Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: SLD.EXE Wer oder was ist das?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.02.2010, 15:31   #1
Knutowskie
 
SLD.EXE Wer oder was ist das? - Frage

SLD.EXE Wer oder was ist das?



Hey Community!
Ich habe seid kurzen Win7 drauf und ich denke ich hab mir auch schon irgendwas eingefangen.

Avast Home findet nix und Ad Aware hat nur paar Cookies gelöscht.

Trotzdem läuft immer mal wieder eine Sld.exe, die auf meiner Platte rumrödelt und irgendwas macht. Tante google hat mir nich sonderlich geholfen. Irgendwas mit Virus Melt und Remover Tools, die aus fragwürdiger Quelle stammen.

Eigentlich sollte ich vielleicht direkt neu installieren, hab aber grad Prüfungsphase und da keine Zeit für. Was kann man nu machen? Was is das?
Was braucht ihr um das festzustellen?

MfG Knutowskie

Alt 15.02.2010, 15:35   #2
Chris4You
 
SLD.EXE Wer oder was ist das? - Standard

SLD.EXE Wer oder was ist das?



Hi,

prüfen lassen:
Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
ATTFilter
SLD.EXE
         
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-malwarebytes-anti-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
* Doppelklick auf die OTL.exe
* Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
* Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
* Unter Extra Registry, wähle bitte Use SafeList
* Klicke nun auf Run Scan links oben
* Wenn der Scan beendet wurde werden 2 Logfiles erstellt
* Poste die Logfiles hier in den Thread.

chris
__________________

__________________

Alt 15.02.2010, 16:19   #3
Knutowskie
 
SLD.EXE Wer oder was ist das? - Standard

SLD.EXE Wer oder was ist das?



Hab die SLD.exe derweile Lokalisiert und einfach mal gelöscht. Da war auch noch eine SLC und eine SLB die zum selben Zeitpunkt erstellt wurden. Alles im Datennirvana jetzt.

Achso, angefangen hat es mit msa.exe
Hatte mir ein "spiel" heruntergeladen, welches wohl kostenlos sei und als ich die Setup.exe ausgeführt habe, passierte nix, aber die setup.exe war weg. Toll dachte ich mir. Am nächsten morgen hatte ich 20 IE Fenster mit toller Werbung offen (Rechner läuft 24/7) Also geguckt was is und msa.exe beseitigt.

Mit msconfig mal so rumgesucht, was noch so startet: [Los Alamos] und Sld.exe...
Also regedit und alles Platt gemacht was so heißt. Sld.exe wie oben schon gesagt auch direkt gelöscht, nich nur den Run eintrag.

Nun denke ich alles beseitigt zu haben. Ich werde nu aber trotzdem gleich mal deine Schritte oben einleiten.

Hier derweile mal ein HijackThis Logfile von eben.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:08:59, on 15.02.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\SysWOW64\studnet\studnet.exe
C:\Program Files (x86)\MSI\TV@nywhere Pro\HyperMediaCenter 3.5\DTVR\Scheduled.exe
C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
C:\Program Files (x86)\MSI\TV@nywhere Pro\TV@nywhere Pro Utilities\HMCP3XCtl.exe
C:\Program Files (x86)\Folding@home\Folding@home-gpu\Folding@home.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Users\***\AppData\Roaming\Folding@home-gpu\FahCore_11.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader

\orbitcth.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java

\jre6\bin\jp2ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader

\GrabPro.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKCU\..\Run: [studNET-Autologin] C:\Windows\SysWOW64\studnet\studnet.exe /auto
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Center Agent] C:\Program Files (x86)\MSI\TV@nywhere Pro\HyperMediaCenter 3.5\DTVR\Scheduled.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Folding@home_GPU.lnk = ?
O4 - Global Startup: Orbit.lnk = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Remote Control.lnk = C:\Program Files (x86)\MSI\TV@nywhere Pro\TV@nywhere Pro Utilities

\HMCP3XCtl.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader

\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader

\orbitmxt.dll/202
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis

\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis

\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file

missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software

\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file

missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file

missing)
O23 - Service: Folding@home-CPU-[1] - Unknown owner - C:\Program Files (x86)\Folding@Home Windows SMP Client

V1.01\Folding@home-Win32-x86.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\

\lxdnserv.exe
O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe
O23 - Service: MPICH2 Process Manager, Argonne National Lab (mpich2_smpd) - Unknown owner - C:\SMP\smpd.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe

(file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file

missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows

\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe

(file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file

missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe

(file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe

(file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe

(file missing)
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer

\Version5\TeamViewer_Service.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp

Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp

Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player

\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows

\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe

(file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file

missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware

Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common

Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file

missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows

\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem

\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program

Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9690 bytes

Die O23 seien wohl normal, da es Windows 7 x64 ist...

Bis gleich!
__________________

Geändert von Knutowskie (15.02.2010 um 16:30 Uhr)

Alt 15.02.2010, 16:28   #4
Knutowskie
 
SLD.EXE Wer oder was ist das? - Standard

SLD.EXE Wer oder was ist das?



so MAM und OTL laufen grad. abwarten und tee trinken heißt es nun.

Alt 15.02.2010, 16:30   #5
Chris4You
 
SLD.EXE Wer oder was ist das? - Standard

SLD.EXE Wer oder was ist das?



Hi,

lass MAM laufen und nutzt statt HJ OTL und poste jeweils die Logs...
Hast Du ein 64Bit-System?

chris

__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 15.02.2010, 16:33   #6
Knutowskie
 
SLD.EXE Wer oder was ist das? - Standard

SLD.EXE Wer oder was ist das?



ja 64 bit is am start.

Hier das OTL.txt:

