Überbleibsel des "Bundespolizei"/"Windows System Recovery" -Trojaners

Bundeshase · 21.11.2011, 12:36

Hallo liebes Forum,

ich benutze das mittlerweile ziemlich veraltete Windows XP 64bit mit Malwarebytes Anti-Malware und Kaspersky als Viren/Malwareschutz. Am 17. November, als ich gerade über Winamp am Musik hören war und sonst eigtl. nur Facebook/Youtube offen hatte, wurden plötzlich ALLE Dateien meiner Festplatten auf versteckt gesetzt und massenhaft Fehlermeldungen gespammed, dass meine HDDs gefährdet seien und ich sofort "Windows Fix" - System Recovery kaufen müsste. Meine Anti-Viren-Programme hatten mich ziemlich im Stich gelassen, und noch bevor ich resetten konnte, wurde der ganze Bildschirm weiß und ich bekam diese allbekannte "Bundespolizei"-Warnung in sehr schlechtem Deutsch.

Ich hab mich dann erstmal in den abgesicherten Modus gerettet, von wo aus ich aber zunächst kaum Einfluss üben konnte - alle Starteinträge waren aus dem Startmenü gelöscht und sämtliche Dateien versteckt sowie die Ordneroption scheinbar verändert, sodass man dachte, alles sei gelöscht. Den Task-Manager hatte ich zum Glück noch, über den ich die Systemwiederherstellung aufrufen und damit immerhin alle Dateien und Starteinträge wieder sichtbar machen konnte.

Dann haben Malwarebytes und Kaspersky im Kreuzfeuer insgesamt 16 infizierte Dateien beseitigt und das größte Übel damit erstmal bekämpft. Auch HouseCall konnte nichts mehr finden. Dann habe ich noch alle temporären Dateien mit dem CCleaner gelöscht.

Leider musste ich jedoch feststellen, dass noch kleine "Überbleibsel" des (oder eher der) Trojaner im Untergrund ihr Unwesen treiben. So wurde immer wieder versucht, den Internet Explorer zu öffnen und irgendwelche Seiten aufzurufen, was von Kaspersky entsprechend geblockt wurde. Das geschieht ungefähr alle 10 Minuten und sieht so aus:

Im Gerätemanager fand ich dann noch sehr phishy anmutende Treiberleichen wie "Volume Shadow Copy", die ich da zuvor noch nie gesehen hatte.

Da keines meiner Programme mehr fündig wird, habe ich HijackThis bemüht, um zu sehen, welcher Task da die ganze Zeit den Internetexplorer öffnet, DEN ICH EIGENTLICH DEINSTALLIERT habe. Ich hänge den Log hier an!

Ich hoffe Ihr könnt mir helfen, Ihr seid meine letzte Hoffnung!

Bundeshase · 21.11.2011, 12:43

...sorry für den Doppelpost, ich wollte nur einen geupdateten Log posten: Jetzt gerade hat das Mistding sogar versucht, BitTorrent anzuwerfen, um irgendwas runterzuladen -.-. Unfassbar, dass der Kaspersky Scanner das nicht merkt? Anyway, hier ein weiterer Log:

markusg · 21.11.2011, 12:44

hi
1. kann man den ie nicht vollständig deinstalieren und sollte es auch nicht, der ist wichtiger systembestandteil
2.
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)

Doppelklick auf die
OTL.exe

Vista und Win7 User mit Rechtsklick "als Administrator starten"
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal
Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan
links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Bundeshase · 21.11.2011, 12:55

Hey Markus,

hier die angeforderten 2 Logfiles.

OTL.txt:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 21.11.2011 12:49:43 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003  Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 6.0.3790.1830)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,46 Gb Available Physical Memory | 80,76% Memory free
9,58 Gb Paging File | 8,17 Gb Available in Paging File | 85,26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 53,96 Gb Free Space | 36,20% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 46,52 Gb Free Space | 31,21% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 193,34 Gb Free Space | 41,51% Space Free | Partition Type: NTFS
Drive I: | 465,76 Gb Total Space | 84,76 Gb Free Space | 18,20% Space Free | Partition Type: NTFS
 
Computer Name: GREGSEN | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Administrator\Desktop\HiJackThis204.exe (Trend Micro Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation)
PRC - G:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
PRC - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)
PRC - C:\WINDOWS\SysWOW64\PnkBstrA.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - G:\Program Files\Steam\bin\libcef.dll ()
MOD - G:\Program Files\Steam\bin\chromehtml.dll ()
MOD - G:\Program Files\Steam\bin\avutil-50.dll ()
MOD - G:\Program Files\Steam\bin\avformat-52.dll ()
MOD - G:\Program Files\Steam\bin\avcodec-52.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\QtGui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\QtCore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avzkrnl.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\localization_manager.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\dblite.dll ()
MOD - C:\WINDOWS\SysWOW64\PnkBstrA.exe ()
MOD - C:\WINDOWS\SysWOW64\quartz.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (SearchAnonymizer) -- C:\Documents and Settings\Administrator\Application Data\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
SRV - (CSObjectsSrv) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)
SRV - (PnkBstrA) -- C:\WINDOWS\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (UxTuneUp) -- C:\WINDOWS\SysWOW64\uxtuneup.dll (TuneUp Software GmbH)
SRV - (helpsvc) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (UMWdf) -- C:\WINDOWS\SysWOW64\wdfmgr.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (mnmdd) -- C:\WINDOWS\SysWow64\mnmdd.dll (Microsoft Corporation)
DRV - (SCR33x USB Smart Card Reader) -- C:\WINDOWS\SysWOW64\Drivers\SCR33X2K.sys (SCM Microsystems Inc.)
DRV - (STC2DFU) -- C:\WINDOWS\SysWOW64\Drivers\Stc2Dfu.sys (SCM Microsystems Inc.)
DRV - (PQNTDrv) -- C:\WINDOWS\SysWow64\drivers\PQNTDRV.sys (PowerQuest Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vbx.my-web-search.com/?hp=df
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.facebook.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "hxxp://vbx.my-web-search.com/search.aspx?srch=ku&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\3.0.50106.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Documents and Settings\Administrator\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\octoprogram-L03-NMS0810164_SUA_900\npoctoshape.dll (Octoshape ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.05 03:09:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.09 22:19:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\THBExt [2011.11.18 18:24:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@gutscheinrausch.de: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dd2hcs7k.default\extensions\mail@gutscheinrausch.de
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dd2hcs7k.default\extensions\firejump@firejump.net [2011.11.19 01:48:03 | 000,000,000 | ---D | M]
 
