Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Skype Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.09.2010, 08:24   #1
chrash
 
Skype Virus - Standard

Skype Virus



Hallo
ich habe gestern von einer Freundin in Skype ein Link bekommen mit Foto "Link" ich habe diesen geöffnet und es kam eine MSN seite seit dem Spielt mein PC verückt dauernd öffnet sich Skype und meine Maus wurde sehr langsam ich habe Spybot und AntiVir durchlaufen lassen sie fanden 4 Viren die ich gelöchst habe nun habe ich hier eine Beitrag gelesen der genau mein Problem enthälht und ich habe das gemacht was in den beitrag stand.
Den GMER Log kann ich nicht senden weil mein PC den immer Abstürtz auch im Gesicherten Modus. Noch was zum Virus es fing an das sich Sykpe immer auf machte und schließte aber nie den link weiter sendete nach neu Start hatte es die Maus langsamer gemacht meine Internet addons Aktieviert und z.B. sachen umgestell wie wenn ichh "W" drückte mein Browser sich schloss
Bitte um Schnelle Hilfe
Die Logs

defogger
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:47 on 04/08/2010 (Björn)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCUAEMON Tools Lite -> Removed

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

Geändert von chrash (05.09.2010 um 08:37 Uhr)

Alt 05.09.2010, 08:25   #2
chrash
 
Skype Virus - Standard

Skype Virus



Malwarebytes Log

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4052

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

04.08.2010 16:46:50
mbam-log-2010-08-04 (16-46-50).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 120415
Laufzeit: 6 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\ZagrebLand (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\uvc7jk640c (Trojan.Downloader) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
__________________


Alt 05.09.2010, 08:27   #3
chrash
 
Skype Virus - Standard

Skype Virus



Malwarebytes Log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

04.08.2010 16:46:50
mbam-log-2010-08-04 (16-46-50).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 120415
Laufzeit: 6 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\ZagrebLand (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\uvc7jk640c (Trojan.Downloader) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
__________________

Alt 05.09.2010, 08:30   #4
chrash
 
Skype Virus - Standard

Skype Virus



OTL LogOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.08.2010 01:13:12 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Björn\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454,56 Gb Total Space | 155,09 Gb Free Space | 34,12% Space Free | Partition Type: NTFS
Drive D: | 11,20 Gb Total Space | 1,84 Gb Free Space | 16,46% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BJÖRN-PC
Current User Name: Björn
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.04 16:24:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Björn\Desktop\MFTools\OTL.exe
PRC - [2010.08.03 20:46:32 | 000,063,488 | RHS- | M] () -- C:\Users\Public\nvsvc32.exe
PRC - [2010.07.14 17:25:24 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010.06.21 10:09:52 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.03.30 12:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.02.04 14:57:44 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.05.27 18:26:07 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009.04.07 09:39:44 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009.02.27 16:10:18 | 000,299,008 | ---- | M] () -- C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
PRC - [2009.02.09 18:14:02 | 000,296,320 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009.02.09 18:14:02 | 000,116,096 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009.02.09 18:13:36 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.09.26 03:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008.09.25 19:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008.09.25 19:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008.09.23 12:18:52 | 000,365,904 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008.09.11 13:52:52 | 000,237,650 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe
PRC - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe
PRC - [2008.06.16 08:03:20 | 000,075,008 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.21 04:23:52 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2007.04.19 16:45:10 | 000,074,672 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
PRC - [2007.04.19 16:44:12 | 000,058,288 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
PRC - [2007.04.19 16:43:42 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxczcoms.exe
PRC - [2006.11.02 14:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.04 16:24:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Björn\Desktop\MFTools\OTL.exe
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008.01.21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.05.11 16:51:12 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.03.30 12:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.02.04 14:57:44 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.04.07 09:39:44 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.02.09 18:14:02 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009.02.09 18:14:02 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2008.09.23 12:18:52 | 000,365,904 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.09.11 13:52:52 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe -- (STacSV)
SRV - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe -- (AESTFilters)
SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.04.19 16:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.12.12 03:55:49 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.11.08 20:50:42 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.11.08 20:50:42 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.09.23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.08.28 02:48:58 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\Windows\System32\SVKP.sys -- (SVKP)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.07 09:39:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.03.20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.03.20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009.03.20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.10.22 06:50:46 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.10.22 06:50:46 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.10.22 06:50:46 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008.09.26 03:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008.09.13 09:13:00 | 007,391,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.09.11 13:54:44 | 000,389,120 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.08.29 01:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.08.06 05:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.07.22 17:42:34 | 000,123,904 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.07.21 12:53:02 | 000,100,184 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.04.29 03:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008.04.15 09:05:58 | 000,011,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mo3Fltr.sys -- (Mo3Fltr)
DRV - [2008.03.27 13:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008.03.27 13:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.18 13:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2005.02.11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaze.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://fullarticles.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaze.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.07.14 17:28:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.14 17:27:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.14 17:29:52 | 000,000,000 | ---D | M]
 
[2010.02.20 16:18:27 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\mozilla\Extensions
[2010.08.04 21:46:06 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\mozilla\Firefox\Profiles\1o9f872f.default\extensions
[2010.05.31 20:44:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Björn\AppData\Roaming\mozilla\Firefox\Profiles\1o9f872f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.20 11:39:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Björn\AppData\Roaming\mozilla\Firefox\Profiles\1o9f872f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\Mozilla\FireFox\Profiles\1o9f872f.default\searchplugins\conduit.xml
[2010.08.02 20:32:11 | 000,000,950 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\Mozilla\FireFox\Profiles\1o9f872f.default\searchplugins\icqplugin-1.xml
[2010.06.21 10:11:12 | 000,000,950 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\Mozilla\FireFox\Profiles\1o9f872f.default\searchplugins\icqplugin-2.xml
[2010.08.04 10:54:11 | 000,000,950 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\Mozilla\FireFox\Profiles\1o9f872f.default\searchplugins\icqplugin-3.xml
[2010.05.29 11:14:06 | 000,001,056 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\Mozilla\FireFox\Profiles\1o9f872f.default\searchplugins\icqplugin.xml
[2010.08.04 16:03:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.04 16:03:59 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.06.02 12:20:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll (BitComet)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaze.dll (Conduit Ltd.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Eazel-DE Toolbar) - {69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5} - C:\Program Files\Eazel-DE\tbEaze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Lexmark 1200 Series] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SteelSeries World of Warcraft MMO Gaming Mouse] C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AARC] C:\Users\Björn\Documents\System\update.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKCU..\Run: [NVIDIA driver monitor] C:\Users\Public\nvsvc32.exe ()
O4 - HKCU..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Alles mit BitComet herunterladen - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Alle &Filme mit BitComet herunterladen - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Björn\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Mit BitComet herunter&laden - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.36.0.cab (Battlefield Heroes Updater)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Björn\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Björn\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.08.04 16:27:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.08.04 16:27:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010.08.04 16:25:41 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\Malwarebytes
[2010.08.04 16:25:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.04 16:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.04 16:25:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.04 16:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.04 16:24:45 | 000,000,000 | ---D | C] -- C:\Users\Björn\Desktop\MFTools
[2010.08.04 16:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.08.04 16:03:24 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010.08.04 15:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.08.04 15:49:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.08.03 20:46:47 | 000,000,000 | ---D | C] -- C:\Users\Björn\Documents\Meine empfangenen Dateien
[2010.08.01 22:19:09 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll
[2010.08.01 22:19:09 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll
[2010.08.01 22:19:05 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2010.08.01 22:19:05 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll
[2010.08.01 22:19:03 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010.08.01 21:59:37 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\Youtube Downloader HD
[2010.08.01 21:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Youtube Downloader HD
[2010.08.01 21:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\Winload
[2010.07.31 19:12:20 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\SteelSeries
[2010.07.31 19:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\SteelSeries
[2010.07.14 17:30:28 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Local\Real
[2010.07.14 17:26:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010.07.14 17:25:37 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010.07.13 21:41:03 | 000,000,000 | ---D | C] -- C:\Fraps
[2010.07.09 18:36:37 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\WeGame
[2010.07.06 14:06:03 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\Publish Providers
[2010.07.06 13:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2010.07.06 13:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010.07.06 13:07:36 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\Sony
[2010.07.06 13:07:36 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Local\Sony
[2010.07.05 23:41:55 | 000,000,000 | ---D | C] -- C:\Users\Björn\Desktop\Movie
[2010.07.05 23:03:50 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\Xfire
[2010.07.05 23:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2010.07.05 23:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\Xfire
[2010.06.30 12:57:12 | 000,000,000 | ---D | C] -- C:\Users\Björn\Documents\BioWare
[2010.06.30 12:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mass Effect 2
[2010.06.30 12:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare
[2010.06.23 18:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010.06.22 20:02:07 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\vlc
[2010.06.21 21:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\GameSpy Arcade
[2010.06.20 12:51:30 | 000,000,000 | ---D | C] -- C:\Users\Björn\Desktop\Machinim
[2010.06.20 11:50:01 | 000,000,000 | ---D | C] -- C:\Users\Björn\Desktop\Old School
[2010.06.20 11:39:55 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.15 18:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft Beta
[2010.05.26 10:05:59 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\DivX
[2010.05.26 10:05:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010.05.26 09:57:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010.05.26 09:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010.05.26 09:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.05.21 20:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ6Toolbar
[2010.05.21 20:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.05.21 20:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.2
[2010.05.19 09:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.05.11 13:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009.06.07 12:06:38 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll
[2009.06.07 12:06:38 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
[2009.06.07 12:06:38 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
[2009.06.07 12:06:38 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
[2009.06.07 12:06:38 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
[2009.06.07 12:06:38 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll
[2009.06.07 12:06:38 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
[2009.06.07 12:06:37 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
[2009.06.07 12:06:37 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
[2009.06.07 12:06:36 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
[2009.06.07 12:06:36 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
[2009.06.07 12:06:36 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
[2002.01.14 19:30:34 | 021,823,560 | ---- | C] (Microsoft) -- C:\Program Files\dotnetfx.exe
 
