt2_patcher\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\sogmt2_patcher\metin2client.bin | 
"TCP Query User{F87950C1-E7DA-4ACA-BE9E-E55095E93D7C}C:\users\name\desktop\metin2_germany\sogmt2.exe" = protocol=6 | dir=in | app=c:\users\name\desktop\metin2_germany\sogmt2.exe | 
"TCP Query User{FDBEE828-8668-4543-8536-9829E16B7231}D:\nexonplug\nmservice.exe" = protocol=6 | dir=in | app=d:\nexonplug\nmservice.exe | 
"TCP Query User{FE5E9699-5340-4889-B241-44D14BD13DB9}C:\users\name\desktop\sonstiges\stayalive2\metin2.bin" = protocol=6 | dir=in | app=c:\users\name\desktop\sonstiges\stayalive2\metin2.bin | 
"UDP Query User{05FABF07-6CF5-4613-85F7-B4D94011E49E}D:\program files\metin2_germany\tunamt2_de_s2.exe" = protocol=17 | dir=in | app=d:\program files\metin2_germany\tunamt2_de_s2.exe | 
"UDP Query User{0A80FE4C-5829-40E7-95DB-52A473FA64B7}C:\users\name\desktop\sonstiges\stayalive2\metin2.bin" = protocol=17 | dir=in | app=c:\users\name\desktop\sonstiges\stayalive2\metin2.bin | 
"UDP Query User{0D408063-F688-4740-9391-6BF75772AB08}C:\users\name\desktop\sonstiges\stayalive2\stayalive2 ohne patch.exe" = protocol=17 | dir=in | app=c:\users\name\desktop\sonstiges\stayalive2\stayalive2 ohne patch.exe | 
"UDP Query User{17921988-2508-4090-A606-AEFBBAA7453E}C:\program files\metin2_germany\mc.exe" = protocol=17 | dir=in | app=c:\program files\metin2_germany\mc.exe | 
"UDP Query User{1BF9211A-1768-4EE3-89E7-F639B894350D}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{22DBC134-4761-4DDB-A603-35548AA1BA44}C:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2client.bin | 
"UDP Query User{26E902E5-D641-4E6D-BCED-B45910AFAA45}C:\users\name\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\name\program files\dna\btdna.exe | 
"UDP Query User{2845ED9E-F0CA-421E-B44E-00DE2957A30D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{2D95FF2B-4419-4647-8F1C-E346E6EFF2C6}C:\program files\java\jre1.6.0_07\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\bin\javaw.exe | 
"UDP Query User{2F28B590-FEEB-4A33-8186-9FC5A1E8AF74}C:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2client.bin | 
"UDP Query User{2FE07098-191E-4F3C-8B5E-9831EBCE38AD}C:\users\name\appdata\local\virtualstore\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\users\name\appdata\local\virtualstore\program files\metin2_germany\metin2.bin | 
"UDP Query User{33F4365A-517F-4632-9C08-F434CCD9F7BD}C:\program files\edgmt2\edgmt2.dll" = protocol=17 | dir=in | app=c:\program files\edgmt2\edgmt2.dll | 
"UDP Query User{3E95C83E-E06D-4F7D-85EA-94AB2BA46CAF}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{4989DEDD-FD9B-43DB-86D0-D3638D04DDB8}C:\users\name\desktop\xtrememt2\xtrememt2.exe" = protocol=17 | dir=in | app=c:\users\name\desktop\xtrememt2\xtrememt2.exe | 
"UDP Query User{52D25E5B-C406-4561-A905-DB7C3A35DCDE}D:\program files\metin2_germany\mc.exe" = protocol=17 | dir=in | app=d:\program files\metin2_germany\mc.exe | 
"UDP Query User{544C93C7-F82A-4F7F-AE66-FD5BE05E3C24}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{56B127E4-380B-42C4-BD4D-4DD818BEE6E6}C:\users\name\desktop\sonstiges\sogmt2_patcher\sogmt2.exe" = protocol=17 | dir=in | app=c:\users\name\desktop\sonstiges\sogmt2_patcher\sogmt2.exe | 
"UDP Query User{576B6B09-EC54-42FF-882C-A23E4763CD3E}C:\users\name\desktop\xtrememt2\metin2client.bin" = protocol=17 | dir=in | app=c:\users\name\desktop\xtrememt2\metin2client.bin | 
"UDP Query User{580D1D87-1C42-42CA-9B7C-785F996241C5}C:\users\name\desktop\portmap.exe" = protocol=17 | dir=in | app=c:\users\name\desktop\portmap.exe | 
"UDP Query User{58C818FA-B0C4-4DB4-8D23-8C360EB5D7EE}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"UDP Query User{593152F8-6E8D-489A-8400-82A0A7BDEA69}C:\users\name\desktop\sonstiges\sogmt2_patcher\sogmt2.exe" = protocol=17 | dir=in | app=c:\users\name\desktop\sonstiges\sogmt2_patcher\sogmt2.exe | 