OTL logfile created on: 15.02.2010 16:26:02 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\%Username%\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 26,29 Gb Free Space | 53,84% Space Free | Partition Type: NTFS
Drive D: | 107,89 Gb Total Space | 13,77 Gb Free Space | 12,76% Space Free | Partition Type: NTFS
Drive E: | 76,17 Gb Total Space | 3,62 Gb Free Space | 4,75% Space Free | Partition Type: NTFS
Drive F: | 71,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
Drive H: | 3,84 Gb Total Space | 0,67 Gb Free Space | 17,53% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: KNATTERKASTEN
Current User Name: %Username%
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\%Username%\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe (Trend Micro Inc.)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\%Username%\AppData\Roaming\Folding@home-gpu\FahCore_11.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Folding@home\Folding@home-gpu\Folding@home.exe ()
PRC - C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Program Files (x86)\MSI\TV@nywhere Pro\HyperMediaCenter 3.5\DTVR\Scheduled.exe ()
PRC - C:\Program Files (x86)\MSI\TV@nywhere Pro\TV@nywhere Pro Utilities\HMCP3XCtl.exe ()
PRC - C:\Windows\SysWOW64\studnet\studnet.exe (Dossin-Brade GbR)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
PRC - C:\SMP\smpd.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\%Username%\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\Unlocker\UnlockerHook.dll ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV:64bit: - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (StorSvc) -- C:\Windows\SysNative\StorSvc.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:64bit: - (lxdnCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdnserv.exe ()
SRV:64bit: - (lxdn_device) -- C:\Windows\SysNative\lxdncoms.exe ( )
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 04:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 04:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (lxdn_device) -- C:\Windows\SysWow64\lxdncoms.exe ( )
SRV - (mpich2_smpd) -- C:\SMP\smpd.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\Windows\SysNative\drivers\tdrpm258.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (ALWIL Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (ALWIL Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (ALWIL Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (ALWIL Software)
DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (AtcL001) -- C:\Windows\SysNative\drivers\l160x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (3xHybr64) -- C:\Windows\SysNative\drivers\3xHybr64.sys (NXP Semiconductors Germany GmbH)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (BthPan) Bluetooth-Gerät (PAN) -- C:\Windows\SysNative\drivers\bthpan.sys (Microsoft Corporation)
DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\drivers\bthport.sys (Microsoft Corporation)
DRV:64bit: - (RFCOMM) Bluetooth-Gerät (RFCOMM-Protokoll-TDI) -- C:\Windows\SysNative\drivers\rfcomm.sys (Microsoft Corporation)
DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\drivers\bthenum.sys (Microsoft Corporation)
DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\drivers\BTHUSB.SYS (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (RTL8023x64) -- C:\Windows\SysNative\drivers\Rtnic64.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\drivers\s115mgmt.sys (MCCI Corporation)
DRV:64bit: - (s115obex) -- C:\Windows\SysNative\drivers\s115obex.sys (MCCI Corporation)
DRV:64bit: - (s115mdm) -- C:\Windows\SysNative\drivers\s115mdm.sys (MCCI Corporation)
DRV:64bit: - (s115mdfl) -- C:\Windows\SysNative\drivers\s115mdfl.sys (MCCI Corporation)
DRV:64bit: - (s115bus) Sony Ericsson Device 115 driver (WDM) -- C:\Windows\SysNative\drivers\s115bus.sys (MCCI Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (DrvAgent64) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies)
DRV - (CSC) -- C:\Windows\CSC [2010.01.05 01:23:27 | 000,000,000 | ---D | M]
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.)
DRV - (DSDrv4AMD64) -- C:\PROGRA~2\DScaler\DSDRV4~2.SYS ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = h**p://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 B0 E0 A9 CC 93 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.01.06 21:14:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.01.20 19:02:04 | 000,000,000 | ---D | M]

[2010.01.05 02:50:34 | 000,000,000 | ---D | M] -- C:\Users\%Username%\AppData\Roaming\mozilla\Extensions
[2010.02.15 06:45:33 | 000,000,000 | ---D | M] -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions
[2010.02.06 11:25:11 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010.02.12 19:13:21 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010.01.05 02:52:24 | 000,000,000 | ---D | M] (Extended Copy Menu) -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\{2E18002D-DF43-4c65-9FDA-40D02F066D9E}
[2010.01.05 02:52:24 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010.01.05 02:52:24 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010.02.15 06:45:05 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.02.13 14:54:41 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010.01.05 02:52:24 | 000,000,000 | ---D | M] (jDownFF) -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2010.01.05 02:52:24 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010.01.05 02:52:24 | 000,000,000 | ---D | M] (CSS Validator) -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\{AB7308B2-C13C-4eba-AC78-2AD55B96EE09}
[2010.01.05 02:52:25 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010.01.19 19:20:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.01.29 21:50:16 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.02.12 19:13:23 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.02.12 19:13:21 | 000,000,000 | ---D | M] -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.01.05 02:52:23 | 000,000,000 | ---D | M] -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\FFClickOnce@softwarepunk.com
[2010.01.05 02:52:23 | 000,000,000 | ---D | M] -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\resizeabletextarea@bristol.ac.uk
[2010.02.15 06:45:06 | 000,000,000 | ---D | M] -- C:\Users\%Username%\AppData\Roaming\mozilla\Firefox\Profiles\fipr8mew.default\extensions\validator@totalvalidator.com
[2010.02.15 06:45:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.01.06 01:14:17 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2009.12.02 09:31:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.12.02 09:31:53 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2009.12.02 09:31:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.12.02 09:31:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.12.02 09:31:53 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [Center Agent] C:\Program Files (x86)\MSI\TV@nywhere Pro\HyperMediaCenter 3.5\DTVR\Scheduled.exe ()
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [studNET-Autologin] C:\Windows\SysWOW64\studnet\studnet.exe (Dossin-Brade GbR)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\%Username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home_GPU.lnk = C:\Users\%Username%\AppData\Roaming\Microsoft\Installer\{4AA947A0-0BA8-4065-B8EE-29C6DA9661EE}\_41346D1BD9E98636678C85.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 139.18.25.3
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.04.30 16:42:22 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.08.01 11:52:16 | 000,000,196 | ---- | M] () - H:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{6bbd4be2-f990-11de-90b0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6bbd4be2-f990-11de-90b0-806e6f6e6963}\Shell\AutoRun\command - "" = G:\tools\shelexec.exe html\index.htm -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.02.15 16:25:15 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\%Username%\Desktop\OTL.exe
[2010.02.15 16:23:44 | 000,000,000 | ---D | C] -- C:\Users\%Username%\AppData\Roaming\Malwarebytes
[2010.02.15 16:23:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.02.15 16:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.02.15 16:23:39 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.02.15 16:23:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.02.15 15:33:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.02.15 15:10:43 | 000,000,000 | ---D | C] -- C:\Users\%Username%\AppData\Roaming\Thunderbird
[2010.02.12 13:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2010.02.12 13:27:23 | 000,251,488 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\afcdp.sys
[2010.02.12 13:27:21 | 001,477,728 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\tdrpm258.sys
[2010.02.12 13:27:19 | 000,943,712 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2010.02.12 13:27:14 | 000,257,120 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2010.02.12 13:27:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2010.02.12 13:27:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[2010.02.10 11:00:33 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010.02.10 11:00:33 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010.02.10 11:00:33 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010.02.10 11:00:32 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010.02.10 11:00:32 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010.02.10 11:00:32 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010.02.10 11:00:32 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010.02.10 11:00:32 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010.02.10 11:00:32 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010.02.10 11:00:32 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010.02.10 11:00:32 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010.02.10 11:00:32 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010.02.10 11:00:32 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010.02.10 11:00:32 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010.02.10 11:00:32 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010.02.10 11:00:32 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010.02.10 10:59:59 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010.02.10 10:59:58 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010.02.10 10:59:58 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010.02.10 10:59:58 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010.02.10 10:59:58 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010.02.10 10:59:58 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010.02.10 10:59:58 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010.02.10 10:59:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010.02.10 10:59:58 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010.02.08 14:27:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.02.08 12:49:11 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010.02.08 12:49:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010.02.08 12:48:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010.02.08 12:47:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.02.08 12:47:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010.02.07 18:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend
[2010.02.07 18:10:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Ericsson USB
[2010.02.07 16:58:17 | 000,000,000 | ---D | C] -- C:\Users\%Username%\AppData\Roaming\HFM
[2010.02.07 16:58:16 | 000,000,000 | ---D | C] -- C:\Users\%Username%\AppData\Local\harlam357
[2010.02.07 16:08:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HFM.NET
[2010.01.27 10:44:05 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.01.27 10:44:05 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010.01.27 10:44:05 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010.01.22 11:51:53 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010.01.22 11:51:52 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010.01.22 11:51:52 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010.01.22 11:51:52 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010.01.22 11:51:52 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010.01.22 11:51:52 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010.01.20 19:02:10 | 000,000,000 | ---D | C] -- C:\Programme\DivX
[2010.01.20 19:02:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010.01.20 19:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2010.01.20 19:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2010.01.20 18:22:54 | 000,163,840 | ---- | C] (CyberLink) -- C:\Windows\SysNative\MpgMux.ax
[2010.01.20 18:22:54 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dump.ax
[2010.01.20 18:21:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elecard
[2010.01.20 18:21:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Elecard
[2010.01.20 17:50:13 | 000,000,000 | ---D | C] -- C:\Users\%Username%\Documents\DVDVideoSoft
[2010.01.20 17:49:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2010.01.20 17:49:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2010.01.19 12:10:24 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2010.01.19 12:10:24 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2010.01.19 12:10:24 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
[2010.01.19 12:10:22 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL
[2010.01.19 12:10:22 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL
[2010.01.19 12:10:22 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[2010.01.19 12:10:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2010.01.18 03:49:48 | 000,000,000 | ---D | C] -- C:\Users\%Username%\AppData\Roaming\Foxit Software
[2010.01.17 23:05:21 | 000,000,000 | ---D | C] -- C:\Users\%Username%\AppData\Roaming\DScaler4
[2010.01.17 23:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DScaler
[2010.01.17 22:35:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
[2010.01.17 22:35:05 | 000,000,000 | ---D | C] -- C:\Users\%Username%\AppData\Roaming\Stardock
[2010.01.17 22:35:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock
[2010.01.17 22:34:54 | 000,000,000 | ---D | C] -- C:\Users\%Username%\AppData\Local\PackageAware
[2010.01.17 20:35:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dvrms editor
[2010.01.17 20:07:56 | 000,000,000 | ---D | C] -- C:\Users\%Username%\AppData\Local\Apps
[2010.01.17 20:07:55 | 000,000,000 | ---D | C] -- C:\Users\%Username%\AppData\Local\Deployment
[2010.01.17 19:56:39 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2010.01.17 19:56:39 | 000,318,976 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2010.01.17 19:56:38 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2010.01.17 19:56:38 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll
[2010.01.17 19:56:38 | 000,000,000 | ---D | C] -- C:\Programme\AviSynth 2.5
[2010.01.17 19:56:25 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll
[2010.01.17 19:56:25 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax
[2010.01.17 19:56:25 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax
[2010.01.17 19:56:25 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax
[2010.01.17 19:56:25 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax
[2010.01.17 19:56:25 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax
[2010.01.17 19:56:25 | 000,054,784 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLAPEDec.ax
[2010.01.17 19:56:25 | 000,037,888 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLMPCDec.ax
[2010.01.17 19:56:25 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll
[2010.01.17 19:56:24 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax
[2010.01.17 19:56:24 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll
[2010.01.17 19:56:24 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax
[2010.01.17 19:56:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2010.01.05 20:11:53 | 001,101,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnserv.dll
[2010.01.05 20:11:53 | 000,843,776 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnusb1.dll
[2010.01.05 20:11:53 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnpmui.dll
[2010.01.05 20:11:53 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdninpa.dll
[2010.01.05 20:11:53 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdniesc.dll
[2010.01.05 20:11:52 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomc.dll
[2010.01.05 20:11:52 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnhbn3.dll
[2010.01.05 20:11:52 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnlmpm.dll
[2010.01.05 20:11:52 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomm.dll
[2010.01.05 20:11:52 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnprox.dll

