| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Anitvir Virus? ; Aufforderung zur Zahlung von 50 €Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.03.2012, 15:01
| #1 |
| |  Anitvir Virus? ; Aufforderung zur Zahlung von 50 € Hallo Trojaner Board, ich habe seit gestern Nacht ein Trojaner auf dem PC, dort werde ich gebeten 50 euro zu zahlen. hatte blackscreen mit der fehlermeldung. nach dem OTL Scan im abgesicherten Modus,geht jetzt mein normaler Modus( habe antivir ausgeschaltet),gehe davon aus,dass es mit dem programm zu tun hat. Hier die Fehlermeldung:  Hier die Loggs von OTL: Extras: Code:
ATTFilter OTL Extras logfile created on: 15.03.2012 14:37:42 - Run 3
OTL by OldTimer - Version 3.2.37.0 Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,17 Gb Available Physical Memory | 79,34% Memory free
5,74 Gb Paging File | 5,26 Gb Available in Paging File | 91,68% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286,97 Gb Total Space | 208,88 Gb Free Space | 72,79% Space Free | Partition Type: NTFS
Drive D: | 644,53 Gb Total Space | 348,72 Gb Free Space | 54,10% Space Free | Partition Type: NTFS
Computer Name: XP64-SP2 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.jse [@ = JSEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1
.vbe [@ = VBEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.vbs [@ = VBSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsf [@ = WSFFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsh [@ = WSHFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1"
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Program Files (x86)\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Program Files (x86)\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"57103:TCP" = 57103:TCP:*:Enabled:Pando Media Booster
"57103:UDP" = 57103:UDP:*:Enabled:Pando Media Booster
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"2286:UDP" = 2286:UDP:*:Enabled:Windows Media Format SDK (wmplayer.exe)
"2287:UDP" = 2287:UDP:*:Enabled:Windows Media Format SDK (wmplayer.exe)
"57103:TCP" = 57103:TCP:*:Enabled:Pando Media Booster
"57103:UDP" = 57103:UDP:*:Enabled:Pando Media Booster
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\ICQ6.5\ICQ.exe" = C:\Program Files (x86)\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe
"C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" = C:\Program Files (x86)\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- (Microsoft Corporation)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" = C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files (x86)\ICQ7.6\ICQ.exe" = C:\Program Files (x86)\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6 -- (ICQ, LLC.)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\ICQ6.5\ICQ.exe" = C:\Program Files (x86)\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe
"C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" = C:\Program Files (x86)\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- (Microsoft Corporation)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" = C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files (x86)\ICQ7.6\ICQ.exe" = C:\Program Files (x86)\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6 -- (ICQ, LLC.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe" = C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" = C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files (x86)\ICQ6.5\ICQ.exe" = C:\Program Files (x86)\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe
"C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" = C:\Program Files (x86)\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- (Microsoft Corporation)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\Steam\steamapps\shengiboy619\half-life 2 deathmatch\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\shengiboy619\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2
"C:\Documents and Settings\Administrator\Desktop\Programme\SFT Loader\leecher.exe" = C:\Documents and Settings\Administrator\Desktop\Programme\SFT Loader\leecher.exe:*:Enabled:SFT Loader -- (velocode)
"C:\Program Files (x86)\SopCast\adv\SopAdver.exe" = C:\Program Files (x86)\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files (x86)\SopCast\SopCast.exe" = C:\Program Files (x86)\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files (x86)\Java\jre6\bin\java.exe" = C:\Program Files (x86)\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App
"C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$EX00.640\leecher.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$EX00.640\leecher.exe:*:Enabled:SFT Loader
"C:\Documents and Settings\Administrator\Desktop\teamspeak3-server_win64\ts3server_win64.exe" = C:\Documents and Settings\Administrator\Desktop\teamspeak3-server_win64\ts3server_win64.exe:*:Enabled:TeamSpeak 3 Server
"C:\Program Files (x86)\TVUPlayer\TVUPlayer.exe" = C:\Program Files (x86)\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component
"C:\Program Files (x86)\QIP Infium\infium.exe" = C:\Program Files (x86)\QIP Infium\infium.exe:*:Enabled:QIP Infium -- (QIP)
"C:\Program Files (x86)\Steam\Steam.exe" = C:\Program Files (x86)\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"D:\Games\Borlands\Binaries\Borderlands.exe" = D:\Games\Borlands\Binaries\Borderlands.exe:*:Enabled:Borderlands
"C:\Documents and Settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\nfsw.exe" = C:\Documents and Settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\nfsw.exe:*:Enabled:Need for Speed World
"C:\Documents and Settings\walera\Local Settings\Temp\Rar$EX00.203\teamspeak3-server_win64\ts3server_win64.exe" = C:\Documents and Settings\walera\Local Settings\Temp\Rar$EX00.203\teamspeak3-server_win64\ts3server_win64.exe:*:Enabled:TeamSpeak 3 Server
"C:\Program Files (x86)\teamspeak3-server_win64\ts3server_win64.exe" = C:\Program Files (x86)\teamspeak3-server_win64\ts3server_win64.exe:*:Enabled:TeamSpeak 3 Server
"C:\Documents and Settings\walera\Desktop\Programme\SFT Loader\leecher.exe" = C:\Documents and Settings\walera\Desktop\Programme\SFT Loader\leecher.exe:*:Enabled:SFT Loader
"C:\WINDOWS\SysWOW64\PnkBstrA.exe" = C:\WINDOWS\SysWOW64\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\SysWOW64\PnkBstrB.exe" = C:\WINDOWS\SysWOW64\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe" = C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade
"D:\Games\Left4Dead\hl2.exe" = D:\Games\Left4Dead\hl2.exe:*:Enabled:hl2
"C:\Program Files (x86)\Activision\Prototype\prototypef.exe" = C:\Program Files (x86)\Activision\Prototype\prototypef.exe:*:Enabled:Prototype(TM) -- (Activision)
"D:\Games\Fifa 11\Game\fifa.exe" = D:\Games\Fifa 11\Game\fifa.exe:*:Enabled:FIFA 11
"D:\Games\PES 11\pes2011.exe" = D:\Games\PES 11\pes2011.exe:*:Enabled:Pro Evolution Soccer 2011 -- (Konami Digital Entertainment Co., Ltd.)
"D:\Games\Medal of Honor - 10\MP\mohmpgame.exe" = D:\Games\Medal of Honor - 10\MP\mohmpgame.exe:*:Enabled:Medal of Honor: Multiplayer -- (EA Digital Illusions CE AB)
"D:\Games\Medal of Honor - 10\Binaries\moh.exe" = D:\Games\Medal of Honor - 10\Binaries\moh.exe:*:Enabled:Medal of Honor™ -- (Electronic Arts Inc.)
"D:\Games\NBA_2K11-FLT\nba2k11.exe" = D:\Games\NBA_2K11-FLT\nba2k11.exe:*:Enabled:NBA 2K11 -- (2K Sports)
"D:\Games\Call.of.Duty.Black.Ops.UNCUT.GERMAN-0x0007\Call of Duty Black Ops GERMAN Uncut\BlackOps.exe" = D:\Games\Call.of.Duty.Black.Ops.UNCUT.GERMAN-0x0007\Call of Duty Black Ops GERMAN Uncut\BlackOps.exe:*:Enabled:BlackOps
"C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe" = C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- ()
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files (x86)\Steam\steamapps\shengiboy619\day of defeat source\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\shengiboy619\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source
"C:\Program Files (x86)\Steam\steamapps\shengiboy619\counter-strike source\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\shengiboy619\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"C:\Program Files (x86)\Steam\steamapps\shengiboy619\counter-strike\hl.exe" = C:\Program Files (x86)\Steam\steamapps\shengiboy619\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"D:\Games\Portal 2\portal2.exe" = D:\Games\Portal 2\portal2.exe:*:Enabled:portal2 -- ()
"C:\Program Files (x86)\ICQ7.4\ICQ.exe" = C:\Program Files (x86)\ICQ7.4\ICQ.exe:*:Enabled:ICQ
"D:\Games\Postal 2 - Apocalypse Weekend\System\UCC.exe" = D:\Games\Postal 2 - Apocalypse Weekend\System\UCC.exe:*:Enabled:UCC -- ()
"D:\Games\Postal 2 - Apocalypse Weekend\System\postal2.exe" = D:\Games\Postal 2 - Apocalypse Weekend\System\postal2.exe:*:Enabled:postal2 -- ()
"D:\Games\Dead Rising 2\deadrising2.exe" = D:\Games\Dead Rising 2\deadrising2.exe:*:Enabled:Dead Rising 2 -- (CAPCOM CO., LTD.)