[2008.12.25 00:06:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2011.11.19 03:27:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\dd2hcs7k.default\extensions
[2011.11.19 01:48:03 | 000,000,000 | ---D | M] (FireJump) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\dd2hcs7k.default\extensions\firejump@firejump.net
[2011.11.19 01:46:26 | 000,002,078 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dd2hcs7k.default\searchplugins\{30DDBE8A-0202-4F68-9D2A-FCBEDE0BAC12}.xml
[2011.11.19 01:46:26 | 000,002,189 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dd2hcs7k.default\searchplugins\{3AB23009-6CFB-4DDA-80BA-5E6368FAF043}.xml
[2011.11.19 01:46:26 | 000,001,871 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dd2hcs7k.default\searchplugins\{F10C3604-3A6B-4052-AAAD-99CE6603C4F9}.xml
[2011.11.17 22:52:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.11.18 01:37:54 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2009.01.11 18:06:33 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES (X86)\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.10.05 03:09:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008.01.23 07:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2011.11.19 01:46:26 | 000,001,685 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.19 01:46:26 | 000,001,936 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.19 01:46:26 | 000,001,272 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.19 01:46:26 | 000,007,052 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.19 01:46:26 | 000,001,279 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.19 01:46:26 | 000,001,171 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.2.2.28.dll (BitComet)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found
O4:64bit: - HKLM..\Run: [FirefaceMixTray] firefacemix.exe File not found
O4:64bit: - HKLM..\Run: [FirefaceTray] fireface.exe File not found
O4:64bit: - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\IMKR6_1\imekrmig.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup File not found
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Documents and Settings\Administrator\Application Data\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName File not found
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &Alles mit BitComet downloaden - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Alle &Videos mit BitComet &d&ownloaden - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: Mit BitComet &downloaden - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &Alles mit BitComet downloaden - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm ()
O8 - Extra context menu item: Alle &Videos mit BitComet &d&ownloaden - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Mit BitComet &downloaden - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.2.2.28.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{599FAC89-3F93-4007-8AB3-2125F9E391C9}: NameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\x64\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) -C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -  File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) -  File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit) -C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) -  File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) -  File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) -  File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) -  File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) -  File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) -  File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %SystemRoot%\system32\webcheck.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.12.19 22:10:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.07.17 18:01:40 | 000,000,000 | ---D | M] - I:\Autorun -- [ NTFS ]
O33 - MountPoints2\{78d84f1e-bdb9-11e0-b5ef-001838027a82}\Shell - "" = AutoRun
O33 - MountPoints2\{78d84f1e-bdb9-11e0-b5ef-001838027a82}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{78d84f1e-bdb9-11e0-b5ef-001838027a82}\Shell\AutoRun\command - "" = H:\setup.exe -a
O33 - MountPoints2\{830fd1ae-d208-11dd-b41a-001838027a82}\Shell\AutoRun\command - "" = ej10fkdo.bat
O33 - MountPoints2\{830fd1ae-d208-11dd-b41a-001838027a82}\Shell\open\Command - "" = ej10fkdo.bat
O33 - MountPoints2\{afc11654-e986-11de-8a30-001838027a82}\Shell\AutoRun\command - "" = H:\i.cmd
O33 - MountPoints2\{afc11654-e986-11de-8a30-001838027a82}\Shell\open\Command - "" = H:\i.cmd
O33 - MountPoints2\{f04714d7-327b-11de-b292-001838027a82}\Shell\AutoRun\command - "" = i.cmd
O33 - MountPoints2\{f04714d7-327b-11de-b292-001838027a82}\Shell\open\Command - "" = i.cmd
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.21 12:48:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011.11.21 12:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\backups
[2011.11.21 12:18:52 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HiJackThis204.exe
[2011.11.21 12:09:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011.11.19 14:32:11 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\SysWow64\drivers\tmcomm.sys
[2011.11.19 14:30:44 | 002,002,416 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HousecallLauncher.exe
[2011.11.19 03:07:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\write.exe
[2011.11.19 03:07:31 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\accwiz.exe
[2011.11.19 03:07:22 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winchat.exe
[2011.11.19 03:07:20 | 000,343,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mspaint.exe
[2011.11.19 03:06:57 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\clipbrd.exe
[2011.11.19 03:06:56 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\getuname.dll
[2011.11.19 03:06:55 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\charmap.exe
[2011.11.19 03:06:53 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\calc.exe
[2011.11.19 03:06:52 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\spider.exe
[2011.11.19 03:06:51 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sol.exe
[2011.11.19 03:06:50 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winmine.exe
[2011.11.19 03:06:41 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshearts.exe
[2011.11.19 03:06:37 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\freecell.exe
[2011.11.19 01:49:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011.11.19 01:49:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011.11.19 01:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011.11.19 01:48:02 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\WINDOWS\SysWow64\dhRichClient3.dll
[2011.11.19 01:46:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2011.11.19 01:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DesktopIconForAmazon
[2011.11.19 01:46:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OCS
[2011.11.19 01:06:01 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\p2p.dll
[2011.11.19 01:06:01 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\p2pnetsh.dll
[2011.11.19 01:05:59 | 000,302,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\p2pgraph.dll
[2011.11.18 23:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Redirected
[2011.11.18 18:23:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.11.18 06:07:44 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\UserData
[2011.11.18 01:35:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InfoWatch
[2011.11.18 01:35:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky PURE
[2011.11.18 01:35:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2011.11.18 01:35:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2011.11.18 01:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2011.11.17 19:28:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011.11.17 19:28:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.11.17 05:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011.11.17 05:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2011.11.17 05:18:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.11.17 05:18:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware 
[2011.11.17 03:41:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011.11.17 03:37:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Verlauf
[2011.11.17 03:37:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temporary Internet Files
[2011.11.17 03:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011.11.13 22:17:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011.11.12 15:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011.11.12 15:42:49 | 002,449,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvapi.dll
[2011.11.12 15:27:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Skyrim
[2011.11.03 16:40:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\eLicenser
[2011.11.03 16:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\eLicenser
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.21 12:48:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011.11.21 12:18:52 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HiJackThis204.exe
[2011.11.21 12:16:05 | 000,012,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Trojaner.JPG
[2011.11.21 12:13:03 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.20 21:07:17 | 000,001,120 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.20 21:07:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.19 22:42:45 | 001,084,457 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
[2011.11.19 22:42:20 | 000,186,836 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
[2011.11.19 16:55:00 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2011.11.19 14:30:56 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2011.11.19 14:30:47 | 002,002,416 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HousecallLauncher.exe
[2011.11.19 02:15:26 | 000,000,320 | -HS- | M] () -- C:\boot.ini
[2011.11.19 01:06:25 | 000,000,834 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011.11.19 00:51:38 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Ccleaner.lnk
[2011.11.17 05:18:45 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.17 03:08:39 | 000,000,456 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\8o7DZORhtBWtPF
[2011.11.17 03:06:56 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~8o7DZORhtBWtPF
[2011.11.17 03:06:56 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~8o7DZORhtBWtPFr
[2011.11.16 16:48:54 | 078,538,243 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NM_cyftb.zip
[2011.11.13 22:17:57 | 000,001,890 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011.11.12 15:24:39 | 001,153,904 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.21 12:16:05 | 000,012,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Trojaner.JPG
[2011.11.19 14:37:46 | 001,084,457 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
[2011.11.19 14:37:43 | 000,186,836 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
[2011.11.19 14:30:56 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2011.11.19 03:06:59 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011.11.19 03:06:59 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011.11.19 03:06:59 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011.11.19 03:06:59 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011.11.19 03:06:59 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011.11.19 03:06:58 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011.11.19 03:06:58 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011.11.19 03:06:58 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011.11.19 03:06:58 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011.11.19 03:06:58 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011.11.19 03:06:57 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011.11.19 01:48:02 | 000,338,432 | ---- | C] () -- C:\WINDOWS\SysWow64\sqlite36_engine.dll
[2011.11.19 01:06:25 | 000,000,834 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011.11.19 01:06:25 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2011.11.19 00:51:41 | 000,000,903 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Ccleaner.lnk
[2011.11.17 05:18:45 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.17 04:49:09 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011.11.17 03:06:56 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~8o7DZORhtBWtPF
[2011.11.17 03:06:56 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~8o7DZORhtBWtPFr
[2011.11.17 03:06:15 | 000,000,456 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\8o7DZORhtBWtPF
[2011.11.16 16:46:11 | 078,538,243 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NM_cyftb.zip
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\SysWow64\xlive.dll.cat
[2010.06.24 07:02:45 | 000,000,048 | ---- | C] () -- C:\WINDOWS\SysWow64\ezsidmv.dat
[2009.11.27 14:29:25 | 000,001,025 | ---- | C] () -- C:\WINDOWS\SysWow64\sysprs7.dll
[2009.11.27 14:29:25 | 000,001,025 | ---- | C] () -- C:\WINDOWS\SysWow64\clauth2.dll
[2009.11.27 14:29:25 | 000,001,025 | ---- | C] () -- C:\WINDOWS\SysWow64\clauth1.dll
[2009.11.27 14:29:25 | 000,000,205 | ---- | C] () -- C:\WINDOWS\SysWow64\lsprst7.dll
[2009.11.27 14:29:25 | 000,000,073 | ---- | C] () -- C:\WINDOWS\SysWow64\ssprs.dll
[2009.08.11 11:23:24 | 000,000,454 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI
[2009.07.30 22:13:13 | 000,819,200 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidcore.dll
[2009.07.30 22:13:13 | 000,180,224 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidvfw.dll
[2009.07.10 23:46:11 | 000,510,976 | ---- | C] () -- C:\WINDOWS\SysWow64\synsoacc.dll
[2009.03.04 21:04:49 | 000,000,524 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2009.01.17 19:30:05 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.12.25 06:28:25 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008.12.25 04:32:00 | 000,034,812 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2008.12.25 01:27:44 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2008.12.25 01:14:28 | 001,153,904 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2008.12.25 01:12:52 | 000,669,184 | ---- | C] () -- C:\WINDOWS\SysWow64\pbsvc.exe
[2008.12.25 01:12:52 | 000,103,736 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2008.12.25 01:12:52 | 000,066,872 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe
[2008.12.25 00:06:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008.12.24 23:21:19 | 000,074,240 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.19 23:13:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.12.19 22:57:33 | 000,037,376 | ---- | C] () -- C:\WINDOWS\CPLUTL64.EXE
[2008.12.19 22:13:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.12.19 13:51:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.02.18 13:00:00 | 001,274,880 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2007.02.18 13:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2007.02.18 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2007.02.18 13:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2007.02.18 13:00:00 | 000,498,205 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2007.02.18 13:00:00 | 000,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2007.02.18 13:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2007.02.18 13:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2007.02.18 13:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2007.02.18 13:00:00 | 000,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2007.02.18 13:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2007.02.18 13:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2007.02.18 13:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2007.02.18 13:00:00 | 000,082,432 | ---- | C] () -- C:\WINDOWS\SysWow64\ieencode.dll
[2007.02.18 13:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2007.02.18 13:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2007.02.18 13:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2007.02.18 13:00:00 | 000,055,808 | ---- | C] () -- C:\WINDOWS\SysWow64\dvdplay.exe
[2007.02.18 13:00:00 | 000,046,907 | ---- | C] () -- C:\WINDOWS\mib.bin
[2007.02.18 13:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2007.02.18 13:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2007.02.18 13:00:00 | 000,012,498 | ---- | C] () -- C:\WINDOWS\SysWow64\append.exe
[2007.02.18 13:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2007.02.18 13:00:00 | 000,001,129 | ---- | C] () -- C:\WINDOWS\SysWow64\vwipxspx.exe
[2002.10.03 14:42:27 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Q3version.ini

< End of report >

--- --- ---

Extras.txt:OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 21.11.2011 12:49:43 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003  Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 6.0.3790.1830)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,46 Gb Available Physical Memory | 80,76% Memory free
9,58 Gb Paging File | 8,17 Gb Available in Paging File | 85,26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 53,96 Gb Free Space | 36,20% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 46,52 Gb Free Space | 31,21% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 193,34 Gb Free Space | 41,51% Space Free | Partition Type: NTFS
Drive I: | 465,76 Gb Total Space | 84,76 Gb Free Space | 18,20% Space Free | Partition Type: NTFS
 