========== Files - Modified Within 30 Days ==========

[2010.02.15 16:28:24 | 002,097,152 | -HS- | M] () -- C:\Users\%Username%\NTUSER.DAT
[2010.02.15 16:25:17 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\%Username%\Desktop\OTL.exe
[2010.02.15 16:23:43 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.02.15 16:12:10 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.02.15 16:12:10 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.02.15 16:09:09 | 001,480,120 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.02.15 16:09:09 | 000,646,312 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.02.15 16:09:09 | 000,609,676 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.02.15 16:09:09 | 000,127,398 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.02.15 16:09:09 | 000,104,580 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.02.15 16:05:25 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.02.15 16:05:25 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2010.02.15 16:05:25 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2010.02.15 16:05:25 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2010.02.15 16:05:25 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2010.02.15 16:05:04 | 000,001,889 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
[2010.02.15 16:04:57 | 000,000,322 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010.02.15 16:04:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.02.15 16:04:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.02.15 16:03:55 | 001,975,704 | -H-- | M] () -- C:\Users\%Username%\AppData\Local\IconCache.db
[2010.02.15 15:33:33 | 000,002,097 | ---- | M] () -- C:\Users\%Username%\Desktop\HijackThis.lnk
[2010.02.12 13:34:10 | 000,007,658 | ---- | M] () -- C:\Users\%Username%\AppData\Local\Resmon.ResmonCfg
[2010.02.12 13:27:23 | 000,251,488 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\afcdp.sys
[2010.02.12 13:27:21 | 001,477,728 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\tdrpm258.sys
[2010.02.12 13:27:19 | 000,943,712 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2010.02.12 13:27:14 | 000,257,120 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2010.02.08 14:28:29 | 000,001,394 | ---- | M] () -- C:\Users\%Username%\Desktop\1NSANE Swissknife.exe.lnk
[2010.02.08 12:49:00 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2010.02.08 12:48:49 | 000,069,152 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010.02.07 23:24:19 | 000,175,104 | ---- | M] () -- C:\Windows\SysWow64\sshnas21.dll
[2010.02.07 18:55:07 | 000,002,915 | ---- | M] () -- C:\Users\%Username%\Desktop\Clusterball Gold.lnk
[2010.02.07 16:56:34 | 000,069,485 | ---- | M] () -- C:\Users\%Username%\Desktop\multimedia GK1__prüfungshilfe.pdf
[2010.02.03 00:36:23 | 000,108,982 | ---- | M] () -- C:\Users\%Username%\Desktop\Spicker.pdf
[2010.02.02 02:22:19 | 018,499,623 | ---- | M] () -- C:\Users\%Username%\Desktop\vlc-1.0.5-win32.exe
[2010.02.01 22:40:40 | 000,506,606 | ---- | M] () -- C:\Users\%Username%\Desktop\Analysis I.docx
[2010.01.29 14:44:06 | 000,808,881 | ---- | M] () -- C:\Users\%Username%\Desktop\screenie_HP_1.png
[2010.01.25 21:03:38 | 000,027,943 | ---- | M] () -- C:\Users\%Username%\Desktop\test.exe
[2010.01.23 18:12:49 | 000,006,406 | ---- | M] () -- C:\Users\%Username%\Desktop\UPN_Projekt.c
[2010.01.22 16:35:06 | 000,213,014 | ---- | M] () -- C:\Users\%Username%\Desktop\auto.jpg
[2010.01.21 21:32:02 | 000,423,424 | ---- | M] () -- C:\Windows\SysWow64\Folding@home-Win32-x86.exe
[2010.01.20 18:28:03 | 000,000,517 | ---- | M] () -- C:\Users\%Username%\AppData\Roaming\WtvWatcher.settings
[2010.01.20 17:56:11 | 000,020,710 | ---- | M] () -- C:\Users\%Username%\Desktop\VMFAH.png
[2010.01.20 17:03:56 | 000,182,164 | ---- | M] () -- C:\Users\%Username%\Desktop\screenie_HP.png
[2010.01.20 15:53:47 | 000,000,941 | ---- | M] () -- C:\Users\%Username%\Desktop\hit70s.pls
[2010.01.19 12:16:32 | 000,075,331 | ---- | M] () -- C:\Users\%Username%\Desktop\eBanking Private Edition - Einkommensnachweis.pdf
[2010.01.19 10:05:57 | 000,424,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010.01.19 10:05:57 | 000,422,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010.01.19 10:05:57 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010.01.19 10:05:57 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010.01.19 10:00:44 | 000,305,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010.01.19 10:00:43 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010.01.19 10:00:37 | 000,356,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010.01.19 10:00:37 | 000,306,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010.01.19 00:29:31 | 000,365,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010.01.19 00:29:31 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010.01.19 00:29:31 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010.01.19 00:29:30 | 000,369,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010.01.19 00:28:33 | 000,324,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010.01.19 00:28:33 | 000,277,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010.01.19 00:28:30 | 000,320,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010.01.19 00:28:30 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010.01.17 23:02:43 | 000,003,584 | ---- | M] () -- C:\Users\%Username%\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.17 23:02:28 | 011,642,880 | ---- | M] () -- C:\Users\%Username%\Documents\TV Antenna 34_TV_20100117_230204.mpg