"UDP Query User{5F6792D5-BDC8-41DC-8DDF-BFCF5C41BC0C}C:\users\name\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\name\program files\dna\btdna.exe | 
"UDP Query User{658166AB-0951-49D0-B34A-2212380DCB55}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{668BC7F8-1DBE-465E-89E6-E039D11C282C}D:\program files\dmcr.exe" = protocol=17 | dir=in | app=d:\program files\dmcr.exe | 
"UDP Query User{6BB7E432-FCD7-4C4A-93EC-230251ED3733}C:\users\name\desktop\stayalive2\metin2.bin" = protocol=17 | dir=in | app=c:\users\name\desktop\stayalive2\metin2.bin | 
"UDP Query User{75545B9A-56AE-4DF8-B2AD-C80BD45E28FC}C:\users\name\appdata\local\virtualstore\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\users\name\appdata\local\virtualstore\program files\metin2_germany\metin2.bin | 
"UDP Query User{7ADF1994-1E39-45E9-B661-F00F66AD49AE}D:\nexonplug\nmservice.exe" = protocol=17 | dir=in | app=d:\nexonplug\nmservice.exe | 
"UDP Query User{8D80E1D8-1A2F-4EC1-9617-FC2ED25A1092}C:\users\name\desktop\sonstiges2\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\users\name\desktop\sonstiges2\metin2_germany\metin2.bin | 
"UDP Query User{8EA9EC15-32A0-44AA-9B56-67D2E643C8D4}C:\program files\metin2_germany\sogmt2_patcher\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\sogmt2_patcher\metin2client.bin | 
"UDP Query User{91766AF9-8F90-491F-AEC5-72844DAF4768}C:\users\name\desktop\sonstiges\sogmt2_patcher\metin2client.bin" = protocol=17 | dir=in | app=c:\users\name\desktop\sonstiges\sogmt2_patcher\metin2client.bin | 
"UDP Query User{94318F12-8060-45EE-B16C-78A86E92A45B}D:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=d:\program files\metin2_germany\metin2.bin | 
"UDP Query User{9FF00482-EB5A-4877-A8AC-3813C9007841}C:\program files\edgmt2\edgmt2.dll" = protocol=17 | dir=in | app=c:\program files\edgmt2\edgmt2.dll | 
"UDP Query User{A7FA938A-E9A3-47BB-A804-EA890B460674}C:\users\name\desktop\sogmt2 verändert\sogmt2.exe" = protocol=17 | dir=in | app=c:\users\name\desktop\sogmt2 verändert\sogmt2.exe | 
"UDP Query User{AD221391-8093-4274-921E-99D16E509A24}C:\users\name\desktop\sonstiges\sogmt2_patcher\metin2client.bin" = protocol=17 | dir=in | app=c:\users\name\desktop\sonstiges\sogmt2_patcher\metin2client.bin | 
"UDP Query User{AF642F9C-2131-4D10-A0E1-3435AA3B718E}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{B1F9B9DF-A453-472E-B101-82104AAFEFC6}C:\program files\edgmt2\mc.exe" = protocol=17 | dir=in | app=c:\program files\edgmt2\mc.exe | 
"UDP Query User{B29BDE1A-8724-410B-AB8C-8F79417E0AE9}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe | 
"UDP Query User{B34EFC39-0454-423E-BA68-45E3D3BBA095}C:\users\name\desktop\sogmt2_patcher\metin2client.bin" = protocol=17 | dir=in | app=c:\users\name\desktop\sogmt2_patcher\metin2client.bin | 
"UDP Query User{B8BC4743-2239-42C4-8A76-877DB5FB6903}C:\program files\american conquest\dmcr.exe" = protocol=17 | dir=in | app=c:\program files\american conquest\dmcr.exe | 
"UDP Query User{B96B41E8-5E58-4698-8EFE-62982557E5AF}C:\users\name\desktop\metin2_germany\sogmt2.exe" = protocol=17 | dir=in | app=c:\users\name\desktop\metin2_germany\sogmt2.exe | 
"UDP Query User{BC12407F-C6C5-4CA4-B7B8-B0A4A8B38802}C:\users\name\desktop\china client\china client\mc.exe" = protocol=17 | dir=in | app=c:\users\name\desktop\china client\china client\mc.exe | 
"UDP Query User{CF6853D0-4140-4F43-9757-693BA4B6636C}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{D47B3434-1C5F-43F9-A334-12836A9323E5}C:\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2.bin | 
