http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme

Dori21 · 26.01.2013, 14:55

Hallo liebe Helfer,

ich habe mit den Programmen:

Norton Internet Security 2012
Norton Utilities 15
Adaware 2012
Malware Antirebytes 2012
Sbybot Search und Destroy 2012
HiJackThis 204

versucht den Pc wieder in Ordnung zu bekommen, allerdings hat es nicht geklappt. Nachdem mein Bruder ihn für eine Weile bei sich hatte, funktioniert gar nix mehr richtig. Trotz der Programme zum Schutz. Braucht Ihr von diesen auch die Angaben? Wenn ja, tut es mir wirklich sehr leid, ich kann nur nochmal sie durchlaufen lassen, da ich alle Programme schon, BEVOR ich auf dieses Forum gestoßen bin, angewendet habe und dann natürlich auch die Probleme wie gewohnt entfernen lassen habe.

Den CCleaner wollte ich auch anwenden, allerdings schließt sicher dieser nach dem Starten der Reinigung von selbst. Keine Ahnung warum. Wahrscheinlich wegen den Viren, Malware..keine Ahnung was ich genau habe.

Außerdem funktioniert der Flash Player nicht mehr und ich werde dauernd beim öffnen des IE auf folgende Seite umgeleitet:

hxxp://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192

Dann bin ich zugegebenermaßen auf das Programm Spyhunter 4.0 reingefallen, dass ich in Google gelesen habe leider auch ein Schadprogramm ist.

Ich bekomme mit dem Deinstallieren auch div. Programme nicht mehr aus der Systemsteuerung weg, unter anderem:

Ask Toolbar (Ask Remover probiert, hat nicht geklappt)
HPSSupply--> wir haben keinen HP Drucker mehr
DownTango Launcher 2.1 ich weiß nicht mal für was das ist
Samsung Kies

Außerdem weiß ich nicht, wie ich Add-on endgültig vom PC lösche, da diese auch ziemlich nerven und allgemein die ganzen Ordner, die übrig geblieben sind, nach den Deinstallationen auch vom PC endgültig beseitigen kann.

Ich glaube, dass der PC allgemein ziemlich vollgemüllt ist.

Ich bitte daher um eure Hilfe, da ich nicht weiß, wie ich das alles eine hinbekommen soll.

Hier die ganzen Logfiles von den Programmen nach eurer Anleitung:

Malware Rebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.23.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Celine :: CELINE-PC [Administrator]

24.01.2013 12:44:20
mbam-log-2013-01-24 (12-44-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|K:\|M:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 545693
Laufzeit: 2 Stunde(n), 27 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

OTL:

Code:

ATTFilter

 OTL logfile created on: 24.01.2013 12:34:11 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 56,99% Memory free
7,16 Gb Paging File | 5,79 Gb Available in Paging File | 80,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 1,92 Gb Free Space | 3,28% Space Free | Partition Type: NTFS
Drive E: | 863,15 Gb Total Space | 184,06 Gb Free Space | 21,32% Space Free | Partition Type: NTFS
Drive K: | 7,39 Gb Total Space | 7,38 Gb Free Space | 99,87% Space Free | Partition Type: FAT32
Drive M: | 931,51 Gb Total Space | 144,49 Gb Free Space | 15,51% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.24 12:13:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2013.01.14 16:22:40 | 000,056,904 | ---- | M] (Simplygen) -- C:\Program Files\Protected Search\ProtectedSearch.exe
PRC - [2012.12.14 20:38:46 | 001,236,968 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012.12.12 00:20:50 | 000,542,104 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.09.20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
PRC - [2011.02.07 08:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
PRC - [2010.11.30 01:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
PRC - [2010.11.30 01:23:56 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
PRC - [2010.11.30 01:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
PRC - [2010.11.30 01:23:44 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
PRC - [2009.04.11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.10 03:18:36 | 000,073,728 | ---- | M] () -- C:\Program Files\Protected Search\InstallHelper.dll
MOD - [2013.01.09 18:46:52 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll
MOD - [2013.01.09 18:42:00 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll
MOD - [2013.01.09 18:41:54 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013.01.09 18:41:13 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.09 18:41:09 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.09.16 19:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013.01.24 09:20:28 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.14 20:38:46 | 001,236,968 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012.11.22 08:08:02 | 000,711,112 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012.09.20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS)
SRV - [2011.08.05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.02.07 08:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2010.11.30 01:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe -- (SpeedDiskService)
SRV - [2010.11.30 01:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe -- (DiskDoctorService)
SRV - [2010.10.20 10:22:24 | 000,630,272 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.11.19 18:23:16 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- E:\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008.03.25 20:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- E:\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008.01.21 03:25:27 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008030.006\SYMNDISV.SYS -- (SYMNDISV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008030.006\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS -- (SYMDNS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - [2013.01.23 14:11:09 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013.01.16 06:21:31 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20130123.023\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.01.16 06:21:31 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20130123.023\NAVENG.SYS -- (NAVENG)
DRV - [2013.01.16 03:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20130116.013\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.11.22 08:08:02 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012.09.12 20:19:38 | 000,066,344 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2012.09.01 01:27:25 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20130123.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012.08.09 06:40:52 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.08.09 06:40:52 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.07.06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\srtsp.sys -- (SRTSP)
DRV - [2012.07.06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\srtspx.sys -- (SRTSPX)
DRV - [2012.06.07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\ccsetx86.sys -- (ccSet_NIS)
DRV - [2012.05.22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symefa.sys -- (SymEFA)
DRV - [2012.04.18 03:13:32 | 000,345,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symtdiv.sys -- (SYMTDIv)
DRV - [2012.04.18 02:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\ironx86.sys -- (SymIRON)
DRV - [2012.04.16 19:26:52 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012.03.11 22:22:56 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012.03.11 22:22:56 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2012.01.17 16:45:56 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symds.sys -- (SymDS)
DRV - [2011.01.05 22:23:40 | 000,042,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.12.30 08:46:26 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.11.30 01:24:00 | 000,108,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SymSpeedDisk.sys -- (SYMSpeedDisk)
DRV - [2010.11.30 01:23:58 | 000,128,248 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SymDSMon.sys -- (SymDSMon)
DRV - [2010.05.28 10:19:00 | 000,065,382 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2010.02.04 14:37:43 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2009.08.28 19:42:44 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009.01.15 08:19:00 | 007,740,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.11.12 14:42:00 | 000,046,592 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.05.02 12:59:40 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.04.03 09:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2007.02.16 01:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006.11.02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&st=home&tid=3192
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&st=home&tid=3192
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://search.certified-toolbar.com?si=41460&st=home&tid=3192
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=315&systemid=1&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=390&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=6444021302174440&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&st=home&tid=3192
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 BF 19 36 73 C6 CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&st=home&tid=3192
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://search.certified-toolbar.com?si=41460&st=home&tid=3192
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\IPSFFPlgn\ [2012.12.18 10:12:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\coFFPlgn\ [2013.01.24 12:29:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012.11.23 07:31:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.12.31 11:19:15 | 000,000,000 | ---D | M]
 