========== Files Created - No Company Name ==========

[2010.02.15 16:23:43 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.02.15 15:33:33 | 000,002,097 | ---- | C] () -- C:\Users\%Username%\Desktop\HijackThis.lnk
[2010.02.12 23:46:55 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.02.12 23:46:55 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2010.02.12 23:46:55 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2010.02.12 23:46:55 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2010.02.12 23:46:55 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2010.02.12 13:30:53 | 000,001,889 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
[2010.02.08 14:28:05 | 000,001,394 | ---- | C] () -- C:\Users\%Username%\Desktop\1NSANE Swissknife.exe.lnk
[2010.02.08 13:26:17 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2010.02.07 23:24:24 | 000,000,322 | -H-- | C] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010.02.07 23:24:19 | 000,175,104 | ---- | C] () -- C:\Windows\SysWow64\sshnas21.dll
[2010.02.07 18:55:07 | 000,002,915 | ---- | C] () -- C:\Users\%Username%\Desktop\Clusterball Gold.lnk
[2010.02.07 16:56:33 | 000,069,485 | ---- | C] () -- C:\Users\%Username%\Desktop\multimedia GK1__prüfungshilfe.pdf
[2010.02.03 00:32:43 | 000,108,982 | ---- | C] () -- C:\Users\%Username%\Desktop\Spicker.pdf
[2010.02.02 02:22:00 | 018,499,623 | ---- | C] () -- C:\Users\%Username%\Desktop\vlc-1.0.5-win32.exe
[2010.02.01 22:39:24 | 000,506,606 | ---- | C] () -- C:\Users\%Username%\Desktop\Analysis I.docx
[2010.01.29 14:44:02 | 000,808,881 | ---- | C] () -- C:\Users\%Username%\Desktop\screenie_HP_1.png
[2010.01.25 21:03:26 | 000,027,943 | ---- | C] () -- C:\Users\%Username%\Desktop\test.exe
[2010.01.23 18:12:49 | 000,006,406 | ---- | C] () -- C:\Users\%Username%\Desktop\UPN_Projekt.c
[2010.01.22 16:34:30 | 000,213,014 | ---- | C] () -- C:\Users\%Username%\Desktop\auto.jpg
[2010.01.21 11:31:05 | 000,005,352 | ---- | C] () -- C:\Users\%Username%\Desktop\Kub_rkoch.java
[2010.01.20 17:56:10 | 000,020,710 | ---- | C] () -- C:\Users\%Username%\Desktop\VMFAH.png
[2010.01.20 17:03:56 | 000,182,164 | ---- | C] () -- C:\Users\%Username%\Desktop\screenie_HP.png
[2010.01.20 15:53:46 | 000,000,941 | ---- | C] () -- C:\Users\%Username%\Desktop\hit70s.pls
[2010.01.19 12:16:31 | 000,075,331 | ---- | C] () -- C:\Users\%Username%\Desktop\eBanking Private Edition - Einkommensnachweis.pdf
[2010.01.19 12:10:24 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll
[2010.01.17 23:02:43 | 000,003,584 | ---- | C] () -- C:\Users\%Username%\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.17 23:02:05 | 011,642,880 | ---- | C] () -- C:\Users\%Username%\Documents\TV Antenna 34_TV_20100117_230204.mpg
[2010.01.17 20:08:25 | 000,000,517 | ---- | C] () -- C:\Users\%Username%\AppData\Roaming\WtvWatcher.settings
[2010.01.17 19:56:38 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.01.17 19:56:25 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax
[2010.01.17 19:56:24 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax
[2010.01.17 19:56:24 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax
[2010.01.17 19:56:24 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax
[2010.01.15 14:20:30 | 000,001,267 | ---- | C] () -- C:\Windows\TVP3XDrv.ini
[2010.01.06 02:44:21 | 000,007,658 | ---- | C] () -- C:\Users\%Username%\AppData\Local\Resmon.ResmonCfg
[2010.01.05 20:11:53 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\LXDNinst.dll
[2010.01.05 20:11:53 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdncomx.dll
[2010.01.05 18:51:05 | 000,032,345 | ---- | C] () -- C:\Windows\unvpeye.ini
[2010.01.05 05:19:19 | 001,380,352 | ---- | C] () -- C:\Windows\SysWow64\mpich2shmp.dll
[2010.01.05 05:19:19 | 001,196,032 | ---- | C] () -- C:\Windows\SysWow64\mpich2.dll
[2010.01.05 05:19:19 | 001,175,552 | ---- | C] () -- C:\Windows\SysWow64\mpich2shm.dll
[2010.01.05 05:19:19 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\mpich2mpi.dll
[2010.01.05 03:30:38 | 000,000,246 | ---- | C] () -- C:\Windows\aimpr.ini
[2010.01.05 03:06:30 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.01.05 01:45:22 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.07.23 15:49:06 | 000,782,336 | ---- | C] () -- C:\Windows\SysWow64\lxdndrs.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.05.14 09:46:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdncaps.dll
[2007.10.02 10:51:10 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdncnv4.dll
[2002.05.28 02:52:36 | 000,106,496 | ---- | C] () -- C:\Windows\japi.dll
[2001.06.24 10:32:44 | 000,172,032 | ---- | C] () -- C:\Windows\japi2.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0
< End of report >

Alt 15.02.2010, 16:36   #7
Knutowskie
 
SLD.EXE Wer oder was ist das? - Standard

SLD.EXE Wer oder was ist das?



