Plötzliche Computer Abstürze

Prayer · 23.09.2011, 20:29

Hallo,

seit etwas über einer Woche stürzt mein PC oft unerwartet ab (Bildschirm wird schwarz, PC startet neu). Zuerst geschah es alle 2 Tage einmal, aber jetzt ca zwei mal am Tag. Es kommt vorher zu keiner Fehlermeldung oder Ähnlichem. Es passiert häufig, wenn ich Videos, z.B. Youtube, anschaue, aber es kann auch passieren, wenn ich nichts mache. Ich habe alle Temperaturen gemessen, aber die sind normal. Möglicherweise liegt das Problem an einer fehlerhaften Software, was ich aber nicht allein herausfinden kann.
Da ich diese HijackThis Log Datei nicht in den Anhang bekomme, poste ich ihn mal so:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:59:37, on 23.09.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Enrico 3\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Enrico 3\Desktop\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\20101005145302\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
R3 - URLSearchHook: (no name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\20101005145302\ICQToolBar.dll
O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: Dropbox.lnk = C:\Users\Enrico 3\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: devolo Network Service (DevoloNetworkService) - Unknown owner - C:\Program Files\devolo\dlan\devolonetsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - Unknown owner - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (file missing)
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10525 bytes

Ein anderes Programm habe ich im Moment nicht.
Falls dieser Code nicht reicht bitte Bescheid geben, welches Programm ich ausführen soll.

Danke
Prayer

cosinus · 24.09.2011, 12:12

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Prayer · 24.09.2011, 19:57

So, ich habe nun Beide Überprüfungen durchgeführt.

Die Logdatei von Malwarebytes:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7789

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

24.09.2011 17:12:18
mbam-log-2011-09-24 (17-12-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 716643
Laufzeit: 2 Stunde(n), 49 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows.old\Users\Enrico\AppData\Roaming\desktopicon\ebayshortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
c:\Users\Enrico 3\AppData\Local\Temp\0.7084353136966887.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

Die Logdatei von ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=1062db770283a449a543d83b9714bb70
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-24 06:49:47
# local_time=2011-09-24 08:49:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 437803 91774508 242163 0
# compatibility_mode=5892 16776573 100 100 685 154410672 0 0
# compatibility_mode=8192 67108863 100 0 198 198 0 0
# scanned=504952
# found=4
# cleaned=0
# scan_time=12243
C:\Program Files\Unlocker\eBay_shortcuts_1016.exe	Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Enrico 3\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\6dfa412f-2a59c9e0	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Windows.old\Program Files\MySearch\bar\1.bin\S4BAR.DLL	Win32/Toolbar.MyWebSearch application (unable to clean)	00000000000000000000000000000000	I
C:\Windows.old\Program Files\MySearch\bar\1.bin\S4PLUGIN.DLL	a variant of Win32/Toolbar.MyWebSearch application (unable to clean)	00000000000000000000000000000000	I

cosinus · 24.09.2011, 20:35

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Prayer · 24.09.2011, 21:53

Hier der Inhalt aus OTL.txt:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 24.09.2011 22:28:06 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\Enrico 3\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,65% Memory free
6,20 Gb Paging File | 4,83 Gb Available in Paging File | 77,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 132,89 Gb Free Space | 29,81% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 11,41 Gb Free Space | 57,08% Space Free | Partition Type: FAT32
Drive E: | 6,60 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ENRICO-PC | User Name: Enrico 3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.24 22:27:03 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Enrico 3\Desktop\OTL.exe
PRC - [2011.09.02 02:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Enrico 3\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.06.30 12:40:03 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.21 06:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.05.21 06:01:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.04.28 15:20:36 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.01 17:17:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.07.19 20:57:32 | 002,231,616 | ---- | M] () -- C:\Programme\devolo\dlan\devolonetsvc.exe
PRC - [2010.06.07 12:15:42 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2010.04.16 09:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.12.09 14:44:20 | 000,713,032 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009.12.09 14:42:14 | 001,044,808 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009.09.05 18:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.10.25 12:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.05.07 16:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.21 04:23:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.14 23:27:04 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4117485024b0f652b9fbb66ff5025896\System.Management.ni.dll
MOD - [2011.09.14 23:24:46 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011.09.14 23:24:39 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011.07.18 23:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll
MOD - [2010.06.07 12:15:42 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2009.12.12 16:12:03 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.05.02 06:15:37 | 000,010,240 | ---- | M] () -- C:\Programme\Unlocker\UnlockerCOM.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (StarWindServiceAE)
SRV - File not found [Auto | Stopped] --  -- (StarWindService)
SRV - [2011.09.16 19:03:42 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.06.30 12:40:03 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.04.28 15:20:36 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.10.16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.07.19 20:57:32 | 002,231,616 | ---- | M] () [Auto | Running] -- C:\Programme\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService)
SRV - [2010.04.16 09:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.12.09 23:57:13 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.12.09 14:42:14 | 001,044,808 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009.12.09 14:38:30 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.25 03:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.06.30 12:40:04 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.30 12:40:04 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.03.18 18:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2010.07.01 14:21:14 | 000,034,896 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2010.06.10 14:32:14 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2009.12.19 18:55:42 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.12.15 20:33:16 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.12.15 20:32:54 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.10.14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.09.10 09:50:11 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009.05.11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.07.24 02:17:00 | 000,437,760 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\arusb_lh.sys -- (arusb_lh)
DRV - [2008.02.06 17:13:00 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007.11.21 12:35:06 | 000,569,344 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.04.03 10:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2005.02.11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\20101005145302\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC EC AA BB A5 9A CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\20101005145302\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "XfireXO Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2431245&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.6.0.15
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.09.22 20:54:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.18 12:37:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.20 15:16:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.23 22:58:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2010.08.28 17:38:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{685D6A1A-A1FC-42C1-AA78-BB08CEB5079C}: C:\Users\Enrico 3\AppData\Local\{685D6A1A-A1FC-42C1-AA78-BB08CEB5079C} [2011.06.01 20:28:51 | 000,000,000 | ---D | M]
 