"UDP Query User{E21C85FA-9351-426D-9ADC-94655FCACCD7}C:\users\name\desktop\metin2 homepage erstellen oder andere spiele seite\china client\china client\mc.exe" = protocol=17 | dir=in | app=c:\users\name\desktop\metin2 homepage erstellen oder andere spiele seite\china client\china client\mc.exe | 
"UDP Query User{ED8BBCA6-642D-4165-9A59-BF9A5A189AB6}C:\users\name\desktop\metin2_germany\metin_longjuyt2_server2.exe" = protocol=17 | dir=in | app=c:\users\name\desktop\metin2_germany\metin_longjuyt2_server2.exe | 
"UDP Query User{F3E2FB1F-7498-4674-A6DF-96FC731DCE2A}C:\users\name\desktop\stayalive2\metin2.bin" = protocol=17 | dir=in | app=c:\users\name\desktop\stayalive2\metin2.bin | 
"UDP Query User{F45155C5-44F9-43E4-A78C-2C72F10342CB}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{F6E928A6-8262-4ECC-B524-C9C1949BC896}C:\program files\metin2_germany2\mc.exe" = protocol=17 | dir=in | app=c:\program files\metin2_germany2\mc.exe | 
"UDP Query User{FAD61E1D-F910-4685-B6DD-C1540BD5E825}C:\users\name\desktop\sogmt2_patcher\metin2client.bin" = protocol=17 | dir=in | app=c:\users\name\desktop\sogmt2_patcher\metin2client.bin | 
"UDP Query User{FEEA4E7A-2664-4654-9C78-EA7D53DA09F9}C:\program files\free download manager\fdmwi.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdmwi.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.42.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45BA6F47-ED29-4ACB-8F40-BBAD4D644EE5}" = AviDecode
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser
"{4C90CF1B-2D08-430A-826C-F783D9A14A2A}" = Symantec Real Time Storage Protection Component
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DC7B4AA-FA73-4417-B4D6-B960E965190D}" = SymNet
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE3A3126-D6B4-4FCE-8FD6-E33C49B4282D}" = DV Camcorder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}" = Microsoft SQL Server 2008 Native Client
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"7-Zip" = 7-Zip 9.16 beta
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Akamai" = Akamai NetSession Interface
"aTube Catcher" = aTube Catcher
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"FileZilla Client" = FileZilla Client 3.3.4.1
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.2
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Download Manager_is1" = Free Download Manager 3.0
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"GamersFirst War Rock" = War Rock
"GhostMouse 2.0" = GhostMouse 2.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"IrfanView" = IrfanView (remove only)
"LetsTrade" = LetsTrade Komponenten
"LogonStudio" = LogonStudio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McLoad Preinstaller" = McLoad Preinstaller
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MultiRes (remove only)" = MultiRes (remove only)
"Nintendo DS - GBA Max Drive_is1" = Nintendo DS - GBA Max Drive
"NVIDIA Drivers" = NVIDIA Drivers
"Poket Script" = Poket Script 1.2
"PROSetDX" = Intel(R) Network Connections 13.0.42.0
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Recuva" = Recuva
"RocketDock_is1" = RocketDock 1.3.5
"Security Task Manager" = Security Task Manager 1.7i
"Softonic_Deutsch_TC Toolbar" = Softonic_Deutsch_TC Toolbar
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"SymSetup.{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus Online (Symantec Corporation)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 5" = TeamViewer 5
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR
"XnView_is1" = XnView 1.97.8
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
"YInstHelper" = Yahoo! Install Manager
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 04.10.2010 13:45:13 | Computer Name = Name-PC | Source = VSS | ID = 39
Description = 
 