========== Files - Modified Within 90 Days ==========
 
[2010.08.05 01:14:48 | 000,967,410 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.05 01:14:48 | 000,699,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.05 01:14:48 | 000,235,002 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.05 01:14:48 | 000,203,114 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.05 01:14:48 | 000,005,548 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.05 01:13:06 | 005,767,168 | -HS- | M] () -- C:\Users\Björn\NTUSER.DAT
[2010.08.05 01:09:43 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.08.05 01:08:33 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.05 01:08:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.05 01:08:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.05 01:08:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.05 01:08:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.05 01:08:04 | 3186,577,408 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.05 01:08:03 | 161,709,401 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.08.04 22:53:56 | 000,524,288 | -HS- | M] () -- C:\Users\Björn\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.04 22:53:56 | 000,065,536 | -HS- | M] () -- C:\Users\Björn\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.04 22:53:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.08.04 22:53:40 | 002,556,435 | -H-- | M] () -- C:\Users\Björn\AppData\Local\IconCache.db
[2010.08.04 22:08:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.04 16:47:49 | 000,000,176 | ---- | M] () -- C:\Users\Björn\defogger_reenable
[2010.08.04 16:27:27 | 000,000,873 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010.08.04 16:27:23 | 000,000,674 | ---- | M] () -- C:\Users\Björn\Desktop\ERUNT.lnk
[2010.08.04 16:25:33 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.04 16:24:49 | 000,050,477 | ---- | M] () -- C:\Users\Björn\Desktop\defogger.exe
[2010.08.04 16:24:48 | 000,284,915 | ---- | M] () -- C:\Users\Björn\Desktop\Gmer.zip
[2010.08.04 16:03:29 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.08.04 15:49:08 | 000,001,015 | ---- | M] () -- C:\Users\Björn\Desktop\Spybot - Search & Destroy.lnk
[2010.08.04 13:58:01 | 000,000,797 | ---- | M] () -- C:\Users\Björn\Documents\Meine freigegebenen Ordner.lnk
[2010.08.04 10:36:29 | 000,316,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.01 21:59:33 | 000,000,872 | ---- | M] () -- C:\Users\Björn\Desktop\Youtube Downloader HD.lnk
[2010.08.01 21:20:27 | 000,076,224 | ---- | M] () -- C:\Users\Björn\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.07.29 20:56:24 | 000,000,190 | ---- | M] () -- C:\Windows\lexstat.ini
[2010.07.29 12:26:57 | 000,001,666 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\wklnhst.dat
[2010.07.28 15:25:14 | 000,001,032 | ---- | M] () -- C:\Users\Björn\Desktop\DVDVideoSoft Free Studio.lnk
[2010.07.15 20:21:05 | 000,001,740 | ---- | M] () -- C:\Users\Public\Desktop\Ultimate-Coop.lnk
[2010.07.15 19:21:35 | 000,138,168 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.07.15 19:20:18 | 000,189,472 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.07.14 17:28:04 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.07.14 17:25:37 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010.07.13 21:48:59 | 000,041,472 | ---- | M] () -- C:\Users\Björn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.13 21:41:05 | 000,000,514 | ---- | M] () -- C:\Users\Björn\Desktop\Fraps.lnk
[2010.07.12 15:11:39 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.07.11 23:18:25 | 000,001,432 | ---- | M] () -- C:\Users\Björn\Desktop\DivX Movies.lnk
[2010.07.11 23:17:36 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.07.09 21:00:32 | 000,041,872 | ---- | M] () -- C:\Windows\System32\xfcodec.dll
[2010.07.06 16:13:07 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.07.05 23:03:45 | 000,000,760 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk
[2010.07.04 02:44:59 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Driver Fetch.job
[2010.07.03 13:44:46 | 000,000,825 | ---- | M] () -- C:\Users\Björn\Desktop\World of Warcraft.lnk
[2010.07.02 12:45:02 | 000,000,206 | ---- | M] () -- C:\Users\Björn\Desktop\CD-Laufwerk - Verknüpfung.lnk
[2010.06.22 20:00:58 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.06.22 19:57:34 | 019,473,201 | ---- | M] () -- C:\Users\Björn\Documents\vlc-1.1.1-win32.exe
[2010.06.15 20:03:15 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft Beta.lnk
[2010.06.10 13:46:22 | 000,012,288 | ---- | M] () -- C:\Users\Björn\Desktop\Gericht.wps
[2010.05.26 10:05:33 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.05.21 15:26:37 | 000,029,398 | ---- | M] () -- C:\Users\Björn\Documents\ts3_clientui-win32-11239-2010-05-21 15_26_33.711000.dmp
[2010.05.15 00:25:22 | 043,219,440 | ---- | M] () -- C:\Users\Björn\Desktop\Stevinho_2010_05_14_23_25_15.mp3
[2010.05.14 23:13:33 | 138,569,583 | ---- | M] () -- C:\Users\Björn\Desktop\Stevinho_2010_05_14_20_00_35.mp3
 
========== Files Created - No Company Name ==========
 
[2010.08.05 01:08:04 | 3186,577,408 | -HS- | C] () -- C:\hiberfil.sys
[2010.08.04 16:58:56 | 000,293,376 | ---- | C] () -- C:\Users\Björn\Desktop\gmer.exe
[2010.08.04 16:47:34 | 000,000,176 | ---- | C] () -- C:\Users\Björn\defogger_reenable
[2010.08.04 16:27:27 | 000,000,873 | ---- | C] () -- C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010.08.04 16:27:23 | 000,000,674 | ---- | C] () -- C:\Users\Björn\Desktop\ERUNT.lnk
[2010.08.04 16:25:33 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.04 16:24:49 | 000,050,477 | ---- | C] () -- C:\Users\Björn\Desktop\defogger.exe
[2010.08.04 16:24:48 | 000,284,915 | ---- | C] () -- C:\Users\Björn\Desktop\Gmer.zip
[2010.08.04 16:03:29 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.08.04 15:49:08 | 000,001,015 | ---- | C] () -- C:\Users\Björn\Desktop\Spybot - Search & Destroy.lnk
[2010.08.04 13:58:01 | 000,000,797 | ---- | C] () -- C:\Users\Björn\Documents\Meine freigegebenen Ordner.lnk
[2010.08.01 22:19:05 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.08.01 21:59:33 | 000,000,872 | ---- | C] () -- C:\Users\Björn\Desktop\Youtube Downloader HD.lnk
[2010.07.31 19:10:29 | 000,011,136 | ---- | C] () -- C:\Windows\System32\drivers\Mo3Fltr.sys
[2010.07.15 20:21:05 | 000,001,740 | ---- | C] () -- C:\Users\Public\Desktop\Ultimate-Coop.lnk
[2010.07.14 17:28:04 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.07.13 21:41:05 | 000,000,514 | ---- | C] () -- C:\Users\Björn\Desktop\Fraps.lnk
[2010.07.11 23:17:36 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.07.09 21:00:32 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010.07.05 23:03:45 | 000,000,760 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk
[2010.07.02 12:45:02 | 000,000,206 | ---- | C] () -- C:\Users\Björn\Desktop\CD-Laufwerk - Verknüpfung.lnk
[2010.06.22 20:00:58 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.06.22 19:57:02 | 019,473,201 | ---- | C] () -- C:\Users\Björn\Documents\vlc-1.1.1-win32.exe
[2010.06.20 11:39:40 | 000,001,032 | ---- | C] () -- C:\Users\Björn\Desktop\DVDVideoSoft Free Studio.lnk
[2010.06.15 20:03:54 | 000,003,842 | ---- | C] () -- C:\ProgramData\driverinfo.txt
[2010.06.15 18:45:17 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft Beta.lnk
[2010.06.09 14:02:07 | 000,012,288 | ---- | C] () -- C:\Users\Björn\Desktop\Gericht.wps
[2010.05.26 10:06:17 | 000,001,432 | ---- | C] () -- C:\Users\Björn\Desktop\DivX Movies.lnk
[2010.05.26 10:05:33 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.05.21 15:26:33 | 000,029,398 | ---- | C] () -- C:\Users\Björn\Documents\ts3_clientui-win32-11239-2010-05-21 15_26_33.711000.dmp
[2010.05.11 13:12:30 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.01.14 21:52:45 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll
[2010.01.14 21:52:44 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll
[2010.01.14 20:30:08 | 000,004,940 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2010.01.13 19:27:18 | 000,000,039 | ---- | C] () -- C:\Windows\dellstat.ini
[2010.01.13 16:22:31 | 000,000,190 | ---- | C] () -- C:\Windows\lexstat.ini
[2009.11.30 01:46:32 | 001,073,152 | ---- | C] () -- C:\Windows\System32\libmysql_c.dll
[2009.11.28 22:41:18 | 000,138,168 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.11.28 22:41:18 | 000,138,056 | ---- | C] () -- C:\Users\Björn\AppData\Roaming\PnkBstrK.sys
[2009.11.08 19:22:21 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.11.08 19:22:21 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.11.04 14:01:45 | 000,001,666 | ---- | C] () -- C:\Users\Björn\AppData\Roaming\wklnhst.dat
[2009.11.03 21:46:03 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009.09.30 12:45:19 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009.09.30 12:45:19 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.08.07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.05.30 23:39:35 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009.05.30 23:39:35 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009.05.30 23:39:35 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009.05.30 22:49:48 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.05.26 20:44:44 | 000,041,472 | ---- | C] () -- C:\Users\Björn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.25 21:38:25 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.05.25 21:38:20 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.05.25 21:04:54 | 000,000,000 | ---- | C] () -- C:\Users\Björn\AppData\Local\QSwitch.txt
[2009.05.25 21:04:54 | 000,000,000 | ---- | C] () -- C:\Users\Björn\AppData\Local\DSwitch.txt
[2009.05.25 21:04:54 | 000,000,000 | ---- | C] () -- C:\Users\Björn\AppData\Local\AtStart.txt
[2009.03.13 10:47:56 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009.03.13 10:47:47 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009.03.13 10:47:26 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009.03.13 10:46:51 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009.03.13 10:45:08 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2008.10.21 22:42:19 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008.10.21 22:38:30 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008.10.21 22:37:14 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008.10.21 22:36:19 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.02.07 18:58:12 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007.01.22 10:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxczcoin.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.06.07 14:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
[2006.03.27 13:19:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll
[2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006.03.07 12:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
[2006.01.30 21:42:22 | 000,000,270 | ---- | C] () -- C:\Windows\System32\lxczcoin.ini
[2006.01.10 18:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
[2006.01.10 18:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll
 