Computer Name: GREGSEN | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.jse [@ = JSEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1
.vbe [@ = VBEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.vbs [@ = VBSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsf [@ = WSFFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsh [@ = WSHFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\System32\Mshtml.dll,PrintHTML "%1"
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"7556:TCP" = 7556:TCP:*:Enabled:BitComet 7556 TCP
"7556:UDP" = 7556:UDP:*:Enabled:BitComet 7556 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe" = C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe:*:Enabled:Crysis_64 -- (Sony DADC Austria AG)
"C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrysisDedicatedServer.exe" = C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_64 -- (Crytek GmbH)
"C:\WINDOWS\SysWOW64\PnkBstrA.exe" = C:\WINDOWS\SysWOW64\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\SysWOW64\PnkBstrB.exe" = C:\WINDOWS\SysWOW64\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files (x86)\Miranda IM\miranda32.exe" = C:\Program Files (x86)\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- ( )
"C:\Program Files (x86)\Starcraft\StarCraft.exe" = C:\Program Files (x86)\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)
"C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis64.exe" = C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis64.exe:*:Enabled:Crysis64 -- (Crytek GmbH)
"C:\Program Files (x86)\Steam\steamapps\electrogreg\team fortress 2\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\electrogreg\team fortress 2\hl2.exe:*:Enabled:hl2
"C:\Program Files (x86)\BitComet\BitComet.exe" = C:\Program Files (x86)\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- (www.BitComet.com)
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App
"C:\Program Files (x86)\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe" = C:\Program Files (x86)\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe:*:Enabled:DOW2
"E:\Quake3\quake3.exe" = E:\Quake3\quake3.exe:*:Enabled:quake3
"C:\Program Files (x86)\Quake III Arena\quake3.exe" = C:\Program Files (x86)\Quake III Arena\quake3.exe:*:Enabled:quake3 -- ()
"C:\Program Files (x86)\Hamachi\hamachi.exe" = C:\Program Files (x86)\Hamachi\hamachi.exe:*:Enabled:Hamachi
"C:\Program Files (x86)\Steam\steamapps\common\dawn of war soulstorm\soulstorm.exe" = C:\Program Files (x86)\Steam\steamapps\common\dawn of war soulstorm\soulstorm.exe:*:Enabled:Dawn of War: Soulstorm
"C:\Program Files (x86)\Dawn of War - Dark Crusade\DarkCrusade.exe" = C:\Program Files (x86)\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade -- (THQ Canada Inc.)
"C:\Program Files (x86)\Dawn of War\W40k.exe" = C:\Program Files (x86)\Dawn of War\W40k.exe:*:Enabled:W40k -- (THQ Canada Inc.)
"C:\Program Files (x86)\Dawn of War\W40kWA.exe" = C:\Program Files (x86)\Dawn of War\W40kWA.exe:*:Enabled:W40kWA -- (THQ Canada Inc.)
"C:\Program Files (x86)\Splinter Cell Chaos Theory\System\splintercell3.exe" = C:\Program Files (x86)\Splinter Cell Chaos Theory\System\splintercell3.exe:*:Enabled:splintercell3 -- ()
"C:\Program Files (x86)\Pro Evolution Soccer 2010\pes2010.exe" = C:\Program Files (x86)\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010
"C:\Program Files (x86)\VLC\vlc.exe" = C:\Program Files (x86)\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\StarCraft II.exe" = C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\StarCraft II.exe:*:Enabled:Blizzard Launcher
"C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\Versions\Base14259\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\Versions\Base14259\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\Versions\Base14356\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\Versions\Base14356\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\Versions\Base14621\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\Versions\Base14621\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\Versions\Base14803\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\Versions\Base14803\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\Steam\steamapps\gregorbeyerle@web.de\counter-strike source\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\gregorbeyerle@web.de\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"C:\Program Files (x86)\Steam\steamapps\gregorbeyerle@web.de\counter-strike\hl.exe" = C:\Program Files (x86)\Steam\steamapps\gregorbeyerle@web.de\counter-strike\hl.exe:*:Enabled:Counter-Strike
"C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\Versions\Base15133\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\Versions\Base15133\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\Versions\Base15250\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\Versions\Base15250\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\Versions\Base15343\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\Versions\Base15343\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\StarCraft II Beta\Versions\Base15343\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta\Versions\Base15343\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- ()
"G:\Program Files\Splinter Cell Conviction\src\system\conviction_game.exe" = G:\Program Files\Splinter Cell Conviction\src\system\conviction_game.exe:*:Enabled:Tom Clancy's Splinter Cell Conviction -- ()
"G:\Program Files\Splinter Cell Conviction\src\system\gu.exe" = G:\Program Files\Splinter Cell Conviction\src\system\gu.exe:*:Enabled:Tom Clancy's Splinter Cell Conviction aktualisieren -- (Ubisoft)
"G:\Program Files\GTA\EFLC\EFLC.exe" = G:\Program Files\GTA\EFLC\EFLC.exe:*:Enabled:Grand Theft Auto : Episodes from Liberty City -- (Take-Two Interactive Software, Inc.)
"C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"G:\Program Files\World of Warcraft\WoW-3.2.0-deDE-downloader.exe" = G:\Program Files\World of Warcraft\WoW-3.2.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"G:\Program Files\World of Warcraft\Launcher.exe" = G:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"G:\Program Files\World of Warcraft\BackgroundDownloader.exe" = G:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:BackgroundDownloader.exe -- (Blizzard Entertainment)
"G:\Program Files\World of Warcraft\Launcher.patch.exe" = G:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"G:\Program Files\Blood Bowl Legendary Edition\Autorun\Exe\Autorun.exe" = G:\Program Files\Blood Bowl Legendary Edition\Autorun\Exe\Autorun.exe:*:Enabled:Blood Bowl Legendary Edition - AutoRun -- ()
"G:\Program Files\Blood Bowl Legendary Edition\BB_LE.exe" = G:\Program Files\Blood Bowl Legendary Edition\BB_LE.exe:*:Enabled:Blood Bowl Legendary Edition -- (Cyanide)
"G:\Program Files\World of Warcraft\Blizzard Downloader.exe" = G:\Program Files\World of Warcraft\Blizzard Downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe" = C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth
"C:\Program Files (x86)\FIFA 11\Game\fifa.exe" = C:\Program Files (x86)\FIFA 11\Game\fifa.exe:*:Enabled:FIFA 11 -- (Electronic Arts)
"C:\Program Files (x86)\Steam\steamapps\common\magicka\Magicka.exe" = C:\Program Files (x86)\Steam\steamapps\common\magicka\Magicka.exe:*:Enabled:Magicka
"G:\Program Files\Steam\steamapps\electrogreg\team fortress 2\hl2.exe" = G:\Program Files\Steam\steamapps\electrogreg\team fortress 2\hl2.exe:*:Enabled:hl2
"G:\Program Files\Steam\steamapps\common\dawn of war soulstorm\soulstorm.exe" = G:\Program Files\Steam\steamapps\common\dawn of war soulstorm\soulstorm.exe:*:Enabled:Warhammer 40,000: Dawn of War â€“ Soulstorm -- (THQ Canada Inc.)
"G:\Program Files\Steam\steamapps\common\mass effect\Binaries\MassEffect.exe" = G:\Program Files\Steam\steamapps\common\mass effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect -- (BioWare)
"G:\Program Files\Steam\steamapps\common\mass effect\docs\EA Help\Electronic_Arts_Technical_Support.htm" = G:\Program Files\Steam\steamapps\common\mass effect\docs\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Mass Effect -- ()
"G:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe" = G:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe:*:Enabled:WarhammerÂ® 40,000â„¢: Dawn of WarÂ® II -- (THQ Canada Inc.)
"G:\Program Files\Steam\steamapps\common\mass effect 2\Binaries\MassEffect2.exe" = G:\Program Files\Steam\steamapps\common\mass effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 -- (BioWare)
"G:\Program Files\Steam\steamapps\common\mass effect 2\MassEffect2Launcher.exe" = G:\Program Files\Steam\steamapps\common\mass effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 -- (BioWare)
"G:\Program Files\Steam\steamapps\common\mass effect 2\docs\EA Help\Electronic_Arts_Technical_Support.htm" = G:\Program Files\Steam\steamapps\common\mass effect 2\docs\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Mass Effect 2 -- ()
"G:\Program Files\Origin\Games\FIFA 12\Game\fifa.exe" = G:\Program Files\Origin\Games\FIFA 12\Game\fifa.exe:*:Enabled:FIFA 12 -- (Electronic Arts)
"G:\Program Files\Steam\steamapps\common\skyrim\SkyrimLauncher.exe" = G:\Program Files\Steam\steamapps\common\skyrim\SkyrimLauncher.exe:*:Enabled:The Elder Scrolls V: Skyrim -- (Bethesda Softworks)
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"G:\Program Files\Steam\steamapps\common\magicka\Magicka.exe" = G:\Program Files\Steam\steamapps\common\magicka\Magicka.exe:*:Enabled:Magicka -- (Arrowhead Game Studios AB)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe" = C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe:*:Enabled:Crysis_64 -- (Sony DADC Austria AG)
"C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrysisDedicatedServer.exe" = C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_64 -- (Crytek GmbH)
"C:\WINDOWS\SysWOW64\PnkBstrA.exe" = C:\WINDOWS\SysWOW64\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\SysWOW64\PnkBstrB.exe" = C:\WINDOWS\SysWOW64\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files (x86)\Miranda IM\miranda32.exe" = C:\Program Files (x86)\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- ( )
"C:\Program Files (x86)\Starcraft\StarCraft.exe" = C:\Program Files (x86)\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)
"C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis64.exe" = C:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis64.exe:*:Enabled:Crysis64 -- (Crytek GmbH)
"C:\Program Files (x86)\Steam\steamapps\electrogreg\team fortress 2\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\electrogreg\team fortress 2\hl2.exe:*:Enabled:hl2
"C:\Program Files (x86)\BitComet\BitComet.exe" = C:\Program Files (x86)\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- (www.BitComet.com)
"C:\Documents and Settings\Administrator\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client -- (Octoshape ApS)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files (x86)\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe" = C:\Program Files (x86)\Steam\steamapps\common\warhammer 40,000 dawn of war ii - beta\DOW2.exe:*:Enabled:DOW2
"E:\Quake3\quake3.exe" = E:\Quake3\quake3.exe:*:Enabled:quake3
"C:\Program Files (x86)\Quake III Arena\quake3.exe" = C:\Program Files (x86)\Quake III Arena\quake3.exe:*:Enabled:quake3 -- ()
"C:\Program Files (x86)\Hamachi\hamachi.exe" = C:\Program Files (x86)\Hamachi\hamachi.exe:*:Enabled:Hamachi
"C:\Program Files (x86)\Steam\steamapps\common\dawn of war soulstorm\soulstorm.exe" = C:\Program Files (x86)\Steam\steamapps\common\dawn of war soulstorm\soulstorm.exe:*:Enabled:Dawn of War: Soulstorm