[2010.02.21 01:07:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Enrico 3\AppData\Roaming\mozilla\Extensions
[2011.01.22 17:13:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions
[2010.05.01 18:48:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.16 23:38:19 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.05.13 20:24:54 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011.01.22 17:13:26 | 000,000,000 | ---D | M] (NCH Toolbar) -- C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
[2010.04.22 15:02:38 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.01.22 17:12:41 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\ffxtlbr@Facemoods.com
[2010.04.21 12:06:36 | 000,000,917 | ---- | M] () -- C:\Users\Enrico 3\AppData\Roaming\Mozilla\Firefox\Profiles\lx33bz2r.default\searchplugins\conduit.xml
[2011.08.16 14:35:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.08.15 23:18:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.08.16 14:35:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.11.09 21:23:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.10.04 20:32:50 | 000,001,779 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\clipfish.xml
[2009.10.04 20:32:50 | 000,001,013 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\conrad.xml
[2009.10.04 20:32:51 | 000,002,487 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\discount24.xml
[2009.11.09 21:23:13 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.28 18:14:06 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
[2009.11.09 21:23:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.10.04 20:32:51 | 000,001,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\musicload.xml
[2009.10.04 20:32:51 | 000,002,120 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\myvideo.xml
[2009.10.04 20:32:51 | 000,002,023 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\otto.xml
[2009.10.04 20:32:51 | 000,000,758 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\quelle.xml
[2009.10.04 20:32:51 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\telefonbuch-de.xml
[2009.11.09 21:23:13 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.11.09 21:23:13 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
[2009.10.04 20:32:51 | 000,005,375 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yodl.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\20101005145302\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com)
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Enrico 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Enrico 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Enrico 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Enrico 3\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FB5F040-1C97-486C-8E53-280B1FD7594A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF655F1F-5413-48B4-89C3-0BB5C845C66B}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Enrico 3\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Enrico 3\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.06.12 04:27:33 | 000,000,140 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{30ff0ba7-8a82-11de-b60f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{30ff0ba7-8a82-11de-b60f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup\rsrc\AUTORUN.EXE -- [2007.03.23 01:57:09 | 000,051,336 | R--- | M] ()
O33 - MountPoints2\{30ff0ba7-8a82-11de-b60f-806e6f6e6963}\Shell\dinstall\command - "" = E:\DirectX\DXSETUP.exe -- [2007.06.01 05:23:56 | 000,503,144 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{f8ec7caf-748b-11df-b1dc-b9424135f8cf}\Shell - "" = Autorun
O33 - MountPoints2\{f8ec7caf-748b-11df-b1dc-b9424135f8cf}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-6-0-18-100007512-100013288-100025538-2270.com d:\
O33 - MountPoints2\{f8ec7caf-748b-11df-b1dc-b9424135f8cf}\Shell\Open\command - "" = RECYCLER\S-6-0-18-100007512-100013288-100025538-2270.com d:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0A96B02B-509B-83F6-D49D-2CDC405897AC} - Browser Customizations
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.dll (Intel Corporation)
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.24 22:27:02 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Enrico 3\Desktop\OTL.exe
[2011.09.24 17:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.09.24 14:20:04 | 000,000,000 | ---D | C] -- C:\Users\Enrico 3\AppData\Roaming\Malwarebytes
[2011.09.24 14:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.24 14:19:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.24 14:19:49 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.09.24 14:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.09.24 13:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011.09.23 17:45:45 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Enrico 3\Desktop\HiJackThis204.exe
[2011.09.23 14:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.09.23 14:54:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011.09.23 14:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2011.09.22 19:28:25 | 000,000,000 | ---D | C] -- C:\Users\Enrico 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2011.09.22 19:28:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2011.09.22 19:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2011.09.20 15:51:10 | 000,000,000 | ---D | C] -- C:\Users\Enrico 3\AppData\Roaming\XMedia Recode
[2011.09.20 15:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
[2011.09.20 15:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\XMedia Recode
[2011.09.17 23:20:12 | 000,000,000 | ---D | C] -- C:\Users\Enrico 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011.09.17 17:35:50 | 000,000,000 | ---D | C] -- C:\Users\Enrico 3\Downloads\Documents\LOLReplay
[2011.09.17 17:35:50 | 000,000,000 | ---D | C] -- C:\Program Files\LOLReplay
[2011.09.15 22:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011.09.14 18:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
[2011.09.14 18:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\SamsungPrinterLiveUpdate
[2011.09.14 18:33:29 | 000,000,000 | ---D | C] -- C:\Windows\Samsung
[2011.09.14 18:32:01 | 000,151,552 | ---- | C] (SS) -- C:\Windows\System32\sst3cci.exe
[2011.09.14 18:32:01 | 000,065,536 | ---- | C] (SS) -- C:\Windows\System32\sst3cci.dll
[2011.09.14 18:31:56 | 000,081,920 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssdevm.dll
[2011.09.14 18:31:56 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssusbpn.dll
[2011.09.14 18:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2011.09.14 18:13:08 | 000,005,120 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\drivers\SSPORT.SYS
[2011.09.13 14:59:17 | 000,000,000 | ---D | C] -- C:\Users\Enrico 3\.thumbnails
[2011.09.11 14:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011.09.09 17:05:45 | 000,000,000 | ---D | C] -- C:\12c63f91399ac2689c1024
[2011.09.09 16:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NIBObee Library
[2011.09.09 16:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\NIBObeeLib
[2011.09.05 20:10:46 | 000,000,000 | R--D | C] -- C:\Users\Enrico 3\Documents
[2011.09.05 16:44:52 | 000,000,000 | R--D | C] -- C:\Users\Enrico 3\Dropbox
[2011.09.05 16:42:13 | 000,000,000 | ---D | C] -- C:\Users\Enrico 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011.09.05 16:41:44 | 000,000,000 | ---D | C] -- C:\Users\Enrico 3\AppData\Roaming\Dropbox
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.24 22:31:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{922948E4-51CB-426B-9169-4462F3F7F7B1}.job
[2011.09.24 22:27:03 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Enrico 3\Desktop\OTL.exe
[2011.09.24 22:24:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.24 21:14:19 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.24 21:14:19 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.24 17:24:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.24 17:14:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.24 17:14:16 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.24 16:26:44 | 000,044,544 | ---- | M] () -- C:\Users\Enrico 3\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.23 19:17:47 | 000,002,287 | ---- | M] () -- C:\Users\Enrico 3\Desktop\Steam.lnk
[2011.09.23 17:45:45 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Enrico 3\Desktop\HiJackThis204.exe
[2011.09.22 23:46:24 | 000,651,140 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.22 23:46:24 | 000,613,628 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.22 23:46:24 | 000,136,524 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.22 23:46:24 | 000,111,556 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.22 22:52:11 | 057,207,894 | ---- | M] () -- C:\Users\Enrico 3\Desktop\Gankvideo.wmv
[2011.09.22 19:28:25 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2011.09.22 17:00:15 | 000,001,690 | ---- | M] () -- C:\Users\Enrico 3\Desktop\LOL Recorder.lnk
[2011.09.19 22:02:07 | 000,140,496 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.09.19 22:01:58 | 000,280,736 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.09.19 22:00:45 | 000,280,768 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2011.09.17 23:20:12 | 000,000,764 | ---- | M] () -- C:\Users\Enrico 3\Desktop\Fraps.lnk
[2011.09.17 16:36:05 | 000,142,652 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011.09.16 19:02:09 | 000,000,213 | ---- | M] () -- C:\Users\Enrico 3\Desktop\Portal.url
[2011.09.09 17:05:45 | 000,000,000 | -H-- | M] () -- C:\Windows\wusa.lock
[2011.09.09 16:57:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2011.09.09 16:53:35 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011.09.05 16:44:52 | 000,000,948 | ---- | M] () -- C:\Users\Enrico 3\Desktop\Dropbox.lnk
[2011.09.05 16:42:29 | 000,000,928 | ---- | M] () -- C:\Users\Enrico 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.24 13:32:09 | 000,000,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011.09.24 13:00:43 | 000,000,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 5.lnk
[2011.09.22 22:50:33 | 057,207,894 | ---- | C] () -- C:\Users\Enrico 3\Desktop\Gankvideo.wmv
[2011.09.22 19:27:50 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2011.09.17 23:20:12 | 000,000,764 | ---- | C] () -- C:\Users\Enrico 3\Desktop\Fraps.lnk
[2011.09.17 17:35:51 | 000,001,702 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
[2011.09.17 17:35:51 | 000,001,690 | ---- | C] () -- C:\Users\Enrico 3\Desktop\LOL Recorder.lnk
[2011.09.17 16:36:05 | 000,142,652 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.09.16 19:02:09 | 000,000,213 | ---- | C] () -- C:\Users\Enrico 3\Desktop\Portal.url
[2011.09.14 18:33:36 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.09.14 18:32:16 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll
[2011.09.14 18:32:16 | 000,000,361 | ---- | C] () -- C:\Windows\System32\sst3cl3.smt
[2011.09.14 18:31:20 | 001,884,837 | ---- | C] () -- C:\Windows\sst3cLTR.prn
[2011.09.14 18:31:20 | 001,884,837 | ---- | C] () -- C:\Windows\sst3cA4.prn
[2011.09.09 17:03:49 | 000,000,000 | -H-- | C] () -- C:\Windows\wusa.lock
[2011.09.09 16:57:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2011.09.09 16:53:35 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011.09.09 16:53:13 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2011.09.05 16:44:52 | 000,000,948 | ---- | C] () -- C:\Users\Enrico 3\Desktop\Dropbox.lnk
[2011.09.05 16:42:29 | 000,000,928 | ---- | C] () -- C:\Users\Enrico 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.06.01 20:28:53 | 000,000,000 | ---- | C] () -- C:\Users\Enrico 3\AppData\Local\Ypakoboxagijoba.bin
[2011.06.01 20:28:52 | 000,000,120 | ---- | C] () -- C:\Users\Enrico 3\AppData\Local\Hjihu.dat
[2010.09.20 17:16:37 | 000,860,211 | --S- | C] () -- C:\Windows\System32\XSIFtk-3.6.2.1.dll
[2010.09.03 20:56:04 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010.08.12 14:38:28 | 000,000,000 | ---- | C] () -- C:\Users\Enrico 3\AppData\Roaming\wklnhst.dat
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010.03.20 19:24:26 | 000,138,056 | ---- | C] () -- C:\Users\Enrico 3\AppData\Roaming\PnkBstrK.sys
[2010.03.20 19:24:05 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.02.11 21:34:21 | 000,000,680 | ---- | C] () -- C:\Users\Enrico 3\AppData\Local\d3d9caps.dat
[2010.01.28 15:28:23 | 000,000,188 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.12.28 16:00:31 | 000,044,544 | ---- | C] () -- C:\Users\Enrico 3\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.23 23:26:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.15 20:33:16 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.12.15 20:32:54 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.12.15 19:27:05 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.12.15 19:27:05 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2009.10.23 19:55:49 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009.10.05 14:04:13 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2009.10.03 17:45:21 | 000,001,015 | ---- | C] () -- C:\Windows\eReg.dat
[2009.10.01 16:47:21 | 000,000,414 | ---- | C] () -- C:\Windows\p40768.ini
[2009.09.24 13:16:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.24 13:16:53 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.18 22:41:39 | 000,103,024 | ---- | C] () -- C:\Windows\Unwise.exe
[2009.08.29 01:27:38 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.08.28 23:56:42 | 000,140,496 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.08.28 23:56:23 | 000,280,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.08.28 23:56:21 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.08.28 23:56:20 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009.08.28 22:37:46 | 000,000,028 | R--- | C] () -- C:\Windows\System32\drivers\VERSION.DAT
[2008.08.18 19:16:08 | 001,634,304 | ---- | C] () -- C:\Windows\System32\myodbc5S.dll
[2008.08.18 19:16:08 | 001,495,040 | ---- | C] () -- C:\Windows\System32\myodbc-installer.exe
[2008.01.21 09:15:58 | 000,651,140 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,136,524 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,409,128 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,613,628 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,111,556 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2010.02.02 16:40:40 | 000,000,000 | -HSD | M] -- C:\Users\Enrico 3\AppData\Roaming\.#
[2010.01.04 11:52:47 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Atari
[2010.10.04 20:59:36 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Ceofb
[2011.09.24 17:16:05 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Dropbox
[2010.10.20 13:57:43 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Dupiw
[2011.04.27 20:15:24 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\ICQ
[2010.10.05 17:55:17 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\LolClient
[2011.01.30 18:02:07 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Need for Speed World
[2011.08.17 17:55:31 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Notepad++
[2009.12.29 15:23:21 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\OpenOffice.org
[2010.07.18 23:54:24 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Opera
[2010.08.28 17:41:36 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Screaming Bee
[2011.01.06 23:40:20 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Sony
[2011.09.24 13:32:30 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\TeamViewer
[2010.08.05 00:58:52 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Teeworlds
[2010.08.12 14:38:29 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Template
[2011.08.08 13:06:33 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Thunderbird
[2011.08.05 00:40:21 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\TS3Client
[2009.12.28 15:58:19 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\TuneUp Software
[2011.01.08 18:48:00 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Ulvup
[2011.09.20 15:51:10 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\XMedia Recode
[2011.09.24 17:13:14 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.09.24 22:31:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{922948E4-51CB-426B-9169-4462F3F7F7B1}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.02.02 16:40:40 | 000,000,000 | -HSD | M] -- C:\Users\Enrico 3\AppData\Roaming\.#
[2011.08.19 17:44:09 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Adobe
[2010.01.04 11:52:47 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Atari
[2010.11.30 16:02:38 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Avira
[2010.10.04 20:59:36 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Ceofb
[2011.09.24 17:16:05 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Dropbox
[2010.10.20 13:57:43 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Dupiw
[2010.05.18 14:44:09 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Google
[2011.04.27 20:15:24 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\ICQ
[2009.12.28 15:56:39 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Identities
[2010.10.05 17:55:17 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\LolClient
[2009.09.28 15:42:59 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Macromedia
[2011.09.24 14:20:04 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Media Center Programs
[2011.08.26 17:43:42 | 000,000,000 | --SD | M] -- C:\Users\Enrico 3\AppData\Roaming\Microsoft
[2010.02.21 01:07:59 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Mozilla
[2011.01.22 17:12:31 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\NCH Software
[2011.01.30 18:02:07 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Need for Speed World
[2011.08.17 17:55:31 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Notepad++
[2009.12.29 15:23:21 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\OpenOffice.org
[2010.07.18 23:54:24 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Opera
[2010.08.28 17:41:36 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Screaming Bee
[2010.04.18 13:01:17 | 000,000,000 | RH-D | M] -- C:\Users\Enrico 3\AppData\Roaming\SecuROM
[2011.09.24 22:28:04 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Skype
[2011.06.19 14:20:50 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\skypePM
[2011.01.06 23:40:20 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Sony
[2010.04.17 18:18:24 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\teamspeak2
[2011.09.24 13:32:30 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\TeamViewer
[2010.08.05 00:58:52 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Teeworlds
[2010.08.12 14:38:29 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Template
[2011.08.08 13:06:33 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Thunderbird
[2011.08.05 00:40:21 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\TS3Client
[2009.12.28 15:58:19 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\TuneUp Software
[2011.01.08 18:48:00 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Ulvup
[2011.08.20 00:02:34 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\vlc
[2010.12.31 20:38:56 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Winamp
[2010.01.04 14:26:46 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\WinRAR
[2011.02.04 22:30:35 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Xfire
[2011.09.20 15:51:10 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\XMedia Recode
 
< %APPDATA%\*.exe /s >
[2011.09.02 02:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Enrico 3\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.09.02 02:42:12 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\Enrico 3\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2010.12.10 15:39:46 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Enrico 3\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Windows.old\Program Files\HomeCinema\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2007.09.29 23:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Windows.old\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows.old\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows.old\Windows\System32\drivers\iaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\System32\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\System32\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows.old\Windows\System32\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.12.19 18:55:42 | 000,722,416 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 04:24:47 | 000,403,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<           >

< End of report >

--- --- ---

Prayer · 24.09.2011, 21:57

Hier der Inhalt aus Extras.txt:

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 24.09.2011 22:28:07 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\Enrico 3\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,65% Memory free
6,20 Gb Paging File | 4,83 Gb Available in Paging File | 77,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 132,89 Gb Free Space | 29,81% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 11,41 Gb Free Space | 57,08% Space Free | Partition Type: FAT32
Drive E: | 6,60 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ENRICO-PC | User Name: Enrico 3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AFC282-CC79-49C7-87F6-3E8D7FB47EA2}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{0995260B-1EEF-40CE-8816-2AB54ED62708}" = lport=6923 | protocol=6 | dir=in | name=league of legends launcher | 
"{0CAA5E06-D81C-47A1-8E93-C6B74BD9EA5B}" = lport=6895 | protocol=17 | dir=in | name=league of legends launcher | 
"{0E6A523B-8488-4FB6-B0AC-65D29BAA223D}" = lport=6898 | protocol=6 | dir=in | name=league of legends launcher | 
"{13478A58-88EA-4F24-A1A5-5275ECE9A768}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1A40B464-0998-4AF3-A7B6-A7A12E0D4BE1}" = lport=6898 | protocol=17 | dir=in | name=league of legends launcher | 
"{2128E556-EF1E-40D9-82E7-314FD50F04EF}" = lport=6957 | protocol=17 | dir=in | name=league of legends launcher | 
"{24D3A1E3-0EE4-4EF6-AE77-2D544A3AA4AE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{270C8916-E51D-4684-AD00-C3C01A480961}" = lport=6982 | protocol=6 | dir=in | name=league of legends launcher | 
"{27DE7F43-D78B-484D-9FD5-6347C63CD10F}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{2DC9B7C7-B632-4D77-AEFD-E676A3770F24}" = lport=6986 | protocol=17 | dir=in | name=league of legends launcher | 
"{2F499335-CDEA-434E-BC03-EC6626103A1A}" = lport=6955 | protocol=17 | dir=in | name=league of legends launcher | 
"{2FEE7515-A2F7-4E63-8A69-5B44B105B884}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{31E50C42-F452-49C3-96AB-D4F4EF8A2DF8}" = lport=6924 | protocol=17 | dir=in | name=league of legends launcher | 
"{382E8A54-F000-4BBC-AD75-9FADFCA15771}" = lport=6946 | protocol=17 | dir=in | name=league of legends launcher | 
"{3A2EB1DD-E952-47AA-89EE-AAB241EB384A}" = lport=6918 | protocol=17 | dir=in | name=league of legends launcher | 
"{3D6F6240-1430-4573-899C-B4768B63BFDB}" = lport=6946 | protocol=6 | dir=in | name=league of legends launcher | 
"{4C866D57-48B8-49E7-AE7A-88048EAE152E}" = lport=6924 | protocol=6 | dir=in | name=league of legends launcher | 
"{538BB1CE-0433-43C2-BBF5-F9077A283F0C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{539679A7-5E3D-4F8B-B653-43DF3969E29B}" = lport=6895 | protocol=6 | dir=in | name=league of legends launcher | 
"{561AC0E9-6ECB-4A7C-A299-8E96F7A449AE}" = lport=6907 | protocol=17 | dir=in | name=league of legends launcher | 
"{56FAEAA0-75B1-4397-B5EF-EA47CDEAC9A9}" = lport=6949 | protocol=6 | dir=in | name=league of legends launcher | 
"{5A728434-8836-4AF2-9550-9CF121CA3041}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5B74CF8D-A1CC-49A1-A714-3B487D4D574D}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{5E05C68B-7698-4BC6-B012-9C834A7D13FB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6255C6FD-B1AC-4C7F-96B7-06A075241728}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{69FD6A94-8861-4641-83B9-972E7FFA5AB9}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{6C55EF6C-FA80-4EBC-9F2F-19A1B7F79130}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{6DEEA5FF-4CFA-457E-9157-748050CEBD0F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{7120014E-73B3-46A4-AD2D-11C868CF5E5E}" = lport=6923 | protocol=17 | dir=in | name=league of legends launcher | 
"{723253A2-CAF1-4F9D-83A6-9CC57F2AB439}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{7C5F3864-A9E8-4651-9323-21D1AEAC13AE}" = lport=6910 | protocol=6 | dir=in | name=league of legends launcher | 
"{80C66E5A-9E56-452A-83FB-598026D096BB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{88007140-534D-460F-912F-6980DC20521D}" = lport=6955 | protocol=6 | dir=in | name=league of legends launcher | 
"{899C0DB0-680A-4793-9DFF-EE00AE85272A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8A2908F4-2F8C-4DEB-9284-ED957570EB13}" = lport=6953 | protocol=17 | dir=in | name=league of legends launcher | 
"{91D49212-4826-439C-9C9D-A3AC02628CCC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{97668B86-DF1D-4235-8D6A-121E99474152}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\dlan\devolonetsvc.exe | 
"{97B2DB2E-6E08-4B9B-97E0-43FDBF7305AF}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | 
"{9884607F-848A-49CA-8ADA-18BD6F1F1802}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9FC4B1B2-DC3D-4DA2-AD58-3FBA8219282E}" = lport=6953 | protocol=6 | dir=in | name=league of legends launcher | 
"{A2BCEA80-EE38-4C1A-AC5F-EC6CCC53C43F}" = lport=6918 | protocol=6 | dir=in | name=league of legends launcher | 
"{A4C520EE-EEEE-43D5-B72B-94C4CBC42515}" = lport=6907 | protocol=6 | dir=in | name=league of legends launcher | 
"{AE536DD6-634B-47D0-B4B6-8A5C701C4130}" = lport=6949 | protocol=17 | dir=in | name=league of legends launcher | 
"{AEA887FD-AE74-453B-9978-ED9C843D3185}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{AF92440A-4C68-4CF3-95A4-097E57D45688}" = lport=6937 | protocol=17 | dir=in | name=league of legends launcher | 
"{C1832F6B-4ED9-44AB-93D2-67B25396C636}" = lport=6957 | protocol=6 | dir=in | name=league of legends launcher | 
"{C3803751-CF71-4E43-BB4F-6B73B2D14676}" = lport=6927 | protocol=17 | dir=in | name=league of legends launcher | 
"{CFE53466-0F4C-4444-83D2-E34EAE048833}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D3836D8D-BD36-406E-AA61-D7FAB6310B04}" = lport=6927 | protocol=6 | dir=in | name=league of legends launcher | 
"{D3B782A7-7C9F-4B36-BEAB-35F657C25B42}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{DA092DBD-BC33-4055-A044-AC2454AD6EA1}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\dlan\devolonetsvc.exe | 
"{DE046D34-3E4E-4E8F-9A0B-90C392B671EA}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{E2987020-5229-44B3-8AD8-4B4D597A5313}" = lport=6986 | protocol=6 | dir=in | name=league of legends launcher | 
"{F0971191-305C-4F4C-A87E-7FFB83F2EA2F}" = lport=6910 | protocol=17 | dir=in | name=league of legends launcher | 
"{F2B30F81-C29A-4BB8-A861-CA85B563F779}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | 
"{F3D3F725-D5FF-4D0F-B34C-34B295C46AEF}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{FC363F07-97C8-45A9-95A0-A40AC6AE41CA}" = lport=6937 | protocol=6 | dir=in | name=league of legends launcher | 
"{FE43BB52-9A84-4671-B7BD-239733620528}" = lport=6982 | protocol=17 | dir=in | name=league of legends launcher | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01635996-2FC8-4BAF-BF5E-21DB975A0818}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{03914905-5739-4AEC-91E9-1139D5EB9173}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{08CC7351-592D-4549-8F30-40C184B1F769}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\r.u.s.e. beta\ruse.exe | 
"{091E962A-D7B1-4F70-81DE-F90BB4A83FED}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{0A71D6C3-1E6C-4EC5-A9F7-895305F76450}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0C9BEFC5-95A6-4A68-8A02-415716773295}" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe | 
"{0DA33FA2-4327-4A0D-B51F-4588F09CF331}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft-ptr\world of warcraft public test\launcher.patch.exe | 
"{0DCB0642-D9B9-40EF-A358-6E2110C5BB3B}" = protocol=6 | dir=in | app=i:\world of warcraft\launcher.exe | 
"{16F4D309-6C5E-4DD5-9491-6365BCDC6BAB}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{1E941F6C-9737-485A-82A1-4E91CCA6834D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{1F994CF5-ACE7-482F-B547-0FDF69E43340}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{26BAB76E-06ED-4346-A125-0F0FC9839DB1}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{3226DBA9-020F-40DE-BA28-33B86E11018F}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{37098539-BC06-43E3-AD46-73660B9C6A91}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{3A4E606B-52E8-4549-87A4-DF3AB68131DE}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{3C2A6A34-BAF9-4665-A328-41AAFAC7887F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3EC37BE5-1063-4337-8769-2CDC839D16D8}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{40121B74-4F00-43BF-A9B9-C6DB66C3A94A}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft-ptr\world of warcraft public test\launcher.exe | 
"{40BED1FF-2EBB-4874-9DF8-9F5D3CE98BF0}" = protocol=17 | dir=in | app=c:\users\enrico 3\appdata\roaming\dropbox\bin\dropbox.exe | 
"{40E86903-3764-411D-ACAF-FD526B75DBB2}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{415AB648-C11B-4E44-B89D-E0841DA00B0C}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{468B875E-B001-425C-96B0-C056B134495F}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{47090170-F885-423F-80AC-971425ED79C2}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{4C3066E5-84AE-440F-9122-4C75F57CB3FC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{4C4D048E-50DA-45E5-936C-24C81F010856}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{58EB2127-A1EB-4913-B5AA-215F8F43E837}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{59AFE3A0-C329-4B4E-BEBD-53121593AE05}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{66C1A9A5-D964-47D8-96A0-F3393C664215}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{677F1421-282B-40AB-A333-01A23CFC0EAD}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{67D6DCE5-A7B7-4F6D-B474-AE8F901BAAF2}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{7E2010F0-1ECB-4F69-BA5C-E3C70C9C2DF3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7E2A15FE-F281-4E29-8D12-47C2F77BFF62}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{826BB7E8-0374-4ECD-BE03-E83B72A6DEAE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{88607D01-5550-41F6-AC8A-6CB8577744B4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{8B7620E2-1C5F-4492-9BF9-A911CF09F1C1}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{8BA77058-221B-47FA-AAB6-8CB3EF9D29A1}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{8CA4EBB8-2150-4FB3-A0E1-243C038473A3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe | 
"{8E5EFCEF-8DBF-4620-B559-DA1A2979ACFE}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{8E716751-C9B6-4E22-9ED0-63BFB2BB8809}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{97897B9A-FE26-4168-BFFB-DB1D9AA96329}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{9792F139-FE80-49F7-B440-A96AA73E6A43}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{9D7044B4-51E5-48F2-B03C-5B8880DF2F7A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\r.u.s.e. beta\ruse.exe | 
"{9F75F9BA-D6A9-44D1-A366-C5E6AC43BF23}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{A5483852-CF2B-4A69-AD0D-B0C4F9696D62}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe | 
"{A7DDE616-6532-42FF-BF1F-5C9B7227308F}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{AD9833F7-DAB5-49F8-B45E-F9F0EFCAE44B}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{AE7A9363-27CF-4AF5-A8EB-0AFFD516C0EE}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{AEE09AFF-5006-4FA1-93CF-3000D5CBCFC9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{B2687D7E-EB9E-4713-917B-4C3AC95D642A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{B2824631-C6B9-40AB-8428-3ECC1C26928B}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{B3F8A234-DD06-4432-A855-2BFA3E52A495}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{B4A494D1-AD8F-4EA6-BFE0-6A5BAE5A8DC7}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{B4EB7964-3952-4EE9-BA88-484A20C36C39}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{B8AF47B5-C4EA-4559-A951-AB8F55933F52}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft cataclysm\world of warcraft\launcher.patch.exe | 
"{B8DAEA01-7886-47A0-9B82-B486E5E16029}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{C63D294C-0614-475D-AC42-CAEF4E39D584}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{C6AD3E47-B919-4AE8-9E76-882BD4D1EC38}" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe | 
"{CB8EB55B-14C9-44F8-B778-5CA37CC01B78}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{CE75656E-4FA0-4764-9048-5951B78025DF}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft-ptr\world of warcraft public test\launcher.exe | 
"{DAA658EB-99EF-42CB-926F-7CC1D6D8030A}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{DB27831B-E771-4146-8D30-030E4B0ED5D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DF8E86D7-64DD-494F-9DF9-ECA4E1AC98CF}" = protocol=6 | dir=in | app=c:\users\enrico 3\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E0A04A93-547B-4254-90C9-EB946D479E16}" = protocol=17 | dir=in | app=i:\world of warcraft\launcher.exe | 
"{E1BC25B0-061E-4B3E-A3E0-141B69E8578E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe | 
"{E28B5207-B334-4915-9BBA-8D2368FF56A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E3F02603-DF58-43D6-8041-112B88E9943E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{E76FB006-C775-4701-ADBF-493BA07F4676}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft cataclysm\world of warcraft\launcher.patch.exe | 
"{E859A683-B10A-40A5-BED5-63F1D020B6E5}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{E8744373-E7EA-42DF-9767-3E94E65B87C3}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{EB1BFB39-3525-4B38-A7D2-6514B1F85A2D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe | 
"{EBB5ECF4-2803-4ED0-AA20-1D3AA7338F58}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{ECEADC68-292C-44A9-85AC-FBDD88B2DAF4}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{EE4474EB-492E-4613-81A4-13F5F38CDF0A}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{EFFEE0FA-686B-447C-B23E-2E15BA3DC923}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft-ptr\world of warcraft public test\launcher.patch.exe | 
"{F555D62E-D033-47FB-B235-35235E3BDE08}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F73C2B10-63E3-4B4F-943A-15975C18C968}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{F779F079-7B48-4E26-B584-5BB50F1EDCA2}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{042F2D76-86BD-4085-A0C8-96720335E0FB}C:\windows.old\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\windows.old\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{0C02593F-A276-4628-B15F-4DD328BA85B1}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe | 
"TCP Query User{0E99F862-BB6E-4694-94A0-D35C8EC69EF6}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{1C239DEC-A3E5-44E7-8685-0744C6E50C8E}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{203638CA-BCF2-49EA-BF4B-D2C2009DC6FF}C:\program files\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"TCP Query User{23E79A9D-56C5-445B-AD8E-3BFD04C9925B}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{2567443C-6F40-4711-B4E5-CC250968B9C7}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe | 
"TCP Query User{2991FDBA-9A78-4E8B-A181-8FBA4FCC15E2}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"TCP Query User{31FCA75B-CF8D-4048-820F-7E8AACEE30D5}C:\program files\steam\steamapps\common\r.u.s.e. beta\ruse.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\r.u.s.e. beta\ruse.exe | 
"TCP Query User{36927B97-45F5-43A9-8CA3-E7CB68FC12ED}C:\program files\ea games\command & conquer generäle stunde null\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer generäle stunde null\game.dat | 
"TCP Query User{3B78E397-37BC-4802-A110-8D09075D2B8B}C:\users\public\games\world of warcraft-ptr\world of warcraft public test\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft-ptr\world of warcraft public test\backgrounddownloader.exe | 
"TCP Query User{3CB9AA84-D112-456D-8137-BC78E7C13BA6}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{3D186A1E-BF37-4C1B-BEBF-2BA9F9888ECD}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{465DDC41-92AE-4488-A8E0-1379D1476C32}C:\program files\novo's easy wow server\0.3.9\worldserver.exe" = protocol=6 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\worldserver.exe | 
"TCP Query User{590DF1FC-246B-4D9E-8530-1BB326618A78}C:\program files\atv mudracer\atv.exe" = protocol=6 | dir=in | app=c:\program files\atv mudracer\atv.exe | 
"TCP Query User{6254DC93-D24A-4C4F-AAEB-2D64A8DE5672}C:\users\public\games\world of warcraft-ptr\ptr-installer-de_de.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft-ptr\ptr-installer-de_de.exe | 