[2012.11.02 14:11:11 | 000,002,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
 
O1 HOSTS File: ([2013.01.23 14:38:41 | 000,444,863 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	localhost
O1 - Hosts: ::1	localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 15280 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{6c97a91e-4524-4019-86af-2aa2d567bf5c} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: blank ([]about in Lokales Intranet)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553530000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62A6CA5B-9E48-4C06-ABC8-62BDA031B5E8}: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E5639C9-D609-4797-9561-46F0D3F68116}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{992CF479-A5B9-4C78-9B56-3BA2BF399FC1}: DhcpNameServer = 213.162.69.169 213.162.65.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O24 - Desktop WallPaper: C:\Users\Celine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Celine\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{92f9dd4b-d46d-11df-b5dc-00248c299d00}\Shell\AutoRun\command - "" = awb3ryk.exe
O33 - MountPoints2\{92f9dd4b-d46d-11df-b5dc-00248c299d00}\Shell\open\Command - "" = awb3ryk.exe
O33 - MountPoints2\{e82f38f4-016c-11e2-aece-00248c299d00}\Shell - "" = AutoRun
O33 - MountPoints2\{e82f38f4-016c-11e2-aece-00248c299d00}\Shell\AutoRun\command - "" = K:\CMADownloader.exe
O33 - MountPoints2\{eb17fec1-f47b-11df-9225-00248c299d00}\Shell - "" = AutoRun
O33 - MountPoints2\{eb17fec1-f47b-11df-9225-00248c299d00}\Shell\AutoRun\command - "" = D:\DPFMate.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.24 12:12:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Celine\Desktop\OTL.exe
[2013.01.23 18:47:18 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.01.23 18:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.01.23 14:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.01.23 14:30:17 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013.01.23 14:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013.01.23 14:24:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\VDD
[2013.01.23 14:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013.01.23 14:12:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LavasoftStatistics
[2013.01.23 14:11:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2013.01.23 14:11:41 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2013.01.23 14:11:09 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013.01.23 14:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Search Protection
[2013.01.23 14:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2013.01.23 14:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\adawaretb
[2013.01.23 14:11:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\adawarebp
[2013.01.23 14:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013.01.23 14:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2013.01.23 14:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2013.01.22 14:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\Protected Search
[2013.01.22 14:35:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DownTangoFTbToolbar
[2013.01.22 14:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\DownTangoFTbToolbar
[2013.01.22 14:34:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\DownTango
[2013.01.22 14:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango
[2013.01.22 14:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\Red Sky
[2013.01.17 11:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Architect
[2013.01.06 21:47:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\HandBrake
[2013.01.06 20:56:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2013.01.06 20:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2013.01.06 20:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\MP3Gain
[2013.01.06 20:20:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013.01.06 20:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
[2013.01.06 20:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2012.12.30 09:31:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
[2012.12.26 17:41:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PDF Architect
[2012.12.26 17:40:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveByclick
[2012.12.26 17:40:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\APP_NAME_NON_STRING
[2012.12.26 17:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.12.26 17:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.24 12:34:33 | 000,671,212 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.24 12:34:33 | 000,631,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.24 12:34:33 | 000,144,380 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.24 12:34:33 | 000,118,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.24 12:27:53 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.01.24 12:27:23 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.24 12:27:20 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.01.24 12:26:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.24 12:26:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.24 12:26:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.24 12:24:05 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.01.24 12:22:57 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.01.24 12:20:51 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.01.24 12:13:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Celine\Desktop\OTL.exe
[2013.01.24 11:38:59 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.24 11:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.24 10:20:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4109356394-3198314468-326088313-1000UA.job
[2013.01.24 10:10:55 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.01.24 10:10:54 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.01.24 01:20:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4109356394-3198314468-326088313-1000Core.job