"D:\Games\Need for Speed Hot Pursuit\Launcher.exe" = D:\Games\Need for Speed Hot Pursuit\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit -- (Electronic Arts)
"D:\Games\Need for Speed Hot Pursuit\NFS11.exe" = D:\Games\Need for Speed Hot Pursuit\NFS11.exe:*:Enabled:Need for Speed(TM) Hot Pursuit Application -- (Electronic Arts)
"C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client
"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" = C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files (x86)\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files (x86)\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"C:\Program Files (x86)\Steam\steamapps\retsche10\counter-strike source\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\retsche10\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"D:\Games\dead_island_reloaded\Dead Island\deadislandgame.exe" = D:\Games\dead_island_reloaded\Dead Island\deadislandgame.exe:*:Enabled:DeadIsland -- (Techland)
"C:\Program Files (x86)\ICQ7.5\ICQ.exe" = C:\Program Files (x86)\ICQ7.5\ICQ.exe:*:Enabled:ICQ
"C:\Program Files (x86)\ICQ7.6\ICQ.exe" = C:\Program Files (x86)\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6 -- (ICQ, LLC.)
"C:\Program Files (x86)\Net Tools\nettools5.exe" = C:\Program Files (x86)\Net Tools\nettools5.exe:*:Enabled:Net Tools by Mohammad Ahmadi Bidakhvidi
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe" = C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" = C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files (x86)\ICQ6.5\ICQ.exe" = C:\Program Files (x86)\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe
"C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" = C:\Program Files (x86)\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- (Microsoft Corporation)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\Steam\steamapps\shengiboy619\half-life 2 deathmatch\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\shengiboy619\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2
"C:\Documents and Settings\Administrator\Desktop\Programme\SFT Loader\leecher.exe" = C:\Documents and Settings\Administrator\Desktop\Programme\SFT Loader\leecher.exe:*:Enabled:SFT Loader -- (velocode)
"C:\Program Files (x86)\SopCast\adv\SopAdver.exe" = C:\Program Files (x86)\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files (x86)\SopCast\SopCast.exe" = C:\Program Files (x86)\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files (x86)\Java\jre6\bin\java.exe" = C:\Program Files (x86)\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$EX00.640\leecher.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$EX00.640\leecher.exe:*:Enabled:SFT Loader
"C:\Documents and Settings\Administrator\Desktop\teamspeak3-server_win64\ts3server_win64.exe" = C:\Documents and Settings\Administrator\Desktop\teamspeak3-server_win64\ts3server_win64.exe:*:Enabled:TeamSpeak 3 Server
"C:\Program Files (x86)\TVUPlayer\TVUPlayer.exe" = C:\Program Files (x86)\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component
"C:\Program Files (x86)\QIP Infium\infium.exe" = C:\Program Files (x86)\QIP Infium\infium.exe:*:Enabled:QIP Infium -- (QIP)
"C:\Program Files (x86)\Steam\Steam.exe" = C:\Program Files (x86)\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"D:\Games\Borlands\Binaries\Borderlands.exe" = D:\Games\Borlands\Binaries\Borderlands.exe:*:Enabled:Borderlands
"C:\Documents and Settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\nfsw.exe" = C:\Documents and Settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\nfsw.exe:*:Enabled:Need for Speed World
"C:\Documents and Settings\walera\Local Settings\Temp\Rar$EX00.203\teamspeak3-server_win64\ts3server_win64.exe" = C:\Documents and Settings\walera\Local Settings\Temp\Rar$EX00.203\teamspeak3-server_win64\ts3server_win64.exe:*:Enabled:TeamSpeak 3 Server
"C:\Program Files (x86)\teamspeak3-server_win64\ts3server_win64.exe" = C:\Program Files (x86)\teamspeak3-server_win64\ts3server_win64.exe:*:Enabled:TeamSpeak 3 Server
"C:\Documents and Settings\walera\Desktop\Programme\SFT Loader\leecher.exe" = C:\Documents and Settings\walera\Desktop\Programme\SFT Loader\leecher.exe:*:Enabled:SFT Loader
"C:\WINDOWS\SysWOW64\PnkBstrA.exe" = C:\WINDOWS\SysWOW64\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\SysWOW64\PnkBstrB.exe" = C:\WINDOWS\SysWOW64\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe" = C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade
"D:\Games\Left4Dead\hl2.exe" = D:\Games\Left4Dead\hl2.exe:*:Enabled:hl2
"C:\Program Files (x86)\Activision\Prototype\prototypef.exe" = C:\Program Files (x86)\Activision\Prototype\prototypef.exe:*:Enabled:Prototype(TM) -- (Activision)
"D:\Games\Fifa 11\Game\fifa.exe" = D:\Games\Fifa 11\Game\fifa.exe:*:Enabled:FIFA 11
"D:\Games\PES 11\pes2011.exe" = D:\Games\PES 11\pes2011.exe:*:Enabled:Pro Evolution Soccer 2011 -- (Konami Digital Entertainment Co., Ltd.)
"D:\Games\Medal of Honor - 10\MP\mohmpgame.exe" = D:\Games\Medal of Honor - 10\MP\mohmpgame.exe:*:Enabled:Medal of Honor: Multiplayer -- (EA Digital Illusions CE AB)
"D:\Games\Medal of Honor - 10\Binaries\moh.exe" = D:\Games\Medal of Honor - 10\Binaries\moh.exe:*:Enabled:Medal of Honor™ -- (Electronic Arts Inc.)
"D:\Games\NBA_2K11-FLT\nba2k11.exe" = D:\Games\NBA_2K11-FLT\nba2k11.exe:*:Enabled:NBA 2K11 -- (2K Sports)
"D:\Games\Call.of.Duty.Black.Ops.UNCUT.GERMAN-0x0007\Call of Duty Black Ops GERMAN Uncut\BlackOps.exe" = D:\Games\Call.of.Duty.Black.Ops.UNCUT.GERMAN-0x0007\Call of Duty Black Ops GERMAN Uncut\BlackOps.exe:*:Enabled:BlackOps
"C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe" = C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- ()
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files (x86)\Steam\steamapps\shengiboy619\day of defeat source\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\shengiboy619\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source
"C:\Program Files (x86)\Steam\steamapps\shengiboy619\counter-strike source\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\shengiboy619\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"C:\Program Files (x86)\Steam\steamapps\shengiboy619\counter-strike\hl.exe" = C:\Program Files (x86)\Steam\steamapps\shengiboy619\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"D:\Games\Portal 2\portal2.exe" = D:\Games\Portal 2\portal2.exe:*:Enabled:portal2 -- ()
"C:\Program Files (x86)\ICQ7.4\ICQ.exe" = C:\Program Files (x86)\ICQ7.4\ICQ.exe:*:Enabled:ICQ
"D:\Games\Postal 2 - Apocalypse Weekend\System\UCC.exe" = D:\Games\Postal 2 - Apocalypse Weekend\System\UCC.exe:*:Enabled:UCC -- ()
"D:\Games\Postal 2 - Apocalypse Weekend\System\postal2.exe" = D:\Games\Postal 2 - Apocalypse Weekend\System\postal2.exe:*:Enabled:postal2 -- ()
"D:\Games\Dead Rising 2\deadrising2.exe" = D:\Games\Dead Rising 2\deadrising2.exe:*:Enabled:Dead Rising 2 -- (CAPCOM CO., LTD.)
"D:\Games\Need for Speed Hot Pursuit\Launcher.exe" = D:\Games\Need for Speed Hot Pursuit\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit -- (Electronic Arts)
"D:\Games\Need for Speed Hot Pursuit\NFS11.exe" = D:\Games\Need for Speed Hot Pursuit\NFS11.exe:*:Enabled:Need for Speed(TM) Hot Pursuit Application -- (Electronic Arts)
"C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client
"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" = C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files (x86)\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files (x86)\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"C:\Program Files (x86)\Steam\steamapps\retsche10\counter-strike source\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\retsche10\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"D:\Games\dead_island_reloaded\Dead Island\deadislandgame.exe" = D:\Games\dead_island_reloaded\Dead Island\deadislandgame.exe:*:Enabled:DeadIsland -- (Techland)
"C:\Program Files (x86)\ICQ7.5\ICQ.exe" = C:\Program Files (x86)\ICQ7.5\ICQ.exe:*:Enabled:ICQ
"C:\Program Files (x86)\ICQ7.6\ICQ.exe" = C:\Program Files (x86)\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6 -- (ICQ, LLC.)
"C:\Program Files (x86)\Net Tools\nettools5.exe" = C:\Program Files (x86)\Net Tools\nettools5.exe:*:Enabled:Net Tools by Mohammad Ahmadi Bidakhvidi
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D5E29E9-0914-A86D-8E67-DBAFF954DD8A}" = ATI Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}" = GEAR driver installer for x64 (Intel64 and AMD64)
"{523C35EE-B401-1EAA-D162-9BFC5CD2CE21}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6EE201F8-D9D1-2D19-CBDA-1031E767B46A}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0300D4E-9907-46B1-BB5D-552FD226F975}" = Microsoft Windows German User Interface Pack
"{D16193A3-921A-4134-B381-597C8F4B8EBD}" = PaperPort Image Printer
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows x64
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WMFDist11-64" = Windows Media Format 11 runtime
"wmp11-64" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0468A4CF-069D-86B6-84BD-F8E4F86E2631}" = Catalyst Control Center Graphics Previews Common
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0D93041A-03EC-11DA-BFBD-00065BBDC0B5}" = MSN Messenger 7.5
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{1960E0DF-6A10-422A-A4DD-79E748C36A49}" = Microsoft LifeCam
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1CC15F50-9681-1653-62F6-7D263D072E25}" = Catalyst Control Center Graphics Previews Common
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}" = TubeBox!