"TCP Query User{6B9DBAD1-4685-44F4-B54A-6C76B3CD3926}C:\program files\novo's easy wow server\0.3.9\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\udrive\usr\local\mysql\bin\mysqld-opt.exe | 
"TCP Query User{6E7C3054-5595-458A-8EAF-99D80EF8A6D6}C:\program files\microsoft games\fs2002\fs2002.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\fs2002\fs2002.exe | 
"TCP Query User{76DBEECD-40AE-43E4-9722-7FC0FE3EF525}C:\program files\steam\steamapps\slipknot555_666\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\slipknot555_666\team fortress 2\hl2.exe | 
"TCP Query User{7932AC92-D53B-437E-9021-D487E070BB01}C:\users\public\games\world of warcraft cataclysm\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft cataclysm\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{7968E7DB-DE01-4B5C-8050-28AC13B12A74}C:\program files\novo's easy wow server\0.3.9\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=6 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\udrive\usr\local\apache2\bin\apache_16.exe | 
"TCP Query User{7CCF1F44-4A2A-498C-92C2-581F47BF1C83}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{803603E6-A229-4A83-996A-0137F44C26B8}C:\users\enrico 3\downloads\spiele\teeworlds-0.5.1-win32\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\enrico 3\downloads\spiele\teeworlds-0.5.1-win32\teeworlds_srv.exe | 
"TCP Query User{8930F97E-A2DA-4128-9F45-F50965D5A11E}C:\program files\novo's easy wow server\0.3.9\logonserver.exe" = protocol=6 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\logonserver.exe | 
"TCP Query User{90FD593F-32DE-4688-8518-FA2E9FF0FF12}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
"TCP Query User{91D799E0-5C12-4F9B-9FE8-99A405C0D439}C:\users\enrico 3\downloads\spiele\age of empires 2\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\enrico 3\downloads\spiele\age of empires 2\age of empires ii\empires2.exe | 
"TCP Query User{931FC0FC-99CA-4B1F-93A6-5678D4EC139C}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{9DCFF2A2-1DD3-4611-A149-CC2FDC5D2A25}C:\program files\novo's easy wow server\0.3.9\worldserver.exe" = protocol=6 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\worldserver.exe | 
"TCP Query User{AAE5A97D-B31B-4088-AA66-FFF9D43DA315}C:\users\public\games\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe | 
"TCP Query User{B2721BD7-B17B-41DC-BFB1-5408950700CB}C:\program files\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files\lolreplay\lolreplay.exe | 
"TCP Query User{B7308EA9-CED2-426D-9B9E-BFE2896EFF5E}C:\users\enrico 3\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\enrico 3\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{BBB4031A-1F64-4D7B-AB60-2FF9AC53D2D4}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{BD0D9072-2425-4C2C-A7A8-1BE89DE6FD9F}C:\users\public\games\world of warcraft cataclysm\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft cataclysm\world of warcraft\launcher.exe | 
"TCP Query User{BD63224E-EABF-4087-8BF3-1E9363786327}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{C103BB82-EBAE-4DED-B430-ECDCF876585D}C:\users\enrico 3\downloads\spiele\age of empires 2\age of empires ii\aoe20a_crk.exe" = protocol=6 | dir=in | app=c:\users\enrico 3\downloads\spiele\age of empires 2\age of empires ii\aoe20a_crk.exe | 
"TCP Query User{C10B3F2B-5E3B-45A2-A493-A32B63BD1F81}C:\program files\novo's easy wow server\0.3.9\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\udrive\usr\local\mysql\bin\mysqld-opt.exe | 
"TCP Query User{C9787E1B-C7CC-4306-B72E-0498D984D279}C:\users\enrico\appdata\local\virtualstore\program files\ea games\command & conquer generäle stunde null\game.dat" = protocol=6 | dir=in | app=c:\users\enrico\appdata\local\virtualstore\program files\ea games\command & conquer generäle stunde null\game.dat | 
"TCP Query User{C9B6415F-271B-4173-B086-3F0F664D3920}C:\windows.old\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\windows.old\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{D281CCEE-4FDF-44FF-9C11-CFEBDC6F2B05}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{D813B877-E2FB-4950-BBFD-58F82AA7D90F}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 
"TCP Query User{DEAC7F97-F70C-48C0-9BE2-913B41783DE8}C:\program files\novo's easy wow server\0.3.9\logonserver.exe" = protocol=6 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\logonserver.exe | 
"TCP Query User{E425CE35-2D71-489D-A09B-5BC8545AB347}C:\users\public\games\world of warcraft cataclysm\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft cataclysm\world of warcraft\launcher.exe | 
"TCP Query User{E445DD59-3003-4F03-9673-DC233FF06230}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{E8FC376B-1A33-40FE-9272-981E892B47A5}C:\users\public\games\world of warcraft cataclysm\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft cataclysm\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{E92D6543-7223-405A-BA8A-768721B9D11F}C:\program files\ea games\command & conquer generäle stunde null\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer generäle stunde null\game.dat | 
"TCP Query User{F6420B07-5DE9-479D-82A1-3F423FA7EA2E}C:\program files\novo's easy wow server\0.3.9\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=6 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\udrive\usr\local\apache2\bin\apache_16.exe | 
"UDP Query User{133294DE-33A2-4764-BA0B-C256217D68F7}C:\program files\novo's easy wow server\0.3.9\logonserver.exe" = protocol=17 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\logonserver.exe | 
"UDP Query User{2B47E073-B6DB-495F-946A-729591BBD8CB}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{2D6D322A-1841-4BD6-BC06-BEA6878AC36A}C:\users\public\games\world of warcraft cataclysm\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft cataclysm\world of warcraft\launcher.exe | 
"UDP Query User{33B28A3F-A94F-4B98-A2D0-7C98FB8BEDBE}C:\users\public\games\world of warcraft-ptr\ptr-installer-de_de.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft-ptr\ptr-installer-de_de.exe | 
"UDP Query User{3AAC4E83-0328-4E5E-9811-69D14396B6F7}C:\users\enrico 3\downloads\spiele\age of empires 2\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\enrico 3\downloads\spiele\age of empires 2\age of empires ii\empires2.exe | 
"UDP Query User{3CEF77FA-C1F4-4D5C-84AF-05F30BFB73C9}C:\program files\novo's easy wow server\0.3.9\worldserver.exe" = protocol=17 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\worldserver.exe | 
"UDP Query User{478AA833-001D-4273-B5E4-15B1859C93BA}C:\users\enrico 3\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\enrico 3\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{48867DE7-6119-46C9-9037-34A8AA0070A9}C:\program files\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files\lolreplay\lolreplay.exe | 
"UDP Query User{48B851C8-6D66-4E80-88D9-98EEAB5B013C}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{4EB1F9E6-339F-4F1E-B50A-2FAD2E4044EF}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{4EC26F5E-37C8-45B7-93DD-69665A2348BC}C:\program files\ea games\command & conquer generäle stunde null\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer generäle stunde null\game.dat | 
"UDP Query User{5A0821ED-D550-413C-818B-836A636F6BDF}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"UDP Query User{5C321EC7-B4AA-4630-AFF0-BACC20DB5316}C:\program files\microsoft games\fs2002\fs2002.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\fs2002\fs2002.exe | 
"UDP Query User{646B5C41-7A2B-419C-BE3B-291113C8A8F4}C:\program files\novo's easy wow server\0.3.9\logonserver.exe" = protocol=17 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\logonserver.exe | 
"UDP Query User{72187953-0B45-457F-92A9-B3E2E4765994}C:\program files\atv mudracer\atv.exe" = protocol=17 | dir=in | app=c:\program files\atv mudracer\atv.exe | 
"UDP Query User{79FC75AF-9A2A-479A-83EE-2A3BD9277716}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe | 
"UDP Query User{7AA31B6F-D286-4309-B500-7E06B784FE86}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe | 
"UDP Query User{7EAD8CC3-FFFE-4EAC-9FAD-DDA3FFB0BBED}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
"UDP Query User{7ED2B1AB-B3D3-4D9C-AFBC-E377238B97B1}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{83617943-0475-42D0-BC5A-AB9F79AAE431}C:\program files\novo's easy wow server\0.3.9\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\udrive\usr\local\mysql\bin\mysqld-opt.exe | 
"UDP Query User{8E5B2813-A332-4081-8CBC-F8737D555090}C:\program files\steam\steamapps\slipknot555_666\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\slipknot555_666\team fortress 2\hl2.exe | 
"UDP Query User{937C3882-DDC2-4632-B169-B90D3CC3C4FC}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{94FCBBC1-7F42-4E5E-86EA-F09E4F15B6FD}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{97932A0E-9BD6-4775-8C3A-875FAE6D09B5}C:\users\public\games\world of warcraft-ptr\world of warcraft public test\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft-ptr\world of warcraft public test\backgrounddownloader.exe | 
"UDP Query User{9A37676C-9DD8-49C5-A543-3F230665F03D}C:\users\public\games\world of warcraft cataclysm\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft cataclysm\world of warcraft\launcher.exe | 
"UDP Query User{A1416C37-CFD8-4F55-9141-05A5764E4BB7}C:\windows.old\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\windows.old\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{A6EF2C06-05CE-449B-94B8-C8B35D63FCD9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{A777D189-A009-4201-9800-C153F468F233}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{B9E6F16D-8C95-4A06-BCF7-801D562F7459}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{BB82F3DC-29F1-474C-BD6A-18546C56D728}C:\program files\novo's easy wow server\0.3.9\worldserver.exe" = protocol=17 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\worldserver.exe | 
"UDP Query User{BC68B32E-AC27-4BD9-ADEB-DC3961679398}C:\users\public\games\world of warcraft cataclysm\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft cataclysm\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{BDCD144C-D0F7-49B0-A826-9DEEC0A75104}C:\program files\novo's easy wow server\0.3.9\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=17 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\udrive\usr\local\apache2\bin\apache_16.exe | 
"UDP Query User{CB915346-53D6-410E-855C-211B0B94BB0B}C:\users\enrico 3\downloads\spiele\teeworlds-0.5.1-win32\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\enrico 3\downloads\spiele\teeworlds-0.5.1-win32\teeworlds_srv.exe | 
"UDP Query User{D2976CCE-A16B-42B0-8220-26A1DE0F3AB8}C:\users\enrico\appdata\local\virtualstore\program files\ea games\command & conquer generäle stunde null\game.dat" = protocol=17 | dir=in | app=c:\users\enrico\appdata\local\virtualstore\program files\ea games\command & conquer generäle stunde null\game.dat | 
"UDP Query User{DA3DC77D-7155-4209-9406-A5DE3234556D}C:\program files\steam\steamapps\common\r.u.s.e. beta\ruse.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\r.u.s.e. beta\ruse.exe | 
"UDP Query User{DA43637A-5E4A-4887-AD50-06B7DDA992BD}C:\program files\novo's easy wow server\0.3.9\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=17 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\udrive\usr\local\apache2\bin\apache_16.exe | 
"UDP Query User{DB9CF187-6C08-4CA3-9484-8C60E31683C0}C:\windows.old\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\windows.old\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{DD64A615-1ADB-4675-AFC1-03A15D414841}C:\program files\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"UDP Query User{EA8410B2-F68A-4B7F-8236-93861950B0D4}C:\program files\ea games\command & conquer generäle stunde null\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer generäle stunde null\game.dat | 
"UDP Query User{EAD352F0-D289-4AF6-B65F-3D4D984CEEF4}C:\program files\novo's easy wow server\0.3.9\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\udrive\usr\local\mysql\bin\mysqld-opt.exe | 
"UDP Query User{EBA9E3E3-38F4-43EB-950E-8C9E9FA59301}C:\users\enrico 3\downloads\spiele\age of empires 2\age of empires ii\aoe20a_crk.exe" = protocol=17 | dir=in | app=c:\users\enrico 3\downloads\spiele\age of empires 2\age of empires ii\aoe20a_crk.exe | 
"UDP Query User{EC45B306-9F22-44F0-99EE-1DF0AA072CDD}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 
"UDP Query User{F12B719C-BD59-4AE6-931E-3E9380DD34A4}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{F162B1E3-45A3-49FE-84FE-1DF71C3FF69C}C:\users\public\games\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe | 
"UDP Query User{F7F11C46-1618-45CB-B8F4-1D37A8B99395}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{FA8205AF-B41B-43BE-84E6-39C05C9F75A5}C:\users\public\games\world of warcraft cataclysm\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft cataclysm\world of warcraft\backgrounddownloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"!? Minitracks - TmNations Add-On" = !? Minitracks - TmNations Add-On
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 26
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink Wireless LAN
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{32A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java(TM) SE Development Kit 6 Update 21
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53480880-18E0-4097-A460-F22DD3AC6D70}" = O&O DiskRecovery
"{5BEBBA7E-9856-45C0-982C-CD5221C202EA}" = Fahrschule 2008
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62175CAB-909A-44B5-AA9F-98F111A87F6A}" = Eisenbahn.exe professionell
"{6AF3D486-C45C-472F-A5C1-99C7A4C18127}" = BROCKHAUS DIE ENZYKLOPÄDIE
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{704DCF9E-07D3-4C6C-BBD6-E19DA700A37B}" = NIBObee Library 1.4
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BD0D8F8-A13C-48D2-B201-4AD29A48AF34}" = Google SketchUp 7
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7FD8D3A3-6625-4092-AF79-D216090DB960}_is1" = TechForce
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{990036E7-D647-45A4-8F7F-1CB277EF0ABD}" = RollerCoaster Tycoon 3 Demo
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7172F1-66F1-603F-7E54-35EBB9F6E2EC}" = dLAN Cockpit
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"ATV Mudracer" = ATV Mudracer
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Comanche 4" = Comanche 4
"conduitEngine" = Conduit Engine
"dlancockpit" = devolo dLAN Cockpit
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"facemoods" = facemoods
"FarmingSimulator2009DE_is1" = Landwirtschafts-Simulator 2009
"Flight Simulator 8.0" = Microsoft Flight Simulator 2002
"Fraps" = Fraps (remove only)
"FreePDF_XP" = FreePDF (Remove only)
"giants_editor_4.1.2_is1" = GIANTS Editor 4.1.2
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"HyperCam 2" = HyperCam 2
"ICQToolbar" = ICQ Toolbar
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"IPIX ActiveX Viewer" = IPIX ActiveX Viewer
"IPIX Netscape Plugin Viewer" = IPIX Netscape Plugin Viewer
"IPIX Viewer" = IPIX Viewer
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"Mozilla Thunderbird (6.0.2)" = Mozilla Thunderbird (6.0.2)
"NaturalMotion endorphin_is1" = NaturalMotion endorphin 2.7.1
"Notepad++" = Notepad++
"Novo's Easy WoW Server 0.3.9" = Novo's Easy WoW Server 0.3.9
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Opera 11.51.1087" = Opera 11.51
"PhotoFiltre" = PhotoFiltre
"PriceGong" = PriceGong 2.1.0
"PunkBusterSvc" = PunkBuster Services
"Quest3D Viewers 3.0e_is1" = Quest3D Viewers 3.0e
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Samsung CLP-320 Series" = Wartung Samsung CLP-320 Series
"Sauerbraten" = Sauerbraten
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SpeedFan" = SpeedFan (remove only)
"Steam App 12910" = Audiosurf Demo
"Steam App 400" = Portal
"Steam App 630" = Alien Swarm
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"TeamViewer 6" = TeamViewer 6
"TuneUp Utilities" = TuneUp Utilities
"Unlocker" = Unlocker 1.8.7
"VLC media player" = VLC media player 1.1.11
"WildTangent wildgames Master Uninstall" = WildGames
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"X10Hardware" = X10 Hardware(TM)
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
"XMedia Recode" = XMedia Recode 3.0.2.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.09.2011 16:41:02 | Computer Name = Enrico-PC | Source = Application Hang | ID = 1002
Description = Programm speed2.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 5ac  Anfangszeit: 01cc7a30fcf62370  Zeitpunkt der Beendigung:
 48
 