[2013.01.23 19:09:26 | 000,000,250 | ---- | M] () -- C:\Windows\tasks\NUSchedule.job
[2013.01.23 14:38:41 | 000,444,863 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.01.23 14:36:50 | 000,444,863 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130123-143840.backup
[2013.01.23 14:30:22 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.01.23 14:14:09 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013.01.23 14:11:09 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013.01.22 15:30:06 | 000,002,272 | ---- | M] () -- C:\{C393A4C8-AD26-4198-9C85-F9844A137AC2}
[2013.01.20 17:56:07 | 000,002,096 | ---- | M] () -- C:\{BE40F626-9F7D-4D0E-93D4-00664E76D343}
[2013.01.20 17:54:57 | 000,002,152 | ---- | M] () -- C:\{FD93965E-61FA-46C2-9827-CE58FBD48B6E}
[2013.01.20 17:52:54 | 000,002,632 | ---- | M] () -- C:\{146B4776-8ECB-4AFA-92DB-EEB071FB1CA1}
[2013.01.20 17:50:18 | 000,002,808 | ---- | M] () -- C:\{E11681E2-C1BA-40AA-9EB5-AA6FFCBC3623}
[2013.01.20 17:46:18 | 000,002,800 | ---- | M] () -- C:\{842802DF-1BFF-4765-98A1-E363E6349C5E}
[2013.01.20 17:44:36 | 000,002,592 | ---- | M] () -- C:\{6C294C4A-4512-4997-B359-7AE2B433CA50}
[2013.01.20 16:19:18 | 000,002,152 | ---- | M] () -- C:\{5C74AA4C-630A-4E9E-B4D3-E1E5FB7AC138}
[2013.01.20 16:17:31 | 000,002,272 | ---- | M] () -- C:\{3E7BCCDD-1BDC-4D3B-AAE0-A2D92421E1AA}
[2013.01.15 13:06:54 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013.01.12 20:23:40 | 000,003,072 | ---- | M] () -- C:\Windows\System32\Cache.db
[2013.01.10 22:24:39 | 000,002,480 | ---- | M] () -- C:\{1AAF12EE-CE91-4050-8AF1-012F93B13C41}
[2013.01.10 22:23:26 | 000,002,488 | ---- | M] () -- C:\{E53FC01E-8F29-4B7D-95BB-C4E7AD50DFB1}
[2013.01.10 21:56:58 | 000,002,112 | ---- | M] () -- C:\{C9754431-BCD0-4281-86D5-F9571E6DBBD6}
[2013.01.10 21:55:13 | 000,002,224 | ---- | M] () -- C:\{8693728E-A61E-4C90-B583-5102A3ACF0F5}
[2013.01.10 21:46:53 | 000,001,968 | ---- | M] () -- C:\{34B84ED5-61EE-43B7-BD53-8C1EDE32635A}
[2013.01.10 20:34:05 | 000,002,584 | ---- | M] () -- C:\{8E6B19B2-D010-44DA-A8C8-D8BA08366099}
[2013.01.10 19:13:50 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.09 18:38:57 | 000,394,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.06 22:07:37 | 000,069,120 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.06 20:20:27 | 000,000,818 | ---- | M] () -- C:\Users\***\Desktop\Handbrake.lnk
[2013.01.03 07:18:52 | 000,015,360 | ---- | M] () -- C:\Windows\Launcher.exe
[2013.01.01 19:24:44 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2012.12.30 09:31:09 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\XMedia Recode.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.24 12:22:42 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.01.24 12:20:47 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.01.23 14:31:05 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.01.23 14:31:04 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.01.23 14:31:02 | 000,000,620 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.01.23 14:30:22 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.01.23 14:30:22 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.01.23 14:11:45 | 000,001,739 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013.01.22 15:30:03 | 000,002,272 | ---- | C] () -- C:\{C393A4C8-AD26-4198-9C85-F9844A137AC2}
[2013.01.22 14:35:12 | 000,015,360 | ---- | C] () -- C:\Windows\Launcher.exe
[2013.01.20 17:56:07 | 000,002,096 | ---- | C] () -- C:\{BE40F626-9F7D-4D0E-93D4-00664E76D343}
[2013.01.20 17:54:57 | 000,002,152 | ---- | C] () -- C:\{FD93965E-61FA-46C2-9827-CE58FBD48B6E}
[2013.01.20 17:52:54 | 000,002,632 | ---- | C] () -- C:\{146B4776-8ECB-4AFA-92DB-EEB071FB1CA1}
[2013.01.20 17:50:17 | 000,002,808 | ---- | C] () -- C:\{E11681E2-C1BA-40AA-9EB5-AA6FFCBC3623}
[2013.01.20 17:46:16 | 000,002,800 | ---- | C] () -- C:\{842802DF-1BFF-4765-98A1-E363E6349C5E}
[2013.01.20 17:44:33 | 000,002,592 | ---- | C] () -- C:\{6C294C4A-4512-4997-B359-7AE2B433CA50}
[2013.01.20 16:19:16 | 000,002,152 | ---- | C] () -- C:\{5C74AA4C-630A-4E9E-B4D3-E1E5FB7AC138}
[2013.01.20 16:17:29 | 000,002,272 | ---- | C] () -- C:\{3E7BCCDD-1BDC-4D3B-AAE0-A2D92421E1AA}
[2013.01.15 13:06:54 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013.01.10 22:24:38 | 000,002,480 | ---- | C] () -- C:\{1AAF12EE-CE91-4050-8AF1-012F93B13C41}
[2013.01.10 22:23:25 | 000,002,488 | ---- | C] () -- C:\{E53FC01E-8F29-4B7D-95BB-C4E7AD50DFB1}
[2013.01.10 21:56:55 | 000,002,112 | ---- | C] () -- C:\{C9754431-BCD0-4281-86D5-F9571E6DBBD6}
[2013.01.10 21:55:09 | 000,002,224 | ---- | C] () -- C:\{8693728E-A61E-4C90-B583-5102A3ACF0F5}
[2013.01.10 21:46:53 | 000,001,968 | ---- | C] () -- C:\{34B84ED5-61EE-43B7-BD53-8C1EDE32635A}
[2013.01.10 20:34:00 | 000,002,584 | ---- | C] () -- C:\{8E6B19B2-D010-44DA-A8C8-D8BA08366099}
[2013.01.06 20:20:25 | 000,000,818 | ---- | C] () -- C:\Users\***\Desktop\Handbrake.lnk
[2012.12.30 09:31:09 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\XMedia Recode.lnk
[2012.12.17 15:11:09 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2012.11.15 13:11:14 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2012.11.15 13:11:14 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2012.09.27 18:06:21 | 000,000,005 | ---- | C] () -- C:\Users\***\AppData\Roaming\mbam.context.scan
[2012.07.06 06:36:53 | 000,006,736 | ---- | C] () -- C:\Windows\wininit.ini
[2012.06.27 20:54:11 | 000,119,410 | ---- | C] () -- C:\Windows\hpqins00.dat
[2012.05.22 18:12:12 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2012.04.15 19:31:16 | 000,145,696 | ---- | C] () -- C:\Windows\hpoins18.dat.temp
[2012.04.15 19:31:16 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp
[2012.03.24 08:20:56 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Textures
[2012.03.24 08:20:56 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Sync Services
[2012.03.24 08:20:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012.03.24 08:20:54 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Pads
[2012.03.24 08:20:54 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Sync Schema