"{25A4B97E-DDAE-3B29-E0EF-F6E6AC21EF71}" = Catalyst Control Center InstallProxy
"{25B9C7BE-5CFD-6173-D3E1-6E4C9EBD8658}" = Catalyst Control Center Graphics Light
"{26999308-FF96-5FBF-B2DB-12E66346FA3A}" = CCC Help German
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 23
"{2927733E-A961-BA53-03C5-03774A081030}" = ccc-core-static
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.209.00
"{30148775-0642-7507-58EA-3CDB7E828BA2}" = Catalyst Control Center Core Implementation
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3972209B-4946-9B49-1911-0AC122FB8073}" = CCC Help Russian
"{40261D0A-A385-4C1A-A7DE-5F270D9B1031}" = Nero 7 Ultra Edition
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{43165058-0CD3-F336-0B4E-879A03DC8F50}" = Catalyst Control Center Graphics Full Existing
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{434D0831-A4CC-401A-9E74-621000018401}" = F1 2010
"{43F18082-D8A1-5A37-829D-CF1C4ED9ED2A}" = CCC Help Portuguese
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{4905D4CA-7295-F988-AE8A-B04675295133}" = CCC Help Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55A83F62-4CC7-8A5F-0FB0-FE55B53B3ED1}" = CCC Help Finnish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B31B7DD-ED2E-F515-C900-B2E91138A34F}" = ccc-core-preinstall
"{5C65178E-D3DE-BBBE-AAC3-F6B35E3CE9AD}" = CCC Help Spanish
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5F032DC8-A020-D42E-F2E6-41C748A92A06}" = Catalyst Control Center Graphics Full New
"{618A812B-3099-8DB2-C8E4-95D15A7B7CD5}" = Catalyst Control Center HydraVision Full
"{6A7E75AF-C2C7-4B1E-FE46-E0979833D6D5}" = CCC Help Spanish
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B48554C-9089-4177-A38D-B8FE122F11FC}" = TubeBox!
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71AFFCBF-0864-C19D-0C07-5DF67BA0382D}" = CCC Help Turkish
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.3.0
"{81DD0597-29EB-4FA0-8223-4F41362B2E72}" = NBA 2K11
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{8425081E-FEFF-6E4B-408E-53345859896C}" = CCC Help English
"{8946D1C8-B1A3-2D2D-731A-E9D29B9FE5CF}" = CCC Help German
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{8F75F503-B422-1608-4688-9B7AEBAE72A5}" = CCC Help French
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90FE2C60-A4C3-D61D-790A-9493EE405AEA}" = CCC Help Swedish
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{ADAA5D11-5D8F-31EC-1992-693239110308}" = CCC Help French
"{AFADD3B4-021C-9005-7BC2-6D1CD5D6C148}" = CCC Help Italian
"{B21C00B6-2B53-BB00-B4FE-27316019A9C5}" = CCC Help Chinese Traditional
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43FFAD8-47AD-4F8D-F14B-F4AECD521171}" = Catalyst Control Center
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{BD7CDF5A-315E-A085-CF42-921B37D7A507}" = CCC Help Hungarian
"{BE9269F2-562B-7BC7-9BE9-16EF8B52B403}" = Catalyst Control Center Localization All
"{BF243C52-D0D2-A777-D388-DFCCF00FFC23}" = CCC Help Dutch
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam-Software
"{C7370250-3AA3-23F8-DE52-21701C911BBD}" = CCC Help Korean
"{C7DA1638-A3B9-0AF6-B1B3-5ACBC08E7204}" = CCC Help Polish
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE709472-FCC6-698B-2F25-EA0531EAE88B}" = CCC Help English
"{CF283C0A-B5D9-EB97-E2F4-32E88FD8233F}" = CCC Help Portuguese
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D472CC91-8FFC-B07C-F755-363498CF7724}" = CCC Help Danish
"{D68E33C8-F508-F069-FF15-59B2BF50B0D3}" = CCC Help Japanese
"{D82DC9BA-D752-2D34-4412-3984C4D9BA27}" = Catalyst Control Center Localization All
"{E236A12C-FE29-49C4-C10C-F9AFF2EE8D39}" = CCC Help Chinese Standard
"{EFA83B92-06EA-D90D-1342-A7872D97B89F}" = CCC Help Italian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FAFD1909-311F-2035-6C97-7151A3B485C5}" = CCC Help Greek
"{FD433CFA-5819-54FC-005C-140926CDBB6F}" = CCC Help Czech
"{FF97034A-E1FE-CC80-E5D4-549796B72E36}" = CCC Help Norwegian
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"GameSaike SixaxisDriver_is1" = SixaxisDriver 0.91
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.7.0
"Mafia II_is1" = Mafia II
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"NetTools_is1" = NetTools 5.0
"OpenAL" = OpenAL
"Postal 2" = Postal 2
"Postal 2 - Apocalypse Weekend_is1" = Postal 2 - Apocalypse Weekend
"Postal 2 - Share The Pain_is1" = Postal 2 - Share The Pain
"Postal 2_is1" = Portal 2
"PriceGong" = PriceGong 2.1.0
"PS3 Video 9" = PS3 Video 9 6
"PunkBusterSvc" = PunkBuster Services
"SopCast" = SopCast 3.2.9
"Steam App 10" = Counter-Strike
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 300" = Day of Defeat: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"TVersity Codec Pack" = TVersity Codec Pack 1.4
"TVersity Media Server" = TVersity Media Server 1.9.3
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.11
"WinPcapInst" = WinPcap 3.0
"YouTube Downloader App" = YouTube Downloader App 3.00
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP Infium" = QIP Infium 2.0.9034
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 15.03.2012 08:57:34 | Computer Name = XP64-SP2 | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"
nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
Error - 15.03.2012 09:28:06 | Computer Name = XP64-SP2 | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{7B849a69-220F-451E-B3FE-2CB811AF94AE}"
nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
Error - 15.03.2012 09:28:06 | Computer Name = XP64-SP2 | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"
nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
Error - 15.03.2012 09:28:10 | Computer Name = XP64-SP2 | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{7B849a69-220F-451E-B3FE-2CB811AF94AE}"
nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
Error - 15.03.2012 09:28:10 | Computer Name = XP64-SP2 | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"
nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
Error - 15.03.2012 09:31:37 | Computer Name = XP64-SP2 | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{7B849a69-220F-451E-B3FE-2CB811AF94AE}"
nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
Error - 15.03.2012 09:31:37 | Computer Name = XP64-SP2 | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"
nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
Error - 15.03.2012 09:31:40 | Computer Name = XP64-SP2 | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{7B849a69-220F-451E-B3FE-2CB811AF94AE}"
nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
Error - 15.03.2012 09:31:40 | Computer Name = XP64-SP2 | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"
nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
Error - 15.03.2012 09:31:53 | Computer Name = XP64-SP2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 0.0.0.0, fehlgeschlagenes
Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
[ OSession Events ]
Error - 09.11.2010 05:02:06 | Computer Name = XP64-SP2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 29.12.2011 08:18:37 | Computer Name = XP64-SP2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NPPTNT2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 29.12.2011 08:19:50 | Computer Name = XP64-SP2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NPPTNT2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 29.12.2011 08:38:39 | Computer Name = XP64-SP2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NPPTNT2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 29.12.2011 08:40:58 | Computer Name = XP64-SP2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NPPTNT2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 29.12.2011 08:42:00 | Computer Name = XP64-SP2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NPPTNT2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 29.12.2011 08:43:18 | Computer Name = XP64-SP2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NPPTNT2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 29.12.2011 08:44:34 | Computer Name = XP64-SP2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NPPTNT2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 29.12.2011 19:03:15 | Computer Name = XP64-SP2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NPPTNT2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 30.12.2011 06:26:50 | Computer Name = XP64-SP2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NPPTNT2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 30.12.2011 06:38:47 | Computer Name = XP64-SP2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NPPTNT2" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
OTL: Code:
ATTFilter OTL logfile created on: 15.03.2012 14:37:42 - Run 3 OTL by OldTimer - Version 3.2.37.0 Folder = C:\Documents and Settings\Administrator\Desktop 64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,17 Gb Available Physical Memory | 79,34% Memory free 5,74 Gb Paging File | 5,26 Gb Available in Paging File | 91,68% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 286,97 Gb Total Space | 208,88 Gb Free Space | 72,79% Space Free | Partition Type: NTFS Drive D: | 644,53 Gb Total Space | 348,72 Gb Free Space | 54,10% Space Free | Partition Type: NTFS Computer Name: XP64-SP2 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\WINDOWS\SysWOW64\PnkBstrB.exe () PRC - C:\WINDOWS\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files (x86)\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Program Files (x86)\Microsoft LifeCam\MSCamSvc.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\WINDOWS\SysWOW64\PnkBstrB.exe () MOD - C:\WINDOWS\SysWOW64\PnkBstrA.exe () MOD - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (TVersityMediaServer) -- C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe () SRV - (PnkBstrB) -- C:\WINDOWS\SysWOW64\PnkBstrB.exe () SRV - (Spooler) -- C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation) SRV - (PnkBstrA) -- C:\WINDOWS\SysWOW64\PnkBstrA.exe () SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () SRV - (npggsvc) -- C:\WINDOWS\SysWOW64\GameMon.des (INCA Internet Co., Ltd.) SRV - (ATI Smart) -- C:\WINDOWS\SysWOW64\ati2saag.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (helpsvc) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (MSCamSvc) -- C:\Program Files (x86)\Microsoft LifeCam\MSCamSvc.exe (Microsoft Corporation) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (GEARAspiWDM) -- C:\WINDOWS\Sysnative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (AnyDVD) -- C:\WINDOWS\SysWOW64\Drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (StarOpen) -- C:\WINDOWS\SysWow64\drivers\StarOpen.sys () DRV - (mnmdd) -- C:\WINDOWS\SysWow64\mnmdd.dll (Microsoft Corporation) DRV - (Winsock) -- C:\WINDOWS\SysWow64\winsock.dll (Microsoft Corporation) DRV - (NPPTNT2) -- C:\WINDOWS\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) DRV - (NPF) -- C:\WINDOWS\SysWOW64\Drivers\npf.sys (Politecnico di Torino) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/?query={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) IE - HKCU\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=&apn_uid=DFA3D23A-BBD0-4E03-91F0-D97334FE39CA&apn_sauid=7CAF5C9D-D03B-4815-AE7F-AEA2B24A26CE IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/?query={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.9&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.20 22:46:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.18 13:45:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.25 19:53:43 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.1.0\FF [2010.09.26 22:57:08 | 000,000,000 | ---D | M] [2010.01.27 11:39:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions [2012.03.01 18:17:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\2r5pe3hm.default\extensions [2010.05.27 16:25:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\2r5pe3hm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.03.12 20:33:02 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\2r5pe3hm.