========== LOP Check ==========
 
[2010.01.12 03:42:35 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\.minecraft
[2009.05.26 17:00:27 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Acreon
[2010.07.29 10:58:56 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\BitComet
[2009.09.05 01:02:04 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009.12.13 05:38:34 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\DAEMON Tools Lite
[2010.06.20 11:39:55 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.08.04 04:17:31 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\FloodLightGames
[2010.07.30 15:10:58 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\ICQ
[2009.08.04 01:20:33 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2009.06.05 18:56:01 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2009.08.10 01:22:36 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\muvee Technologies
[2009.09.30 12:48:39 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\PC Suite
[2009.05.28 17:15:43 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\PlayFirst
[2010.07.06 14:06:03 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Publish Providers
[2009.09.30 12:45:12 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Samsung
[2010.07.06 16:18:26 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Sony
[2009.08.04 03:02:53 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\SPORE Creature Creator
[2010.07.31 19:12:20 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\SteelSeries
[2009.11.04 14:01:52 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Template
[2010.07.17 00:19:32 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\TS3Client
[2009.07.20 18:08:51 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Ubisoft
[2010.07.09 18:36:37 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\WeGame
[2009.05.25 23:57:38 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\WildTangent
[2009.11.09 00:17:44 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\XRay Engine
[2010.08.01 22:05:37 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Youtube Downloader HD
[2010.07.04 02:44:59 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\Driver Fetch.job
[2010.08.04 22:53:50 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 492 bytes -> C:\ProgramData\Temp:05EE1EEF
< End of report >
         