Die Extras.txt:

OTL Extras logfile created on: 15.02.2010 16:26:02 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Users\%Username%\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 26,29 Gb Free Space | 53,84% Space Free | Partition Type: NTFS
Drive D: | 107,89 Gb Total Space | 13,77 Gb Free Space | 12,76% Space Free | Partition Type: NTFS
Drive E: | 76,17 Gb Total Space | 3,62 Gb Free Space | 4,75% Space Free | Partition Type: NTFS
Drive F: | 71,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
Drive H: | 3,84 Gb Total Space | 0,67 Gb Free Space | 17,53% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: KNATTERKASTEN
Current User Name: %Username%
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"AntiSpyWareDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"UacDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4F77F6EE-2C99-49F7-940A-2E9C208C3BE2}" = Paint.NET v3.5.2
"{7F2E5C3B-DBDF-469D-AD8D-F686D3B71176}" = Debugging Tools for Windows (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Lexmark 2600 Series" = Lexmark 2600 Series
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{1A7C2340-D1AC-4742-BCFF-1EA6CADFDC8B}" = Microsoft Windows Debugging Symbols
"{1F55C9E0-27B1-475D-B4B1-A4A6E1F05552}_is1" = QIP 2005 psYNovA-Edition
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{32A3A4F4-B792-11D6-A78A-00B0D0160170}" = Java(TM) SE Development Kit 6 Update 17
"{49F864F5-1A85-4E69-8764-C7E4EABD8BA0}" = MSI TV@nywhere Pro Utilities
"{4AA947A0-0BA8-4065-B8EE-29C6DA9661EE}" = Folding@home-gpu
"{5410E13A-C394-4C33-835E-597D66E28F56}" = Clusterball Gold
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
"{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}" = Folding@home-x86
"{74DAA2E2-A7DB-4CA3-8F99-62EB23BA3377}" = TV@nywhere Pro Teletext
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E52A993-2C62-4470-9FE0-8F931496A985}" = PC VGA Camer@
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{A30EE8A6-6B9F-4973-B5ED-2A60B40576E4}_is1" = StudNET Login Client
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E295268C-8B17-4D66-8DFE-7CE7C346F9F5}" = HFM.NET 0.4.8.121
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB8148DD-C575-4B0A-9F6C-0CFC46937930}" = Opera 10.10
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"CCleaner" = CCleaner
"Clusterball®_is1" = Clusterball® 1.300
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DScaler 4 Test Version_is1" = DScaler 4 Test Version
"Elecard XMuxer SRD 1.1.80723 Eval" = Elecard XMuxer SRD Eval
"FahMon" = FahMon - Folding@home client monitoring software
"Fences" = Fences
"Folding@Home Windows SMP Client" = Folding@Home Windows SMP Client
"foobar2000" = foobar2000 v0.9.6.3
"Foxit Reader" = Foxit Reader
"Free Studio_is1" = Free Studio version 4.2
"HijackThis" = HijackThis 2.0.2
"HyperMediaCenter 3.5_is1" = HyperMediaCenter 3.5
"InstallShield_{8E52A993-2C62-4470-9FE0-8F931496A985}" = PC VGA Camer@
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MPE" = MyPhoneExplorer
"Notepad++" = Notepad++
"Orbit_is1" = Orbit Downloader
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.7.0
"RocketDock_is1" = RocketDock 1.3.5
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"TeamViewer 5" = TeamViewer 5
"Totalcmd" = Total Commander (Remove or Repair)
"TuneUp Utilities" = TuneUp Utilities
"TVP3XDrv" = MSI TV@nywhere Plus BDA Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.7
"VLC media player" = VLC media player 1.0.5
"VMware_Player" = VMware Player

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced IM Password Recovery" = Advanced IM Password Recovery (remove only)
"c410f8b870fca0a8" = WtvWatcher
"CodeBlocks" = CodeBlocks

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23.01.2010 12:26:33 | Computer Name = Knatterkasten | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: C_Projekt_UPN.exe, Version: 0.0.0.0,
Zeitstempel: 0x4b5b2334 Name des fehlerhaften Moduls: C_Projekt_UPN.exe, Version:
0.0.0.0, Zeitstempel: 0x4b5b2334 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000019a5
ID
des fehlerhaften Prozesses: 0xc2c Startzeit der fehlerhaften Anwendung: 0x01ca9c48d170c62b
Pfad
der fehlerhaften Anwendung: D:\HTWK\ws09_10\AOP C\C_Projekt_UPN\bin\Debug\C_Projekt_UPN.exe
Pfad
des fehlerhaften Moduls: D:\HTWK\ws09_10\AOP C\C_Projekt_UPN\bin\Debug\C_Projekt_UPN.exe
Berichtskennung:
111ad76e-083c-11df-96e0-000cbf0132ae

Error - 23.01.2010 12:49:53 | Computer Name = Knatterkasten | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: C_Projekt_UPN.exe, Version: 0.0.0.0,
Zeitstempel: 0x4b5b28a5 Name des fehlerhaften Moduls: C_Projekt_UPN.exe, Version:
0.0.0.0, Zeitstempel: 0x4b5b28a5 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001521
ID
des fehlerhaften Prozesses: 0x1160 Startzeit der fehlerhaften Anwendung: 0x01ca9c4c1237be84
Pfad
der fehlerhaften Anwendung: D:\HTWK\ws09_10\AOP C\C_Projekt_UPN\bin\Debug\C_Projekt_UPN.exe
Pfad
des fehlerhaften Moduls: D:\HTWK\ws09_10\AOP C\C_Projekt_UPN\bin\Debug\C_Projekt_UPN.exe
Berichtskennung:
539319f8-083f-11df-96e0-000cbf0132ae