[2012.03.24 08:20:54 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012.03.24 08:20:49 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Synth Leads
[2012.03.24 08:20:49 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\SupportPrinters
[2012.03.24 08:20:49 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012.03.11 11:44:22 | 000,000,498 | ---- | C] () -- C:\Users\***\AppData\Roaming\DELTAUserMetrics.osl
[2012.01.22 19:16:43 | 000,091,923 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012.01.22 19:16:43 | 000,076,956 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012.01.22 19:16:43 | 000,039,121 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012.01.22 19:16:43 | 000,027,965 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_JP.dat
[2011.06.09 20:21:08 | 001,206,784 | -HS- | C] () -- C:\Users\***\ehthumbs_vista.db
[2011.04.22 17:31:17 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.04.22 17:31:17 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010.10.10 14:24:06 | 000,002,528 | ---- | C] () -- C:\Users\***\AppData\Roaming\$_hpcst$.hpc
[2009.10.10 07:11:52 | 000,024,206 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2009.07.25 17:35:39 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\wrar380d.exe
[2009.05.13 19:25:41 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.04.04 19:51:52 | 000,022,328 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2009.04.01 15:53:18 | 000,069,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.30 10:38:09 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.01.24 10:03:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2012.12.26 17:40:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\APP_NAME_NON_STRING
[2012.04.30 18:22:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus
[2009.05.15 19:30:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BITS
[2011.02.27 21:50:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitZipper
[2012.11.15 09:36:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.04.30 18:23:01 | 000,000,000 | ---D | M] -- C:\Users\***e\AppData\Roaming\DAEMON Tools Lite
[2012.04.18 09:26:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner
[2010.12.21 20:31:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Desktopicon
[2013.01.22 14:35:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DownTangoFTbToolbar
[2013.01.02 14:23:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.08.10 09:51:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ebner
[2012.03.31 10:57:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Electronic Arts
[2009.09.28 15:13:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Engelmann Media
[2012.10.08 12:33:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Fisher-Price
[2013.01.01 19:56:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeFLVConverter
[2012.11.15 13:22:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF
[2011.10.04 07:40:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2013.01.06 21:47:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2012.01.05 15:06:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HEROLD Business Data
[2011.10.14 09:15:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.03.13 17:46:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Image Zone Express
[2009.05.13 19:23:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2010.11.23 20:34:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2010.03.03 15:00:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2010.04.12 14:24:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mquadr.at
[2012.03.24 08:52:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nikon
[2009.04.12 08:13:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Novosoft
[2012.07.12 19:58:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nuclear Coffee
[2012.09.26 10:53:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2009.03.30 21:33:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.04.18 08:56:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2010.10.10 14:47:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2012.12.26 17:41:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Architect
[2012.12.26 17:39:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2009.10.10 07:11:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2010.02.04 14:44:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pegasys Inc
[2010.07.25 20:19:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PMS
[2010.02.18 13:33:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Printer Info Cache
[2012.08.05 18:02:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Registry Mechanic
[2011.05.01 16:04:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RouterControl
[2009.06.21 08:52:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\S.A.D
[2011.06.17 19:26:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.03.31 10:48:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Shareaza
[2011.04.17 11:05:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SharePod
[2012.11.02 16:16:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SlySoft
[2010.11.04 18:44:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2012.09.02 18:11:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StoneLoopsCT
[2010.10.16 22:59:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2010.11.24 21:27:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2013.01.23 14:57:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
[2010.03.19 18:16:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WindSolutions
[2011.10.05 10:14:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 72 bytes -> C:\Windows:114B480A1297C7E8
@Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:D3A96964
@Alternate Data Stream - 16 bytes -> C:\Users\Celine\Downloads:Shareaza.GUID
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:D287FACF
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:D0894A08
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