"C:\Program Files (x86)\Dawn of War - Dark Crusade\DarkCrusade.exe" = C:\Program Files (x86)\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade -- (THQ Canada Inc.)
"C:\Program Files (x86)\Dawn of War\W40k.exe" = C:\Program Files (x86)\Dawn of War\W40k.exe:*:Enabled:W40k -- (THQ Canada Inc.)
"C:\Program Files (x86)\Dawn of War\W40kWA.exe" = C:\Program Files (x86)\Dawn of War\W40kWA.exe:*:Enabled:W40kWA -- (THQ Canada Inc.)
"C:\Program Files (x86)\Splinter Cell Chaos Theory\System\splintercell3.exe" = C:\Program Files (x86)\Splinter Cell Chaos Theory\System\splintercell3.exe:*:Enabled:splintercell3 -- ()
"C:\Program Files (x86)\Pro Evolution Soccer 2010\pes2010.exe" = C:\Program Files (x86)\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010
"C:\Program Files (x86)\VLC\vlc.exe" = C:\Program Files (x86)\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\StarCraft II.exe" = C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\StarCraft II.exe:*:Enabled:Blizzard Launcher
"C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\Versions\Base14259\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\Versions\Base14259\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\Versions\Base14356\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\Versions\Base14356\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\Versions\Base14621\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\Versions\Base14621\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\Versions\Base14803\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\Versions\Base14803\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\Steam\steamapps\gregorbeyerle@web.de\counter-strike source\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\gregorbeyerle@web.de\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"C:\Program Files (x86)\Steam\steamapps\gregorbeyerle@web.de\counter-strike\hl.exe" = C:\Program Files (x86)\Steam\steamapps\gregorbeyerle@web.de\counter-strike\hl.exe:*:Enabled:Counter-Strike
"C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\Versions\Base15133\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\Versions\Base15133\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\Versions\Base15250\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\Versions\Base15250\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\Versions\Base15343\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta - Wings of Liberty\Versions\Base15343\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\StarCraft II Beta\Versions\Base15343\SC2.exe" = C:\Program Files (x86)\StarCraft II Beta\Versions\Base15343\SC2.exe:*:Enabled:StarCraft II
"C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- ()
"G:\Program Files\Splinter Cell Conviction\src\system\conviction_game.exe" = G:\Program Files\Splinter Cell Conviction\src\system\conviction_game.exe:*:Enabled:Tom Clancy's Splinter Cell Conviction -- ()
"G:\Program Files\Splinter Cell Conviction\src\system\gu.exe" = G:\Program Files\Splinter Cell Conviction\src\system\gu.exe:*:Enabled:Tom Clancy's Splinter Cell Conviction aktualisieren -- (Ubisoft)
"G:\Program Files\GTA\EFLC\EFLC.exe" = G:\Program Files\GTA\EFLC\EFLC.exe:*:Enabled:Grand Theft Auto : Episodes from Liberty City -- (Take-Two Interactive Software, Inc.)
"C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"G:\Program Files\World of Warcraft\WoW-3.2.0-deDE-downloader.exe" = G:\Program Files\World of Warcraft\WoW-3.2.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"G:\Program Files\World of Warcraft\Launcher.exe" = G:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"G:\Program Files\World of Warcraft\BackgroundDownloader.exe" = G:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:BackgroundDownloader.exe -- (Blizzard Entertainment)
"G:\Program Files\World of Warcraft\Launcher.patch.exe" = G:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"G:\Program Files\Blood Bowl Legendary Edition\Autorun\Exe\Autorun.exe" = G:\Program Files\Blood Bowl Legendary Edition\Autorun\Exe\Autorun.exe:*:Enabled:Blood Bowl Legendary Edition - AutoRun -- ()
"G:\Program Files\Blood Bowl Legendary Edition\BB_LE.exe" = G:\Program Files\Blood Bowl Legendary Edition\BB_LE.exe:*:Enabled:Blood Bowl Legendary Edition -- (Cyanide)
"G:\Program Files\World of Warcraft\Blizzard Downloader.exe" = G:\Program Files\World of Warcraft\Blizzard Downloader.exe:*:Enabled:Blizzard Downloader
"C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe" = C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth
"C:\Program Files (x86)\FIFA 11\Game\fifa.exe" = C:\Program Files (x86)\FIFA 11\Game\fifa.exe:*:Enabled:FIFA 11 -- (Electronic Arts)
"C:\Program Files (x86)\Steam\steamapps\common\magicka\Magicka.exe" = C:\Program Files (x86)\Steam\steamapps\common\magicka\Magicka.exe:*:Enabled:Magicka
"G:\Program Files\Steam\steamapps\electrogreg\team fortress 2\hl2.exe" = G:\Program Files\Steam\steamapps\electrogreg\team fortress 2\hl2.exe:*:Enabled:hl2
"G:\Program Files\Steam\steamapps\common\dawn of war soulstorm\soulstorm.exe" = G:\Program Files\Steam\steamapps\common\dawn of war soulstorm\soulstorm.exe:*:Enabled:Warhammer 40,000: Dawn of War â€“ Soulstorm -- (THQ Canada Inc.)
"G:\Program Files\Steam\steamapps\common\mass effect\Binaries\MassEffect.exe" = G:\Program Files\Steam\steamapps\common\mass effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect -- (BioWare)
"G:\Program Files\Steam\steamapps\common\mass effect\docs\EA Help\Electronic_Arts_Technical_Support.htm" = G:\Program Files\Steam\steamapps\common\mass effect\docs\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Mass Effect -- ()
"G:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe" = G:\Program Files\Steam\steamapps\common\dawn of war 2\DOW2.exe:*:Enabled:WarhammerÂ® 40,000â„¢: Dawn of WarÂ® II -- (THQ Canada Inc.)
"G:\Program Files\Steam\steamapps\common\mass effect 2\Binaries\MassEffect2.exe" = G:\Program Files\Steam\steamapps\common\mass effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 -- (BioWare)
"G:\Program Files\Steam\steamapps\common\mass effect 2\MassEffect2Launcher.exe" = G:\Program Files\Steam\steamapps\common\mass effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 -- (BioWare)
"G:\Program Files\Steam\steamapps\common\mass effect 2\docs\EA Help\Electronic_Arts_Technical_Support.htm" = G:\Program Files\Steam\steamapps\common\mass effect 2\docs\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Mass Effect 2 -- ()
"G:\Program Files\Origin\Games\FIFA 12\Game\fifa.exe" = G:\Program Files\Origin\Games\FIFA 12\Game\fifa.exe:*:Enabled:FIFA 12 -- (Electronic Arts)
"G:\Program Files\Steam\steamapps\common\skyrim\SkyrimLauncher.exe" = G:\Program Files\Steam\steamapps\common\skyrim\SkyrimLauncher.exe:*:Enabled:The Elder Scrolls V: Skyrim -- (Bethesda Softworks)
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"G:\Program Files\Steam\steamapps\common\magicka\Magicka.exe" = G:\Program Files\Steam\steamapps\common\magicka\Magicka.exe:*:Enabled:Magicka -- (Arrowhead Game Studios AB)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B787DB26-0BE0-464C-905B-F30BD6572311}" = Windows Communication Foundation Language Pack (X64) - DEU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0300D4E-9907-46B1-BB5D-552FD226F975}" = Microsoft Windows German User Interface Pack
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F7855754-13F5-426B-B090-5875FAFF1B20}" = Windows Presentation Foundation x64
"347F83755F38F1570B602823E659DC5335F5A948" = Windows Driver Package - ABIT (UGURU) System  (3.0.2005.531 )
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1218
"CCleaner" = CCleaner
"DesktopIconAmazon" = Desktop Icon für Amazon
"FIREFACE" = RME Fireface
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Novation USB Audio Driver_is1" = Novation USB Audio Driver 1.2.6
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"SearchAnonymizer" = SearchAnonymizer
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = GutscheinRausch.de - AddOn für Firefox
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{363AA0EF-7672-42C2-AA43-237E1DBFB827}_is1" = Moyea FLV Editor Pro Version: 3.1.13.0
"{372C9A8E-85FD-44E8-883B-1A7034ED64F1}_is1" = trial version 1.41 build 103
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5A1084A3-79B7-480C-9275-D8AA0CCEFA52}" = RUBICon
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B066C19-196C-423A-B296-805FFBAEC384}" = SCR33xx USB Smartcard Reader
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Dawn Of War
"{872BD2A4-7CB6-4692-A74E-99ABA11DED75}" = RME DIGICheck
"{875BD2A4-7CB6-4692-A74E-99A4A11DED74}" = RME DIGICheck
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B743536-28E5-4A48-A1CC-8600A18386C3}" = Growler Guncam
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.5 - Deutsch
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BABAEBE4-9FFB-4B5D-9453-64FF11517CA2}" = Tom Clancy's Splinter Cell Chaos Theory
"{C962EF10-7539-477A-A0AD-F8CBD0E9F7E5}" = KORG USB-MIDI Driver Tools for Windows
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump 1.0.1.4
"{DD8408E9-9421-484F-979D-DB6361E3E828}" = Dawn Of War - Winter Assault
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F156BBD1-7BCA-40A0-BFE5-2EDF0F07F44D}" = KORG RADIAS Sound Editor
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3C514B0-F676-4D4E-91F7-A7EE89878593}" = Livestream Procaster
"{FBE87834-E5DB-41E6-8A11-0979F9DF8E12}" = TweakUI for Windows 64-Bit
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"{FF8500E6-EA0D-11D7-8755-0080C8F92A32}" = abti uGuru
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Army Builder V3.1c" = Army Builder V3.1c
"Audacity_is1" = Audacity 1.2.6
"BitComet" = BitComet 1.01
"BloodBowlLegendary_is1" = Blood Bowl Legendary Edition Version 2.0.1.2
"BSW" = BrettspielWelt
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FLV Player1.33T" = FLV Player
"Fraps" = Fraps
"GAMI (Gta-Action Mod-Installer) V 1.8.2 English" = GAMI (Gta-Action Mod-Installer) V 1.8.2 English
"GOM Player" = GOM Player
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICCup Launcher_is1" = ICCup Launcher
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0 Demo
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"IrfanView" = IrfanView (remove only)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Miranda IM" = Miranda IM 0.9.10
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Mp3tag" = Mp3tag v2.49
"Nero - Burning Rom!UninstallKey" = Nero 6
"NeroVision!UninstallKey" = NeroVision Express 3
"NMPUninstallKey" = Nero Media Player
"OpenAL" = OpenAL
"Origin" = Origin
"PAS Spectrum Analyzer Pro v4.2.1" = PAS Spectrum Analyzer Pro v4.2.1
"PROHYBRIDR" = 2007 Microsoft Office system
"PunkBusterSvc" = PunkBuster Services
"Quake III Arena" = Quake III Arena
"Quake III Arena Point Release 1.32" = Quake III Arena Point Release 1.32
"Starcraft" = Starcraft
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 17460" = Mass Effect
"Steam App 24980" = Mass Effect 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steinberg Cubase SX v2.2.0.33" = Steinberg Cubase SX v2.2.0.33
"Streamripper" = Streamripper (Remove only)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Winamp" = Winamp (remove only)
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"SC Patch Switcher by chickenlord v0.6" = SC Patch Switcher by chickenlord v0.6
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.11.2011 13:45:57 | Computer Name = GREGSEN | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: The specified server cannot perform the requested
 operation.  .
 