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89} [2012.01.05 13:05:39 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\2r5pe3hm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.08.26 19:32:26 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\2r5pe3hm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.12.23 20:52:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\2r5pe3hm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.03.01 18:17:39 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\2r5pe3hm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.02.04 20:30:26 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\2r5pe3hm.default\extensions\firefox@tvunetworks.com [2011.04.27 19:09:57 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\askcom.xml [2010.10.06 19:37:07 | 000,000,873 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\conduit.xml [2012.03.12 14:27:17 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-1.xml [2011.03.07 13:36:01 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-10.xml [2011.03.11 21:37:53 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-11.xml [2011.03.26 11:22:46 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-12.xml [2011.04.29 20:11:33 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-13.xml [2011.05.08 10:29:07 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-14.xml [2011.06.22 12:28:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-15.xml [2011.08.18 11:36:39 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-16.xml [2011.11.10 12:06:44 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-17.xml [2010.08.25 09:36:11 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-2.xml [2010.09.09 15:59:16 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-3.xml [2010.09.17 18:53:08 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-4.xml [2010.09.26 23:23:23 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-5.xml [2010.10.29 08:51:47 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-6.xml [2010.10.30 13:00:44 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-7.xml [2010.12.12 05:26:01 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-8.xml [2011.03.04 07:40:07 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-9.xml [2011.03.30 13:14:34 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin.xml [2010.04.20 21:27:45 | 000,002,062 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\qip-search.xml [2011.11.10 12:06:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.04.27 19:22:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} () (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2R5PE3HM.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI [2012.02.18 13:45:37 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.02.14 06:31:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.14 06:31:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.14 06:31:23 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.14 06:31:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.14 06:31:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.14 06:31:23 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll (PriceGong) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru) O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files (x86)\FlashFXP\IEFlash.dll (IniCom Networks, Inc.) O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [SkypeM] C:\Documents and Settings\Administrator\Local Settings\Application Data\Skype\Skype.exe () O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll () O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll () O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll () O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1274869229406 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5A18774-BA8D-45E2-B7CE-27B58D8018F7}: DhcpNameServer = 192.168.220.1 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: System - (lsass.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.01.27 10:46:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.15 12:40:03 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2012.02.25 00:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\MacroX [2012.02.20 22:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus [2012.02.18 14:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira [2012.02.18 14:00:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira [2012.02.18 14:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.02.18 14:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira [7 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.15 14:31:41 | 000,001,120 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.03.15 14:31:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.03.15 14:27:11 | 000,000,253 | RHS- | M] () -- C:\boot.ini [2012.03.15 12:44:49 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2012.03.15 09:52:00 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.03.15 03:02:20 | 000,000,970 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.02.25 00:58:45 | 000,001,352 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\AutoHotkey.ahk [2012.02.23 11:30:12 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl [2012.02.16 10:06:54 | 001,151,562 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [7 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.25 00:58:45 | 000,001,352 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\AutoHotkey.ahk [2012.02.09 22:23:53 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib [2011.12.23 19:31:49 | 000,005,504 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\StarOpen.sys [2011.10.28 12:36:33 | 000,452,096 | ---- | C] () -- C:\WINDOWS\SysWow64\nmap.exe [2011.10.28 12:36:33 | 000,290,816 | ---- | C] () -- C:\WINDOWS\SysWow64\nmapserv.exe [2011.08.02 17:22:46 | 000,039,064 | -H-- | C] () -- C:\WINDOWS\SysWow64\mlfcache.dat [2011.04.29 20:16:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.05 21:09:48 | 000,059,904 | ---- | C] () -- C:\WINDOWS\SysWow64\OVDecode.dll [2011.02.06 16:24:53 | 000,000,411 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010.12.25 16:26:42 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010.12.01 10:25:53 | 000,000,037 | ---- | C] () -- C:\WINDOWS\QTW.INI [2010.10.07 05:56:37 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat [2010.08.20 11:36:48 | 000,158,840 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010.08.16 11:52:30 | 000,669,184 | ---- | C] () -- C:\WINDOWS\SysWow64\pbsvc.exe [2010.08.16 11:52:30 | 000,189,248 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe [2010.08.16 11:52:30 | 000,066,872 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe [2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\SysWow64\xlive.dll.cat [2010.03.24 12:41:11 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini ========== LOP Check ========== [2010.11.17 13:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\2K Sports [2010.11.29 21:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Bioshock2 [2011.12.23 19:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited [2010.01.27 13:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite [2011.09.13 15:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoft [2011.08.26 19:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers [2012.02.02 22:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Electronic Arts [2012.03.15 14:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICQ [2011.08.02 18:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Jens Lorek [2010.10.10 10:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech [2011.07.01 11:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LolClient [2011.05.15 21:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mael [2010.09.09 17:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Need for Speed World [2011.05.14 20:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Octoshape [2012.03.07 15:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PriceGong [2010.03.12 20:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QIP [2011.12.23 15:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Red Kawa [2011.12.23 15:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Regensoft [2011.04.29 01:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft [2012.01.20 10:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TS3Client [2010.11.13 15:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TubeBox [2010.07.06 07:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess [2010.02.03 20:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software [2011.12.23 19:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2010.10.09 17:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters [2010.01.27 11:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2010.10.19 08:04:40 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS [2011.05.12 12:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core [2011.05.12 12:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts [2010.01.28 11:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP [2011.10.25 16:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ [2010.10.09 10:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KONAMI [2010.01.27 12:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe [2010.03.05 14:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters [2010.07.24 11:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop [2011.08.02 18:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files [2010.01.29 07:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redirected [2010.01.27 11:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2012.02.09 22:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft [2011.05.12 12:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield [2010.01.27 12:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith [2012.03.15 14:30:25 | 000,032,526 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt ========== Purity Check ========== < End of report > Ich bedanke mich im voraus |
|
15.03.2012, 17:04
| #2 |
| /// Malware-holic   | Anitvir Virus? ; Aufforderung zur Zahlung von 50 € hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [SkypeM] C:\Documents and Settings\Administrator\Local Settings\Application Data\Skype\Skype.exe ()
:Files
C:\Documents and Settings\Administrator\Local Settings\Application Data\Skype
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
15.03.2012, 17:44
| #3 |
| | Anitvir Virus? ; Aufforderung zur Zahlung von 50 € danke für deinen beitrag.habe es wie du es sagtest gemacht
__________________PC läuft jetzt eig ganz normal..wenn irgendwas wieder kommt.melde ich mich ein dankeschön an dich =) Code:
ATTFilter ll processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SkypeM deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Skype\Skype.exe moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: Administrator
->Flash cache emptied: 267671 bytes
User: All Users
User: Default User
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 35109367 bytes
->Temporary Internet Files folder emptied: 41878415 bytes
->Java cache emptied: 2520628 bytes
->FireFox cache emptied: 111184960 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 530256 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 763412 bytes
->Temporary Internet Files folder emptied: 62147 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2168024 bytes
%systemroot%\System32 .tmp files removed: 3242505 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 594432 bytes
Total Files Cleaned = 189,00 mb
OTL by OldTimer - Version 3.2.37.0 log created on 03152012_173834
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDEFSTUJ\1233293;sz=728x90;click3rd=http%3A%2F%2Fclick.v1.de.euserv[1].php%253Fs%253D16765%253Bc%253D48123%253Burl%253D;net=cdde;ord=1298397878;ord1=888875;cmpgurl=about%253Ablank not found!