Extras:

Code:

ATTFilter

 OTL Extras logfile created on: 24.01.2013 12:34:11 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,49 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 56,99% Memory free
7,16 Gb Paging File | 5,79 Gb Available in Paging File | 80,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,59 Gb Total Space | 1,92 Gb Free Space | 3,28% Space Free | Partition Type: NTFS
Drive E: | 863,15 Gb Total Space | 184,06 Gb Free Space | 21,32% Space Free | Partition Type: NTFS
Drive K: | 7,39 Gb Total Space | 7,38 Gb Free Space | 99,87% Space Free | Partition Type: FAT32
Drive M: | 931,51 Gb Total Space | 144,49 Gb Free Space | 15,51% Space Free | Partition Type: NTFS
 
Computer Name: ***| User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005F903B-2DE7-44CD-A0BD-33D605CDF50B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{041F694C-AA50-4D14-868F-A0E689E113A6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{04B58AF2-B568-402A-80B2-806204F62CF5}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{2102DB9B-F914-402B-BA33-2A3DC1F77227}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{228B6DE9-2E9E-471F-9BBF-84C1FF584793}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2761C3D0-D6AA-42EA-914C-BB8CD677FF7C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{32F6BC9A-CBF2-46E9-A4FA-53497296969C}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{33D7B925-0795-486B-A63A-61F1C23A83A8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{35A9EAF3-8116-4182-828B-D40706B32DC0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3D1B629A-A8D0-47B7-A7E3-DC886B28EF5D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{3F7CFC4A-EC94-4189-A720-68B50A5A6DA3}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4B3FC333-16EC-4144-9349-1249B50A20F3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4FF70AB5-B7CA-4911-92F4-9DF638ADD710}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5082CC1C-11AE-488C-8DBF-3029FAFC380B}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{52832957-80EC-47DC-9602-E797A11F39F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{532CB099-7C71-4853-8260-7EDB1AC3F8A7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{53D3974A-0000-45A7-99A5-8BE70973CDAB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{5E4E5A1E-0B6D-4F7B-A549-48050E522765}" = rport=445 | protocol=6 | dir=out | app=system | 
"{68558F0C-F8FA-438C-82FF-49F5E3D5E658}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{68DBB3C0-4385-4D8A-93F1-9CE4E70AE537}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{7296426F-3C10-4DCC-88D6-A862CDB7258F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{783B8B8C-6F90-438E-B413-2A252A916AAC}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{7A6114F9-F675-46EC-9F8A-D2583B279679}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{7D42C9E1-F7C2-4CB6-B287-01B2ADAF4EEA}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{810F9EC9-4F84-4FD8-A170-46531F4D9DD6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{911A09F7-52DC-467C-BFA4-DADED1CEFD5C}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{95E61EC1-200D-448C-BA74-63974DEDAD83}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9C58C198-0133-47A0-9CD8-145103006127}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A065F28F-EAB7-49C1-9E23-FFF5631408DC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A81DC2A2-FF81-43C4-8CEC-10110B559A0C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{ADA51AF4-5C25-463B-805D-BA798060F6D1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{AEE63600-FD59-4F45-8DE5-80A7493D00A3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B0BAA481-174D-474B-AE4D-0054FC7BD08A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe | 
"{B62D471D-D2D6-40BA-A0EE-476A063ADCF8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{BF09FBF1-B6FF-4708-B1FA-C33F89B1FE02}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C15F8F67-C9E0-4394-843F-06167B36C570}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C3BA3717-037D-44EA-A2A0-C42F53BD9D22}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{C53CF274-DDF0-45CC-AAAA-65EE3A3475BE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{C6316E42-E218-44B7-A8A0-45BF4F0BF049}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe | 
"{CA051D26-8B22-42FC-BAF7-F8107596DAB9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CC121F19-9E77-4C92-9149-DE6A1A0C06B3}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{D226D99C-5FFC-489A-8FC0-9FC22DB849C5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D562CC9E-A3DA-4A1C-B1DE-D096C212FD7B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D62F2CBD-9F61-4CF7-A7C3-06B6915E9372}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D7128E6E-AFDA-4E22-BC0A-D3BF237CDEB8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe | 
"{DF271CC2-3281-465C-8DC3-111C86402080}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E1E9961B-82B0-4D84-B4D2-97BF355F546F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{E349C983-A4D0-4424-B68D-177C46099809}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E686D0E5-21E1-4688-9BC7-FF0013453897}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EDC38AD8-DBB6-457B-9A8F-CEF1DED297B8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F8692606-1714-4AF0-A78A-4A13AE3D1B9E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe | 
"{FF10665B-E101-4674-88A9-6717F0F4A511}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004A8295-BC39-4C1F-A843-549CB66BECF2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{04A079AE-A722-49CF-A0B3-1CA591058ACF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{06D956BB-2DF6-4777-A662-509B5ED28D6C}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{072DB2DB-00F5-4084-AF3B-412428254F2D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{090B0775-8F15-4466-B17B-6E62EBBE9250}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{0BA0BA04-4F70-4180-BB30-D1CD6596A2BD}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | 
"{0BCF2020-C165-4733-9589-2DC659857C72}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0C53C994-BC66-4E01-B67A-3B7A9EF991D2}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{0D4627A1-29A9-49CB-8E1E-17AF550A5A4F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0E8B9CE6-ED8D-4CDB-84CE-039F27CD53B9}" = dir=out | app=c:\program files\protected search\protectedsearch.exe | 
"{186677F2-208F-4D25-B114-D5F192C8D22F}" = protocol=6 | dir=out | app=system | 
"{1A980048-773F-4541-A5A3-F0B9A9ADE03B}" = protocol=17 | dir=in | app=c:\program files\adawaretb\dtuser.exe | 
"{1B9B256B-3EC2-419A-B6B6-A15F8E6CE89F}" = dir=in | app=c:\program files\protected search\protectedsearch.exe | 