Error - 04.10.2010 13:45:13 | Computer Name = Name-PC | Source = VSS | ID = 8193
Description = 
 
Error - 04.10.2010 13:45:13 | Computer Name = Name-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 04.10.2010 13:45:18 | Computer Name = Name-PC | Source = VSS | ID = 39
Description = 
 
Error - 04.10.2010 13:45:18 | Computer Name = Name-PC | Source = VSS | ID = 8193
Description = 
 
Error - 04.10.2010 13:45:18 | Computer Name = Name-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 04.10.2010 13:46:41 | Computer Name = Name-PC | Source = Windows Search Service | ID = 1006
Description = 
 
Error - 04.10.2010 13:50:32 | Computer Name = Name-PC | Source = VSS | ID = 39
Description = 
 
Error - 04.10.2010 13:50:32 | Computer Name = Name-PC | Source = VSS | ID = 8193
Description = 
 
Error - 04.10.2010 13:50:32 | Computer Name = Name-PC | Source = System Restore | ID = 8193
Description = 
 
[ System Events ]
Error - 02.10.2010 10:19:12 | Computer Name = Name-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 03.10.2010 06:52:31 | Computer Name = Name-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 03.10.2010 09:55:57 | Computer Name = Name-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 03.10.2010 11:41:50 | Computer Name = Name-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 03.10.2010 16:05:06 | Computer Name = Name-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 04.10.2010 07:42:45 | Computer Name = Name-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 03.10.2010 um 22:05:05 unerwartet heruntergefahren.
 
Error - 04.10.2010 07:42:46 | Computer Name = Name-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 04.10.2010 09:03:51 | Computer Name = Name-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 04.10.2010 09:03:58 | Computer Name = Name-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description = 
 
Error - 04.10.2010 12:42:04 | Computer Name = Name-PC | Source = HTTP | ID = 15016
Description = 
 
 
< End of report >

Hoffe das das schonmal weiterhilft und ich bedanke mich für
die bemühungen mir zu helfen

Swisstreasure · 04.10.2010, 20:58

Zitat:

C:\Users\Name\Desktop\Warrock Hack

Was ist das?

ichhaueuch · 05.10.2010, 12:38

ist kein hack falls du das denkst xD ist ein cheat nur viele sagen dazu "hack" kA wieso^^ kannste sogar googlen falls du mir nicht glaubst^^

Swisstreasure · 05.10.2010, 13:44

Aber Cheats finde ich persönlich auch nicht so toll...

Zudem fehlt mir noch Schritt 3.

ichhaueuch · 05.10.2010, 14:09

Ja habe zu Schritt 3 mal ne frage^^
Also ich weiß nicht wie man den Norton Anti Virus also allgemein Virusprogramm deaktiviert könntest du mir das vllt sagen ?
Oder reicht es wenn ich beim Anti Virus Programm einfach überall wie bei Virenschutz auf Ignorieren klicke ?

Und dann noch die frage bei keine Verbindung reicht es doch einfach den Router aus zu machen ne?

PS: Zu den Cheats die gehn wieso nicht mehr und das Spiel spiele ich schon lange lange nicht mehr

da hacken (cheaten) sogut wie alle also jeder

Swisstreasure · 05.10.2010, 15:04

Hier ist beschrieben wie Du Norton deaktivieren kannst:
Aktivieren oder Deaktivieren von Norton Internet Security oder Norton Personal Firewall

Ja wenn der Router aus ist dann sollte auch die Verbindung aus sein

ichhaueuch · 07.10.2010, 13:28

Zitat:

# Öffnen Sie Norton Internet Security oder Norton Personal Firewall durch Doppelklicken auf das Desktop-Symbol.
# Klicken Sie auf Status & Einstellungen.
# Klicken Sie auf Sicherheit.
# Um Norton Internet Security oder Norton Personal Firewall zu deaktivieren, klicken Sie auf die Schaltfläche Ausschalten. Um Norton Internet Security oder Norton Personal Firewall zu aktivieren, klicken Sie auf die Schaltfläche Einschalten. (Was die Schaltfläche sagt, hängt davon ab, ob Norton Internet Security oder Norton Personal Firewall zurzeit aktiviert oder deaktiviert ist.)

hmm...
bei mir steht das irgendwie nicht oder meinen die damit
man soll bei

Auto-Protect : Ein

das deaktivieren ist dann der Norton deaktiviert?

Also ich gehe auf das Symbol dann auf Einstellungen dann auf

Grundlegende Sicherheit dort steht dann:

Auto Protect

Schutz- Updates

Automatische Live Updates

Swisstreasure · 07.10.2010, 15:13

Kann man den Auto Protect da nicht deaktivieren?

ichhaueuch · 07.10.2010, 19:40

ich meine ja nur das da kein Abmelden und so ist aber bei
Auto Protect kann ich natürlich Ein oder "deaktivieren" machen
nur ich wollte sicher sein das dann alles aus ist also reicht es
bei Auto Protect auf deaktivieren zu klicken ?