--- --- ---

Alt 05.09.2010, 08:30   #5
chrash
 
Skype Virus - Standard

Skype Virus



Extra LogOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 05.08.2010 01:13:12 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Björn\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454,56 Gb Total Space | 155,09 Gb Free Space | 34,12% Space Free | Partition Type: NTFS
Drive D: | 11,20 Gb Total Space | 1,84 Gb Free Space | 16,46% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BJÖRN-PC
Current User Name: Björn
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{041B8753-2D8A-4881-8587-945DCEF6EEE7}" = lport=65535 | protocol=6 | dir=in | name=bitcomet | 
"{04552F0C-EDB8-4235-BE3A-FB8B50DA5C89}" = lport=50003 | protocol=6 | dir=in | name=wowdownlaoder | 
"{0F4F0AA6-F924-4234-9FA0-31371FC7074A}" = lport=8098 | protocol=6 | dir=in | name=hdr sum 2 adh11 | 
"{1CD665DB-F21E-434B-B32A-A9E0A2CA8FD1}" = lport=60001 | protocol=6 | dir=in | name=bitcomet1 | 
"{31AB2683-B441-4F70-9FC9-7EB3E336EDA7}" = lport=60004 | protocol=6 | dir=in | name=bitcomet5 | 
"{371032DF-C1AA-4F6E-938D-CF12416A60D0}" = lport=50005 | protocol=6 | dir=in | name=wowdownlaoder | 
"{3FC93E87-F242-4973-8F99-D76B664E2549}" = rport=138 | protocol=17 | dir=out | app=system | 
"{46148B60-9FA4-4F28-8DA5-539371B4B02E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4B84621C-4A34-49AE-A9B2-AE3FA9843B71}" = lport=8093 | protocol=6 | dir=in | name=hdr sum 2 adh6 | 
"{58582F40-2E10-4CA3-9A6C-540708655577}" = lport=8097 | protocol=6 | dir=in | name=hdr sum 2 adh10 | 
"{5869D978-0B63-4CC4-B39B-735CE86D4A2B}" = lport=8092 | protocol=6 | dir=in | name=hdr sum 2 adh5 | 
"{5D0E98E4-710B-4885-B559-3B1C3B69336C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{635627B0-268E-40E0-935A-EC73B797C492}" = lport=3724 | protocol=6 | dir=in | name=wow | 
"{640CA683-E858-4075-B378-067032EE2AFC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{67EC2063-44E0-48CA-B36C-434BA98AD1FD}" = lport=60000 | protocol=6 | dir=in | name=bitcomet2 | 
"{73200B60-7BEC-44A7-AC35-661B4AA378C5}" = lport=60005 | protocol=6 | dir=in | name=bitcomet | 
"{77677EC5-EC6F-49C5-A91B-3A941F0B2C8A}" = lport=8095 | protocol=6 | dir=in | name=hdr sum 2 adh8 | 
"{7E69BF62-161B-472B-9932-6D9BC3064200}" = lport=12027 | protocol=6 | dir=in | name=bitcomet | 
"{90129A70-ACED-4F9A-9A4A-A990C60C2F9E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{961F06DC-B54A-4E8E-AA1E-0F5A0F586209}" = lport=50002 | protocol=6 | dir=in | name=wowdownlaoder | 
"{9E726FF2-61E7-405D-B0F7-567306735964}" = lport=50000 | protocol=6 | dir=in | name=wowdownlaoder | 
"{A2CB6567-3CA6-4862-9EF9-E2375A02D59B}" = lport=50001 | protocol=6 | dir=in | name=wowdownlaoder | 
"{A4A9E3A7-FDFC-4FCA-A464-DD00EF29071F}" = lport=8089 | protocol=6 | dir=in | name=hdr sum 2 adh1 | 
"{A5757777-D0EB-4D5D-9644-3D866FC6D7DF}" = lport=8090 | protocol=6 | dir=in | name=hdr sum 2 adh3 | 
"{A680725F-D614-4DA4-A46B-4577E264BEAD}" = lport=6112 | protocol=6 | dir=in | name=wow1 | 
"{B1C59F8A-EE62-43D6-B29D-FEDE353C451C}" = lport=50004 | protocol=6 | dir=in | name=wowdownlaoder | 
"{B67F0ACD-0C3B-4D79-86C1-A185142B4EC8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B9BBA7E4-A2A3-4B1A-A2C2-6FA3A51B9BB2}" = lport=60003 | protocol=6 | dir=in | name=bitcomet4 | 
"{CF9DE968-3EE6-421A-B999-A2542E62D4C4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D493AAC1-73D3-4284-9387-3DDC26C95BD7}" = lport=8096 | protocol=6 | dir=in | name=hdr sum 2 adh9 | 
"{D62D89C6-FCDD-4099-AEFF-10AEE4199FBE}" = lport=21021 | protocol=6 | dir=in | name=bitvomet2 | 
"{D8236EBD-92F6-4EAF-9BBA-38804EFD5CBE}" = lport=8091 | protocol=6 | dir=in | name=hdr sum 2 adh4 | 
"{DA5C7B44-C38C-4943-A9B3-9ECC6A670E48}" = lport=138 | protocol=17 | dir=in | app=system | 
"{DCB4378C-F25B-4F1C-8993-5BE9F30CEED2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E001DD58-17D0-402C-8AD4-72D183AF5A10}" = lport=8100 | protocol=6 | dir=in | name=hdr sum 2 adh13 | 
"{EB8CAABC-6386-4856-97B2-94B3D6FB436D}" = lport=8099 | protocol=6 | dir=in | name=hdr sum 2 adh12 | 
"{EDAE20C6-2270-4F60-88BF-A8EFEADCE297}" = lport=60002 | protocol=6 | dir=in | name=bitcomet3 | 
"{F092318A-F12A-47A8-8199-72DABC0A5C91}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F19239FC-3A5C-41B3-85B2-23D4BB70AE36}" = lport=8094 | protocol=6 | dir=in | name=hdr sum 2 adh7 | 
"{F59FCC13-0818-490C-867D-6562C70E9688}" = lport=8088 | protocol=6 | dir=in | name=hdr sum 2 adh | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0290123C-6247-42B7-93C2-365D77A19A3F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{03FD839C-8A85-4F93-B215-A6472E3685F5}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{072BA6D8-E63B-4C03-9B42-60CAFA677E44}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{08178135-8B98-4450-BFD1-4470BDFC1A92}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{0BA57BBB-E036-48F2-9D7C-89BEC2B9DD57}" = protocol=17 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{0DAF7D01-9AC0-4342-BB16-587021CE1EE0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{102EA5BB-BCCD-439F-AE15-3D7CD5AF2CFC}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\king_boernar_one\counter-strike\hl.exe | 
"{14D7B948-3BCF-4C2E-B123-EB1982736704}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{1536F827-89AB-4029-950C-D5B1F5964D29}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\king_boernar_one\deathmatch classic\hl.exe | 
"{172FB860-2EA2-415E-94AD-D2C28BC12500}" = dir=in | app=c:\program files\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat | 
"{1AF30E7B-B762-42A7-8A81-09D9C2879FFD}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe | 
"{1E7D581E-A217-4B4F-B420-8F187E67191F}" = protocol=17 | dir=in | app=c:\program files\world of warcraft beta\launcher.exe | 
"{1ECCB3D7-145B-4A8D-8A16-BC5340363D46}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{1ECE8C64-08F1-4E9D-A60F-D62111BDC069}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\king_boernar_one\counter-strike\hl.exe | 
"{2321EB84-3FB3-4D7A-A630-E7E55B69ACD0}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{23920524-D9B6-4D66-980F-E548FE9E1DFE}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{2628E076-5CDB-43AC-A89B-95F4D3E54316}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{282A505F-B637-473D-BF27-BD868816EE98}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{2DA0D189-3ADD-4191-9D1B-926301DA1086}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{3161B4B9-AE3D-4BB3-9156-33598731AAE9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{321D783F-5AB2-491B-84D2-FA2DFF505EC4}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{381C1CCC-EF70-4B20-B71F-1BB0DD1F63C9}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qp.exe | 
"{3FBB468F-A1DC-466F-98AD-987985412BFD}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe | 
"{425ED314-7CBF-4E95-A3D0-C3F137E99D79}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{445F88B9-DD95-43E1-A6D5-F0EEC1F38FDD}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{453C247F-F305-4849-B43D-5BF861E71FA6}" = protocol=6 | dir=in | app=c:\program files\world of warcraft beta\launcher.exe | 
"{4765F7A8-312E-4627-8B4F-ED868A27628D}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{4DEEDF2A-8ADD-4AB8-A9F2-430C29D39131}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{4F219F3A-50CA-4BC4-9FA9-2979B21D738A}" = protocol=17 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\lotrbfme2ep1.exe | 
"{5A8609A8-EAC8-4DE2-9C7B-546B61C332DC}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qpservice.exe | 
"{6089CC86-7280-4E3D-ACFC-0D141EE24172}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{62044337-0E36-4A43-859A-6439E69BDEBA}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe | 
"{69AD05EF-8FC7-4FD4-88F4-6A10065015E8}" = protocol=6 | dir=in | app=c:\program files\deep silver\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe | 
"{71CF66DA-C9AD-4D04-BD5C-82B74C9B6599}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{73988392-7734-4DEF-AFAA-27C9A211390E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{78801CB8-268C-4BBB-875F-5D4EE14C3AF4}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe | 
"{78B16CFC-110A-4E87-B4AA-1F76CA5BBCBD}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{7F852EB4-0041-444F-8CF9-F32F8513CF68}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{80F902C9-55F3-4941-AE92-9345E5E4C339}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{85CEA917-067B-446F-A934-AF35E5FCBDBF}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{8A032486-5186-4BD6-B08B-94DDFD324B43}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{8AEE9F92-9083-4B6B-85B0-EBCB8E538541}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe | 
"{8ECFC225-9643-4F05-BE64-03ACB3EA5F71}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{9A5A6688-FA20-4BFC-9F72-0696C20AAF0C}" = protocol=17 | dir=in | app=c:\program files\deep silver\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe | 
"{A35CE006-BD03-4401-A280-D1E584A967D6}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe | 
"{A3E56163-6191-4CCB-8C2F-9847C36F5192}" = protocol=6 | dir=in | app=c:\program files\deep silver\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe | 
"{A49A320D-23F8-463B-BE56-210183844A97}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A49AE740-BA5E-4509-8D57-004B52557D60}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{A5AF4E47-65AC-4AA9-98C7-34E3CE59F71F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{A665D95E-3497-4F98-9328-E02CC996C2B6}" = protocol=17 | dir=in | app=c:\program files\deep silver\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe | 
"{A6F11AA6-E159-4BF9-8E1F-B1E9F51E2AB4}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{A7CB4C27-CC8D-4AF3-ABFF-9B3571DBAE3F}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{AC00DB30-F21B-4436-909E-C739467887A4}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{AE72BB3A-ADFA-4408-9AF2-0CCD1414AD12}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{B8C3BB70-B056-4CD3-A921-5A78E91180AF}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{BD063326-FCEB-4BE3-80D5-77634291EE2A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{C5207E45-3C82-4708-8273-C64CDC740167}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{C5E67140-6B33-4262-8F6E-10161501B749}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\king_boernar_one\deathmatch classic\hl.exe | 
"{CAA0B5E6-3715-4F8D-ACDE-DB31D6F65DCA}" = protocol=6 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{CE7A75D2-1464-408A-B5C8-B7A77CE9D583}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{D6F84346-B513-465D-BF02-461C4280D254}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{D928935D-480B-47DB-B8A4-8CF8D3B2171B}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{DBDD43B5-B099-404E-B084-1D006A622A49}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{DE0F0D39-3100-4393-9847-12BB7136342A}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"{DEAAA573-8F03-46D2-ABC0-BB35132FDA51}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe | 
"{E0D320B7-E618-4661-A208-44DF5D645FE1}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{E35FFCA6-447F-4A29-953D-D6BCF647B95E}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe | 
"{E73EAC38-7190-498B-AE4C-D71060F007EB}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{E964CE82-A7B4-4AD2-9F07-C8EAECEAA071}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"{E9E6FCE8-EE1E-4713-BB5F-6D158C315974}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{ED98AB37-C31F-47C7-AE54-198103A442BB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EE0ED61F-F912-4DCB-A623-71A11FAB3CA1}" = protocol=6 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\lotrbfme2ep1.exe | 
"{EF89B128-D5D5-4B0F-8DBD-9488FBC3DE56}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{F39A5B53-0481-450B-B579-B9E45AE385C8}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{FAE18D54-D498-4812-8326-AA49FAAEFD48}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"TCP Query User{0571BBEA-81EB-4D96-95CC-1F859CD5ECA2}C:\program files\world of warcraft beta\wow-4.0.0.12164-to-4.0.0.12232-dede-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft beta\wow-4.0.0.12164-to-4.0.0.12232-dede-downloader.exe | 
"TCP Query User{0583DD99-07FD-41C6-9152-0E754FD276E9}C:\program files\world of warcraft beta\wow-4.0.0.12065-to-4.0.0.12122-dede-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft beta\wow-4.0.0.12065-to-4.0.0.12122-dede-downloader.exe | 
"TCP Query User{0BCC0A77-54BC-4462-BD58-63E7233AC498}C:\users\björn\desktop\krimskrams\l4d2.exe\left.4.dead.2.working.demo-steamless\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\björn\desktop\krimskrams\l4d2.exe\left.4.dead.2.working.demo-steamless\left4dead2.exe | 
"TCP Query User{0FA230EE-B7A6-4945-BCB5-D1AAAD2F9209}C:\program files\ea games\battlefield 2\bf2voipserver.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2voipserver.exe | 
"TCP Query User{117E7F17-2941-4872-A8E4-36B74F0080BC}C:\program files\ea games\battlefield 2\bf2_w32ded.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2_w32ded.exe | 
"TCP Query User{122A0319-ADFC-44B9-9743-258E9D835C51}C:\program files\valve\steam\steamapps\king_boernar_one\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\king_boernar_one\counter-strike\hl.exe | 
"TCP Query User{16B5B38B-0F42-4F49-8AC0-EA97B5F8E18A}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe | 
"TCP Query User{2565AC98-F859-4325-B224-70DDC0B1A485}C:\users\björn\desktop\l4d2.exe\left.4.dead.2.working.demo-steamless\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\björn\desktop\l4d2.exe\left.4.dead.2.working.demo-steamless\left4dead2.exe | 
"TCP Query User{2632EEAC-1FF3-4846-A05E-1CD429F7F301}C:\users\björn\desktop\l4d2.exe\left.4.dead.2.working.demo-steamless\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\björn\desktop\l4d2.exe\left.4.dead.2.working.demo-steamless\left4dead2.exe | 
"TCP Query User{298EC5DE-F030-409B-84FE-73769D660550}C:\users\björn\downloads\wow_cataclysm_beta_dede.exe" = protocol=6 | dir=in | app=c:\users\björn\downloads\wow_cataclysm_beta_dede.exe | 
"TCP Query User{2C4281A9-00B7-4384-BB13-DFFFD4FA500F}C:\program files\world of warcraft beta\wow-4.0.0.12266-to-4.0.0.12319-dede-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft beta\wow-4.0.0.12266-to-4.0.0.12319-dede-downloader.exe | 
"TCP Query User{315089B5-FCF2-4FEE-8224-6F69EDF9E29E}C:\program files\world of warcraft beta\wow-4.0.0.12232-to-4.0.0.12266-dede-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft beta\wow-4.0.0.12232-to-4.0.0.12266-dede-downloader.exe | 
"TCP Query User{33C27919-BFE9-4ECA-913A-4CCDCC8C2898}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{468E0EE0-E1DF-41A3-894F-C85D11EE3A7C}C:\program files\world of warcraft beta\wow-4.0.0.12025-to-4.0.0.12065-dede-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft beta\wow-4.0.0.12025-to-4.0.0.12065-dede-downloader.exe | 