"{2475006C-5565-4B86-B805-880CC8B86AAC}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{30140790-57B4-46A0-918A-50BBB453D9CE}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{30378F66-A820-49B6-A6A3-EBCEC78BC098}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{31DD0CA7-FAFE-4F93-B05C-A44BB7853D6A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{35AA735D-04EF-427F-8C67-E9EB6E53981A}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{3646BA0E-BBED-4E28-9E8A-38A486A05C3B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3ADF6975-511B-46E4-AB3F-CABA1D3CABC1}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{3C8623BF-41D8-484B-9FB7-2E13B582F2BB}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{417608D3-9707-4534-BCC8-E595DFE8500E}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{51EE0669-A6AC-45B5-B04C-BB4F70AE3C50}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{5374104B-2CF5-4705-84D6-2BC48019C27E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{54485A78-1171-424F-B570-56B1DCD851ED}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5A041304-3A99-4B43-B597-12335C379DC2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{6304BFEE-56C8-4BAA-8B16-D2F64A3A103B}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | 
"{6E0221F0-FC67-4BCD-8684-42E607B4029C}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{756FF275-0501-4889-8F7A-7A2C081CCE4F}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{84F7ABE5-A3CD-4482-A537-C3288B2423B7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{8D8F6679-630E-4A22-A811-FD66B542B26F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{8E73BD16-56D6-4173-9C96-6A508C16FADC}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{8EC11ACE-713F-4105-A2B0-192078225E53}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9079AAE6-5ACC-47C8-9840-469E6867C46F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{97FE5CA4-C00C-4AF3-85CF-096B19FB8D42}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | 
"{98D207B3-F9DC-4E3D-BA1E-6A74C6F6BBB8}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{9B04AFF8-9B1D-459D-9FF0-6793FC48BAE3}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{A32770B6-5F15-4022-B26B-1A48C3A2BC3B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{B651FD37-655A-4A02-B26D-9CDB6E7A2F63}" = protocol=6 | dir=in | app=c:\program files\adawaretb\dtuser.exe | 
"{BA283253-BCA3-4D4D-991E-C5628E4ABA2B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{BD4B21FA-91C7-421C-BC6C-61B379046A76}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{BF19FF75-08AD-4E5D-A7BB-25E4411F4B43}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{D435361A-D727-4B40-AC71-FA9336CDF64B}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{D4A53725-5F3A-4F88-A712-978EBCF52CE1}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | 
"{DB2B6CF8-293F-499E-888C-6959AB015141}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{DF32C385-54AA-4ED6-8E81-2B9BB6A7975C}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{DF87E006-D7F8-45FF-98A0-260646EF6BFC}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{E7F681DF-B998-49EC-AA3D-F5C5D965E0C0}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{E89A3DDF-B904-4FE8-87AC-03F397221E2E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{ED66C14E-265A-4D05-8EAE-4E2F7CD00779}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{EE8DD6B7-2FC9-4083-850C-17F4819EEB95}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{F3D8ACA3-A2A0-4428-A024-236A215E659B}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{F423BAE3-A858-492F-9AF7-E61B090C64F0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F8331FAB-8DED-4DF5-ABB3-FDB573569CA7}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{FAF0F2F1-BF62-44B9-BC7E-5AB5AAA87624}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{FB137B90-A32C-4C58-8482-10F024DA0FFE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FC8B4685-1FCB-4A7C-80B9-1840135BB6BE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FCFC80F7-857E-4A7F-94A9-0E991A7FD1EC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{FDDFF1CD-8260-49DB-ADA9-219C59836F21}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series" = Canon MG5300 series MP Drivers
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2819e172-81d5-4113-88bd-4605b02344e0}" = Ad-Aware Antivirus
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32A3A4F4-B792-11D6-A78A-00B0D0160130}" = Java(TM) SE Development Kit 6 Update 13
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{464E6A49-CAB5-49DA-A4DB-45FA970DF177}" = Fisher-Price MP3-Player
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{6009F2FC-EC56-4e28-B91C-0BA5104D6419}" = SF_CDA_Software
"{6540D6AD-4218-444D-84EC-E6C85F35EE31}" = Eldorado
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6E19F210-3813-4002-B561-94D66AA182B6}" = Atheros Communications Inc.(R) L1 Gigabit Ethernet Driver
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9718521B-A345-4ad9-A52B-74D1435FB708}" = SF_CDA_ProductContext
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A5A70E61-FEAB-4CEC-977C-BE0EF8DC05AB}" = PC Connectivity Solution
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe  1.4.136.1
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.3 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{c9ac00af-6f77-4258-b06a-ca1e26a390ff}_is1" = DownTango Launcher 2.1
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D2}" = WinZip 16.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D8185007-3F98-413E-B22D-BA513517383A}" = D5100_Help
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DC8FA1C1-BE26-4889-85F1-A98AE6E37979}" = Inhaltsmanager-Assistent für PlayStation(R)
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.3.8
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD100EAE-33D2-420D-BCEB-361AC512B0BB}" = D5100
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"adawaretb" = Ad-Aware Security Add-on
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Canon MG5300 series Benutzerregistrierung" = Canon MG5300 series Benutzerregistrierung
"Canon MG5300 series On-screen Manual" = Canon MG5300 series On-screen Manual
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fallout New Vegas_is1" = Fallout New Vegas
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"HandBrake" = HandBrake 0.9.8
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Hello Kitty Snap n Share" = Hello Kitty Snap n Share
"iMesh 1 MediaBar" = MediaBar
"ImgBurn" = ImgBurn
"InstallShield_{464E6A49-CAB5-49DA-A4DB-45FA970DF177}" = Fisher-Price MP3-Player
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"NIS" = Norton Internet Security
"Norton Utilities 15_is1" = Norton Utilities 15
"NVIDIA Drivers" = NVIDIA Drivers
"Origin" = Origin
"Protected Search_is1" = Protected Search 1.1
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Searchqu 413 MediaBar" = Windows Searchqu Toolbar
"Shockwave" = Shockwave
"SLOJDE_is1" = StoneLoops of Jurassica
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Zune" = Zune
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.06.2012 11:36:08 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.06.2012 11:36:53 | Computer Name = *** | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 21.06.2012 11:36:53 | Computer Name = *** | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 21.06.2012 11:48:30 | Computer Name = *** | Source = VSS | ID = 8194
Description = 
 