Error - 23.09.2011 16:59:24 | Computer Name = Enrico-PC | Source = Application Hang | ID = 1002
Description = Programm speed2.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1288  Anfangszeit: 01cc7a311c5fd350  Zeitpunkt der Beendigung:
 48
 
Error - 23.09.2011 16:59:55 | Computer Name = Enrico-PC | Source = Application Hang | ID = 1002
Description = Programm speed2.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 12a4  Anfangszeit: 01cc7a33acb510d0  Zeitpunkt der Beendigung:
 54
 
Error - 23.09.2011 19:28:56 | Computer Name = Enrico-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 24.09.2011 06:57:03 | Computer Name = Enrico-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.09.2011 08:07:53 | Computer Name = Enrico-PC | Source = Application Hang | ID = 1002
Description = Programm speed2.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 12c4  Anfangszeit: 01cc7aae4602f128  Zeitpunkt der Beendigung:
 47
 
Error - 24.09.2011 08:14:38 | Computer Name = Enrico-PC | Source = Application Hang | ID = 1002
Description = Programm speed2.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 16f8  Anfangszeit: 01cc7ab298a816e8  Zeitpunkt der Beendigung:
 58
 
Error - 24.09.2011 10:18:23 | Computer Name = Enrico-PC | Source = Application Hang | ID = 1002
Description = Programm speed2.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 108c  Anfangszeit: 01cc7ac44ace59e8  Zeitpunkt der Beendigung:
 49
 
Error - 24.09.2011 11:14:31 | Computer Name = Enrico-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.09.2011 16:30:27 | Computer Name = Enrico-PC | Source = VSS | ID = 8193
Description = 
 
[ Media Center Events ]
Error - 13.12.2009 16:08:40 | Computer Name = Enrico-PC | Source = ehRecvr | ID = 4
Description = 
 
Error - 13.12.2009 16:08:45 | Computer Name = Enrico-PC | Source = ehRecvr | ID = 4
Description = 
 
Error - 29.08.2011 12:02:52 | Computer Name = Enrico-PC | Source = ehRecvr | ID = 4
Description = 
 
Error - 29.08.2011 12:02:56 | Computer Name = Enrico-PC | Source = ehRecvr | ID = 4
Description = 
 
[ System Events ]
Error - 23.09.2011 14:30:39 | Computer Name = Enrico-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 23.09.2011 14:30:39 | Computer Name = Enrico-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.09.2011 06:57:03 | Computer Name = Enrico-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.09.2011 06:57:03 | Computer Name = Enrico-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.09.2011 06:57:03 | Computer Name = Enrico-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.09.2011 06:57:03 | Computer Name = Enrico-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.09.2011 07:32:07 | Computer Name = Enrico-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 24.09.2011 11:14:32 | Computer Name = Enrico-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.09.2011 11:14:32 | Computer Name = Enrico-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.09.2011 11:14:32 | Computer Name = Enrico-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---

cosinus · 26.09.2011, 10:07

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\20101005145302\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC EC AA BB A5 9A CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\20101005145302\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "XfireXO Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2431245&SearchSource=13"
[2010.05.13 20:24:54 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011.01.22 17:13:26 | 000,000,000 | ---D | M] (NCH Toolbar) -- C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
[2010.04.22 15:02:38 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.01.22 17:12:41 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\ffxtlbr@Facemoods.com
[2010.04.21 12:06:36 | 000,000,917 | ---- | M] () -- C:\Users\Enrico 3\AppData\Roaming\Mozilla\Firefox\Profiles\lx33bz2r.default\searchplugins\conduit.xml
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\20101005145302\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com)
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.06.12 04:27:33 | 000,000,140 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{30ff0ba7-8a82-11de-b60f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{30ff0ba7-8a82-11de-b60f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup\rsrc\AUTORUN.EXE -- [2007.03.23 01:57:09 | 000,051,336 | R--- | M] ()
O33 - MountPoints2\{30ff0ba7-8a82-11de-b60f-806e6f6e6963}\Shell\dinstall\command - "" = E:\DirectX\DXSETUP.exe -- [2007.06.01 05:23:56 | 000,503,144 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{f8ec7caf-748b-11df-b1dc-b9424135f8cf}\Shell - "" = Autorun
O33 - MountPoints2\{f8ec7caf-748b-11df-b1dc-b9424135f8cf}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-6-0-18-100007512-100013288-100025538-2270.com d:\
O33 - MountPoints2\{f8ec7caf-748b-11df-b1dc-b9424135f8cf}\Shell\Open\command - "" = RECYCLER\S-6-0-18-100007512-100013288-100025538-2270.com d:\
[2010.02.02 16:40:40 | 000,000,000 | -HSD | M] -- C:\Users\Enrico 3\AppData\Roaming\.#
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Prayer · 26.09.2011, 12:39

Welche Dateien beinhaltet das? Das ganze System oder nur einzelne Programme? Damit ich sie z.B. vorher auf eine externe Festplatte speichere.

cosinus · 26.09.2011, 13:01

Ich fix damit schädliche und müllige Einträge.
Selber sichern brauchst du nichts denn:

Zitat:

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Prayer · 26.09.2011, 16:33

Ok, fix wurde durchgeführt.

Ergebnis:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ deleted successfully.
C:\Programme\XfireXO\tbXfir.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\20101005145302\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
C:\Programme\softonic-de3\tbsoft.dll moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
File C:\Programme\XfireXO\tbXfir.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\20101005145302\ICQToolBar.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c2db4fe6-8409-45ce-8010-189a7b5cce86} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\tbsoft.dll not found.
Prefs.js: "Google" removed from browser.search.defaultenginename
Prefs.js: "XfireXO Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "XfireXO Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.conduit.com/?ctid=CT2431245&SearchSource=13" removed from browser.startup.homepage
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\searchplugin folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\META-INF folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\lib folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\defaults folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\chrome folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\searchplugin folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\META-INF folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\lib folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\defaults folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\chrome folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86} folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\searchplugin folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\META-INF folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\lib folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\defaults folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\chrome folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\ffxtlbr@Facemoods.com\defaults folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\ffxtlbr@Facemoods.com\content\preferences folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\ffxtlbr@Facemoods.com\content\images folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\ffxtlbr@Facemoods.com\content folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\ffxtlbr@Facemoods.com\components folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\ffxtlbr@Facemoods.com\chrome folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\ffxtlbr@Facemoods.com folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\Mozilla\Firefox\Profiles\lx33bz2r.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}\ deleted successfully.
C:\Programme\PriceGong\2.1.0\PriceGongIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Programme\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
File C:\Programme\XfireXO\tbXfir.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
C:\Programme\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Programme\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
File C:\Programme\XfireXO\tbXfir.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\20101005145302\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ deleted successfully.
C:\Programme\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}\ not found.
File C:\Programme\XfireXO\tbXfir.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\facemoods not found.
C:\Programme\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30ff0ba7-8a82-11de-b60f-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30ff0ba7-8a82-11de-b60f-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30ff0ba7-8a82-11de-b60f-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30ff0ba7-8a82-11de-b60f-806e6f6e6963}\ not found.
File move failed. E:\Setup\rsrc\AUTORUN.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30ff0ba7-8a82-11de-b60f-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30ff0ba7-8a82-11de-b60f-806e6f6e6963}\ not found.
File move failed. E:\DirectX\DXSETUP.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8ec7caf-748b-11df-b1dc-b9424135f8cf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8ec7caf-748b-11df-b1dc-b9424135f8cf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8ec7caf-748b-11df-b1dc-b9424135f8cf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8ec7caf-748b-11df-b1dc-b9424135f8cf}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-6-0-18-100007512-100013288-100025538-2270.com d:\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8ec7caf-748b-11df-b1dc-b9424135f8cf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8ec7caf-748b-11df-b1dc-b9424135f8cf}\ not found.
File C:\RECYCLER\S-6-0-18-100007512-100013288-100025538-2270.com d:\ not found.
C:\Users\Enrico 3\AppData\Roaming\.# folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Enrico
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 205137419 bytes
->Java cache emptied: 37562594 bytes
->FireFox cache emptied: 101230927 bytes
->Opera cache emptied: 17405092 bytes
->Flash cache emptied: 74489 bytes
 
User: Enrico 3
->Temp folder emptied: 427352802 bytes
->Temporary Internet Files folder emptied: 472070605 bytes
->Java cache emptied: 125539 bytes
->FireFox cache emptied: 31484610 bytes
->Opera cache emptied: 14270405 bytes
->Flash cache emptied: 154900 bytes
 
User: Gast
->Temp folder emptied: 163032 bytes
->Temporary Internet Files folder emptied: 3698869 bytes
->Opera cache emptied: 19865868 bytes
->Flash cache emptied: 42524 bytes
 
User: Public
 
User: TEMP
->Temp folder emptied: 130442 bytes
->Temporary Internet Files folder emptied: 66340 bytes
->Flash cache emptied: 41044 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3221600 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 74010227 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.343,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.29.1 log created on 09262011_172336

Files\Folders moved on Reboot...
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\Setup\rsrc\AUTORUN.EXE scheduled to be moved on reboot.
File move failed. E:\DirectX\DXSETUP.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Kommt danach noch etwas?