"TCP Query User{4AE639C4-10CF-4AA5-A6A7-646A88BEC2AD}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{4D7C18DA-EEC4-4763-9947-E5B5575E0E6B}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe | 
"TCP Query User{4DC17050-C1A0-4B77-90F6-8F0D403EF003}C:\program files\valve\steam\steamapps\king_boernar_one\condition zero\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\king_boernar_one\condition zero\hl.exe | 
"TCP Query User{529962AA-407C-41F0-A775-656AEFF722A2}C:\program files\world of warcraft beta\wow-4.0.0.12539-dede-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft beta\wow-4.0.0.12539-dede-downloader.exe | 
"TCP Query User{5772811E-EC8D-4FF5-9B80-9565E850E36A}C:\program files\world of warcraft beta\wow-4.0.0.12319-to-4.0.0.12479-dede-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft beta\wow-4.0.0.12319-to-4.0.0.12479-dede-downloader.exe | 
"TCP Query User{5E3DC51A-01E5-4577-B16C-5F4CF80CD658}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | 
"TCP Query User{60ED7EBA-0832-490A-86C4-AE13FEEE831A}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{6852F3A8-071B-44B1-8611-4510E9337FA2}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{6A595C5C-62CD-4E8F-8294-AA9811F4B520}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{6DB69788-EDA3-4187-BF5A-4E9B1FABD9D0}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"TCP Query User{6F24857A-6F9A-4479-968B-87A1A9D9F496}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{834EE6FE-95CD-40F4-8F4A-18B8292ECAEA}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{95D8AD27-E6A3-4877-B963-26437B435790}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{99D0AC4C-9A49-4E37-8462-896098E1B875}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{9B2E7CC3-BD28-4B2A-935B-A13E3614E506}C:\users\björn\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\björn\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe | 
"TCP Query User{9B661795-93A5-46D3-A238-14D2B6B923EA}C:\users\björn\desktop\bf2 sp hack\dead space\deadspace.exe" = protocol=6 | dir=in | app=c:\users\björn\desktop\bf2 sp hack\dead space\deadspace.exe | 
"TCP Query User{9E41134B-7CEE-4994-B568-46B86484169F}C:\program files\ea games\battlefield 2\bf2_w32ded.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2_w32ded.exe | 
"TCP Query User{A91CE3F3-5111-4F88-A911-F401793F5B91}C:\program files\electronic arts\die schlacht um mittelerde ii\patchget.dat" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\patchget.dat | 
"TCP Query User{BCF7C17E-9FC9-4035-95F4-A531428474C8}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"TCP Query User{C7B88659-056B-462A-8236-50AF6F685A94}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | 
"TCP Query User{DE15D98E-29C8-4F11-8698-F121BBA187AA}C:\users\björn\desktop\deadspace.exe" = protocol=6 | dir=in | app=c:\users\björn\desktop\deadspace.exe | 
"TCP Query User{E0809172-4517-4376-8D09-554DE1C2B8AF}C:\program files\world of warcraft beta\wow-4.0.0.12122-to-4.0.0.12164-dede-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft beta\wow-4.0.0.12122-to-4.0.0.12164-dede-downloader.exe | 
"TCP Query User{E3500B38-C386-450A-81D6-3990CA617E37}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=6 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe | 
"TCP Query User{E572AEAC-8894-4F39-AD0F-111B455F94DA}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"TCP Query User{EA2AACEE-726B-41BF-8086-3129ADB58877}C:\users\björn\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(2).exe" = protocol=6 | dir=in | app=c:\users\björn\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(2).exe | 
"TCP Query User{EDC1CE90-B88F-4E2F-AF89-6D233F343C3F}C:\program files\valve\steam\steamapps\king_boernar_one\condition zero\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\king_boernar_one\condition zero\hl.exe | 
"TCP Query User{F1F3E223-7E4C-4958-BE0C-8620C93531DA}C:\program files\novo's easy wow server\0.3.4\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=c:\program files\novo's easy wow server\0.3.4\udrive\usr\local\mysql\bin\mysqld-opt.exe | 
"TCP Query User{F6399347-827E-4CBD-857F-A27BED37C4F7}C:\program files\ea games\battlefield 2\bf2voipserver_w32ded.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2voipserver_w32ded.exe | 
"TCP Query User{FFC7C78F-071B-43A9-AF6E-7873D2A53D6A}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe | 
"UDP Query User{0B404EDF-ECDC-4341-943F-ABADFE0E773C}C:\program files\world of warcraft beta\wow-4.0.0.12065-to-4.0.0.12122-dede-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft beta\wow-4.0.0.12065-to-4.0.0.12122-dede-downloader.exe | 
"UDP Query User{11010F3A-18DA-4716-A02C-97DE74D58A5D}C:\program files\valve\steam\steamapps\king_boernar_one\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\king_boernar_one\counter-strike\hl.exe | 
"UDP Query User{15B92534-B8E1-4453-AC1E-C160F1AA9D79}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{16D3EB45-5F14-4C2F-8F71-04CA3CC17E5E}C:\program files\world of warcraft beta\wow-4.0.0.12164-to-4.0.0.12232-dede-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft beta\wow-4.0.0.12164-to-4.0.0.12232-dede-downloader.exe | 
"UDP Query User{1BAAC89B-B587-4DDD-BCE4-2A6A11C1AE9A}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{21B6041B-C5F9-4423-9622-7A28D83D6813}C:\users\björn\desktop\l4d2.exe\left.4.dead.2.working.demo-steamless\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\björn\desktop\l4d2.exe\left.4.dead.2.working.demo-steamless\left4dead2.exe | 
"UDP Query User{23A43207-4BFF-418C-BC84-B7EC0E45B824}C:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"UDP Query User{30E4BE24-1708-49ED-8A04-B060B9D4EA1E}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{363AD18D-4796-48A7-95DB-22979CC70D5B}C:\users\björn\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\björn\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe | 
"UDP Query User{3CE9170F-374F-4268-84B0-8884828405C6}C:\program files\ea games\battlefield 2\bf2voipserver.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2voipserver.exe | 
"UDP Query User{46BBA3F9-EEF3-4CC5-98DC-8D374B561F59}C:\users\björn\downloads\wow_cataclysm_beta_dede.exe" = protocol=17 | dir=in | app=c:\users\björn\downloads\wow_cataclysm_beta_dede.exe | 
"UDP Query User{4D6C30E0-D272-4BBC-B205-9D3DFB02BAEB}C:\program files\lionhead studios ltd\black & white\runblack.exe" = protocol=17 | dir=in | app=c:\program files\lionhead studios ltd\black & white\runblack.exe | 
"UDP Query User{4D8775B5-54AA-4768-98F4-B7D55376BC64}C:\users\björn\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(2).exe" = protocol=17 | dir=in | app=c:\users\björn\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(2).exe | 
"UDP Query User{527E3BFA-95FB-4BF5-8E88-5210CE1D3824}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{58B9AEE8-7E5D-466A-ABD6-058E42157081}C:\program files\world of warcraft beta\wow-4.0.0.12122-to-4.0.0.12164-dede-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft beta\wow-4.0.0.12122-to-4.0.0.12164-dede-downloader.exe | 
"UDP Query User{64EFC31D-02ED-4A2D-8367-B18A6ADDA04B}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe | 
"UDP Query User{651F839A-8500-4901-AC62-68BD9DE2A692}C:\users\björn\desktop\l4d2.exe\left.4.dead.2.working.demo-steamless\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\björn\desktop\l4d2.exe\left.4.dead.2.working.demo-steamless\left4dead2.exe | 
"UDP Query User{6E81F4BB-992B-4466-AAD6-A026C19BFD35}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | 
"UDP Query User{79777BE3-B06A-4BDC-9D58-F012E592D576}C:\program files\ea games\battlefield 2\bf2_w32ded.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2_w32ded.exe | 
"UDP Query User{7BB3DE6A-9F0F-4E4D-88DE-D63679AD6E04}C:\program files\world of warcraft beta\wow-4.0.0.12266-to-4.0.0.12319-dede-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft beta\wow-4.0.0.12266-to-4.0.0.12319-dede-downloader.exe | 
"UDP Query User{8E7B5328-01B9-4E9F-97BB-76A74361557D}C:\users\björn\desktop\krimskrams\l4d2.exe\left.4.dead.2.working.demo-steamless\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\björn\desktop\krimskrams\l4d2.exe\left.4.dead.2.working.demo-steamless\left4dead2.exe | 
"UDP Query User{90A459B6-5554-46D4-BD5E-CFD1A5FB4B1B}C:\program files\valve\steam\steamapps\king_boernar_one\condition zero\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\king_boernar_one\condition zero\hl.exe | 
"UDP Query User{91F3D2C6-0915-496D-948B-EB4A683DDD3F}C:\program files\ea games\battlefield 2\bf2voipserver_w32ded.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2voipserver_w32ded.exe | 
"UDP Query User{92DABB2E-C906-4618-9151-02B6B8638B69}C:\program files\world of warcraft beta\wow-4.0.0.12232-to-4.0.0.12266-dede-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft beta\wow-4.0.0.12232-to-4.0.0.12266-dede-downloader.exe | 
"UDP Query User{9573F0D6-1435-4D5A-AF36-C4864E9151FF}C:\users\björn\desktop\deadspace.exe" = protocol=17 | dir=in | app=c:\users\björn\desktop\deadspace.exe | 
"UDP Query User{95742509-B071-411A-801E-5196ABBC9DEA}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"UDP Query User{A89924B4-0FEB-4C2B-8944-A03104754A7B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{A9AACBE3-33E2-4109-95A1-30602E296E1E}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | 
"UDP Query User{AACAE313-7F27-40B6-9237-6C8662A8ACCA}C:\users\björn\desktop\bf2 sp hack\dead space\deadspace.exe" = protocol=17 | dir=in | app=c:\users\björn\desktop\bf2 sp hack\dead space\deadspace.exe | 
"UDP Query User{AFD9CABB-1430-4472-B20D-E328DF9AD50C}C:\program files\world of warcraft beta\wow-4.0.0.12025-to-4.0.0.12065-dede-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft beta\wow-4.0.0.12025-to-4.0.0.12065-dede-downloader.exe | 
"UDP Query User{B4D562A7-5062-4252-B0B3-28F620140ED8}C:\program files\world of warcraft beta\wow-4.0.0.12319-to-4.0.0.12479-dede-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft beta\wow-4.0.0.12319-to-4.0.0.12479-dede-downloader.exe | 
"UDP Query User{C254E029-E41B-4F1D-9A4B-736AF0614CC2}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"UDP Query User{C682958F-DF0D-45D1-A20B-E218ECF25838}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe | 
"UDP Query User{C849E993-B585-41F2-9D84-1273275DF784}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{CC4C8260-F360-468D-97F5-588B1C105FBA}C:\program files\valve\steam\steamapps\king_boernar_one\condition zero\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\king_boernar_one\condition zero\hl.exe | 
"UDP Query User{D2426D9F-F7C4-45F1-89D2-14FAFCDCE5B7}C:\program files\ea games\battlefield 2\bf2_w32ded.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2_w32ded.exe | 
"UDP Query User{DA9CC698-6913-4BCC-8738-8BFC6C7BEB28}C:\program files\electronic arts\die schlacht um mittelerde ii\patchget.dat" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\patchget.dat | 
"UDP Query User{E557975B-D4C8-4778-A464-10762EEACAD4}C:\program files\novo's easy wow server\0.3.4\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=c:\program files\novo's easy wow server\0.3.4\udrive\usr\local\mysql\bin\mysqld-opt.exe | 
"UDP Query User{ED138A1B-C7EF-40DC-8BC4-CB8650C801B9}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{EE4B972F-9E87-4446-9947-C23D4632AAC1}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{F2482AE6-6106-4C90-8239-F5CC876229EE}C:\program files\world of warcraft beta\wow-4.0.0.12539-dede-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft beta\wow-4.0.0.12539-dede-downloader.exe | 
"UDP Query User{F9C6A7D9-2694-478D-96D0-52039DBB1F9E}C:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.0.10958-to-3.3.0.11159-dede-downloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}" = HP User Guides 0129
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24E85B9C-6E60-4723-89CC-71B66881A020}" = BF2 Editor
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{92510C2A-30E3-4F8D-AE8A-93AB7B63EE8F}" = Gothic II Gold
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C9DF0468-5F31-4799-B4FE-CBAD37FFB8DE}" = World of Warcraft MMO Gaming Mouse
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}" = Black and White
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EFC5939F-470F-454E-B3DA-F51FDD83F6CE}" = HP MediaSmart SmartMenu
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Toolbar" = AOL Toolbar 5.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BF2SP64" = BF2SP64
"BitComet" = BitComet 1.20
"CCleaner" = CCleaner
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX-Setup
"Eazel-DE Toolbar" = Eazel-DE Toolbar
"ERUNT_is1" = ERUNT 1.1j
"FC48FCA50073F28F7ABD65882D3757CA8E041DD9" = Windows Driver Package - SteelSeries (HidUsb) HIDClass  (11/06/2008 1.0.0.0)
"FFOLKES Unlocks123 mod v1.4.1" = FFOLKES Unlocks123 mod v1.4.1
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"GameSpy Arcade" = GameSpy Arcade
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LameACM" = Lame ACM MP3 Codec
"Lexmark 1200 Series" = Lexmark 1200 Series
"LHTTSENG" = L&H TTS3000 British English
"LHTTSGED" = L&H TTS3000 Deutsch
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.7)" = Mozilla Firefox (3.6.7)
"NVIDIA Drivers" = NVIDIA Drivers
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"S.T.A.L.K.E.R. - Clear Sky_is1" = S.T.A.L.K.E.R. - Clear Sky
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Steam App 40" = Deathmatch Classic
"Steam App 590" = Left 4 Dead 2 Demo
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Ultimate-Coop 1.0_is1" = Ultimate-Coop 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WildTangent hp Master Uninstall" = My HP Games
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
"Xfire" = Xfire (remove only)
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"CreepSmash.com" = CreepSmash.com
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"www.mondgesaenge.de - G2ADB" = Gothic II Addon-Datenbank
"www.mondgesaenge.de - MDB" = Marvin Datenbank
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 04.08.2010 11:11:52 | Computer Name = Björn-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.08.2010 11:17:36 | Computer Name = Björn-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.08.2010 11:17:36 | Computer Name = Björn-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 04.08.2010 11:17:54 | Computer Name = Björn-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.08.2010 11:18:53 | Computer Name = Björn-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 04.08.2010 11:18:56 | Computer Name = Björn-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 04.08.2010 11:21:44 | Computer Name = Björn-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 04.08.2010 11:21:44 | Computer Name = Björn-PC | Source = LoadPerf | ID = 3012
Description = 
 