Error - 21.06.2012 11:51:29 | Computer Name = *** | Source = ESENT | ID = 623
Description = wuaueng.dll (1188) SUS20ClientDataStore: Der Versionsspeicher für 
Instanz 0 hat seine maximale Größe von 8 MB erreicht. Wahrscheinlich verhindert 
eine lange andauernde Transaktion die Bereinigung des Versionsspeichers und vergrößert
 ihn. Aktualisierungen werden zurückgewiesen, bis für die betreffende Transaktion
 ein vollständiger Commit- oder Rollbackvorgang durchgeführt wurde.    Mögliche lange
 andauernde Transaktion:     Sitzungs-ID: 0x01E003E0     Sitzungskontext: 0x00000000     Thread-ID
 des Sitzungskontextes: 0x000016CC     Cleanup: 1
 
Error - 21.06.2012 13:06:25 | Computer Name = *** | Source = VSS | ID = 8194
Description = 
 
Error - 21.06.2012 15:05:56 | Computer Name = *** | Source = Windows Search Service | ID = 3024
Description = 
 
Error - 22.06.2012 14:04:07 | Computer Name = *** | Source = Windows Search Service | ID = 3038
Description = 
 
Error - 22.06.2012 14:04:07 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.06.2012 14:04:35 | Computer Name = *** | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 22.06.2012 14:04:35 | Computer Name = *** | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 22.06.2012 14:09:03 | Computer Name = *** | Source = ESENT | ID = 623
Description = wuaueng.dll (1152) SUS20ClientDataStore: Der Versionsspeicher für 
Instanz 0 hat seine maximale Größe von 8 MB erreicht. Wahrscheinlich verhindert 
eine lange andauernde Transaktion die Bereinigung des Versionsspeichers und vergrößert
 ihn. Aktualisierungen werden zurückgewiesen, bis für die betreffende Transaktion
 ein vollständiger Commit- oder Rollbackvorgang durchgeführt wurde.    Mögliche lange
 andauernde Transaktion:     Sitzungs-ID: 0x013E0320     Sitzungskontext: 0x00000000     Thread-ID
 des Sitzungskontextes: 0x00000DF0     Cleanup: 1
 
Error - 22.06.2012 14:09:56 | Computer Name =*** | Source = ESENT | ID = 623
Description = wuaueng.dll (1152) SUS20ClientDataStore: Der Versionsspeicher für 
Instanz 0 hat seine maximale Größe von 8 MB erreicht. Wahrscheinlich verhindert 
eine lange andauernde Transaktion die Bereinigung des Versionsspeichers und vergrößert
 ihn. Aktualisierungen werden zurückgewiesen, bis für die betreffende Transaktion
 ein vollständiger Commit- oder Rollbackvorgang durchgeführt wurde.    Mögliche lange
 andauernde Transaktion:     Sitzungs-ID: 0x013E0320     Sitzungskontext: 0x00000000     Thread-ID
 des Sitzungskontextes: 0x00000DF0     Cleanup: 1
 
Error - 22.06.2012 15:08:17 | Computer Name = *** | Source = Windows Search Service | ID = 3024
Description = 
 
[ Media Center Events ]
Error - 05.12.2009 17:02:09 | Computer Name = *** | Source = ehReplay | ID = 700
Description = 
 
Error - 05.12.2009 17:02:22 | Computer Name = *** | Source = ehReplay | ID = 701
Description = 
 
Error - 29.04.2010 11:33:02 | Computer Name = *** | Source = Mcx2Dvcs | ID = 401
Description = 
 
Error - 09.06.2011 15:25:26 | Computer Name = *** | Source = McrMgr | ID = 109
Description = 
 
Error - 06.07.2011 15:48:25 | Computer Name = *** | Source = Mcx2Svc | ID = 301
Description = 
 
Error - 06.07.2011 17:03:27 | Computer Name = *** | Source = McrMgr | ID = 109
Description = 
 
Error - 06.07.2011 18:00:19 | Computer Name = *** | Source = McrMgr | ID = 109
Description = 
 
Error - 16.08.2011 16:34:35 | Computer Name = *** | Source = McrMgr | ID = 109
Description = 
 
Error - 19.08.2011 02:44:54 | Computer Name = *** | Source = McrMgr | ID = 109
Description = 
 
Error - 26.08.2011 08:51:49 | Computer Name = *** | Source = McrMgr | ID = 101
Description = 
 
[ OSession Events ]
Error - 02.10.2010 15:50:36 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1197
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 03.10.2010 09:30:59 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 945
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 07.11.2010 15:04:22 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11985
 seconds with 5160 seconds of active time.  This session ended with a crash.
 
Error - 08.11.2010 13:11:41 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1242
 seconds with 780 seconds of active time.  This session ended with a crash.
 
Error - 18.11.2012 12:57:41 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 39
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.01.2013 09:59:18 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 123
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ Spybot - Search and Destroy Events ]
Error - 23.01.2013 12:21:57 | Computer Name = *** | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 24.01.2013 05:14:04 | Computer Name = *** | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 24.01.2013 05:14:04 | Computer Name = *** | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 24.01.2013 05:14:06 | Computer Name = *** | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 24.01.2013 05:14:06 | Computer Name = *** | Source = DCOM | ID = 10005
Description = 
 
Error - 24.01.2013 05:14:06 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 24.01.2013 05:14:06 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.01.2013 05:14:48 | Computer Name = *** | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 24.01.2013 07:28:35 | Computer Name = *** | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 24.01.2013 07:30:25 | Computer Name = *** | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 24.01.2013 07:30:25 | Computer Name = *** | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >

Gmer:

Code:

ATTFilter

 GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-25 13:36:42
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD10EAVS-00D7B1 rev.01.01A01 931,51GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\***\AppData\Local\Temp\pwdirpod.sys