Registry entries deleted on Reboot...
|
|
15.03.2012, 20:25
| #4 |
| /// Malware-holic | Anitvir Virus? ; Aufforderung zur Zahlung von 50 € upload fehlt...
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.03.2012, 21:05
| #5 |
| | Anitvir Virus? ; Aufforderung zur Zahlung von 50 € Datei: MovedFiles.rar_1 empfangen Vorgang erfolgreich abgeschlossen. hast du es bekommen? |
|
15.03.2012, 21:14
| #6 |
| /// Malware-holic | Anitvir Virus? ; Aufforderung zur Zahlung von 50 €Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ --> Anitvir Virus? ; Aufforderung zur Zahlung von 50 € |
|
16.03.2012, 17:06
| #7 |
| | Anitvir Virus? ; Aufforderung zur Zahlung von 50 € Leider ist das programm für mein windows nicht geeignet habe windows xp 64 bit |
|
16.03.2012, 17:07
| #8 |
| /// Malware-holic | Anitvir Virus? ; Aufforderung zur Zahlung von 50 € aja, sorry :-) download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.03.2012, 18:58
| #9 |
| | Anitvir Virus? ; Aufforderung zur Zahlung von 50 € ok habe ich gemacht Hat Lockerd File und Unsigned file angezeigt Code:
ATTFilter 18:57:22.0656 0752 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
18:57:22.0921 0752 ============================================================
18:57:22.0921 0752 Current date / time: 2012/03/16 18:57:22.0921
18:57:22.0921 0752 SystemInfo:
18:57:22.0921 0752
18:57:22.0921 0752 OS Version: 5.2.3790 ServicePack: 2.0
18:57:22.0921 0752 Product type: Workstation
18:57:22.0921 0752 ComputerName: XP64-SP2
18:57:22.0921 0752 UserName: Administrator
18:57:22.0921 0752 Windows directory: C:\WINDOWS
18:57:22.0921 0752 System windows directory: C:\WINDOWS
18:57:22.0921 0752 Running under WOW64
18:57:22.0921 0752 Processor architecture: Intel x64
18:57:22.0921 0752 Number of processors: 3
18:57:22.0921 0752 Page size: 0x1000
18:57:22.0921 0752 Boot type: Normal boot
18:57:22.0921 0752 ============================================================
18:57:23.0750 0752 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
18:57:23.0750 0752 \Device\Harddisk0\DR0:
18:57:23.0765 0752 MBR used
18:57:23.0765 0752 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23DF2697
18:57:23.0765 0752 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23DF2715, BlocksNum 0x5090F3EB
18:57:23.0828 0752 Initialize success
18:57:23.0828 0752 ============================================================
18:57:31.0984 1916 ============================================================
18:57:31.0984 1916 Scan started
18:57:31.0984 1916 Mode: Manual; SigCheck; TDLFS;
18:57:31.0984 1916 ============================================================
18:57:32.0265 1916 Abiosdsk - ok
18:57:32.0296 1916 ACPI (0cc42d1fb637112de6f6196ddaf83dec) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:57:32.0359 1916 ACPI - ok
18:57:32.0390 1916 ACPIEC (a4d4f508bc6613442b0c32cde443e382) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:57:32.0421 1916 ACPIEC - ok
18:57:32.0437 1916 adpu160m - ok
18:57:32.0437 1916 adpu320 - ok
18:57:32.0468 1916 aec (92500bc3a6e241bbc357f532dd500a75) C:\WINDOWS\system32\drivers\aec.sys
18:57:32.0515 1916 aec - ok
18:57:32.0546 1916 AFD (e01a5efa2ada5f3acfe877dca449d34d) C:\WINDOWS\System32\drivers\afd.sys
18:57:32.0562 1916 AFD - ok
18:57:32.0562 1916 aic78u2 - ok
18:57:32.0578 1916 aic78xx - ok
18:57:32.0578 1916 AliIde - ok
18:57:32.0593 1916 AmdIde - ok
18:57:32.0609 1916 AmdPPM64 (cce290f816a286a6632530da169f5545) C:\WINDOWS\system32\DRIVERS\AmdPPM64.sys
18:57:32.0625 1916 AmdPPM64 - ok
18:57:32.0656 1916 AnyDVD (7ce7d6019d0d73f9203ba4ff4ba35b6a) C:\WINDOWS\system32\Drivers\AnyDVD.sys
18:57:32.0687 1916 AnyDVD - ok
18:57:32.0687 1916 arc - ok
18:57:32.0703 1916 Arp1394 (fda73c1ecd1ec4f366ff0ab85abf816d) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:57:32.0750 1916 Arp1394 - ok
18:57:32.0750 1916 AsIO - ok
18:57:33.0046 1916 AsyncMac (7380acdd2d8e6621392e56d9a0467fe4) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:57:33.0093 1916 AsyncMac - ok
18:57:33.0109 1916 atapi (7a1814d0d112f50f828e25557a1ed29f) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:57:33.0156 1916 atapi - ok
18:57:33.0187 1916 Atdisk - ok
18:57:33.0296 1916 ati2mtag (76104a169471f61c64509b66fcc76b89) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:57:33.0406 1916 ati2mtag - ok
18:57:33.0421 1916 AtiHDAudioService (fde81f76eaebcef7762a276a19a08f08) C:\WINDOWS\system32\drivers\AtihdXP6.sys
18:57:33.0421 1916 AtiHDAudioService - ok
18:57:33.0468 1916 AtiHdmiService (04c35110bf235a6f17f19586aa8c88d2) C:\WINDOWS\system32\drivers\AtiHdmi.sys
18:57:33.0468 1916 AtiHdmiService - ok
18:57:33.0484 1916 Atmarpc (62d65fce5695b53a2ddf92e83111ea06) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:57:33.0531 1916 Atmarpc - ok
18:57:33.0562 1916 audstub (1437089f59dba75fee4ed959077a938e) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:57:33.0593 1916 audstub - ok
18:57:33.0640 1916 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:57:33.0640 1916 avgntflt - ok
18:57:33.0656 1916 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:57:33.0656 1916 avipbb - ok
18:57:33.0671 1916 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
18:57:33.0687 1916 avkmgr - ok
18:57:33.0718 1916 Beep (8ba2e5cdfde406dc4646afb894804844) C:\WINDOWS\system32\drivers\Beep.sys
18:57:33.0765 1916 Beep - ok
18:57:33.0781 1916 CCDECODE (2367a4dda10960624fe696bcedfc995a) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:57:33.0828 1916 CCDECODE - ok
18:57:33.0859 1916 CdaC15BA (982563cf02cd6d4e5d8e0f4b5cbb9b6a) C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys
18:57:33.0906 1916 CdaC15BA - ok
18:57:33.0906 1916 CdaD10BA (9067d96899d98ca4535a76e8c8b2e3a5) C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys
18:57:33.0953 1916 CdaD10BA - ok
18:57:33.0953 1916 Cdfs (4d99e36322fb51a8d1b2b6d6b69d9889) C:\WINDOWS\system32\drivers\Cdfs.sys
18:57:34.0015 1916 Cdfs - ok
18:57:34.0015 1916 Cdrom (11663fe50e499ffee77979542b285f38) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:57:34.0062 1916 Cdrom - ok
18:57:34.0078 1916 Changer - ok
18:57:34.0093 1916 CmdIde - ok
18:57:34.0109 1916 crcdisk (423f7a6e3af4c2a73c8c8ad945f72cba) C:\WINDOWS\system32\DRIVERS\crcdisk.sys
18:57:34.0156 1916 crcdisk - ok
18:57:34.0171 1916 Disk (417d7b9c6f36685a417e54690f8bd7b2) C:\WINDOWS\system32\DRIVERS\disk.sys
18:57:34.0218 1916 Disk - ok
18:57:34.0234 1916 dmboot (19d704c92c2e2bd4dc99db18a3523918) C:\WINDOWS\system32\drivers\dmboot.sys
18:57:34.0281 1916 dmboot - ok
18:57:34.0296 1916 dmio (b293ce1c9243219f6b9e5dbcaa75b962) C:\WINDOWS\system32\drivers\dmio.sys
18:57:34.0343 1916 dmio - ok
18:57:34.0375 1916 dmload (c294e31d6cb7407a43c96ec1fec1f8a4) C:\WINDOWS\system32\drivers\dmload.sys
18:57:34.0421 1916 dmload - ok
18:57:34.0421 1916 dpti2o - ok
18:57:34.0515 1916 dump_wmimmc - ok
18:57:34.0562 1916 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
18:57:34.0562 1916 ElbyCDIO - ok
18:57:34.0609 1916 Fastfat (7c713b9f6f968f135d3d819492882cdd) C:\WINDOWS\system32\drivers\Fastfat.sys