Error - 04.08.2010 11:21:44 | Computer Name = Björn-PC | Source = LoadPerf | ID = 3011
Description = 
 
Error - 04.08.2010 11:25:10 | Computer Name = Björn-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 13.09.2009 08:24:39 | Computer Name = Björn-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD Host Controller" (PCI\VEN_197B&DEV_2381&SUBSYS_30F4103C&REV_00\4&120488ab&0&02E4)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 13.09.2009 08:24:39 | Computer Name = Björn-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_30F4103C&REV_00\4&120488ab&0&03E4)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 13.09.2009 08:24:39 | Computer Name = Björn-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_30F4103C&REV_00\4&120488ab&0&04E4)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 13.09.2009 08:59:42 | Computer Name = Björn-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 13.09.2009 um 14:25:43 unerwartet heruntergefahren.
 
Error - 13.09.2009 08:59:46 | Computer Name = Björn-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 13.09.2009 09:00:29 | Computer Name = Björn-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.09.2009 09:04:28 | Computer Name = Björn-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD/MMC Host Controller" (PCI\VEN_197B&DEV_2382&SUBSYS_30F4103C&REV_00\4&120488ab&0&01E4)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 13.09.2009 09:04:29 | Computer Name = Björn-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD Host Controller" (PCI\VEN_197B&DEV_2381&SUBSYS_30F4103C&REV_00\4&120488ab&0&02E4)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 13.09.2009 09:04:29 | Computer Name = Björn-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_30F4103C&REV_00\4&120488ab&0&03E4)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 13.09.2009 09:04:29 | Computer Name = Björn-PC | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_30F4103C&REV_00\4&120488ab&0&04E4)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
 
< End of report >
         
--- --- ---


Alt 05.09.2010, 08:32   #6
chrash
 
Skype Virus - Standard

Skype Virus



Otl LogOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.08.2010 01:13:12 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Björn\Desktop\MFTools
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454,56 Gb Total Space | 155,09 Gb Free Space | 34,12% Space Free | Partition Type: NTFS
Drive D: | 11,20 Gb Total Space | 1,84 Gb Free Space | 16,46% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BJÖRN-PC
Current User Name: Björn
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.04 16:24:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Björn\Desktop\MFTools\OTL.exe
PRC - [2010.08.03 20:46:32 | 000,063,488 | RHS- | M] () -- C:\Users\Public\nvsvc32.exe
PRC - [2010.07.14 17:25:24 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010.06.21 10:09:52 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.03.30 12:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.02.04 14:57:44 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.05.27 18:26:07 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009.04.07 09:39:44 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009.02.27 16:10:18 | 000,299,008 | ---- | M] () -- C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
PRC - [2009.02.09 18:14:02 | 000,296,320 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009.02.09 18:14:02 | 000,116,096 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009.02.09 18:13:36 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.09.26 03:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008.09.25 19:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008.09.25 19:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008.09.23 12:18:52 | 000,365,904 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008.09.11 13:52:52 | 000,237,650 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe
PRC - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe
PRC - [2008.06.16 08:03:20 | 000,075,008 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.21 04:23:52 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2007.04.19 16:45:10 | 000,074,672 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
PRC - [2007.04.19 16:44:12 | 000,058,288 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
PRC - [2007.04.19 16:43:42 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxczcoms.exe
PRC - [2006.11.02 14:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.04 16:24:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Björn\Desktop\MFTools\OTL.exe
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008.01.21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.05.11 16:51:12 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.03.30 12:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.02.04 14:57:44 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.04.07 09:39:44 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.02.09 18:14:02 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009.02.09 18:14:02 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2008.09.23 12:18:52 | 000,365,904 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.09.11 13:52:52 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe -- (STacSV)
SRV - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe -- (AESTFilters)
SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.04.19 16:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.12.12 03:55:49 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.11.08 20:50:42 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.11.08 20:50:42 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.09.23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.08.28 02:48:58 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\Windows\System32\SVKP.sys -- (SVKP)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.07 09:39:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.03.20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.03.20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009.03.20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.10.22 06:50:46 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.10.22 06:50:46 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.10.22 06:50:46 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008.09.26 03:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008.09.13 09:13:00 | 007,391,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.09.11 13:54:44 | 000,389,120 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.08.29 01:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.08.06 05:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.07.22 17:42:34 | 000,123,904 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.07.21 12:53:02 | 000,100,184 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.04.29 03:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008.04.15 09:05:58 | 000,011,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Mo3Fltr.sys -- (Mo3Fltr)
DRV - [2008.03.27 13:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008.03.27 13:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.18 13:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2005.02.11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaze.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://fullarticles.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaze.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.07.14 17:28:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.14 17:27:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.14 17:29:52 | 000,000,000 | ---D | M]
 