Error - 23.01.2010 12:58:35 | Computer Name = Knatterkasten | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: C_Projekt_UPN.exe, Version: 0.0.0.0,
Zeitstempel: 0x4b5b2aad Name des fehlerhaften Moduls: C_Projekt_UPN.exe, Version:
0.0.0.0, Zeitstempel: 0x4b5b2aad Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000193e
ID
des fehlerhaften Prozesses: 0x131c Startzeit der fehlerhaften Anwendung: 0x01ca9c4d4b0877c0
Pfad
der fehlerhaften Anwendung: D:\HTWK\ws09_10\AOP C\C_Projekt_UPN\bin\Debug\C_Projekt_UPN.exe
Pfad
des fehlerhaften Moduls: D:\HTWK\ws09_10\AOP C\C_Projekt_UPN\bin\Debug\C_Projekt_UPN.exe
Berichtskennung:
8ab6dd3f-0840-11df-96e0-000cbf0132ae

Error - 26.01.2010 21:29:26 | Computer Name = Knatterkasten | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.1.3642,
Zeitstempel: 0x4b302c34 Name des fehlerhaften Moduls: GrabXpcom.dll, Version: 0.0.0.0,
Zeitstempel: 0x4b4c1bac Ausnahmecode: 0x80000003 Fehleroffset: 0x000173c3 ID des fehlerhaften
Prozesses: 0x980 Startzeit der fehlerhaften Anwendung: 0x01ca9eb2d723f6b2 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
Berichtskennung:
67ad8b2c-0ae3-11df-97e0-005056c00008

Error - 08.02.2010 07:48:34 | Computer Name = Knatterkasten | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 11.02.2010 17:06:30 | Computer Name = Knatterkasten | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.1.3642,
Zeitstempel: 0x4b302c34 Name des fehlerhaften Moduls: GrabXpcom.dll, Version: 0.0.0.0,
Zeitstempel: 0x4b7278e2 Ausnahmecode: 0x80000003 Fehleroffset: 0x000173c3 ID des fehlerhaften
Prozesses: 0x91c Startzeit der fehlerhaften Anwendung: 0x01caab5df5d8ba0e Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
Berichtskennung:
53137754-1751-11df-b67f-000cbf0132ae

Error - 13.02.2010 01:21:44 | Computer Name = Knatterkasten | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats
von <h**p://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/02FAF3E291435468607857694DF5E45B68851868.crt>.
Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. .

Error - 13.02.2010 01:21:44 | Computer Name = Knatterkasten | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats
von <h**p://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/02FAF3E291435468607857694DF5E45B68851868.crt>.
Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen. .

Error - 13.02.2010 01:21:44 | Computer Name = Knatterkasten | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats
von <h**p://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/02FAF3E291435468607857694DF5E45B68851868.crt>.
Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. .

Error - 13.02.2010 01:21:44 | Computer Name = Knatterkasten | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats
von <h**p://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/02FAF3E291435468607857694DF5E45B68851868.crt>.
Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen. .

[ System Events ]
Error - 12.02.2010 18:46:17 | Computer Name = Knatterkasten | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxdnCATSCustConnectService erreicht.

Error - 12.02.2010 18:46:17 | Computer Name = Knatterkasten | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxdnCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 15.02.2010 10:46:54 | Computer Name = Knatterkasten | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Folding@home-CPU-[1]" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2

Error - 15.02.2010 10:46:55 | Computer Name = Knatterkasten | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxdnCATSCustConnectService erreicht.

Error - 15.02.2010 10:46:55 | Computer Name = Knatterkasten | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxdnCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 15.02.2010 10:59:54 | Computer Name = Knatterkasten | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program
Files (x86)\Unlocker\UnlockerDriver5.sys nicht geladen. Wenden Sie sich an den
Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error - 15.02.2010 10:59:54 | Computer Name = Knatterkasten | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program
Files (x86)\Unlocker\UnlockerDriver5.sys nicht geladen. Wenden Sie sich an den
Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error - 15.02.2010 11:04:53 | Computer Name = Knatterkasten | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Folding@home-CPU-[1]" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2

Error - 15.02.2010 11:04:53 | Computer Name = Knatterkasten | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxdnCATSCustConnectService erreicht.

Error - 15.02.2010 11:04:53 | Computer Name = Knatterkasten | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxdnCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053


< End of report >

Alt 15.02.2010, 16:47   #8
Chris4You
 
SLD.EXE Wer oder was ist das? - Standard

SLD.EXE Wer oder was ist das?



Hi,

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\Users\%Username%\AppData\Roaming\Microsoft\Installer\{4AA947A0-0BA8-4065-B8EE-29C6DA9661EE}\_41346D1BD9E98636678C85.exe
C:\Windows\SysWow64\devil.dll
C:\Windows\SysWow64\sshnas21.dll
C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job  <- mal reinschauen!
         
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Dein DHCP-Server stimmt so?
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 139.18.25.3

Mal sehen was MAM dazu sagt...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 15.02.2010, 16:57   #9
Knutowskie
 
SLD.EXE Wer oder was ist das? - Standard

SLD.EXE Wer oder was ist das?



Der DHCP stimmt so.

MAM sagt:

Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3741
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15.02.2010 16:54:54
mbam-log-2010-02-15 (16-54-54).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|)
Durchsuchte Objekte: 252445
Laufzeit: 27 minute(s), 5 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\F5JMWNZTHI (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Windows\System32\system32 (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Windows\System32\system32\PhilipsAnalog_TXT.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\system32\PhilipsDVB_TXT.ax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\sshnas21.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Alt 15.02.2010, 17:05   #10
Chris4You
 
SLD.EXE Wer oder was ist das? - Standard

SLD.EXE Wer oder was ist das?



Hi,

das hier könnte ein Fehlalarm sein:
C:\Windows\System32\system32\PhilipsAnalog_TXT.ax
C:\Windows\System32\system32\PhilipsDVB_TXT.ax,
wenn Du eine TV-Karte hast...

Sonst sieht das schon recht gut aus )...
Ein Rootkit wird nicht am Start sein, es gibt (noch) keines für 64 Bit, ist aber nur eine Frage der Zeit...

Cureit:
http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 15.02.2010, 17:05   #11
Knutowskie
 
SLD.EXE Wer oder was ist das? - Standard

SLD.EXE Wer oder was ist das?



File _41346D1BD9E98636678C85.exe received on 2010.02.15 16:00:15 (UTC)
Result: 0/41 (0%)