18:57:34.0656 1916 Fastfat - ok
18:57:34.0656 1916 Fdc (7e35d423ff10ab5b8af1d3de86236690) C:\WINDOWS\system32\drivers\Fdc.sys
18:57:34.0703 1916 Fdc - ok
18:57:34.0718 1916 Fips (73ea9000f8fb2e060954eb7c3377a3c7) C:\WINDOWS\system32\drivers\Fips.sys
18:57:34.0765 1916 Fips - ok
18:57:34.0781 1916 Flpydisk (8ac77974378eac3548330951a5deeebf) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:57:34.0828 1916 Flpydisk - ok
18:57:34.0843 1916 FltMgr (087db260f98056ac40261acae4240882) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:57:34.0890 1916 FltMgr - ok
18:57:34.0890 1916 Fs_Rec (70df80567a55a97894b4e8952ec5e7fc) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:57:34.0937 1916 Fs_Rec - ok
18:57:34.0968 1916 Ftdisk (e90aa7c073519dd8571670818cb85ccb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:57:35.0015 1916 Ftdisk - ok
18:57:35.0015 1916 GEARAspiWDM (7508fcfb8d93556213f530dffaedec45) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
18:57:35.0031 1916 GEARAspiWDM - ok
18:57:35.0046 1916 Gpc (865d4d0b4e3730ef8040000cfb846d9f) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:57:35.0093 1916 Gpc - ok
18:57:35.0125 1916 HDAudBus (d36e47728cdbc8d17a77d36a6cbc29bb) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:57:35.0156 1916 HDAudBus - ok
18:57:35.0171 1916 hidusb (f32bec5614a61bbb2bede070d279f88b) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:57:35.0218 1916 hidusb - ok
18:57:35.0250 1916 HTTP (b54738df11d0e06072bf9c332db1d254) C:\WINDOWS\system32\Drivers\HTTP.sys
18:57:35.0265 1916 HTTP - ok
18:57:35.0265 1916 i2omgmt - ok
18:57:35.0265 1916 i8042prt (50fd608643d9b56c4c75c0784513f77e) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:57:35.0328 1916 i8042prt - ok
18:57:35.0328 1916 iirsp - ok
18:57:35.0359 1916 imapi (d2e541613b72ff9fcedf37b166930706) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:57:35.0406 1916 imapi - ok
18:57:35.0406 1916 IntelIde - ok
18:57:35.0421 1916 Ip6Fw (6601a43ee389d0adb11aaede9a98036b) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:57:35.0468 1916 Ip6Fw - ok
18:57:35.0468 1916 IpFilterDriver (1b1b4654a5492a42d2e1bf5b2b22d32b) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:57:35.0515 1916 IpFilterDriver - ok
18:57:35.0531 1916 IpInIp - ok
18:57:35.0546 1916 IpNat (088ecb04137df1f52ec10c29d57a8cca) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:57:35.0593 1916 IpNat - ok
18:57:35.0625 1916 IPSec (db841ec6f027c780002ef47aabfddf86) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:57:35.0671 1916 IPSec - ok
18:57:35.0687 1916 IRENUM (8b7015ea0171242cca03c2fb48ccc771) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:57:35.0718 1916 IRENUM - ok
18:57:35.0718 1916 isapnp (d994162e4d8e931fc16a892a87852bbb) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:57:35.0765 1916 isapnp - ok
18:57:35.0796 1916 Kbdclass (e85095372008a9194c7ed6206cb782da) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:57:35.0843 1916 Kbdclass - ok
18:57:35.0859 1916 kmixer (1b280b3b4c10cc2e3ec3aec17eb6b658) C:\WINDOWS\system32\drivers\kmixer.sys
18:57:35.0906 1916 kmixer - ok
18:57:35.0921 1916 KSecDD (2c44cecb20432e8546f7313bff3fa59e) C:\WINDOWS\system32\drivers\KSecDD.sys
18:57:35.0937 1916 KSecDD - ok
18:57:35.0937 1916 ksthunk (5cb302b6caace41af70c34b56eb3db23) C:\WINDOWS\system32\drivers\ksthunk.sys
18:57:35.0984 1916 ksthunk - ok
18:57:36.0015 1916 mnmdd (ad6bc1efa0c1b53409947f06de87fc89) C:\WINDOWS\system32\drivers\mnmdd.sys
18:57:36.0062 1916 mnmdd - ok
18:57:36.0062 1916 Modem (9a67a96a0cbc2bc658abf8c9b5ee065a) C:\WINDOWS\system32\drivers\Modem.sys
18:57:36.0109 1916 Modem - ok
18:57:36.0156 1916 monfilt (48796eb50e697a39d19d865e5cbddae2) C:\WINDOWS\system32\drivers\monfilt.sys
18:57:36.0187 1916 monfilt - ok
18:57:36.0218 1916 Mouclass (12acf32edf03e46805347817acb9f64c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:57:36.0265 1916 Mouclass - ok
18:57:36.0281 1916 mouhid (a0c4e4a79c5d6f418315c33177f2b5bc) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:57:36.0328 1916 mouhid - ok
18:57:36.0343 1916 MountMgr (7e9cc7e4282a8e7a480560a6f817c177) C:\WINDOWS\system32\drivers\MountMgr.sys
18:57:36.0390 1916 MountMgr - ok
18:57:36.0406 1916 mraid35x - ok
18:57:36.0421 1916 MRxDAV (d20686e835be5b9ab8b5a5b5f15fc053) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:57:36.0421 1916 MRxDAV - ok
18:57:36.0437 1916 MRxSmb (099d19aff75912006b17bafa07fdf4fb) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:57:36.0468 1916 MRxSmb - ok
18:57:36.0500 1916 Msfs (983f4ab7a50d56cd33e2061ee733bd55) C:\WINDOWS\system32\drivers\Msfs.sys
18:57:36.0546 1916 Msfs - ok
18:57:36.0546 1916 MSKSSRV (308ec6fbef38871cb2c4cace9c8f4808) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:57:36.0593 1916 MSKSSRV - ok
18:57:36.0593 1916 MSPCLOCK (8d3226738479719aab3b6d2617d7a55c) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:57:36.0640 1916 MSPCLOCK - ok
18:57:36.0656 1916 MSPQM (058d63e8d000ae678d4549bfa8eb0deb) C:\WINDOWS\system32\drivers\MSPQM.sys
18:57:36.0703 1916 MSPQM - ok
18:57:36.0718 1916 mssmbios (5992d1f9ed64017a76afee2b79f5cfb9) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:57:36.0765 1916 mssmbios - ok
18:57:36.0781 1916 MSTEE (6c679fab17592620de60dc7700a039ea) C:\WINDOWS\system32\drivers\MSTEE.sys
18:57:36.0828 1916 MSTEE - ok
18:57:36.0890 1916 MTsensor (cac3bb575e4a0417bff28d3196e44d3a) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
18:57:36.0906 1916 MTsensor - ok
18:57:36.0953 1916 Mup (5902c8e565fe346076786f43103ef02e) C:\WINDOWS\system32\drivers\Mup.sys
18:57:36.0953 1916 Mup - ok
18:57:36.0968 1916 NABTSFEC (933012d216d0022a500cc6c0dfa16428) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:57:37.0015 1916 NABTSFEC - ok
18:57:37.0031 1916 NDIS (6fe83d05aebef7930d7ce91568dc99df) C:\WINDOWS\system32\drivers\NDIS.sys
18:57:37.0078 1916 NDIS - ok
18:57:37.0093 1916 NdisIP (febeb8bf62b229ce9da98c32bf3d26a3) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:57:37.0140 1916 NdisIP - ok
18:57:37.0156 1916 NdisTapi (389cfab53aa9807ea4536cb0b03609c3) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:57:37.0156 1916 NdisTapi - ok
18:57:37.0187 1916 Ndisuio (49c1207c1ae8c6958f1c1747132814c2) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:57:37.0234 1916 Ndisuio - ok
18:57:37.0234 1916 NdisWan (6157a7aeae6d2b948ff2e872ffac765b) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:57:37.0281 1916 NdisWan - ok
18:57:37.0296 1916 NDProxy (01b8acf7c9afa9005db6378077137bce) C:\WINDOWS\system32\drivers\NDProxy.sys
18:57:37.0312 1916 NDProxy - ok
18:57:37.0312 1916 NetBIOS (b1cee06471a069149b11fada23ff00fd) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:57:37.0359 1916 NetBIOS - ok
18:57:37.0375 1916 NetBT (fedaafb6cd700b9e0787c94d81c07db5) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:57:37.0437 1916 NetBT - ok
18:57:37.0453 1916 NIC1394 (dafc30299e872cd7ed3795ea0fa08f67) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:57:37.0500 1916 NIC1394 - ok