Error - 18.11.2011 13:50:42 | Computer Name = GREGSEN | Source = crypt32 | ID = 131075
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-CAB-Datei
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: This operation returned because the timeout 
period expired.  .
 
Error - 18.11.2011 14:14:59 | Computer Name = GREGSEN | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: This operation returned because the timeout 
period expired.  .
 
Error - 18.11.2011 18:20:57 | Computer Name = GREGSEN | Source = VSS | ID = 8211
Description = 
 
Error - 18.11.2011 18:53:47 | Computer Name = GREGSEN | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: This operation returned because the timeout 
period expired.  .
 
Error - 18.11.2011 21:54:00 | Computer Name = GREGSEN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 7.0.1.4288, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x022c8a27.
 
Error - 18.11.2011 23:38:48 | Computer Name = GREGSEN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 7.0.1.4288, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x022d8a27.
 
Error - 18.11.2011 23:44:13 | Computer Name = GREGSEN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 7.0.1.4288, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x021c8a27.
 
Error - 18.11.2011 23:46:39 | Computer Name = GREGSEN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 7.0.1.4288, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x022c8a27.
 
Error - 21.11.2011 02:56:32 | Computer Name = GREGSEN | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 6.0.3790.1830, fehlgeschlagenes
 Modul mshtml.dll, Version 6.0.3790.3959, Fehleradresse 0x0015ba7e.
 
[ System Events ]
Error - 20.11.2011 16:09:10 | Computer Name = GREGSEN | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst SearchAnonymizer.
 
Error - 20.11.2011 16:09:10 | Computer Name = GREGSEN | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SearchAnonymizer" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 20.11.2011 16:13:02 | Computer Name = GREGSEN | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly ist für Microsoft.Windows.Common-Controls
 fehlgeschlagen.  Referenzfehlermeldung: The system cannot find the path specified.
.
 
Error - 20.11.2011 16:13:02 | Computer Name = GREGSEN | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\GUM7.tmp\GoogleUpdate.exe
 fehlgeschlagen.  Referenzfehlermeldung: The system cannot find the path specified.
.
 
Error - 20.11.2011 21:13:02 | Computer Name = GREGSEN | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly ist für Microsoft.Windows.Common-Controls
 fehlgeschlagen.  Referenzfehlermeldung: The system cannot find the path specified.
.
 
Error - 20.11.2011 21:13:02 | Computer Name = GREGSEN | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\GUME7.tmp\GoogleUpdate.exe
 fehlgeschlagen.  Referenzfehlermeldung: The system cannot find the path specified.
.
 
Error - 21.11.2011 02:13:02 | Computer Name = GREGSEN | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly ist für Microsoft.Windows.Common-Controls
 fehlgeschlagen.  Referenzfehlermeldung: The system cannot find the path specified.
.
 
Error - 21.11.2011 02:13:02 | Computer Name = GREGSEN | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\GUM765.tmp\GoogleUpdate.exe
 fehlgeschlagen.  Referenzfehlermeldung: The system cannot find the path specified.
.
 
Error - 21.11.2011 07:13:01 | Computer Name = GREGSEN | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly ist für Microsoft.Windows.Common-Controls
 fehlgeschlagen.  Referenzfehlermeldung: The system cannot find the path specified.
.
 
Error - 21.11.2011 07:13:01 | Computer Name = GREGSEN | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\GUM1311.tmp\GoogleUpdate.exe
 fehlgeschlagen.  Referenzfehlermeldung: The system cannot find the path specified.
.
 
 
< End of report >

--- --- ---

markusg · 21.11.2011, 12:59

öffne mal malwarebytes, logdateien, poste mir die scan logs.
hast du rolinge im haus? evtl. benötigen wir einen

Bundeshase · 21.11.2011, 13:05

Hi Markus,

Rolinge sind im Haus. Malwarebytes hat seit dem 18. November nichts mehr gefunden, die Clean-Logs waren diese:

17.11.2011.log

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 7622

Windows 5.2.3790 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.3790.1830

17.11.2011 14:14:44
mbam-log-2011-11-17 (14-14-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|G:\|)
Durchsuchte Objekte: 330671
Laufzeit: 1 Stunde(n), 24 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 11

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\AppID\activex.DLL (Adware.180Solutions) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\Documents and Settings\Administrator\Application Data\jashla.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\documents and settings\administrator\application data\jashla.exe (Rogue.SecurityProtection) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\my documents\downloads\cryptload\router\fritz!box\nc.exe (PUP.Netcat) -> Not selected for removal.
c:\program files (x86)\starcraft\bnetgatewayeditor.exe (Trojan.LDPinch) -> Not selected for removal.
c:\system volume information\_restore{fd53264e-855f-45c1-afb6-eccd606737ed}\RP382\A0067213.exe (Rogue.SecurityProtection) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\wpbt0.dll (Exploit.Drop) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\0.02793777368303274.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\0.18547326013528598.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\0.49918916434464855.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\0.4849575857270284.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\0.7378285070283576.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\0.834579862165295.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

17.11.2011.log - 2

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 7622

Windows 5.2.3790 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.3790.1830

17.11.2011 16:20:06
mbam-log-2011-11-17 (16-20-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|G:\|)
Durchsuchte Objekte: 330679
Laufzeit: 1 Stunde(n), 59 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\documents and settings\administrator\my documents\downloads\cryptload\router\fritz!box\nc.exe (PUP.Netcat) -> Not selected for removal.
c:\program files (x86)\starcraft\bnetgatewayeditor.exe (Trojan.LDPinch) -> Not selected for removal.
c:\system volume information\_restore{fd53264e-855f-45c1-afb6-eccd606737ed}\RP383\A0069793.exe (Rogue.SecurityProtection) -> Quarantined and deleted successfully.

markusg · 21.11.2011, 13:09

ok
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Bundeshase · 21.11.2011, 13:11

"Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:

Windows XP (nur 32-bit)"

markusg · 21.11.2011, 13:17

der text scheint nicht angepasst zu sein, aber läuft auch mit deinem betreibssystem

Bundeshase · 21.11.2011, 13:19

...leider nicht, bei der Installation wurde mir gesagt, dass ComboFix nicht auf meinem Betriebssystem installiert werden kann...

Bundeshase · 21.11.2011, 13:26

...eine kurze Zwischenfrage: Ich hab mal meinen C:\-Ordner im Explorer etwas genauer untersucht, und zig Ordner als versteckt entdeckt, die ich da noch NIE gesehen habe...zum Beispiel einen fast 8 GB großen System Volume Information-Ordner O_o

EDIT: Puuuh, scheinen Dateien zu sein, die HijackThis beim Öffnen anlegt...ich hab schon einen Schreck bekommen.

Bundeshase · 21.11.2011, 15:06

Nachtrag: Search&Destroy findet im System noch "verfolgende Cookies":

markusg · 21.11.2011, 15:10

erst mal folgendes:
http://www.trojaner-board.de/82358-t...entfernen.html
nur log posten nichts löschen

Bundeshase · 21.11.2011, 15:29

Hier der Log:

15:26:00.0921 3524 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
15:26:01.0250 3524 ============================================================
15:26:01.0250 3524 Current date / time: 2011/11/21 15:26:01.0250
15:26:01.0250 3524 SystemInfo:
15:26:01.0250 3524
15:26:01.0250 3524 OS Version: 5.2.3790 ServicePack: 2.0
15:26:01.0250 3524 Product type: Workstation
15:26:01.0250 3524 ComputerName: GREGSEN
15:26:01.0250 3524 UserName: Administrator
15:26:01.0250 3524 Windows directory: C:\WINDOWS
15:26:01.0250 3524 System windows directory: C:\WINDOWS
15:26:01.0250 3524 Running under WOW64
15:26:01.0250 3524 Processor architecture: Intel x64
15:26:01.0250 3524 Number of processors: 4
15:26:01.0250 3524 Page size: 0x1000
15:26:01.0250 3524 Boot type: Normal boot
15:26:01.0250 3524 ============================================================
15:26:06.0359 3524 Initialize success
15:26:53.0250 3600 ============================================================
15:26:53.0250 3600 Scan started
15:26:53.0250 3600 Mode: Manual; SigCheck; TDLFS;
15:26:53.0250 3600 ============================================================
15:26:54.0453 3600 Abiosdsk - ok
15:26:54.0500 3600 ACPI (0cc42d1fb637112de6f6196ddaf83dec) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:26:56.0093 3600 ACPI - ok
15:26:56.0187 3600 ACPIEC (a4d4f508bc6613442b0c32cde443e382) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:26:56.0265 3600 ACPIEC - ok
15:26:56.0281 3600 adpu160m - ok
15:26:56.0281 3600 adpu320 - ok
15:26:56.0328 3600 aec (92500bc3a6e241bbc357f532dd500a75) C:\WINDOWS\system32\drivers\aec.sys
15:26:56.0390 3600 aec - ok
15:26:56.0437 3600 AFD (f0e008ac59faa5ecd22c8891b3300378) C:\WINDOWS\System32\drivers\afd.sys
15:26:56.0500 3600 AFD - ok
15:26:56.0500 3600 aic78u2 - ok
15:26:56.0500 3600 aic78xx - ok
15:26:56.0515 3600 AliIde - ok
15:26:56.0515 3600 AmdIde - ok
15:26:56.0515 3600 arc - ok
15:26:56.0562 3600 Arp1394 (fda73c1ecd1ec4f366ff0ab85abf816d) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:26:56.0609 3600 Arp1394 - ok
15:26:56.0656 3600 AsyncMac (7380acdd2d8e6621392e56d9a0467fe4) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:26:56.0703 3600 AsyncMac - ok
15:26:56.0734 3600 atapi (7a1814d0d112f50f828e25557a1ed29f) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:26:56.0781 3600 atapi - ok
15:26:56.0781 3600 Atdisk - ok
15:26:56.0812 3600 Atmarpc (62d65fce5695b53a2ddf92e83111ea06) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:26:56.0859 3600 Atmarpc - ok
15:26:56.0875 3600 audstub (1437089f59dba75fee4ed959077a938e) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:26:56.0953 3600 audstub - ok
15:26:56.0984 3600 Beep (8ba2e5cdfde406dc4646afb894804844) C:\WINDOWS\system32\drivers\Beep.sys
15:26:57.0031 3600 Beep - ok
15:26:57.0031 3600 BTCFilterService - ok
15:26:57.0062 3600 CdaC15BA (982563cf02cd6d4e5d8e0f4b5cbb9b6a) C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys
15:26:57.0109 3600 CdaC15BA - ok
15:26:57.0125 3600 CdaD10BA (9067d96899d98ca4535a76e8c8b2e3a5) C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys
15:26:57.0187 3600 CdaD10BA - ok
15:26:57.0203 3600 Cdfs (4d99e36322fb51a8d1b2b6d6b69d9889) C:\WINDOWS\system32\drivers\Cdfs.sys
15:26:57.0250 3600 Cdfs - ok
15:26:57.0296 3600 Cdrom (11663fe50e499ffee77979542b285f38) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:26:57.0343 3600 Cdrom - ok
15:26:57.0343 3600 Changer - ok
15:26:57.0359 3600 CmdIde - ok
15:26:57.0390 3600 crcdisk (423f7a6e3af4c2a73c8c8ad945f72cba) C:\WINDOWS\system32\DRIVERS\crcdisk.sys
15:26:57.0437 3600 crcdisk - ok
15:26:57.0437 3600 CSCrySec (ab1201f8de199e764da9a32abf71049c) C:\WINDOWS\system32\DRIVERS\CSCrySec.sys
15:26:57.0484 3600 CSCrySec - ok
15:26:57.0531 3600 CSVirtualDiskDrv (a6eed705bb510fa6b0f9f097165a3395) C:\WINDOWS\system32\DRIVERS\CSVirtualDiskDrv.sys
15:26:57.0546 3600 CSVirtualDiskDrv - ok
15:26:57.0578 3600 Disk (417d7b9c6f36685a417e54690f8bd7b2) C:\WINDOWS\system32\DRIVERS\disk.sys
15:26:57.0640 3600 Disk - ok
15:26:57.0687 3600 dmboot (19d704c92c2e2bd4dc99db18a3523918) C:\WINDOWS\system32\drivers\dmboot.sys
15:26:57.0781 3600 dmboot - ok
15:26:57.0781 3600 dmio (b293ce1c9243219f6b9e5dbcaa75b962) C:\WINDOWS\system32\drivers\dmio.sys
15:26:57.0828 3600 dmio - ok
15:26:57.0843 3600 dmload (c294e31d6cb7407a43c96ec1fec1f8a4) C:\WINDOWS\system32\drivers\dmload.sys
15:26:57.0906 3600 dmload - ok
15:26:57.0906 3600 dpti2o - ok
15:26:57.0984 3600 Fastfat (7c713b9f6f968f135d3d819492882cdd) C:\WINDOWS\system32\drivers\Fastfat.sys
15:26:58.0078 3600 Fastfat - ok
15:26:58.0093 3600 Fdc (7e35d423ff10ab5b8af1d3de86236690) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:26:58.0156 3600 Fdc - ok
15:26:58.0187 3600 Fips (73ea9000f8fb2e060954eb7c3377a3c7) C:\WINDOWS\system32\drivers\Fips.sys
15:26:58.0234 3600 Fips - ok
15:26:58.0281 3600 fireface (37b768e10a86f7c26f5d144b87e5170c) C:\WINDOWS\system32\drivers\fireface_64.sys
15:26:58.0281 3600 fireface ( UnsignedFile.Multi.Generic ) - warning
15:26:58.0281 3600 fireface - detected UnsignedFile.Multi.Generic (1)
15:26:58.0328 3600 Flpydisk (8ac77974378eac3548330951a5deeebf) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:26:58.0390 3600 Flpydisk - ok
15:26:58.0437 3600 FltMgr (087db260f98056ac40261acae4240882) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:26:58.0500 3600 FltMgr - ok
15:26:58.0531 3600 Fs_Rec (70df80567a55a97894b4e8952ec5e7fc) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:26:58.0578 3600 Fs_Rec - ok
15:26:58.0593 3600 Ftdisk (e90aa7c073519dd8571670818cb85ccb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:26:58.0656 3600 Ftdisk - ok
15:26:58.0671 3600 Gpc (865d4d0b4e3730ef8040000cfb846d9f) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:26:58.0734 3600 Gpc - ok
15:26:58.0765 3600 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\WINDOWS\system32\DRIVERS\hamachi.sys
15:26:58.0781 3600 hamachi - ok
15:26:58.0828 3600 HDAudBus (d36e47728cdbc8d17a77d36a6cbc29bb) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:26:58.0859 3600 HDAudBus - ok
15:26:58.0906 3600 hidusb (f32bec5614a61bbb2bede070d279f88b) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:26:59.0015 3600 hidusb - ok
15:26:59.0062 3600 HTTP (2138f3fd8f0658adef14c6e5870fe1e9) C:\WINDOWS\system32\Drivers\HTTP.sys
15:26:59.0125 3600 HTTP - ok
15:26:59.0125 3600 i2omgmt - ok
15:26:59.0171 3600 i8042prt (50fd608643d9b56c4c75c0784513f77e) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:26:59.0218 3600 i8042prt - ok
15:26:59.0218 3600 iirsp - ok
15:26:59.0281 3600 imapi (d2e541613b72ff9fcedf37b166930706) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:26:59.0328 3600 imapi - ok
15:26:59.0453 3600 IntcAzAudAddService (fc000101e3d3aef951a57e8d32f0aed9) C:\WINDOWS\system32\drivers\RTKHDA64.SYS
15:26:59.0656 3600 IntcAzAudAddService - ok
15:26:59.0656 3600 IntelIde - ok
15:26:59.0687 3600 intelppm (f8def5f83def3d1ee89bc851bfb6a886) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:26:59.0750 3600 intelppm - ok
15:26:59.0765 3600 Ip6Fw (6601a43ee389d0adb11aaede9a98036b) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:26:59.0812 3600 Ip6Fw - ok
15:26:59.0828 3600 IpFilterDriver (1b1b4654a5492a42d2e1bf5b2b22d32b) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:26:59.0906 3600 IpFilterDriver - ok
15:26:59.0906 3600 IpInIp - ok
15:26:59.0937 3600 IpNat (088ecb04137df1f52ec10c29d57a8cca) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:27:00.0000 3600 IpNat - ok
15:27:00.0046 3600 IPSec (db841ec6f027c780002ef47aabfddf86) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:27:00.0109 3600 IPSec - ok
15:27:00.0140 3600 IRENUM (8b7015ea0171242cca03c2fb48ccc771) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:27:00.0203 3600 IRENUM - ok
15:27:00.0250 3600 isapnp (d994162e4d8e931fc16a892a87852bbb) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:27:00.0312 3600 isapnp - ok
15:27:00.0328 3600 JRAID (50b9060d11c4c2aaebacb2263972eff2) C:\WINDOWS\system32\DRIVERS\jraid.sys
15:27:00.0390 3600 JRAID - ok
15:27:00.0421 3600 Kbdclass (e85095372008a9194c7ed6206cb782da) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:27:00.0484 3600 Kbdclass - ok