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.02.15 -
AhnLab-V3 5.0.0.2 2010.02.15 -
AntiVir 7.9.1.170 2010.02.15 -
Antiy-AVL 2.0.3.7 2010.02.15 -
Authentium 5.2.0.5 2010.02.15 -
Avast 4.8.1351.0 2010.02.15 -
AVG 9.0.0.730 2010.02.15 -
BitDefender 7.2 2010.02.15 -
CAT-QuickHeal 10.00 2010.02.15 -
ClamAV 0.96.0.0-git 2010.02.15 -
Comodo 3945 2010.02.15 -
DrWeb 5.0.1.12222 2010.02.15 -
eSafe 7.0.17.0 2010.02.15 -
eTrust-Vet 35.2.7303 2010.02.15 -
F-Prot 4.5.1.85 2010.02.15 -
F-Secure 9.0.15370.0 2010.02.15 -
Fortinet 4.0.14.0 2010.02.15 -
GData 19 2010.02.15 -
Ikarus T3.1.1.80.0 2010.02.15 -
Jiangmin 13.0.900 2010.02.15 -
K7AntiVirus 7.10.972 2010.02.12 -
Kaspersky 7.0.0.125 2010.02.15 -
McAfee 5892 2010.02.14 -
McAfee+Artemis 5892 2010.02.14 -
McAfee-GW-Edition 6.8.5 2010.02.15 -
Microsoft 1.5406 2010.02.15 -
NOD32 4868 2010.02.15 -
Norman 6.04.08 2010.02.15 -
nProtect 2009.1.8.0 2010.02.15 -
Panda 10.0.2.2 2010.02.14 -
PCTools 7.0.3.5 2010.02.15 -
Prevx 3.0 2010.02.15 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.15 -
Sunbelt 5678 2010.02.15 -
Symantec 20091.2.0.41 2010.02.15 -
TheHacker 6.5.1.4.194 2010.02.15 -
TrendMicro 9.120.0.1004 2010.02.15 -
VBA32 3.12.12.2 2010.02.15 -
ViRobot 2010.2.13.2186 2010.02.13 -
VirusBuster 5.0.21.0 2010.02.15 -
Additional information
File size: 98477 bytes
MD5...: 394157fb315e5186a3ef07f1c99b364e
SHA1..: cf5eeddd7f36cabfde2076dfc1071ca9e7f03841
SHA256: 60bca16b6e1c127bff1850fe5e15d651b18b87588fdf82e635752fd09ce1ff89
ssdeep: 3072:FnOW5rIiSTtrfIkGxyHMHdimlS2IPujcj6:W9Ikx85w28c1
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: MPEG Video (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Alt 15.02.2010, 17:09   #12
Knutowskie
 
SLD.EXE Wer oder was ist das? - Standard

SLD.EXE Wer oder was ist das?



File devil.dll received on 2010.02.15 16:06:53 (UTC)
Result: 0/40 (0%)

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.02.15 -
AhnLab-V3 5.0.0.2 2010.02.15 -
AntiVir 7.9.1.170 2010.02.15 -
Antiy-AVL 2.0.3.7 2010.02.15 -
Authentium 5.2.0.5 2010.02.15 -
Avast 4.8.1351.0 2010.02.15 -
AVG 9.0.0.730 2010.02.15 -
BitDefender 7.2 2010.02.15 -
CAT-QuickHeal 10.00 2010.02.15 -
ClamAV 0.96.0.0-git 2010.02.15 -
Comodo 3945 2010.02.15 -
DrWeb 5.0.1.12222 2010.02.15 -
eSafe 7.0.17.0 2010.02.15 -
eTrust-Vet 35.2.7303 2010.02.15 -
F-Prot 4.5.1.85 2010.02.15 -
F-Secure 9.0.15370.0 2010.02.15 -
Fortinet 4.0.14.0 2010.02.15 -
GData 19 2010.02.15 -
Ikarus T3.1.1.80.0 2010.02.15 -
Jiangmin 13.0.900 2010.02.15 -
K7AntiVirus 7.10.972 2010.02.12 -
Kaspersky 7.0.0.125 2010.02.15 -
McAfee 5892 2010.02.14 -
McAfee+Artemis 5892 2010.02.14 -
McAfee-GW-Edition 6.8.5 2010.02.15 -
Microsoft 1.5406 2010.02.15 -
NOD32 4868 2010.02.15 -
Norman 6.04.08 2010.02.15 -
nProtect 2009.1.8.0 2010.02.15 -
Panda 10.0.2.2 2010.02.14 -
PCTools 7.0.3.5 2010.02.15 -
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.15 -
Sunbelt 5678 2010.02.15 -
Symantec 20091.2.0.41 2010.02.15 -
TheHacker 6.5.1.4.194 2010.02.15 -
TrendMicro 9.120.0.1004 2010.02.15 -
VBA32 3.12.12.2 2010.02.15 -
ViRobot 2010.2.13.2186 2010.02.13 -
VirusBuster 5.0.21.0 2010.02.15 -
Additional information
File size: 719872 bytes
MD5...: d27959321703b70120025a9356e89a7d
SHA1..: f1252382feb6a31a384a840e41e623b72bb3d000
SHA256: 38aed5589e8da0a3b123e754b0c839818627f4fd178df31b556cbb304caefc28
ssdeep: 12288:WI2QVF9rRtYszwn+nZDNMONWvTY6m7fikJ:WIpF9rRtzwn+nZDNMsXfi
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x7851b
timedatestamp.....: 0x4038336a (Sun Feb 22 04:43:22 2004)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x80852 0x80a00 6.69 f711d9f2461c7dbc9ccc0e4b989a8c26
.rdata 0x82000 0x1cc9f 0x1ce00 3.01 ef259c4d5932dc94747e3b08c1e9cff2
.data 0x9f000 0xbfcf0 0xb200 5.54 94430492c09d8b57315901ed71d6fbde
.rsrc 0x15f000 0x1888 0x1a00 1.85 b3e5ac232ee91006bddcf121cd9b838f
.reloc 0x161000 0x52a0 0x5400 6.01 8d3f2fb04a247d8f0e7ce22d1c176357

( 3 imports )
> MSVCRT.dll: fgetc, fread, fseek, ftell, fclose, fputc, fwrite, vsprintf, fprintf, _setjmp3, longjmp, strncmp, atoi, _pctype, __mb_cur_max, _isctype, fputs, _vsnprintf, sprintf, strftime, localtime, _tzset, time, strtol, exit, _ftol, fopen, sscanf, getenv, qsort, _CIpow, memcpy, memset, calloc, malloc, fabs, pow, strlen, strcpy, fflush, strtod, floor, realloc, vfprintf, rand, __dllonexit, _onexit, _initterm, _adjust_fdiv, abs, free, strncpy, _iob, memcmp, _fstat, _close, _strnicmp, _stricmp, _read, _write, _lseek, ldexp, frexp, _open, _unlink, _swab, printf
> KERNEL32.dll: FatalAppExitA, GetSystemTime
> USER32.dll: MessageBoxA