18:57:37.0515 1916 NPF - ok
18:57:37.0562 1916 Npfs (81819038621a2c524781ec503d400287) C:\WINDOWS\system32\drivers\Npfs.sys
18:57:37.0593 1916 Npfs - ok
18:57:37.0609 1916 NPPTNT2 - ok
18:57:37.0625 1916 Ntfs (c8904b5f90ab2236692e83d491c4d426) C:\WINDOWS\system32\drivers\Ntfs.sys
18:57:37.0703 1916 Ntfs - ok
18:57:37.0718 1916 Null (501039187c444fa7ab9d97b6a6c667b3) C:\WINDOWS\system32\drivers\Null.sys
18:57:37.0765 1916 Null - ok
18:57:37.0781 1916 ohci1394 (f8160ac8ae516a33221427c2353a7d12) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:57:37.0828 1916 ohci1394 - ok
18:57:37.0843 1916 Parport (7ddaa09186da9f1d304e819b5a6bbc5a) C:\WINDOWS\system32\DRIVERS\parport.sys
18:57:37.0890 1916 Parport - ok
18:57:37.0890 1916 PartMgr (5f9a703240468a0c35a629d17ffca847) C:\WINDOWS\system32\drivers\PartMgr.sys
18:57:37.0937 1916 PartMgr - ok
18:57:37.0953 1916 PCI (5b2c8d6971d8df4937c2fa013cd4c00d) C:\WINDOWS\system32\DRIVERS\pci.sys
18:57:38.0000 1916 PCI - ok
18:57:38.0000 1916 PCIIde (f1978c7849a0047306db3b8bb94f0764) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:57:38.0046 1916 PCIIde - ok
18:57:38.0062 1916 Pcmcia (037f3a19f49a4c6a320c4154ebd6ee9d) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:57:38.0109 1916 Pcmcia - ok
18:57:38.0109 1916 PDCOMP - ok
18:57:38.0109 1916 PDFRAME - ok
18:57:38.0125 1916 PDRELI - ok
18:57:38.0125 1916 PDRFRAME - ok
18:57:38.0156 1916 PptpMiniport (e176f640ee6bf550f61faa9ce9a683f4) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:57:38.0203 1916 PptpMiniport - ok
18:57:38.0203 1916 Processor (1f6afb4d9ccf57ff90eb4932b672d1e6) C:\WINDOWS\system32\DRIVERS\processr.sys
18:57:38.0250 1916 Processor - ok
18:57:38.0265 1916 PSched (01aae06e543c0956ac247546a8f2dafe) C:\WINDOWS\system32\DRIVERS\psched.sys
18:57:38.0312 1916 PSched - ok
18:57:38.0312 1916 Ptilink (35e39a969d227c2a56c1dc98361d8e35) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:57:38.0359 1916 Ptilink - ok
18:57:38.0375 1916 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\WINDOWS\system32\Drivers\PxHlpa64.sys
18:57:38.0375 1916 PxHlpa64 - ok
18:57:38.0390 1916 RasAcd (d646a315e6386dac1d96c8ce8a4bfee7) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:57:38.0437 1916 RasAcd - ok
18:57:38.0453 1916 Rasl2tp (d81fdc53ee9c0f68d709e504342d1d74) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:57:38.0500 1916 Rasl2tp - ok
18:57:38.0515 1916 RasPppoe (31fa5ab662c58cc5cf92396224f6b29a) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:57:38.0562 1916 RasPppoe - ok
18:57:38.0578 1916 Raspti (701493f9a6ede759af8d3fa7c08bab3b) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:57:38.0625 1916 Raspti - ok
18:57:38.0656 1916 Rdbss (84e8f7773eb41ce9d57ea4190955845e) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:57:38.0656 1916 Rdbss - ok
18:57:38.0671 1916 RDPCDD (c013379d04060318c3b2e4967d82739a) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:57:38.0718 1916 RDPCDD - ok
18:57:38.0718 1916 rdpdr (0482a9be0be2098a12a61464306bf24b) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:57:38.0765 1916 rdpdr - ok
18:57:38.0796 1916 RDPWD (e87df32229d27afbd9ea4efc70bd0daa) C:\WINDOWS\system32\drivers\RDPWD.sys
18:57:38.0812 1916 RDPWD - ok
18:57:38.0828 1916 redbook (1d793394201000d2d56e848c18fe9a62) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:57:38.0875 1916 redbook - ok
18:57:38.0890 1916 ROOTMODEM (3461054f9f31128d31837ae8691d7f21) C:\WINDOWS\system32\Drivers\RootMdm.sys
18:57:38.0937 1916 ROOTMODEM - ok
18:57:38.0968 1916 RTLE8023x64 (751cdf39e05956fec0a6349958931b8d) C:\WINDOWS\system32\DRIVERS\Rtenic64.sys
18:57:38.0984 1916 RTLE8023x64 - ok
18:57:39.0000 1916 s3017bus (d6e1d780fe3fe014ccac83c2cf961067) C:\WINDOWS\system32\DRIVERS\s3017bus.sys
18:57:39.0000 1916 s3017bus - ok
18:57:39.0031 1916 s3017mdfl (4005cb0f1798220eec624e2d588411b0) C:\WINDOWS\system32\DRIVERS\s3017mdfl.sys
18:57:39.0031 1916 s3017mdfl - ok
18:57:39.0046 1916 s3017mdm (19467740bf06ab124061f59b2bc8d58d) C:\WINDOWS\system32\DRIVERS\s3017mdm.sys
18:57:39.0062 1916 s3017mdm - ok
18:57:39.0062 1916 s3017mgmt (e659d5964aa8bd18e3a16f38ce471eda) C:\WINDOWS\system32\DRIVERS\s3017mgmt.sys
18:57:39.0078 1916 s3017mgmt - ok
18:57:39.0078 1916 s3017nd5 (b030b78dd935ca8796857998bb973427) C:\WINDOWS\system32\DRIVERS\s3017nd5.sys
18:57:39.0093 1916 s3017nd5 - ok
18:57:39.0109 1916 s3017obex (619de95f5e415fe5b44b2d6a4876e2a0) C:\WINDOWS\system32\DRIVERS\s3017obex.sys
18:57:39.0109 1916 s3017obex - ok
18:57:39.0125 1916 s3017unic (a9c55d01b185106f9bee9967bf26e3af) C:\WINDOWS\system32\DRIVERS\s3017unic.sys
18:57:39.0125 1916 s3017unic - ok
18:57:39.0156 1916 Secdrv (3ea8a16169c26afbeb544e0e48421186) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:57:39.0156 1916 Secdrv - ok
18:57:39.0171 1916 serenum (111b29f3fcf9fb61c903a01e3706f7dc) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:57:39.0203 1916 serenum - ok
18:57:39.0218 1916 Serial (c0dc97399576fccff5fe877ec2d8dacc) C:\WINDOWS\system32\DRIVERS\serial.sys
18:57:39.0265 1916 Serial - ok
18:57:39.0281 1916 Sfloppy (c6eacc8920a31b8d5842d1f7a28e2113) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:57:39.0328 1916 Sfloppy - ok
18:57:39.0328 1916 Simbad - ok
18:57:39.0359 1916 SLIP (6763442af574d3d42cbfb8008b7a140f) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:57:39.0406 1916 SLIP - ok
18:57:39.0437 1916 splitter (17ec29105989101db536c49e1279a0eb) C:\WINDOWS\system32\drivers\splitter.sys
18:57:39.0484 1916 splitter - ok
18:57:39.0515 1916 sptd (602884696850c86434530790b110e8eb) C:\WINDOWS\system32\Drivers\sptd.sys
18:57:39.0515 1916 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
18:57:39.0515 1916 sptd ( LockedFile.Multi.Generic ) - warning
18:57:39.0515 1916 sptd - detected LockedFile.Multi.Generic (1)
18:57:39.0531 1916 sr (dae1d5553d42a06034001d6ef4f5cb36) C:\WINDOWS\system32\DRIVERS\sr.sys
18:57:39.0546 1916 sr - ok
18:57:39.0593 1916 Srv (b036a5371da7155ef7873cc81b313f68) C:\WINDOWS\system32\DRIVERS\srv.sys
18:57:39.0609 1916 Srv - ok
18:57:39.0625 1916 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
18:57:39.0625 1916 StarOpen ( UnsignedFile.Multi.Generic ) - warning
18:57:39.0625 1916 StarOpen - detected UnsignedFile.Multi.Generic (1)
18:57:39.0640 1916 streamip (90c7874ff6babf98a801c7aebe3ad5a6) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:57:39.0687 1916 streamip - ok
18:57:39.0703 1916 swenum (b6536185feeb8f0c86ad3bf2fbab4f2f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:57:39.0750 1916 swenum - ok
18:57:39.0765 1916 swmidi (8e9e35b36a27ad154a5f92397cde343c) C:\WINDOWS\system32\drivers\swmidi.sys
18:57:39.0812 1916 swmidi - ok
18:57:39.0812 1916 symc8xx - ok
18:57:39.0828 1916 symmpi - ok
18:57:39.0828 1916 sym_hi - ok
18:57:39.0828 1916 sym_u3 - ok
18:57:39.0843 1916 sysaudio (2e843f129daf4c789df7acd40e26208f) C:\WINDOWS\system32\drivers\sysaudio.sys
18:57:39.0890 1916 sysaudio - ok