[2010.02.20 16:18:27 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\mozilla\Extensions
[2010.08.04 21:46:06 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\mozilla\Firefox\Profiles\1o9f872f.default\extensions
[2010.05.31 20:44:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Björn\AppData\Roaming\mozilla\Firefox\Profiles\1o9f872f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.20 11:39:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Björn\AppData\Roaming\mozilla\Firefox\Profiles\1o9f872f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\Mozilla\FireFox\Profiles\1o9f872f.default\searchplugins\conduit.xml
[2010.08.02 20:32:11 | 000,000,950 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\Mozilla\FireFox\Profiles\1o9f872f.default\searchplugins\icqplugin-1.xml
[2010.06.21 10:11:12 | 000,000,950 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\Mozilla\FireFox\Profiles\1o9f872f.default\searchplugins\icqplugin-2.xml
[2010.08.04 10:54:11 | 000,000,950 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\Mozilla\FireFox\Profiles\1o9f872f.default\searchplugins\icqplugin-3.xml
[2010.05.29 11:14:06 | 000,001,056 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\Mozilla\FireFox\Profiles\1o9f872f.default\searchplugins\icqplugin.xml
[2010.08.04 16:03:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.04 16:03:59 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.06.02 12:20:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll (BitComet)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaze.dll (Conduit Ltd.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Program Files\Eazel-DE\tbEaze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Eazel-DE Toolbar) - {69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5} - C:\Program Files\Eazel-DE\tbEaze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Lexmark 1200 Series] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SteelSeries World of Warcraft MMO Gaming Mouse] C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AARC] C:\Users\Björn\Documents\System\update.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe File not found
O4 - HKCU..\Run: [NVIDIA driver monitor] C:\Users\Public\nvsvc32.exe ()
O4 - HKCU..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Alles mit BitComet herunterladen - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Alle &Filme mit BitComet herunterladen - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Björn\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Mit BitComet herunter&laden - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.27.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.36.0.cab (Battlefield Heroes Updater)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Björn\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Björn\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.08.04 16:27:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.08.04 16:27:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010.08.04 16:25:41 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\Malwarebytes
[2010.08.04 16:25:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.04 16:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.04 16:25:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.04 16:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.04 16:24:45 | 000,000,000 | ---D | C] -- C:\Users\Björn\Desktop\MFTools
[2010.08.04 16:03:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.08.04 16:03:24 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010.08.04 15:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.08.04 15:49:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.08.03 20:46:47 | 000,000,000 | ---D | C] -- C:\Users\Björn\Documents\Meine empfangenen Dateien
[2010.08.01 22:19:09 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll
[2010.08.01 22:19:09 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll
[2010.08.01 22:19:05 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2010.08.01 22:19:05 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll
[2010.08.01 22:19:03 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010.08.01 21:59:37 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\Youtube Downloader HD
[2010.08.01 21:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Youtube Downloader HD
[2010.08.01 21:59:09 | 000,000,000 | ---D | C] -- C:\Program Files\Winload
[2010.07.31 19:12:20 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\SteelSeries
[2010.07.31 19:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\SteelSeries
[2010.07.14 17:30:28 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Local\Real
[2010.07.14 17:26:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010.07.14 17:25:37 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010.07.13 21:41:03 | 000,000,000 | ---D | C] -- C:\Fraps
[2010.07.09 18:36:37 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\WeGame
[2010.07.06 14:06:03 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\Publish Providers
[2010.07.06 13:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2010.07.06 13:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010.07.06 13:07:36 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\Sony
[2010.07.06 13:07:36 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Local\Sony
[2010.07.05 23:41:55 | 000,000,000 | ---D | C] -- C:\Users\Björn\Desktop\Movie
[2010.07.05 23:03:50 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\Xfire
[2010.07.05 23:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2010.07.05 23:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\Xfire
[2010.06.30 12:57:12 | 000,000,000 | ---D | C] -- C:\Users\Björn\Documents\BioWare
[2010.06.30 12:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mass Effect 2
[2010.06.30 12:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare
[2010.06.23 18:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010.06.22 20:02:07 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\vlc
[2010.06.21 21:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\GameSpy Arcade
[2010.06.20 12:51:30 | 000,000,000 | ---D | C] -- C:\Users\Björn\Desktop\Machinim
[2010.06.20 11:50:01 | 000,000,000 | ---D | C] -- C:\Users\Björn\Desktop\Old School
[2010.06.20 11:39:55 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.15 18:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\World of Warcraft Beta
[2010.05.26 10:05:59 | 000,000,000 | ---D | C] -- C:\Users\Björn\AppData\Roaming\DivX
[2010.05.26 10:05:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010.05.26 09:57:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010.05.26 09:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010.05.26 09:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.05.21 20:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ6Toolbar
[2010.05.21 20:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.05.21 20:09:53 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.2
[2010.05.19 09:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.05.11 13:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009.06.07 12:06:38 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll
[2009.06.07 12:06:38 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
[2009.06.07 12:06:38 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
[2009.06.07 12:06:38 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
[2009.06.07 12:06:38 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
[2009.06.07 12:06:38 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll
[2009.06.07 12:06:38 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
[2009.06.07 12:06:37 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
[2009.06.07 12:06:37 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
[2009.06.07 12:06:36 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
[2009.06.07 12:06:36 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
[2009.06.07 12:06:36 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
[2002.01.14 19:30:34 | 021,823,560 | ---- | C] (Microsoft) -- C:\Program Files\dotnetfx.exe
 
========== Files - Modified Within 90 Days ==========
 
[2010.08.05 01:14:48 | 000,967,410 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.05 01:14:48 | 000,699,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.05 01:14:48 | 000,235,002 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.05 01:14:48 | 000,203,114 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.05 01:14:48 | 000,005,548 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.05 01:13:06 | 005,767,168 | -HS- | M] () -- C:\Users\Björn\NTUSER.DAT
[2010.08.05 01:09:43 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.08.05 01:08:33 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.05 01:08:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.05 01:08:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.05 01:08:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.05 01:08:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.05 01:08:04 | 3186,577,408 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.05 01:08:03 | 161,709,401 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.08.04 22:53:56 | 000,524,288 | -HS- | M] () -- C:\Users\Björn\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.04 22:53:56 | 000,065,536 | -HS- | M] () -- C:\Users\Björn\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.04 22:53:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.08.04 22:53:40 | 002,556,435 | -H-- | M] () -- C:\Users\Björn\AppData\Local\IconCache.db
[2010.08.04 22:08:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.04 16:47:49 | 000,000,176 | ---- | M] () -- C:\Users\Björn\defogger_reenable
[2010.08.04 16:27:27 | 000,000,873 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010.08.04 16:27:23 | 000,000,674 | ---- | M] () -- C:\Users\Björn\Desktop\ERUNT.lnk
[2010.08.04 16:25:33 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.04 16:24:49 | 000,050,477 | ---- | M] () -- C:\Users\Björn\Desktop\defogger.exe
[2010.08.04 16:24:48 | 000,284,915 | ---- | M] () -- C:\Users\Björn\Desktop\Gmer.zip
[2010.08.04 16:03:29 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.08.04 15:49:08 | 000,001,015 | ---- | M] () -- C:\Users\Björn\Desktop\Spybot - Search & Destroy.lnk
[2010.08.04 13:58:01 | 000,000,797 | ---- | M] () -- C:\Users\Björn\Documents\Meine freigegebenen Ordner.lnk
[2010.08.04 10:36:29 | 000,316,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.01 21:59:33 | 000,000,872 | ---- | M] () -- C:\Users\Björn\Desktop\Youtube Downloader HD.lnk
[2010.08.01 21:20:27 | 000,076,224 | ---- | M] () -- C:\Users\Björn\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.07.29 20:56:24 | 000,000,190 | ---- | M] () -- C:\Windows\lexstat.ini
[2010.07.29 12:26:57 | 000,001,666 | ---- | M] () -- C:\Users\Björn\AppData\Roaming\wklnhst.dat
[2010.07.28 15:25:14 | 000,001,032 | ---- | M] () -- C:\Users\Björn\Desktop\DVDVideoSoft Free Studio.lnk
[2010.07.15 20:21:05 | 000,001,740 | ---- | M] () -- C:\Users\Public\Desktop\Ultimate-Coop.lnk
[2010.07.15 19:21:35 | 000,138,168 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.07.15 19:20:18 | 000,189,472 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.07.14 17:28:04 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.07.14 17:25:37 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010.07.13 21:48:59 | 000,041,472 | ---- | M] () -- C:\Users\Björn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.13 21:41:05 | 000,000,514 | ---- | M] () -- C:\Users\Björn\Desktop\Fraps.lnk
[2010.07.12 15:11:39 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.07.11 23:18:25 | 000,001,432 | ---- | M] () -- C:\Users\Björn\Desktop\DivX Movies.lnk
[2010.07.11 23:17:36 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.07.09 21:00:32 | 000,041,872 | ---- | M] () -- C:\Windows\System32\xfcodec.dll
[2010.07.06 16:13:07 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.07.05 23:03:45 | 000,000,760 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk
[2010.07.04 02:44:59 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Driver Fetch.job
[2010.07.03 13:44:46 | 000,000,825 | ---- | M] () -- C:\Users\Björn\Desktop\World of Warcraft.lnk
[2010.07.02 12:45:02 | 000,000,206 | ---- | M] () -- C:\Users\Björn\Desktop\CD-Laufwerk - Verknüpfung.lnk
[2010.06.22 20:00:58 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.06.22 19:57:34 | 019,473,201 | ---- | M] () -- C:\Users\Björn\Documents\vlc-1.1.1-win32.exe
[2010.06.15 20:03:15 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft Beta.lnk
[2010.06.10 13:46:22 | 000,012,288 | ---- | M] () -- C:\Users\Björn\Desktop\Gericht.wps
[2010.05.26 10:05:33 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.05.21 15:26:37 | 000,029,398 | ---- | M] () -- C:\Users\Björn\Documents\ts3_clientui-win32-11239-2010-05-21 15_26_33.711000.dmp
[2010.05.15 00:25:22 | 043,219,440 | ---- | M] () -- C:\Users\Björn\Desktop\Stevinho_2010_05_14_23_25_15.mp3
[2010.05.14 23:13:33 | 138,569,583 | ---- | M] () -- C:\Users\Björn\Desktop\Stevinho_2010_05_14_20_00_35.mp3
 