Weil bei der Beschreibung war das ja mit abmelden hat mich bissel
irritiert

Swisstreasure · 08.10.2010, 11:17

Ja deaktivere Autoprotect und scanne dann.

ichhaueuch · 08.10.2010, 14:08

loool ??? Ist das normal ?? Hatte Internet aus
und Antivirus Programm und so
und dann Scanne ich und nach einer Weile (er war noch nicht fertig)

steht da irgendwie sowas in der Art :

Windows has a problem detected
oder so und dann fährt er einfach runter als er neustartete war auch
die prüfung weg also das was ich machen sollte. Es dauerte noch nicht mal lange und direkt runter gefahren ??!! Aufjedenfall habe ich jetzt mal zur Sicherheit Anti Virus Programm wieder Aktiviert.
Die Prüfunf lief bestimmt nichtmal ne Minute

Swisstreasure · 08.10.2010, 16:02

Dann lassen wir das einmal.

Schritt 1

Filesharing

Ich poste mal folgenden Hinweis, nicht mit erhobenem Zeigefinger, sondern weil Du Dir dessen vielleicht nicht bewusst bist. Du benutzt P2P-Programme. Wenn Du ein sauberes System bekommen respektive behalten möchtest, solltest Du auf den Download von Software aus solchen Quellen verzichten, denn auch wenn das P2P-Programm selbst "sauber" ist, bewahrt es Dich nicht davor, evtl. schädliche Programme auf Deinen Rechner zu holen.

Du siehst, die Gefahr ist sehr groß, sich über diese Wege zu infizieren. Aus diesem Grund bereinige ich lieber Systeme, die keine solchen Programme installiert haben und bitte Dich daher alle Programme, die in diese Richtung gehen, während unserer Bereinigung komplett und rückstandlos über Systemsteuerung => Software zu deinstallieren

Zitat:

BitTorrent DNA

Schritt 2

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O32 - AutoRun File - [2009.04.20 17:30:38 | 000,000,076 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0059.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0054.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0053.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0049.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0047.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0042.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0036.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0031.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0029.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0020.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0018.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0014.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0002.avi:TOC.WMV
:Commands
[resethosts]
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

Schritt 3

Downloade Dir bitte RKUnhookerLE und speichere die Datei auf deinem Desktop.

Deaktiviere alle Hintergrundwächter. Besonders den deiner Anti Virensoftware.
Starte die RKUnhookerLE.exe
Klicke auf den Report Tab und danach auf Scan
Setze ein Häckchen bei
- Drivers
- Stealth Code
Entferne alle anderen Hacken
Wenn Du gefragt wirst welcher Bereich gescannt werden soll, gehe sicher das deine Systemplatte ( meistens C: ) angehackt ist.
Klicke OK
Wenn der Scan beendet wurde
File --> Save Report
klicken.
Speichere die Datei als RKU.txt auf dem Desktop.
Klicke Close

Hinweis: Solltest Du folgende Warnung bekommen

Zitat:

"Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?"

einfach ignorieren.

05.10.2010, 13:44	#7
Swisstreasure /// Malwareteam	Trojan.Gen.Ml - Nicht entfernbar! Aber Cheats finde ich persönlich auch nicht so toll... Zudem fehlt mir noch Schritt 3.

05.10.2010, 15:04	#9
Swisstreasure /// Malwareteam	Trojan.Gen.Ml - Nicht entfernbar! Hier ist beschrieben wie Du Norton deaktivieren kannst: Aktivieren oder Deaktivieren von Norton Internet Security oder Norton Personal Firewall Ja wenn der Router aus ist dann sollte auch die Verbindung aus sein

07.10.2010, 15:13	#11
Swisstreasure /// Malwareteam	Trojan.Gen.Ml - Nicht entfernbar! Kann man den Auto Protect da nicht deaktivieren?

08.10.2010, 11:17	#13
Swisstreasure /// Malwareteam	Trojan.Gen.Ml - Nicht entfernbar! Ja deaktivere Autoprotect und scanne dann.

Trojan.Gen.Ml - Nicht entfernbar!

Log-Analyse und Auswertung: Trojan.Gen.Ml - Nicht entfernbar!