Aber bis hierhin schonmal DANKE! :-)

cosinus · 26.09.2011, 16:36

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Prayer · 26.09.2011, 17:26

Kaspersky TDSSKiller:

Code:

ATTFilter

18:22:11.0916 3704	TDSS rootkit removing tool 2.6.1.0 Sep 26 2011 09:21:32
18:22:12.0191 3704	============================================================
18:22:12.0191 3704	Current date / time: 2011/09/26 18:22:12.0191
18:22:12.0191 3704	SystemInfo:
18:22:12.0191 3704	
18:22:12.0191 3704	OS Version: 6.0.6002 ServicePack: 2.0
18:22:12.0191 3704	Product type: Workstation
18:22:12.0191 3704	ComputerName: ENRICO-PC
18:22:12.0191 3704	UserName: Enrico 3
18:22:12.0191 3704	Windows directory: C:\Windows
18:22:12.0191 3704	System windows directory: C:\Windows
18:22:12.0191 3704	Processor architecture: Intel x86
18:22:12.0191 3704	Number of processors: 4
18:22:12.0191 3704	Page size: 0x1000
18:22:12.0191 3704	Boot type: Normal boot
18:22:12.0191 3704	============================================================
18:22:13.0486 3704	Initialize success
18:23:52.0368 5564	============================================================
18:23:52.0368 5564	Scan started
18:23:52.0368 5564	Mode: Manual; 
18:23:52.0368 5564	============================================================
18:23:54.0323 5564	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:23:54.0328 5564	ACPI - ok
18:23:54.0393 5564	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:23:54.0423 5564	adp94xx - ok
18:23:54.0458 5564	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:23:54.0468 5564	adpahci - ok
18:23:54.0498 5564	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:23:54.0503 5564	adpu160m - ok
18:23:54.0533 5564	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:23:54.0538 5564	adpu320 - ok
18:23:54.0628 5564	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:23:54.0633 5564	AFD - ok
18:23:54.0663 5564	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:23:54.0668 5564	agp440 - ok
18:23:54.0693 5564	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:23:54.0698 5564	aic78xx - ok
18:23:54.0723 5564	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:23:54.0723 5564	aliide - ok
18:23:54.0748 5564	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:23:54.0758 5564	amdagp - ok
18:23:54.0773 5564	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:23:54.0798 5564	amdide - ok
18:23:54.0828 5564	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:23:54.0828 5564	AmdK7 - ok
18:23:54.0843 5564	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:23:54.0843 5564	AmdK8 - ok
18:23:54.0873 5564	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:23:54.0873 5564	arc - ok
18:23:54.0893 5564	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:23:54.0893 5564	arcsas - ok
18:23:54.0938 5564	arusb_lh        (71c88479c98a5cfbf5ddbb9de64fbb0f) C:\Windows\system32\DRIVERS\arusb_lh.sys
18:23:54.0943 5564	arusb_lh - ok
18:23:54.0953 5564	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:23:54.0973 5564	AsyncMac - ok
18:23:55.0020 5564	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:23:55.0020 5564	atapi - ok
18:23:55.0082 5564	atksgt          (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys
18:23:55.0082 5564	atksgt - ok
18:23:55.0129 5564	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
18:23:55.0129 5564	avgio - ok
18:23:55.0176 5564	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
18:23:55.0191 5564	avgntflt - ok
18:23:55.0207 5564	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
18:23:55.0222 5564	avipbb - ok
18:23:55.0238 5564	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:23:55.0238 5564	Beep - ok
18:23:55.0285 5564	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:23:55.0285 5564	blbdrive - ok
18:23:55.0316 5564	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:23:55.0316 5564	bowser - ok
18:23:55.0332 5564	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:23:55.0332 5564	BrFiltLo - ok
18:23:55.0347 5564	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:23:55.0363 5564	BrFiltUp - ok
18:23:55.0378 5564	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:23:55.0378 5564	Brserid - ok
18:23:55.0410 5564	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:23:55.0410 5564	BrSerWdm - ok
18:23:55.0441 5564	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:23:55.0441 5564	BrUsbMdm - ok
18:23:55.0456 5564	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:23:55.0456 5564	BrUsbSer - ok
18:23:55.0472 5564	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:23:55.0472 5564	BTHMODEM - ok
18:23:55.0488 5564	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:23:55.0508 5564	cdfs - ok
18:23:55.0543 5564	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:23:55.0543 5564	cdrom - ok
18:23:55.0558 5564	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:23:55.0558 5564	circlass - ok
18:23:55.0608 5564	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:23:55.0613 5564	CLFS - ok
18:23:55.0648 5564	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:23:55.0648 5564	cmdide - ok
18:23:55.0658 5564	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
18:23:55.0658 5564	Compbatt - ok
18:23:55.0693 5564	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:23:55.0698 5564	crcdisk - ok
18:23:55.0723 5564	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:23:55.0733 5564	Crusoe - ok
18:23:55.0758 5564	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:23:55.0778 5564	DfsC - ok
18:23:55.0813 5564	DgiVecp - ok
18:23:55.0823 5564	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:23:55.0833 5564	disk - ok
18:23:55.0858 5564	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:23:55.0863 5564	drmkaud - ok
18:23:55.0913 5564	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:23:55.0958 5564	DXGKrnl - ok
18:23:55.0998 5564	e1express       (2db565612e74e0c01780670270a6fd7f) C:\Windows\system32\DRIVERS\e1e6032.sys
18:23:55.0998 5564	e1express - ok
18:23:56.0033 5564	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:23:56.0033 5564	E1G60 - ok
18:23:56.0068 5564	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:23:56.0068 5564	Ecache - ok
18:23:56.0113 5564	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:23:56.0118 5564	elxstor - ok
18:23:56.0143 5564	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:23:56.0143 5564	ErrDev - ok
18:23:56.0208 5564	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:23:56.0208 5564	exfat - ok
18:23:56.0253 5564	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:23:56.0268 5564	fastfat - ok
18:23:56.0288 5564	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:23:56.0293 5564	fdc - ok
18:23:56.0308 5564	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:23:56.0308 5564	FileInfo - ok
18:23:56.0323 5564	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:23:56.0328 5564	Filetrace - ok
18:23:56.0343 5564	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:23:56.0348 5564	flpydisk - ok
18:23:56.0388 5564	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:23:56.0393 5564	FltMgr - ok
18:23:56.0418 5564	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:23:56.0418 5564	Fs_Rec - ok
18:23:56.0463 5564	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:23:56.0468 5564	gagp30kx - ok
18:23:56.0503 5564	GEARAspiWDM     (4ac51459805264affd5f6fdfb9d9235f) C:\Windows\system32\Drivers\GEARAspiWDM.sys
18:23:56.0503 5564	GEARAspiWDM - ok
18:23:56.0553 5564	giveio          (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
18:23:56.0553 5564	giveio - ok
18:23:56.0623 5564	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:23:56.0628 5564	HdAudAddService - ok
18:23:56.0696 5564	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:23:56.0727 5564	HDAudBus - ok
18:23:56.0758 5564	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:23:56.0774 5564	HidBth - ok
18:23:56.0774 5564	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:23:56.0774 5564	HidIr - ok
18:23:56.0820 5564	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:23:56.0820 5564	HidUsb - ok
18:23:56.0852 5564	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:23:56.0852 5564	HpCISSs - ok
18:23:56.0914 5564	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:23:56.0930 5564	HTTP - ok
18:23:56.0961 5564	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:23:56.0961 5564	i2omp - ok
18:23:56.0976 5564	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:23:56.0976 5564	i8042prt - ok
18:23:57.0008 5564	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:23:57.0008 5564	iaStorV - ok
18:23:57.0039 5564	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:23:57.0054 5564	iirsp - ok
18:23:57.0148 5564	IntcAzAudAddService (219ca9a36d6de2ec04f958c907673436) C:\Windows\system32\drivers\RTKVHDA.sys
18:23:57.0169 5564	IntcAzAudAddService - ok
18:23:57.0179 5564	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:23:57.0184 5564	intelide - ok
18:23:57.0204 5564	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:23:57.0204 5564	intelppm - ok
18:23:57.0239 5564	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:23:57.0239 5564	IpFilterDriver - ok
18:23:57.0249 5564	IpInIp - ok
18:23:57.0274 5564	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:23:57.0274 5564	IPMIDRV - ok
18:23:57.0294 5564	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:23:57.0299 5564	IPNAT - ok
18:23:57.0334 5564	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:23:57.0334 5564	IRENUM - ok
18:23:57.0374 5564	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:23:57.0374 5564	isapnp - ok
18:23:57.0414 5564	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:23:57.0419 5564	iScsiPrt - ok
18:23:57.0439 5564	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:23:57.0444 5564	iteatapi - ok
18:23:57.0454 5564	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:23:57.0454 5564	iteraid - ok
18:23:57.0499 5564	k750bus         (fe8300320281d658a7854d5cfc02a63f) C:\Windows\system32\DRIVERS\k750bus.sys
18:23:57.0499 5564	k750bus - ok
18:23:57.0529 5564	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:23:57.0529 5564	kbdclass - ok
18:23:57.0569 5564	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:23:57.0584 5564	kbdhid - ok
18:23:57.0631 5564	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
18:23:57.0693 5564	KSecDD - ok
18:23:57.0725 5564	Lavasoft Kernexplorer - ok
18:23:57.0756 5564	lirsgt          (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
18:23:57.0756 5564	lirsgt - ok
18:23:57.0803 5564	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:23:57.0818 5564	lltdio - ok
18:23:57.0849 5564	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:23:57.0849 5564	LSI_FC - ok
18:23:57.0865 5564	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:23:57.0865 5564	LSI_SAS - ok
18:23:57.0881 5564	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:23:57.0896 5564	LSI_SCSI - ok
18:23:57.0896 5564	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:23:57.0896 5564	luafv - ok
18:23:57.0912 5564	MBAMSwissArmy - ok
18:23:57.0927 5564	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:23:57.0927 5564	megasas - ok
18:23:57.0959 5564	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:23:57.0974 5564	MegaSR - ok
18:23:57.0979 5564	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:23:57.0984 5564	Modem - ok
18:23:57.0999 5564	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:23:57.0999 5564	monitor - ok
18:23:58.0024 5564	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:23:58.0024 5564	mouclass - ok
18:23:58.0054 5564	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:23:58.0054 5564	mouhid - ok
18:23:58.0069 5564	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:23:58.0069 5564	MountMgr - ok
18:23:58.0094 5564	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:23:58.0104 5564	mpio - ok
18:23:58.0129 5564	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:23:58.0129 5564	mpsdrv - ok
18:23:58.0154 5564	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:23:58.0154 5564	Mraid35x - ok
18:23:58.0209 5564	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:23:58.0234 5564	MRxDAV - ok
18:23:58.0264 5564	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:23:58.0269 5564	mrxsmb - ok
18:23:58.0304 5564	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:23:58.0304 5564	mrxsmb10 - ok
18:23:58.0319 5564	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:23:58.0319 5564	mrxsmb20 - ok
18:23:58.0339 5564	msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
18:23:58.0339 5564	msahci - ok
18:23:58.0364 5564	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:23:58.0364 5564	msdsm - ok
18:23:58.0384 5564	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:23:58.0399 5564	Msfs - ok
18:23:58.0409 5564	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:23:58.0419 5564	msisadrv - ok
18:23:58.0444 5564	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:23:58.0444 5564	MSKSSRV - ok
18:23:58.0464 5564	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:23:58.0489 5564	MSPCLOCK - ok
18:23:58.0509 5564	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:23:58.0514 5564	MSPQM - ok
18:23:58.0544 5564	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:23:58.0549 5564	MsRPC - ok
18:23:58.0569 5564	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:23:58.0569 5564	mssmbios - ok
18:23:58.0594 5564	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:23:58.0599 5564	MSTEE - ok
18:23:58.0614 5564	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:23:58.0614 5564	Mup - ok