18:57:39.0890 1916 Tcpip (ce9a7ac526636585a126face243f4574) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:57:39.0921 1916 Tcpip - ok
18:57:39.0937 1916 TDPIPE (da1e9cd22238fa4db565ef41c7312e1b) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:57:39.0984 1916 TDPIPE - ok
18:57:39.0984 1916 TDTCP (47d24ebb1c442dcc18d89b8b89bafb49) C:\WINDOWS\system32\drivers\TDTCP.sys
18:57:40.0031 1916 TDTCP - ok
18:57:40.0046 1916 TermDD (8ab9ad44907d4c57ad10e175c8720ecf) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:57:40.0093 1916 TermDD - ok
18:57:40.0109 1916 TosIde - ok
18:57:40.0125 1916 Udfs (a6dd2dfcc44ec61d18aa645620cd8f63) C:\WINDOWS\system32\drivers\Udfs.sys
18:57:40.0171 1916 Udfs - ok
18:57:40.0187 1916 ultra - ok
18:57:40.0187 1916 Update (2288385c3326f956a578f24c15da26da) C:\WINDOWS\system32\DRIVERS\update.sys
18:57:40.0203 1916 Update - ok
18:57:40.0218 1916 usbaudio (88354ba123549c6b0016592866063837) C:\WINDOWS\system32\drivers\usbaudio.sys
18:57:40.0265 1916 usbaudio - ok
18:57:40.0296 1916 usbccgp (3421b0691a0e365a020836369a296f0c) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:57:40.0343 1916 usbccgp - ok
18:57:40.0343 1916 usbehci (ae6521a1c79fc955ff26be9ca5521b51) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:57:40.0390 1916 usbehci - ok
18:57:40.0406 1916 usbhub (d63cb1b59d54f9c2bb8a4107584a664f) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:57:40.0453 1916 usbhub - ok
18:57:40.0468 1916 usbohci (fa9c0d7c2dc899d3e7c2a8721d17a3f8) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:57:40.0515 1916 usbohci - ok
18:57:40.0531 1916 usbprint (040f6f425a6cc4fb156470502cafb31b) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:57:40.0578 1916 usbprint - ok
18:57:40.0593 1916 usbscan (280894f834f5b9910dadff7568f37b31) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:57:40.0640 1916 usbscan - ok
18:57:40.0656 1916 USBSTOR (edce8a162e8023fd1751e08e23e41948) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:57:40.0703 1916 USBSTOR - ok
18:57:40.0718 1916 vga (b40cfd2ffdd838b0ce0c35ee449407bd) C:\WINDOWS\system32\DRIVERS\vgapnp.sys
18:57:40.0765 1916 vga - ok
18:57:40.0796 1916 VgaSave (78ebfe6f11f10db8237b910e9158ca91) C:\WINDOWS\System32\drivers\vga.sys
18:57:40.0828 1916 VgaSave - ok
18:57:40.0875 1916 VIAHdAudAddService (1396b46088f37a7e9054a89ff888914f) C:\WINDOWS\system32\drivers\viahduaa.sys
18:57:40.0906 1916 VIAHdAudAddService - ok
18:57:40.0906 1916 ViaIde - ok
18:57:40.0921 1916 VolSnap (fd6d28d1bbf31c719d9c5ec2d20fb5c2) C:\WINDOWS\system32\DRIVERS\volsnap.sys
18:57:40.0968 1916 VolSnap - ok
18:57:41.0000 1916 VX3000 (8eebc100897520605c53486b36314ff5) C:\WINDOWS\system32\DRIVERS\VX3000.sys
18:57:41.0046 1916 VX3000 - ok
18:57:41.0062 1916 Wanarp (d2a01d73fe4a455c1d741b48c56763b2) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:57:41.0109 1916 Wanarp - ok
18:57:41.0109 1916 WDICA - ok
18:57:41.0109 1916 wdmaud (daff7e89c84079022b9606f83e1bd29a) C:\WINDOWS\system32\drivers\wdmaud.sys
18:57:41.0156 1916 wdmaud - ok
18:57:41.0203 1916 WmiAcpi (ea6a8317c29120ede0e422286712d769) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:57:41.0234 1916 WmiAcpi - ok
18:57:41.0265 1916 WpdUsb (26c038b5f723ee2a433cbfbb12cacffc) C:\WINDOWS\system32\Drivers\wpdusb.sys
18:57:41.0265 1916 WpdUsb - ok
18:57:41.0281 1916 WSTCODEC (478a0c5cc7dc817269654804e495b81a) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:57:41.0328 1916 WSTCODEC - ok
18:57:41.0328 1916 WudfPf (3f98a4e57933963cf2a941bb48f9d47a) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:57:41.0343 1916 WudfPf - ok
18:57:41.0343 1916 WudfRd (881c0c35cdd09077b0e95ec2269cb44c) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:57:41.0359 1916 WudfRd - ok
18:57:41.0375 1916 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:57:41.0703 1916 \Device\Harddisk0\DR0 - ok
18:57:41.0703 1916 Boot (0x1200) (f9ae1c381f1711bcda25046595afd6ef) \Device\Harddisk0\DR0\Partition0
18:57:41.0703 1916 \Device\Harddisk0\DR0\Partition0 - ok
18:57:41.0703 1916 Boot (0x1200) (25b698fc65b85ff23778e034f3d73a85) \Device\Harddisk0\DR0\Partition1
18:57:41.0703 1916 \Device\Harddisk0\DR0\Partition1 - ok
18:57:41.0703 1916 ============================================================
18:57:41.0703 1916 Scan finished
18:57:41.0703 1916 ============================================================
18:57:41.0812 1332 Detected object count: 2
18:57:41.0812 1332 Actual detected object count: 2
18:57:44.0156 1332 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:57:44.0156 1332 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
18:57:44.0156 1332 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:44.0156 1332 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
17.03.2012, 18:28
| #10 |
| /// Malware-holic | Anitvir Virus? ; Aufforderung zur Zahlung von 50 € malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.03.2012, 08:01
| #11 |
| | Anitvir Virus? ; Aufforderung zur Zahlung von 50 € habe ich durchgeführt... 1 datei war infiziert und ich habe die dan gelöscht. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.17.07 Windows XP Service Pack 2 x64 NTFS Internet Explorer 7.0.5730.13 Administrator :: XP64-SP2 [Administrator] Schutz: Deaktiviert 18.03.2012 00:59:30 mbam-log-2012-03-18 (00-59-30).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 392097 Laufzeit: 1 Stunde(n), 40 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 D:\Games\Armies.Of.Exigo-HOODLUM\Keygen\fff-ea98.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
18.03.2012, 20:34
| #12 |
| /// Malware-holic | Anitvir Virus? ; Aufforderung zur Zahlung von 50 € D:\Games\Armies.Of.Exigo-HOODLUM\Keygen\fff-ea98.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. illegal, deswegen gibts hier nur noch hilfe beim daten sichern, pc neu aufsetzen und absichern.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.03.2012, 01:30
| #13 |
| | Anitvir Virus? ; Aufforderung zur Zahlung von 50 € was heist hier illegal? habe es mal vom kollegen oder so kopiert. |
|
21.03.2012, 15:35
| #14 |
| /// Malware-holic | Anitvir Virus? ; Aufforderung zur Zahlung von 50 € es sind keygens, die verwendung solcher ist nicht legal, denn du schaltest damit eine zu bezahlene software frei, obwohl du nicht für sie bezahlt hast.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.03.2012, 16:49
| #15 |
| | Anitvir Virus? ; Aufforderung zur Zahlung von 50 € kann ich den ordner einfach löschen??? will mein pc nicht formatieren |
|
| Themen zu Anitvir Virus? ; Aufforderung zur Zahlung von 50 € |
| .com, 0x00000001, 64-bit, antivir, avgnt, avira, bho, call of duty, converter, counter-strike source, downloader, error, euro, excel, flash player, fontcache, google, google earth, help, logfile, microsoft office word, mp3, normaler modus, office 2007, plug-in, problem, programm, realtek, scan, searchscopes, security, server, software, staropen, teamspeak, trojaner, trojaner board, tubebox, virus, win64, windows internet, wscript.exe, youtube downloader, zahlung |
Linear-Darstellung