---- System - GMER 2.0 ----

SSDT   87465588                                                                                                                      ZwAlertResumeThread
SSDT   87465668                                                                                                                      ZwAlertThread
SSDT   87465FC0                                                                                                                      ZwAllocateVirtualMemory
SSDT   872F2FB0                                                                                                                      ZwAlpcConnectPort
SSDT   874CA8D8                                                                                                                      ZwAssignProcessToJobObject
SSDT   874CAE80                                                                                                                      ZwCreateMutant
SSDT   874CA5F8                                                                                                                      ZwCreateSymbolicLinkObject
SSDT   874B1A20                                                                                                                      ZwCreateThread
SSDT   874CA9B8                                                                                                                      ZwDebugActiveProcess
SSDT   874B1768                                                                                                                      ZwDuplicateObject
SSDT   87465D98                                                                                                                      ZwFreeVirtualMemory
SSDT   874CAF70                                                                                                                      ZwImpersonateAnonymousToken
SSDT   874654A8                                                                                                                      ZwImpersonateThread
SSDT   87328688                                                                                                                      ZwLoadDriver
SSDT   87465C98                                                                                                                      ZwMapViewOfSection
SSDT   874CADA0                                                                                                                      ZwOpenEvent
SSDT   874B1908                                                                                                                      ZwOpenProcess
SSDT   874B1688                                                                                                                      ZwOpenProcessToken
SSDT   874CABE0                                                                                                                      ZwOpenSection
SSDT   874B1838                                                                                                                      ZwOpenThread
SSDT   874CA7E8                                                                                                                      ZwProtectVirtualMemory
SSDT   87465748                                                                                                                      ZwResumeThread
SSDT   874659E8                                                                                                                      ZwSetContextThread
SSDT   87465AC8                                                                                                                      ZwSetInformationProcess
SSDT   874CAA98                                                                                                                      ZwSetSystemInformation
SSDT   874CACC0                                                                                                                      ZwSuspendProcess
SSDT   87465828                                                                                                                      ZwSuspendThread
SSDT   874B1B00                                                                                                                      ZwTerminateProcess
SSDT   87465908                                                                                                                      ZwTerminateThread
SSDT   87465BB8                                                                                                                      ZwUnmapViewOfSection
SSDT   87465E88                                                                                                                      ZwWriteVirtualMemory
SSDT   874CA6E8                                                                                                                      ZwCreateThreadEx

---- Kernel code sections - GMER 2.0 ----

.text  ntkrnlpa.exe!KeSetEvent + 11D                                                                                                 830EB7E0 8 Bytes  [88, 55, 46, 87, 68, 56, 46, ...]
.text  ntkrnlpa.exe!KeSetEvent + 131                                                                                                 830EB7F4 4 Bytes  [C0, 5F, 46, 87] {RCR BYTE [EDI+0x46], 0x87}
.text  ntkrnlpa.exe!KeSetEvent + 13D                                                                                                 830EB800 4 Bytes  [B0, 2F, 2F, 87]
.text  ntkrnlpa.exe!KeSetEvent + 191                                                                                                 830EB854 4 Bytes  [D8, A8, 4C, 87]
.text  ntkrnlpa.exe!KeSetEvent + 1F5                                                                                                 830EB8B8 4 Bytes  [80, AE, 4C, 87]
.text  ...                                                                                                                           

---- User code sections - GMER 2.0 ----

.text  C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe[820] kernel32.dll!SetUnhandledExceptionFilter        7699A8B5 4 Bytes  [C2, 04, 00, 00]
.text  C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe[1944] kernel32.dll!SetUnhandledExceptionFilter  7699A8B5 4 Bytes  [C2, 04, 00, 00]
.text  C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe[2632] kernel32.dll!SetUnhandledExceptionFilter          7699A8B5 4 Bytes  [C2, 04, 00, 00]
.text  C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe[2676] kernel32.dll!SetUnhandledExceptionFilter     7699A8B5 4 Bytes  [C2, 04, 00, 00]

---- Registry - GMER 2.0 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd600172                                                   
Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000d181141d0                                                   
Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df0562ac1                                                   
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                              
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                           0
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                        0xCD 0x9E 0x81 0x13 ...
Reg    HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0009dd600172 (not active ControlSet)                               
Reg    HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000d181141d0 (not active ControlSet)                               
Reg    HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000df0562ac1 (not active ControlSet)                               
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                          
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                               0
Reg    HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                            0xCD 0x9E 0x81 0x13 ...

---- EOF - GMER 2.0 ----

Wenn ich noch Details braucht, bitte sagen, damit ich nachschauen kann (es kann aber vorkommen, dass ich nicht weiß, wie ich zu den Infos komme, also bitte dann mir erklären

Danke! )

Vielen Vielen Dank schon im Voraus.

LG
Dori21

Ps: Ich habe gerade versucht eine Vorschau zu machen, bevor ich den Thread poste, aber es geht nicht, es kommt immer eine Fehlermeldung im IE. Sry, hoffe es passt so.

Dori21 · 26.01.2013, 16:34

Ich bitte um Entschulidigung, ich habe gerade gesehen, dass der erste Versuch mein Thema zu erstellen doch geklappt hat und die zwei weiteren damit überflüssig sind. Ich bitte daher die zwei letzteren zu löschen,da ich es selbst leider nicht kann. Danke

Nochmal Entschuldigung!!

LG
Doris

M-K-D-B · 26.01.2013, 16:41

Servus,

ein Thema genügt. Dieses hier wird dicht gemacht.

Hier geht es weiter:
http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme

Dori21 · 26.01.2013, 16:42

Bitte Bitte Löschen, da mein Internetexplorer spinnt, wurde mir angezeigt, dass das posten nicht funktioniert hat, deswegen habe ich es jetzt noch zweimal unabsichtlich gepostet! Es tut mir wirklich sehr leid! Danke lg Dori21

http://www.trojaner-board.de/130117-...-probleme.html

...

26.01.2013, 16:41	#3
M-K-D-B /// TB-Ausbilder	http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme Servus, ein Thema genügt. Dieses hier wird dicht gemacht. Hier geht es weiter: http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme __________________

http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme

Mülltonne: http://search.certified-toolbar.com/?si=41460&st=shortcut&tid=3192 und andere Probleme