18:23:58.0649 5564	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:23:58.0654 5564	NativeWifiP - ok
18:23:58.0709 5564	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:23:58.0719 5564	NDIS - ok
18:23:58.0754 5564	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:23:58.0754 5564	NdisTapi - ok
18:23:58.0789 5564	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:23:58.0789 5564	Ndisuio - ok
18:23:58.0814 5564	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:23:58.0814 5564	NdisWan - ok
18:23:58.0839 5564	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:23:58.0839 5564	NDProxy - ok
18:23:58.0849 5564	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:23:58.0874 5564	NetBIOS - ok
18:23:58.0899 5564	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:23:58.0899 5564	netbt - ok
18:23:58.0939 5564	netr28u         (df938648626332e830a9bd153110aa75) C:\Windows\system32\DRIVERS\netr28u.sys
18:23:58.0944 5564	netr28u - ok
18:23:58.0969 5564	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:23:58.0989 5564	nfrd960 - ok
18:23:59.0009 5564	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:23:59.0009 5564	Npfs - ok
18:23:59.0054 5564	NPF_devolo      (75ac610a7481cb1f343dc971249bcb19) C:\Windows\system32\drivers\npf_devolo.sys
18:23:59.0074 5564	NPF_devolo - ok
18:23:59.0094 5564	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:23:59.0094 5564	nsiproxy - ok
18:23:59.0159 5564	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:23:59.0200 5564	Ntfs - ok
18:23:59.0231 5564	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:23:59.0231 5564	ntrigdigi - ok
18:23:59.0262 5564	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:23:59.0262 5564	Null - ok
18:23:59.0574 5564	nvlddmkm        (4152708c0c24e30dae7fa87d5afe1d7b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:23:59.0833 5564	nvlddmkm - ok
18:23:59.0865 5564	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:23:59.0880 5564	nvraid - ok
18:23:59.0896 5564	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:23:59.0896 5564	nvstor - ok
18:23:59.0943 5564	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:23:59.0974 5564	nv_agp - ok
18:23:59.0974 5564	NwlnkFlt - ok
18:24:00.0005 5564	NwlnkFwd - ok
18:24:00.0021 5564	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
18:24:00.0036 5564	ohci1394 - ok
18:24:00.0177 5564	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:24:00.0177 5564	Parport - ok
18:24:00.0270 5564	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:24:00.0286 5564	partmgr - ok
18:24:00.0301 5564	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:24:00.0301 5564	Parvdm - ok
18:24:00.0348 5564	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:24:00.0348 5564	pci - ok
18:24:00.0379 5564	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
18:24:00.0379 5564	pciide - ok
18:24:00.0414 5564	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:24:00.0419 5564	pcmcia - ok
18:24:00.0514 5564	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:24:00.0534 5564	PEAUTH - ok
18:24:00.0594 5564	Ph3xIB32        (9f2f541c52cd7a452e235e885f7d95de) C:\Windows\system32\DRIVERS\Ph3xIB32.sys
18:24:00.0629 5564	Ph3xIB32 - ok
18:24:00.0694 5564	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:24:00.0694 5564	PptpMiniport - ok
18:24:00.0724 5564	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:24:00.0724 5564	Processor - ok
18:24:00.0769 5564	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:24:00.0769 5564	PSched - ok
18:24:00.0844 5564	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:24:00.0879 5564	ql2300 - ok
18:24:00.0899 5564	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:24:00.0899 5564	ql40xx - ok
18:24:00.0929 5564	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:24:00.0929 5564	QWAVEdrv - ok
18:24:00.0964 5564	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:24:00.0964 5564	RasAcd - ok
18:24:00.0989 5564	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:24:00.0989 5564	Rasl2tp - ok
18:24:01.0029 5564	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:24:01.0029 5564	RasPppoe - ok
18:24:01.0054 5564	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:24:01.0059 5564	RasSstp - ok
18:24:01.0116 5564	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:24:01.0132 5564	rdbss - ok
18:24:01.0163 5564	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:24:01.0163 5564	RDPCDD - ok
18:24:01.0210 5564	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:24:01.0210 5564	rdpdr - ok
18:24:01.0241 5564	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:24:01.0241 5564	RDPENCDD - ok
18:24:01.0257 5564	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
18:24:01.0272 5564	RDPWD - ok
18:24:01.0303 5564	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:24:01.0303 5564	rspndr - ok
18:24:01.0335 5564	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:24:01.0335 5564	sbp2port - ok
18:24:01.0413 5564	SCREAMINGBDRIVER (a689d522eedf89401e1da2fe883aa7ec) C:\Windows\system32\drivers\ScreamingBAudio.sys
18:24:01.0413 5564	SCREAMINGBDRIVER - ok
18:24:01.0459 5564	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:24:01.0459 5564	secdrv - ok
18:24:01.0491 5564	Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
18:24:01.0491 5564	Serenum - ok
18:24:01.0522 5564	Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
18:24:01.0537 5564	Serial - ok
18:24:01.0553 5564	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:24:01.0569 5564	sermouse - ok
18:24:01.0600 5564	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:24:01.0600 5564	sffdisk - ok
18:24:01.0605 5564	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:24:01.0605 5564	sffp_mmc - ok
18:24:01.0630 5564	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:24:01.0630 5564	sffp_sd - ok
18:24:01.0675 5564	sfloppy         (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
18:24:01.0680 5564	sfloppy - ok
18:24:01.0742 5564	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:24:01.0742 5564	sisagp - ok
18:24:01.0773 5564	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:24:01.0773 5564	SiSRaid2 - ok
18:24:01.0789 5564	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:24:01.0805 5564	SiSRaid4 - ok
18:24:01.0851 5564	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:24:01.0851 5564	Smb - ok
18:24:01.0898 5564	speedfan        (3fa2e254bfbce52b3c6f1bf23aab6911) C:\Windows\system32\speedfan.sys
18:24:01.0898 5564	speedfan - ok
18:24:01.0914 5564	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:24:01.0929 5564	spldr - ok
18:24:01.0961 5564	sptd            (a80cd850d69d996c832bea37e3a6aa1e) C:\Windows\system32\Drivers\sptd.sys
18:24:01.0961 5564	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e
18:24:01.0976 5564	sptd ( LockedFile.Multi.Generic ) - warning
18:24:01.0976 5564	sptd - detected LockedFile.Multi.Generic (1)
18:24:02.0012 5564	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:24:02.0012 5564	srv - ok
18:24:02.0032 5564	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:24:02.0032 5564	srv2 - ok
18:24:02.0042 5564	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:24:02.0047 5564	srvnet - ok
18:24:02.0087 5564	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:24:02.0087 5564	ssmdrv - ok
18:24:02.0172 5564	SSPORT          (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
18:24:02.0172 5564	SSPORT - ok
18:24:02.0222 5564	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:24:02.0227 5564	swenum - ok
18:24:02.0252 5564	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:24:02.0252 5564	Symc8xx - ok
18:24:02.0262 5564	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:24:02.0267 5564	Sym_hi - ok
18:24:02.0292 5564	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:24:02.0292 5564	Sym_u3 - ok
18:24:02.0402 5564	Tcpip           (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
18:24:02.0427 5564	Tcpip - ok
18:24:02.0472 5564	Tcpip6          (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
18:24:02.0477 5564	Tcpip6 - ok
18:24:02.0522 5564	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:24:02.0522 5564	tcpipreg - ok
18:24:02.0537 5564	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:24:02.0537 5564	TDPIPE - ok
18:24:02.0572 5564	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:24:02.0572 5564	TDTCP - ok
18:24:02.0617 5564	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:24:02.0652 5564	tdx - ok
18:24:02.0707 5564	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:24:02.0707 5564	TermDD - ok
18:24:02.0757 5564	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:24:02.0757 5564	tssecsrv - ok
18:24:02.0842 5564	TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
18:24:02.0842 5564	TuneUpUtilitiesDrv - ok
18:24:02.0862 5564	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:24:02.0867 5564	tunmp - ok
18:24:02.0962 5564	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:24:02.0962 5564	tunnel - ok
18:24:02.0992 5564	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:24:02.0992 5564	uagp35 - ok
18:24:03.0052 5564	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:24:03.0057 5564	udfs - ok
18:24:03.0087 5564	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:24:03.0087 5564	uliagpkx - ok
18:24:03.0132 5564	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:24:03.0137 5564	uliahci - ok
18:24:03.0152 5564	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:24:03.0157 5564	UlSata - ok
18:24:03.0177 5564	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:24:03.0177 5564	ulsata2 - ok
18:24:03.0207 5564	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:24:03.0207 5564	umbus - ok
18:24:03.0227 5564	UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys
18:24:03.0227 5564	UnlockerDriver5 - ok
18:24:03.0272 5564	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:24:03.0277 5564	usbccgp - ok
18:24:03.0297 5564	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:24:03.0297 5564	usbcir - ok
18:24:03.0337 5564	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:24:03.0342 5564	usbehci - ok
18:24:03.0397 5564	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:24:03.0397 5564	usbhub - ok
18:24:03.0427 5564	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:24:03.0432 5564	usbohci - ok
18:24:03.0462 5564	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:24:03.0462 5564	usbprint - ok
18:24:03.0477 5564	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:24:03.0482 5564	USBSTOR - ok
18:24:03.0527 5564	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:24:03.0527 5564	usbuhci - ok
18:24:03.0577 5564	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:24:03.0577 5564	vga - ok
18:24:03.0602 5564	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:24:03.0602 5564	VgaSave - ok
18:24:03.0627 5564	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:24:03.0632 5564	viaagp - ok
18:24:03.0652 5564	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:24:03.0667 5564	ViaC7 - ok
18:24:03.0687 5564	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:24:03.0692 5564	viaide - ok
18:24:03.0739 5564	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:24:03.0754 5564	volmgr - ok
18:24:03.0801 5564	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:24:03.0801 5564	volmgrx - ok
18:24:03.0832 5564	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:24:03.0832 5564	volsnap - ok
18:24:03.0863 5564	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:24:03.0863 5564	vsmraid - ok
18:24:03.0895 5564	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:24:03.0895 5564	WacomPen - ok
18:24:03.0926 5564	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:24:03.0926 5564	Wanarp - ok
18:24:03.0926 5564	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:24:03.0926 5564	Wanarpv6 - ok
18:24:03.0973 5564	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:24:03.0988 5564	Wd - ok
18:24:04.0019 5564	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:24:04.0019 5564	Wdf01000 - ok
18:24:04.0175 5564	WinUSB          (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
18:24:04.0175 5564	WinUSB - ok
18:24:04.0207 5564	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
18:24:04.0207 5564	WmiAcpi - ok
18:24:04.0238 5564	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:24:04.0238 5564	ws2ifsl - ok
18:24:04.0258 5564	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:24:04.0258 5564	WUDFRd - ok
18:24:04.0368 5564	X10Hid          (ab2d77bf7222b007717abb61b15f9ae2) C:\Windows\system32\Drivers\x10hid.sys
18:24:04.0368 5564	X10Hid - ok
18:24:04.0403 5564	XUIF            (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys
18:24:04.0408 5564	XUIF - ok
18:24:04.0423 5564	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:24:04.0433 5564	\Device\Harddisk0\DR0 - ok
18:24:04.0438 5564	Boot (0x1200)   (33f095329e029fd2bc432b27d55a0158) \Device\Harddisk0\DR0\Partition0
18:24:04.0438 5564	\Device\Harddisk0\DR0\Partition0 - ok
18:24:04.0468 5564	Boot (0x1200)   (5a2bde9dbfaad79631b0ac850acf7003) \Device\Harddisk0\DR0\Partition1
18:24:04.0468 5564	\Device\Harddisk0\DR0\Partition1 - ok
18:24:04.0468 5564	============================================================
18:24:04.0468 5564	Scan finished
18:24:04.0468 5564	============================================================
18:24:04.0478 4648	Detected object count: 1
18:24:04.0478 4648	Actual detected object count: 1
18:24:37.0146 4648	sptd ( LockedFile.Multi.Generic ) - skipped by user
18:24:37.0146 4648	sptd ( LockedFile.Multi.Generic ) - User select action: Skip