15:27:00.0531 3600 kl1 (db449f50e5141458eb58e64ffac4863f) C:\WINDOWS\system32\DRIVERS\kl1.sys
15:27:00.0546 3600 kl1 - ok
15:27:00.0562 3600 KLBG (87200a8afe40532baa4d2b24a7ba0eea) C:\WINDOWS\system32\DRIVERS\klbg.sys
15:27:00.0578 3600 KLBG - ok
15:27:00.0593 3600 KLIF (887f0d6b749a1a77824b84fa5360fe2a) C:\WINDOWS\system32\DRIVERS\klif.sys
15:27:00.0656 3600 KLIF - ok
15:27:00.0890 3600 klim5 (34bcc5765153904aa5cd3a84258ef608) C:\WINDOWS\system32\DRIVERS\klim5.sys
15:27:00.0906 3600 klim5 - ok
15:27:00.0921 3600 klmouflt (6615a245372257f3d2f8fbb1c4f6dff6) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
15:27:00.0937 3600 klmouflt - ok
15:27:00.0968 3600 kmixer (1b280b3b4c10cc2e3ec3aec17eb6b658) C:\WINDOWS\system32\drivers\kmixer.sys
15:27:01.0015 3600 kmixer - ok
15:27:01.0062 3600 KORGUMDS (a96473f1c76bb29849cb947c6c350445) C:\WINDOWS\system32\Drivers\KORGUM64.SYS
15:27:01.0062 3600 KORGUMDS - ok
15:27:01.0093 3600 KSecDD (2649aca0d7c01933c95073f4ebfac42c) C:\WINDOWS\system32\drivers\KSecDD.sys
15:27:01.0140 3600 KSecDD - ok
15:27:01.0156 3600 ksthunk (5cb302b6caace41af70c34b56eb3db23) C:\WINDOWS\system32\drivers\ksthunk.sys
15:27:01.0234 3600 ksthunk - ok
15:27:01.0296 3600 L8042Kbd (3fb80db5ec01b6153572d27438fbea20) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
15:27:01.0312 3600 L8042Kbd - ok
15:27:01.0328 3600 L8042mou (d3693364aa9ac82fb0b78680bc7f423b) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
15:27:01.0343 3600 L8042mou - ok
15:27:01.0359 3600 LBeepKE (2c5f11ee4f699b9a5e464053c99bcd21) C:\WINDOWS\system32\Drivers\LBeepKE.sys
15:27:01.0375 3600 LBeepKE - ok
15:27:01.0406 3600 LHidFilt (b45686101f9473b52d7a501c544dda5d) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
15:27:01.0421 3600 LHidFilt - ok
15:27:01.0468 3600 LMouFilt (9980bb086248ca45772eff2559aa62d3) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
15:27:01.0484 3600 LMouFilt - ok
15:27:01.0500 3600 LMouKE (0d9eb835d2be6545dca23bf9bbfd437e) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
15:27:01.0515 3600 LMouKE - ok
15:27:01.0546 3600 LUsbFilt (a1eb1db073972c7ce252daa3456bbbe7) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
15:27:01.0562 3600 LUsbFilt - ok
15:27:01.0625 3600 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\WINDOWS\system32\drivers\mbam.sys
15:27:01.0640 3600 MBAMProtector - ok
15:27:01.0671 3600 mnmdd (ad6bc1efa0c1b53409947f06de87fc89) C:\WINDOWS\system32\drivers\mnmdd.sys
15:27:01.0734 3600 mnmdd - ok
15:27:01.0765 3600 Modem (9a67a96a0cbc2bc658abf8c9b5ee065a) C:\WINDOWS\system32\drivers\Modem.sys
15:27:01.0828 3600 Modem - ok
15:27:01.0828 3600 motccgp - ok
15:27:01.0843 3600 motccgpfl - ok
15:27:01.0843 3600 motmodem - ok
15:27:01.0843 3600 MotoSwitchService - ok
15:27:01.0859 3600 Motousbnet - ok
15:27:01.0859 3600 motusbdevice - ok
15:27:01.0890 3600 Mouclass (12acf32edf03e46805347817acb9f64c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:27:01.0953 3600 Mouclass - ok
15:27:01.0984 3600 mouhid (a0c4e4a79c5d6f418315c33177f2b5bc) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:27:02.0046 3600 mouhid - ok
15:27:02.0109 3600 MountMgr (7e9cc7e4282a8e7a480560a6f817c177) C:\WINDOWS\system32\drivers\MountMgr.sys
15:27:02.0218 3600 MountMgr - ok
15:27:02.0218 3600 mraid35x - ok
15:27:02.0234 3600 MRxDAV (f588ab7dcffefb2891764cf380a80b63) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:27:02.0281 3600 MRxDAV - ok
15:27:02.0312 3600 MRxSmb (9899c0483ae641a9540731164fca1ac5) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:27:02.0406 3600 MRxSmb - ok
15:27:02.0406 3600 Msfs (983f4ab7a50d56cd33e2061ee733bd55) C:\WINDOWS\system32\drivers\Msfs.sys
15:27:02.0468 3600 Msfs - ok
15:27:02.0500 3600 MSKSSRV (308ec6fbef38871cb2c4cace9c8f4808) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:27:02.0562 3600 MSKSSRV - ok
15:27:02.0593 3600 MSPCLOCK (8d3226738479719aab3b6d2617d7a55c) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:27:02.0640 3600 MSPCLOCK - ok
15:27:02.0671 3600 MSPQM (058d63e8d000ae678d4549bfa8eb0deb) C:\WINDOWS\system32\drivers\MSPQM.sys
15:27:02.0718 3600 MSPQM - ok
15:27:02.0734 3600 mssmbios (5992d1f9ed64017a76afee2b79f5cfb9) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:27:02.0781 3600 mssmbios - ok
15:27:02.0796 3600 Mup (4e3a0746542aa482117293234bfde2c9) C:\WINDOWS\system32\drivers\Mup.sys
15:27:02.0859 3600 Mup - ok
15:27:02.0890 3600 NDIS (6fe83d05aebef7930d7ce91568dc99df) C:\WINDOWS\system32\drivers\NDIS.sys
15:27:02.0984 3600 NDIS - ok
15:27:03.0015 3600 NdisTapi (74612c7b722df0dbcc972f301bd1bf1e) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:27:03.0078 3600 NdisTapi - ok
15:27:03.0109 3600 Ndisuio (49c1207c1ae8c6958f1c1747132814c2) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:27:03.0171 3600 Ndisuio - ok
15:27:03.0187 3600 NdisWan (6157a7aeae6d2b948ff2e872ffac765b) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:27:03.0250 3600 NdisWan - ok
15:27:03.0265 3600 NDProxy (24ea58a8257c3a4557c589ee0d4ab19b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:27:03.0312 3600 NDProxy - ok
15:27:03.0328 3600 NetBIOS (b1cee06471a069149b11fada23ff00fd) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:27:03.0375 3600 NetBIOS - ok
15:27:03.0390 3600 NetBT (fedaafb6cd700b9e0787c94d81c07db5) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:27:03.0484 3600 NetBT - ok
15:27:03.0531 3600 NIC1394 (dafc30299e872cd7ed3795ea0fa08f67) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:27:03.0578 3600 NIC1394 - ok
15:27:03.0593 3600 Npfs (81819038621a2c524781ec503d400287) C:\WINDOWS\system32\drivers\Npfs.sys
15:27:03.0640 3600 Npfs - ok
15:27:03.0703 3600 Ntfs (c8904b5f90ab2236692e83d491c4d426) C:\WINDOWS\system32\drivers\Ntfs.sys
15:27:03.0781 3600 Ntfs - ok
15:27:03.0828 3600 Null (501039187c444fa7ab9d97b6a6c667b3) C:\WINDOWS\system32\drivers\Null.sys
15:27:03.0906 3600 Null - ok
15:27:04.0140 3600 nv (84cec4e49cf04011ec902fb122511d4b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:27:04.0562 3600 nv - ok
15:27:04.0593 3600 NvnUsbAudio (3e63dec87b07659f1276c5dc01b5aa5a) C:\WINDOWS\system32\drivers\nvnusbaudio.sys
15:27:04.0593 3600 NvnUsbAudio ( UnsignedFile.Multi.Generic ) - warning
15:27:04.0593 3600 NvnUsbAudio - detected UnsignedFile.Multi.Generic (1)
15:27:04.0640 3600 ohci1394 (f8160ac8ae516a33221427c2353a7d12) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:27:04.0703 3600 ohci1394 - ok
15:27:04.0750 3600 Parport (7ddaa09186da9f1d304e819b5a6bbc5a) C:\WINDOWS\system32\drivers\Parport.sys
15:27:04.0828 3600 Parport - ok
15:27:04.0843 3600 PartMgr (5f9a703240468a0c35a629d17ffca847) C:\WINDOWS\system32\drivers\PartMgr.sys
15:27:04.0906 3600 PartMgr - ok
15:27:04.0937 3600 PCI (5b2c8d6971d8df4937c2fa013cd4c00d) C:\WINDOWS\system32\DRIVERS\pci.sys
15:27:05.0015 3600 PCI - ok
15:27:05.0015 3600 PCIIde (f1978c7849a0047306db3b8bb94f0764) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:27:05.0062 3600 PCIIde - ok
15:27:05.0093 3600 Pcmcia (037f3a19f49a4c6a320c4154ebd6ee9d) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:27:05.0171 3600 Pcmcia - ok
15:27:05.0171 3600 PDCOMP - ok
15:27:05.0187 3600 PDFRAME - ok
15:27:05.0187 3600 PDRELI - ok
15:27:05.0187 3600 PDRFRAME - ok
15:27:05.0218 3600 PptpMiniport (e176f640ee6bf550f61faa9ce9a683f4) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:27:05.0328 3600 PptpMiniport - ok
15:27:05.0343 3600 PQNTDrv - ok
15:27:05.0359 3600 PSched (01aae06e543c0956ac247546a8f2dafe) C:\WINDOWS\system32\DRIVERS\psched.sys
15:27:05.0437 3600 PSched - ok
15:27:05.0468 3600 Ptilink (35e39a969d227c2a56c1dc98361d8e35) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:27:05.0593 3600 Ptilink - ok
15:27:05.0625 3600 PxHlpa64 (a6bf0a9b5a30d743623ca0d3be35df05) C:\WINDOWS\system32\Drivers\PxHlpa64.sys
15:27:05.0687 3600 PxHlpa64 - ok
15:27:05.0703 3600 RasAcd (d646a315e6386dac1d96c8ce8a4bfee7) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:27:05.0812 3600 RasAcd - ok
15:27:05.0812 3600 Rasl2tp (d81fdc53ee9c0f68d709e504342d1d74) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:27:05.0859 3600 Rasl2tp - ok
15:27:05.0875 3600 RasPppoe (31fa5ab662c58cc5cf92396224f6b29a) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:27:05.0921 3600 RasPppoe - ok