( 119 exports )
_icalloc@8, iBindImageTemp, iConvertImage, iConvertPal, iCopyPal, iGetFlipped, ialloc, ifree, ilActiveImage, ilActiveLayer, ilActiveMipmap, ilApplyPal, ilApplyProfile, ilBindImage, ilBlit, ilClearColour, ilClearImage, ilClearImage_, ilCloneCurImage, ilCloseImage, ilClosePal, ilCompressFunc, ilConvertBuffer, ilConvertImage, ilConvertPal, ilCopyImage, ilCopyImageAttr, ilCopyImage_, ilCopyPixels, ilCreateSubImage, ilDefaultImage, ilDeleteImages, ilDisable, ilEnable, ilFormatFunc, ilGenImages, ilGetAlpha, ilGetBoolean, ilGetBooleanv, ilGetBppFormat, ilGetBppPal, ilGetBppType, ilGetClear, ilGetCurImage, ilGetCurName, ilGetDXTCData, ilGetData, ilGetError, ilGetInteger, ilGetIntegerv, ilGetLumpPos, ilGetPalBaseType, ilGetPalette, ilGetString, ilGetTypeBpc, ilHint, ilInit, ilIsDisabled, ilIsEnabled, ilIsImage, ilIsValid, ilIsValidF, ilIsValidL, ilIsValidPal, ilKeyColour, ilLoad, ilLoadData, ilLoadDataF, ilLoadDataL, ilLoadF, ilLoadFromJpegStruct, ilLoadImage, ilLoadL, ilLoadPal, ilNewImage, ilNextPower2, ilOriginFunc, ilOverlayImage, ilPopAttrib, ilPushAttrib, ilRegisterFormat, ilRegisterLoad, ilRegisterMipNum, ilRegisterNumImages, ilRegisterOrigin, ilRegisterPal, ilRegisterSave, ilRegisterType, ilRemoveLoad, ilRemoveSave, ilReplaceCurImage, ilResetMemory, ilResetRead, ilResetWrite, ilResizeImage, ilSave, ilSaveData, ilSaveF, ilSaveFromJpegStruct, ilSaveImage, ilSaveL, ilSavePal, ilSetCurImage, ilSetData, ilSetDuration, ilSetError, ilSetInteger, ilSetMemory, ilSetPal, ilSetPixels, ilSetRead, ilSetString, ilSetWrite, ilShutDown, ilTexImage, ilTexImage_, ilTexSubImage_, ilTypeFromExt, ilTypeFunc
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Windows Screen Saver (39.4%)
Win32 Executable Generic (25.6%)
Win32 Dynamic Link Library (generic) (22.8%)
Generic Win/DOS Executable (6.0%)
DOS Executable Generic (6.0%)
sigcheck:
publisher....: Abysmal Software
copyright....: Copyright (c) 2000-2002
product......: Developer_s Image Library (DevIL)
description..: DevIL: A portable image library in development
original name: DevIL.dll
internal name: Developer_s Image Library (DevIL)
file version.: 1.6.6
comments.....: DevIL: A portable image library in development
signers......: -
signing date.: -
verified.....: Unsigned

Alt 15.02.2010, 17:11   #13
Knutowskie
 
SLD.EXE Wer oder was ist das? - Standard

SLD.EXE Wer oder was ist das?



TV Karte hab ich...

C:\Windows\SysWow64\sshnas21.dll
existiert nich mehr, da gelöscht...

CureIt wird gerade geladen. muss dann in safemode. Bis nachher.

EDIT: CureIt hat nix gefunden!

Kann ich jetzt erstma die nächste Woche sicher Leben?
Werd dann auf jeden Fall ne neuinst machen. Aber bis dahin hab ich keine Zeit, wejen Prüfungen undso.

Danke dir aber erstma ganz dolle!

Geändert von Knutowskie (15.02.2010 um 17:45 Uhr)

Alt 16.02.2010, 07:49   #14
Chris4You
 
SLD.EXE Wer oder was ist das? - Standard

SLD.EXE Wer oder was ist das?



Hi,

wenn Du nicht unbedingt Homebanking betreibst, sollte es bis zum Neuaufsetzten ausreichen

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Antwort

Themen zu SLD.EXE Wer oder was ist das?
ad aware, aware, brauch, community, cookies, direkt, google, home, installiere, installieren, kurze, neu, platte, quelle, remover, tan, tante, tools, virus, win, win7




Ähnliche Themen: SLD.EXE Wer oder was ist das?


  1. viren befall ?? oder malware oder unerwuenschte software ?? oder ....
    Plagegeister aller Art und deren Bekämpfung - 20.05.2015 (6)
  2. Unsicher ob GVU-Trojaner (oder ähnliches) noch auf dem Rechner ist oder ob dieser entfernt wurde.
    Mülltonne - 29.01.2015 (0)
  3. Spam-Trojaner oder Mailkontenmissbrauch oder keins von beiden?
    Plagegeister aller Art und deren Bekämpfung - 16.05.2014 (18)
  4. Im Firefox ständig Werbemeldungen oder Hinweise zu Performance oder Spyware
    Log-Analyse und Auswertung - 14.01.2014 (17)
  5. Malware oder Viren oder Trojaner Schutz..Begriffverwirrung
    Antiviren-, Firewall- und andere Schutzprogramme - 12.07.2012 (1)
  6. Antivir zeigt dauernd: TR/Spy.Farko.lw oder TR/Rogue.kdv.651759 oder TR/Spy.Agent.ccfd usw.
    Log-Analyse und Auswertung - 08.07.2012 (1)
  7. EXP\JAVA.NIABIL.GEN Exploit oder Trojaner oder beides - Lösung ?
    Log-Analyse und Auswertung - 29.02.2012 (1)
  8. click.GiftLoad oder TR/Crypt.XPACK.Gen2 oder Rootkit.TDSS.Gen ?
    Plagegeister aller Art und deren Bekämpfung - 03.05.2011 (3)
  9. Virus oder Trojaner? Browser reagieren nicht oder verzögert.
    Log-Analyse und Auswertung - 20.10.2010 (26)
  10. Habe ich einen Virus oder Malware oder sonstiges auf dem Rechner?
    Log-Analyse und Auswertung - 15.08.2010 (23)
  11. Grafikkarte oder Monitor defekt? Oder ganz was anderes?
    Netzwerk und Hardware - 09.06.2010 (3)
  12. schadhaftes script oder virus? url falschmeldung oder echte gefahr?
    Plagegeister aller Art und deren Bekämpfung - 06.06.2010 (6)
  13. Hab ich den Trojan.Agent oder Antivirus 2008 oder 2009
    Plagegeister aller Art und deren Bekämpfung - 26.02.2009 (1)
  14. Hilfe!! Monder.Acia oder Vundo 129024 oder Virtumonde auf dem PC gefunden
    Plagegeister aller Art und deren Bekämpfung - 19.12.2008 (0)
  15. richtig- oder falsch-positiv? kompromittiert ja oder nein?
    Log-Analyse und Auswertung - 26.01.2008 (12)
  16. Ich hab folgende trojaner oder adware oder was auch immer gefunden!
    Log-Analyse und Auswertung - 23.07.2006 (15)
  17. TR/Drop.Delf.DJ.4 oder TR/LowZones.A.2 oder WEBREBATES0.EXE Problem
    Log-Analyse und Auswertung - 27.10.2004 (2)

Zum Thema SLD.EXE Wer oder was ist das? - Hey Community! Ich habe seid kurzen Win7 drauf und ich denke ich hab mir auch schon irgendwas eingefangen. Avast Home findet nix und Ad Aware hat nur paar Cookies gelöscht. - SLD.EXE Wer oder was ist das?...
Archiv
Du betrachtest: SLD.EXE Wer oder was ist das? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.