cosinus · 26.09.2011, 19:38

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Prayer · 26.09.2011, 20:05

ComboFix Log:

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-09-26.02 - Enrico 3 26.09.2011  20:54:48.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.1717 [GMT 2:00]
ausgeführt von:: c:\users\Enrico 3\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.3\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.3\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.3\uninstall.exe
c:\users\Enrico 3\AppData\Local\{685D6A1A-A1FC-42C1-AA78-BB08CEB5079C}
c:\users\Enrico 3\AppData\Local\{685D6A1A-A1FC-42C1-AA78-BB08CEB5079C}\chrome.manifest
c:\users\Enrico 3\AppData\Local\{685D6A1A-A1FC-42C1-AA78-BB08CEB5079C}\chrome\content\_cfg.js
c:\users\Enrico 3\AppData\Local\{685D6A1A-A1FC-42C1-AA78-BB08CEB5079C}\chrome\content\overlay.xul
c:\users\Enrico 3\AppData\Local\{685D6A1A-A1FC-42C1-AA78-BB08CEB5079C}\install.rdf
c:\users\Enrico\AppData\Roaming\Desktopicon
c:\users\Enrico\AppData\Roaming\Desktopicon\config.ini
c:\users\Enrico\AppData\Roaming\Microsoft\AddIns\Macrophobia\§imulator\remove.exe
c:\windows\dasetup.log
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-08-26 bis 2011-09-26  ))))))))))))))))))))))))))))))
.
.
2011-09-26 19:02 . 2011-09-26 19:02	--------	d-----w-	c:\users\Enrico\AppData\Local\temp
2011-09-26 19:02 . 2011-09-26 19:02	--------	d-----w-	c:\users\Enrico 3\AppData\Local\temp
2011-09-26 15:28 . 2011-09-26 15:28	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{599DD650-24CF-4ECE-9F84-EF178EABE86C}\offreg.dll
2011-09-26 15:23 . 2011-09-26 15:23	--------	d-----w-	C:\_OTL
2011-09-25 13:11 . 2011-09-25 13:11	--------	d-----w-	c:\users\Enrico 3\AppData\Roaming\NVIDIA
2011-09-25 11:32 . 2011-08-03 11:50	6613096	----a-w-	c:\windows\system32\nvwgf2um.dll
2011-09-25 11:32 . 2011-08-03 11:50	57960	----a-w-	c:\windows\system32\OpenCL.dll
2011-09-25 11:32 . 2011-08-03 11:50	16595560	----a-w-	c:\windows\system32\nvoglv32.dll
2011-09-25 11:32 . 2011-08-03 11:50	914024	----a-w-	c:\windows\system32\nvdispco32.dll
2011-09-25 11:32 . 2011-08-03 11:50	875112	----a-w-	c:\windows\system32\nvgenco32.dll
2011-09-25 11:32 . 2011-08-03 11:50	5404776	----a-w-	c:\windows\system32\nvcuda.dll
2011-09-25 11:32 . 2011-08-03 11:50	2391656	----a-w-	c:\windows\system32\nvcuvid.dll
2011-09-25 11:32 . 2011-08-03 11:50	2090088	----a-w-	c:\windows\system32\nvcuvenc.dll
2011-09-25 11:32 . 2011-08-03 11:50	17193576	----a-w-	c:\windows\system32\nvcompiler.dll
2011-09-25 11:32 . 2011-08-03 11:50	10304104	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2011-09-24 15:22 . 2011-09-24 15:22	--------	d-----w-	c:\program files\ESET
2011-09-24 12:20 . 2011-09-24 12:20	--------	d-----w-	c:\users\Enrico 3\AppData\Roaming\Malwarebytes
2011-09-24 12:19 . 2011-09-24 12:19	--------	d-----w-	c:\programdata\Malwarebytes
2011-09-24 12:19 . 2011-09-24 12:19	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-09-24 12:19 . 2011-08-31 15:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-09-24 11:00 . 2011-09-24 11:32	--------	d-----w-	c:\program files\TeamViewer
2011-09-23 12:58 . 2011-09-23 12:58	--------	d-----w-	c:\users\UpdatusUser
2011-09-23 12:57 . 2011-08-03 11:50	600680	----a-w-	c:\windows\system32\easyupdatusapiu.dll
2011-09-23 12:54 . 2011-09-23 12:54	--------	d-----w-	c:\program files\Microsoft Silverlight
2011-09-23 12:54 . 2011-09-23 12:54	--------	d-----w-	c:\programdata\Samsung
2011-09-23 12:44 . 2011-09-12 23:14	7269712	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{599DD650-24CF-4ECE-9F84-EF178EABE86C}\mpengine.dll
2011-09-22 17:28 . 2011-09-25 15:54	--------	d-----w-	c:\program files\SpeedFan
2011-09-20 13:51 . 2011-09-20 13:51	--------	d-----w-	c:\users\Enrico 3\AppData\Roaming\XMedia Recode
2011-09-20 13:25 . 2011-09-20 13:25	--------	d-----w-	c:\program files\XMedia Recode
2011-09-17 15:35 . 2011-09-17 15:35	--------	d-----w-	c:\program files\LOLReplay
2011-09-15 20:47 . 2011-09-15 20:47	--------	d-----w-	c:\program files\MSXML 4.0
2011-09-14 16:33 . 2010-09-30 07:02	484656	----a-w-	c:\windows\ssndii.exe
2011-09-14 16:33 . 2011-09-14 16:33	--------	d-----w-	c:\windows\Samsung
2011-09-14 16:33 . 2011-06-21 00:23	24576	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\sst3cpc.dll
2011-09-14 16:32 . 2011-06-21 05:42	24064	----a-w-	c:\windows\system32\sst3cl3.dll
2011-09-14 16:32 . 2009-09-11 07:46	151552	----a-w-	c:\windows\system32\sst3cci.exe
2011-09-14 16:32 . 2009-09-11 07:46	65536	----a-w-	c:\windows\system32\sst3cci.dll
2011-09-14 16:31 . 2009-09-10 08:49	49152	----a-w-	c:\windows\system32\ssusbpn.dll
2011-09-14 16:31 . 2009-09-10 08:49	81920	----a-w-	c:\windows\system32\ssdevm.dll
2011-09-14 16:31 . 2009-09-10 08:49	82432	----a-w-	c:\windows\system32\msxml4r.dll
2011-09-14 16:31 . 2009-09-10 08:49	44544	----a-w-	c:\windows\system32\msxml4a.dll
2011-09-14 16:31 . 2009-09-10 08:49	21776	----a-w-	c:\windows\system32\msxml2a.dll
2011-09-14 16:30 . 2011-09-14 16:30	--------	d-----w-	c:\program files\Samsung
2011-09-14 16:13 . 2009-09-10 07:50	5120	------w-	c:\windows\system32\drivers\SSPORT.SYS
2011-09-14 14:50 . 2011-08-10 12:14	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-09-13 12:59 . 2011-09-13 12:59	--------	d-----w-	c:\users\Enrico 3\.thumbnails
2011-09-11 12:24 . 2011-09-11 12:24	--------	d-----w-	c:\programdata\WindowsSearch
2011-09-09 15:05 . 2011-09-09 15:05	--------	d-----w-	C:\12c63f91399ac2689c1024
2011-09-09 14:57 . 2009-07-14 12:12	16896	----a-w-	c:\windows\system32\winusb.dll
2011-09-09 14:57 . 2009-07-13 23:51	34944	----a-w-	c:\windows\system32\drivers\winusb.sys
2011-09-09 14:53 . 2009-07-14 17:45	445008	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2011-09-09 14:53 . 2009-07-14 17:45	38480	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2011-09-09 14:44 . 2011-09-09 14:44	--------	d-----w-	c:\program files\NIBObeeLib
2011-09-05 17:04 . 2011-09-05 17:04	183696	----a-w-	c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 17:04 . 2011-09-05 17:04	183696	----a-w-	c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-09-05 14:44 . 2011-09-26 15:30	--------	d-----r-	c:\users\Enrico 3\Dropbox
2011-09-05 14:41 . 2011-09-26 17:11	--------	d-----w-	c:\users\Enrico 3\AppData\Roaming\Dropbox
2011-08-30 12:21 . 2011-08-30 12:21	1138440	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-19 20:02 . 2009-08-28 21:56	140496	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2011-09-19 20:01 . 2009-08-29 17:32	280736	----a-w-	c:\windows\system32\PnkBstrB.xtr
2011-09-19 20:01 . 2009-08-28 21:56	280736	----a-w-	c:\windows\system32\PnkBstrB.exe
2011-09-19 20:00 . 2009-08-28 21:56	280768	----a-w-	c:\windows\system32\PnkBstrB.ex0
2011-08-31 14:01 . 2011-05-15 10:47	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-03 11:50 . 2010-10-16 11:42	599144	----a-w-	c:\windows\system32\nvvsvc.exe
2011-08-03 11:50 . 2010-10-16 11:42	2560616	----a-w-	c:\windows\system32\nvsvcr.dll
2011-08-03 11:50 . 2010-10-16 11:42	111208	----a-w-	c:\windows\system32\nvmctray.dll
2011-08-03 11:50 . 2010-10-16 11:42	3730024	----a-w-	c:\windows\system32\nvcpl.dll
2011-08-03 11:50 . 2010-10-16 11:42	2558568	----a-w-	c:\windows\system32\nvsvc.dll
2011-08-03 11:50 . 2010-04-03 16:27	66664	----a-w-	c:\windows\system32\nvshext.dll
2011-08-03 11:50 . 2008-05-02 20:46	2412136	----a-w-	c:\windows\system32\nvapi.dll
2011-08-03 11:50 . 2008-05-02 20:46	12636776	----a-w-	c:\windows\system32\nvd3dum.dll
2011-08-03 01:31 . 2011-08-03 01:31	311912	----a-w-	c:\windows\system32\nvStreaming.exe
2011-07-22 02:54 . 2011-08-11 21:23	1797632	----a-w-	c:\windows\system32\jscript9.dll
2011-07-22 02:48 . 2011-08-11 21:23	1126912	----a-w-	c:\windows\system32\wininet.dll
2011-07-22 02:44 . 2011-08-11 21:23	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-07-11 13:25 . 2011-08-24 14:13	2048	----a-w-	c:\windows\system32\tzres.dll
2011-07-06 15:31 . 2011-08-11 15:12	214016	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-06-30 10:40 . 2009-08-28 21:03	66616	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-06-30 10:40 . 2009-08-28 21:03	138192	----a-w-	c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Enrico 3\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Enrico 3\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Enrico 3\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-01 281768]
.
c:\users\Enrico 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
CurseClientStartup.ccip [2010-3-19 0]
Dropbox.lnk - c:\users\Enrico 3\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24183152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Ekico"=rundll32.exe "c:\users\Enrico 3\AppData\Local\emiwezanonulurup.dll",Startup
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"FreePDF Assistant"=c:\program files\FreePDF_XP\fpassist.exe
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe"
"Samsung PanelMgr"=c:\windows\Samsung\PanelMgr\ssmmgr.exe /autorun
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"facemoods"="c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe" /md I
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-07-01 34896]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-19 722416]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 DevoloNetworkService;devolo Network Service;c:\program files\devolo\dlan\devolonetsvc.exe [2010-07-19 2231616]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [2010-06-10 35840]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-09-10 5120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-04-16 173352]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-12-09 1044808]
S3 arusb_lh;TP-LINK TL-WN821N 11N Wireless device driver;c:\windows\system32\DRIVERS\arusb_lh.sys [2008-07-24 437760]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-11-21 569344]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 30990823
*Deregistered* - 30990823
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 23:49]
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 23:49]
.
2011-09-26 c:\windows\Tasks\User_Feed_Synchronization-{922948E4-51CB-426B-9169-4462F3F7F7B1}.job
- c:\windows\system32\msfeedssync.exe [2011-05-04 12:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Enrico 3\AppData\Roaming\Mozilla\Firefox\Profiles\lx33bz2r.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - 
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.3\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-09-26 21:02
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-80837186-2041014162-264518140-1001\Software\SecuROM\License information*]
"datasecu"=hex:cc,10,5d,e4,49,61,74,5f,1f,5c,8c,f6,ee,26,6a,19,1e,46,ac,eb,ba,
   67,33,71,dc,64,c7,9b,81,88,c9,ce,cf,62,a6,98,21,d8,f7,f6,ac,20,e2,7e,f0,f7,\
"rkeysecu"=hex:70,47,ed,af,bb,4e,66,db,b5,2a,b0,9e,c0,49,d2,f8
.
Zeit der Fertigstellung: 2011-09-26  21:04:38
ComboFix-quarantined-files.txt  2011-09-26 19:04
.
Vor Suchlauf: 16 Verzeichnis(se), 138.696.921.088 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 156.641.816.576 Bytes frei
.
- - End Of File - - 532A9D06F62825B2ECF5E0B3572685A1

--- --- ---

cosinus · 26.09.2011, 20:09

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

File::
c:\windows\system32\easyupdatusapiu.dll
c:\windows\ssndii.exe
c:\users\Enrico 3\AppData\Local\emiwezanonulurup.dll

Folder::
c:\program files\facemoods.com

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Ekico"=-
"SpybotSD TeaTimer"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"facemoods"=-

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Plötzliche Computer Abstürze

Log-Analyse und Auswertung: Plötzliche Computer Abstürze