15:27:05.0937 3600 Raspti (701493f9a6ede759af8d3fa7c08bab3b) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:27:05.0984 3600 Raspti - ok
15:27:06.0031 3600 Rdbss (251a8b39645c5b3dc7dcbbd03a3140cb) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:27:06.0093 3600 Rdbss - ok
15:27:06.0109 3600 RDPCDD (c013379d04060318c3b2e4967d82739a) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:27:06.0171 3600 RDPCDD - ok
15:27:06.0218 3600 rdpdr (0482a9be0be2098a12a61464306bf24b) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:27:06.0312 3600 rdpdr - ok
15:27:06.0343 3600 RDPWD (ceca4f10b0118e3883628afa294b31d6) C:\WINDOWS\system32\drivers\RDPWD.sys
15:27:06.0421 3600 RDPWD - ok
15:27:06.0453 3600 redbook (1d793394201000d2d56e848c18fe9a62) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:27:06.0500 3600 redbook - ok
15:27:06.0531 3600 RTL8023x64 (548464910350423cc178c80bf9501c7a) C:\WINDOWS\system32\DRIVERS\Rtnic64.sys
15:27:06.0593 3600 RTL8023x64 - ok
15:27:06.0593 3600 SCR33x USB Smart Card Reader - ok
15:27:06.0671 3600 Secdrv (6d4ccd356da407194c2574a68d9c727a) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:27:06.0718 3600 Secdrv - ok
15:27:06.0750 3600 Serial (c0dc97399576fccff5fe877ec2d8dacc) C:\WINDOWS\system32\drivers\Serial.sys
15:27:06.0796 3600 Serial - ok
15:27:06.0812 3600 Sfloppy (c6eacc8920a31b8d5842d1f7a28e2113) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:27:06.0859 3600 Sfloppy - ok
15:27:06.0859 3600 Simbad - ok
15:27:06.0890 3600 splitter (17ec29105989101db536c49e1279a0eb) C:\WINDOWS\system32\drivers\splitter.sys
15:27:06.0953 3600 splitter - ok
15:27:07.0015 3600 sr (dae1d5553d42a06034001d6ef4f5cb36) C:\WINDOWS\system32\DRIVERS\sr.sys
15:27:07.0046 3600 sr - ok
15:27:07.0093 3600 Srv (da399dc57b869cf11b7cf98f0a8494d7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:27:07.0156 3600 Srv - ok
15:27:07.0156 3600 STC2DFU - ok
15:27:07.0203 3600 swenum (b6536185feeb8f0c86ad3bf2fbab4f2f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:27:07.0250 3600 swenum - ok
15:27:07.0281 3600 swmidi (8e9e35b36a27ad154a5f92397cde343c) C:\WINDOWS\system32\drivers\swmidi.sys
15:27:07.0343 3600 swmidi - ok
15:27:07.0343 3600 symc8xx - ok
15:27:07.0359 3600 symmpi - ok
15:27:07.0359 3600 sym_hi - ok
15:27:07.0359 3600 sym_u3 - ok
15:27:07.0359 3600 SynasUSB - ok
15:27:07.0406 3600 sysaudio (2e843f129daf4c789df7acd40e26208f) C:\WINDOWS\system32\drivers\sysaudio.sys
15:27:07.0468 3600 sysaudio - ok
15:27:07.0500 3600 Tcpip (c013e7f14fd378a16f5b7a4b5a7050e9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:27:07.0578 3600 Tcpip - ok
15:27:07.0609 3600 TDPIPE (da1e9cd22238fa4db565ef41c7312e1b) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:27:07.0671 3600 TDPIPE - ok
15:27:07.0703 3600 TDTCP (47d24ebb1c442dcc18d89b8b89bafb49) C:\WINDOWS\system32\drivers\TDTCP.sys
15:27:07.0765 3600 TDTCP - ok
15:27:07.0812 3600 TermDD (8ab9ad44907d4c57ad10e175c8720ecf) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:27:07.0921 3600 TermDD - ok
15:27:07.0937 3600 TosIde - ok
15:27:07.0968 3600 Udfs (a6dd2dfcc44ec61d18aa645620cd8f63) C:\WINDOWS\system32\drivers\Udfs.sys
15:27:08.0046 3600 Udfs - ok
15:27:08.0078 3600 UGURU (580641196846b0f594f675c07faad2bc) C:\WINDOWS\system32\drivers\uGuru.sys
15:27:08.0093 3600 UGURU ( UnsignedFile.Multi.Generic ) - warning
15:27:08.0093 3600 UGURU - detected UnsignedFile.Multi.Generic (1)
15:27:08.0093 3600 ultra - ok
15:27:08.0140 3600 Update (70ca9db8119fff67d9938f2ab2b8d50c) C:\WINDOWS\system32\DRIVERS\update.sys
15:27:08.0203 3600 Update - ok
15:27:08.0250 3600 usbaudio (88354ba123549c6b0016592866063837) C:\WINDOWS\system32\drivers\usbaudio.sys
15:27:08.0296 3600 usbaudio - ok
15:27:08.0312 3600 usbccgp (3421b0691a0e365a020836369a296f0c) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:27:08.0359 3600 usbccgp - ok
15:27:08.0375 3600 USBCCID (a83d36d8bdd4c15ff7792642dfde4bd3) C:\WINDOWS\system32\DRIVERS\usbccid.sys
15:27:08.0421 3600 USBCCID - ok
15:27:08.0453 3600 usbehci (ae6521a1c79fc955ff26be9ca5521b51) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:27:08.0500 3600 usbehci - ok
15:27:08.0546 3600 usbhub (d63cb1b59d54f9c2bb8a4107584a664f) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:27:08.0609 3600 usbhub - ok
15:27:08.0640 3600 usbscan (280894f834f5b9910dadff7568f37b31) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:27:08.0703 3600 usbscan - ok
15:27:08.0734 3600 USBSTOR (edce8a162e8023fd1751e08e23e41948) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:27:08.0796 3600 USBSTOR - ok
15:27:08.0828 3600 usbuhci (4b7b4a2cc997c482a0aa7ca663af62a0) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:27:08.0953 3600 usbuhci - ok
15:27:09.0000 3600 vga (b40cfd2ffdd838b0ce0c35ee449407bd) C:\WINDOWS\system32\DRIVERS\vgapnp.sys
15:27:09.0093 3600 vga - ok
15:27:09.0140 3600 VgaSave (78ebfe6f11f10db8237b910e9158ca91) C:\WINDOWS\System32\drivers\vga.sys
15:27:09.0187 3600 VgaSave - ok
15:27:09.0187 3600 ViaIde - ok
15:27:09.0234 3600 VolSnap (fd6d28d1bbf31c719d9c5ec2d20fb5c2) C:\WINDOWS\system32\DRIVERS\volsnap.sys
15:27:09.0296 3600 VolSnap - ok
15:27:09.0312 3600 Wanarp (d2a01d73fe4a455c1d741b48c56763b2) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:27:09.0359 3600 Wanarp - ok
15:27:09.0406 3600 Wdf01000 (92090a7bb3b37b534c4193238d120696) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:27:09.0468 3600 Wdf01000 - ok
15:27:09.0484 3600 WDICA - ok
15:27:09.0531 3600 wdmaud (daff7e89c84079022b9606f83e1bd29a) C:\WINDOWS\system32\drivers\wdmaud.sys
15:27:09.0593 3600 wdmaud - ok
15:27:09.0656 3600 WpdUsb (4a59d22b86edf8306810fa10c58368c7) C:\WINDOWS\system32\Drivers\wpdusb.sys
15:27:09.0718 3600 WpdUsb - ok
15:27:09.0765 3600 xusb21 (9176c0822faa649e45121875be32f5d2) C:\WINDOWS\system32\DRIVERS\xusb21.sys
15:27:09.0781 3600 xusb21 - ok
15:27:09.0796 3600 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:27:09.0984 3600 \Device\Harddisk0\DR0 - ok
15:27:10.0015 3600 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
15:27:10.0203 3600 \Device\Harddisk1\DR1 - ok
15:27:10.0203 3600 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
15:27:10.0359 3600 \Device\Harddisk2\DR2 - ok
15:27:10.0359 3600 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR7
15:27:10.0953 3600 \Device\Harddisk3\DR7 - ok
15:27:10.0953 3600 Boot (0x1200) (303956f4b7d031e2ab50e9091c03fdae) \Device\Harddisk0\DR0\Partition0
15:27:10.0953 3600 \Device\Harddisk0\DR0\Partition0 - ok
15:27:10.0953 3600 Boot (0x1200) (443f9710e7aca42e058621de0e2b9388) \Device\Harddisk1\DR1\Partition0
15:27:10.0953 3600 \Device\Harddisk1\DR1\Partition0 - ok
15:27:10.0953 3600 Boot (0x1200) (92aa6e58bdf76968c27ba8f6b6318ede) \Device\Harddisk2\DR2\Partition0
15:27:10.0953 3600 \Device\Harddisk2\DR2\Partition0 - ok
15:27:10.0953 3600 Boot (0x1200) (d91824221575654b1eaca7f31b4e6e8f) \Device\Harddisk3\DR7\Partition0
15:27:10.0953 3600 \Device\Harddisk3\DR7\Partition0 - ok
15:27:10.0953 3600 ============================================================
15:27:10.0953 3600 Scan finished
15:27:10.0953 3600 ============================================================
15:27:11.0062 3504 Detected object count: 3
15:27:11.0062 3504 Actual detected object count: 3
15:27:29.0031 3504 fireface ( UnsignedFile.Multi.Generic ) - skipped by user
15:27:29.0031 3504 fireface ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:27:29.0031 3504 NvnUsbAudio ( UnsignedFile.Multi.Generic ) - skipped by user
15:27:29.0031 3504 NvnUsbAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:27:29.0031 3504 UGURU ( UnsignedFile.Multi.Generic ) - skipped by user
15:27:29.0031 3504 UGURU ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg · 21.11.2011, 15:51

hi, für folgenden eintrag:
15:27:04.0593 3600 NvnUsbAudio (3e63dec87b07659f1276c5dc01b5aa5a) C:\WINDOWS\system32\drivers\nvnusbaudio.sys
wähle mal quarantäne aus.
dann sollte es unter c:\ eine tdss killer quarantäne geben, diese mit winrar zip oder anderem packer packen und hochladen nach anleitung.
http://www.trojaner-board.de/54791-a...ner-board.html

Überbleibsel des "Bundespolizei"/"Windows System Recovery" -Trojaners

Log-Analyse und Auswertung: Überbleibsel des "Bundespolizei"/"Windows System Recovery" -Trojaners