========== Files Created - No Company Name ==========
 
[2010.08.05 01:08:04 | 3186,577,408 | -HS- | C] () -- C:\hiberfil.sys
[2010.08.04 16:58:56 | 000,293,376 | ---- | C] () -- C:\Users\Björn\Desktop\gmer.exe
[2010.08.04 16:47:34 | 000,000,176 | ---- | C] () -- C:\Users\Björn\defogger_reenable
[2010.08.04 16:27:27 | 000,000,873 | ---- | C] () -- C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010.08.04 16:27:23 | 000,000,674 | ---- | C] () -- C:\Users\Björn\Desktop\ERUNT.lnk
[2010.08.04 16:25:33 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.04 16:24:49 | 000,050,477 | ---- | C] () -- C:\Users\Björn\Desktop\defogger.exe
[2010.08.04 16:24:48 | 000,284,915 | ---- | C] () -- C:\Users\Björn\Desktop\Gmer.zip
[2010.08.04 16:03:29 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.08.04 15:49:08 | 000,001,015 | ---- | C] () -- C:\Users\Björn\Desktop\Spybot - Search & Destroy.lnk
[2010.08.04 13:58:01 | 000,000,797 | ---- | C] () -- C:\Users\Björn\Documents\Meine freigegebenen Ordner.lnk
[2010.08.01 22:19:05 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.08.01 21:59:33 | 000,000,872 | ---- | C] () -- C:\Users\Björn\Desktop\Youtube Downloader HD.lnk
[2010.07.31 19:10:29 | 000,011,136 | ---- | C] () -- C:\Windows\System32\drivers\Mo3Fltr.sys
[2010.07.15 20:21:05 | 000,001,740 | ---- | C] () -- C:\Users\Public\Desktop\Ultimate-Coop.lnk
[2010.07.14 17:28:04 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2010.07.13 21:41:05 | 000,000,514 | ---- | C] () -- C:\Users\Björn\Desktop\Fraps.lnk
[2010.07.11 23:17:36 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.07.09 21:00:32 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010.07.05 23:03:45 | 000,000,760 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk
[2010.07.02 12:45:02 | 000,000,206 | ---- | C] () -- C:\Users\Björn\Desktop\CD-Laufwerk - Verknüpfung.lnk
[2010.06.22 20:00:58 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010.06.22 19:57:02 | 019,473,201 | ---- | C] () -- C:\Users\Björn\Documents\vlc-1.1.1-win32.exe
[2010.06.20 11:39:40 | 000,001,032 | ---- | C] () -- C:\Users\Björn\Desktop\DVDVideoSoft Free Studio.lnk
[2010.06.15 20:03:54 | 000,003,842 | ---- | C] () -- C:\ProgramData\driverinfo.txt
[2010.06.15 18:45:17 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft Beta.lnk
[2010.06.09 14:02:07 | 000,012,288 | ---- | C] () -- C:\Users\Björn\Desktop\Gericht.wps
[2010.05.26 10:06:17 | 000,001,432 | ---- | C] () -- C:\Users\Björn\Desktop\DivX Movies.lnk
[2010.05.26 10:05:33 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.05.21 15:26:33 | 000,029,398 | ---- | C] () -- C:\Users\Björn\Documents\ts3_clientui-win32-11239-2010-05-21 15_26_33.711000.dmp
[2010.05.11 13:12:30 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.01.14 21:52:45 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll
[2010.01.14 21:52:44 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll
[2010.01.14 20:30:08 | 000,004,940 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2010.01.13 19:27:18 | 000,000,039 | ---- | C] () -- C:\Windows\dellstat.ini
[2010.01.13 16:22:31 | 000,000,190 | ---- | C] () -- C:\Windows\lexstat.ini
[2009.11.30 01:46:32 | 001,073,152 | ---- | C] () -- C:\Windows\System32\libmysql_c.dll
[2009.11.28 22:41:18 | 000,138,168 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.11.28 22:41:18 | 000,138,056 | ---- | C] () -- C:\Users\Björn\AppData\Roaming\PnkBstrK.sys
[2009.11.08 19:22:21 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.11.08 19:22:21 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.11.04 14:01:45 | 000,001,666 | ---- | C] () -- C:\Users\Björn\AppData\Roaming\wklnhst.dat
[2009.11.03 21:46:03 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009.09.30 12:45:19 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009.09.30 12:45:19 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.08.07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.05.30 23:39:35 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009.05.30 23:39:35 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009.05.30 23:39:35 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009.05.30 22:49:48 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.05.26 20:44:44 | 000,041,472 | ---- | C] () -- C:\Users\Björn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.25 21:38:25 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.05.25 21:38:20 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.05.25 21:04:54 | 000,000,000 | ---- | C] () -- C:\Users\Björn\AppData\Local\QSwitch.txt
[2009.05.25 21:04:54 | 000,000,000 | ---- | C] () -- C:\Users\Björn\AppData\Local\DSwitch.txt
[2009.05.25 21:04:54 | 000,000,000 | ---- | C] () -- C:\Users\Björn\AppData\Local\AtStart.txt
[2009.03.13 10:47:56 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009.03.13 10:47:47 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009.03.13 10:47:26 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009.03.13 10:46:51 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009.03.13 10:45:08 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2008.10.21 22:42:19 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008.10.21 22:38:30 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008.10.21 22:37:14 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008.10.21 22:36:19 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.02.07 18:58:12 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007.01.22 10:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxczcoin.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.06.07 14:23:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
[2006.03.27 13:19:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll
[2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006.03.07 12:59:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
[2006.01.30 21:42:22 | 000,000,270 | ---- | C] () -- C:\Windows\System32\lxczcoin.ini
[2006.01.10 18:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
[2006.01.10 18:11:06 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll
 
========== LOP Check ==========
 
[2010.01.12 03:42:35 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\.minecraft
[2009.05.26 17:00:27 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Acreon
[2010.07.29 10:58:56 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\BitComet
[2009.09.05 01:02:04 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009.12.13 05:38:34 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\DAEMON Tools Lite
[2010.06.20 11:39:55 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.08.04 04:17:31 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\FloodLightGames
[2010.07.30 15:10:58 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\ICQ
[2009.08.04 01:20:33 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2009.06.05 18:56:01 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2009.08.10 01:22:36 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\muvee Technologies
[2009.09.30 12:48:39 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\PC Suite
[2009.05.28 17:15:43 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\PlayFirst
[2010.07.06 14:06:03 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Publish Providers
[2009.09.30 12:45:12 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Samsung
[2010.07.06 16:18:26 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Sony
[2009.08.04 03:02:53 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\SPORE Creature Creator
[2010.07.31 19:12:20 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\SteelSeries
[2009.11.04 14:01:52 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Template
[2010.07.17 00:19:32 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\TS3Client
[2009.07.20 18:08:51 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Ubisoft
[2010.07.09 18:36:37 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\WeGame
[2009.05.25 23:57:38 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\WildTangent
[2009.11.09 00:17:44 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\XRay Engine
[2010.08.01 22:05:37 | 000,000,000 | ---D | M] -- C:\Users\Björn\AppData\Roaming\Youtube Downloader HD
[2010.07.04 02:44:59 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\Driver Fetch.job
[2010.08.04 22:53:50 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 492 bytes -> C:\ProgramData\Temp:05EE1EEF
< End of report >
         
--- --- ---

Alt 05.09.2010, 14:24   #7
chrash
 
Skype Virus - Standard

Skype Virus



Ich habe jetzt nochmal Spy Bot und Malwarebytes durchlaufen lassen erfand einen Trojaner Namens Virtumonde.sdn ich habe ihn gelöscht und CC Cleaner durchlaufen lassen und danach noch Malwarebytes

Hier der Log dazu

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

05.08.2010 15:20:28
mbam-log-2010-08-05 (15-20-28).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 120165
Laufzeit: 5 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 05.09.2010, 16:55   #8
chrash
 
Skype Virus - Standard

Skype Virus



Da ich ein schusselkopf bin
habe ich vergessen Malwarbytes zu aktualisieren

der Aktualisierte Log


Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4550

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

05.08.2010 17:42:55
mbam-log-2010-08-05 (17-42-55).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 136543
Laufzeit: 8 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
C:\Users\Public\nvsvc32.exe (Trojan.Agent) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nvidia driver monitor (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Public\nvsvc32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\dcomm.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\Björn\downloads\P1012438.JPG-www.facebook.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Antwort

Themen zu Skype Virus
antivir, autostart, beitrag, daemon, dauernd, disable, disabled, foto, freundin, gestern, langsam, link, maus, msn, problem, reboot, required, schnelle hilfe, sehr langsam, seite, skype, skype virus, spiel, spybot, tools, verückt, viren, virus




Ähnliche Themen: Skype Virus


  1. Skype Virus "Your skype does not support extended icons"
    Log-Analyse und Auswertung - 10.10.2014 (15)
  2. Skype Zertifikat Problem a248.e.akamai.net wegen Werbung in Skype?
    Plagegeister aller Art und deren Bekämpfung - 05.03.2014 (3)
  3. Skype.exe wird ausgeführt obwohl Skype gar nicht installiert ist
    Plagegeister aller Art und deren Bekämpfung - 28.01.2014 (4)
  4. Skype Virus
    Alles rund um Mac OSX & Linux - 27.06.2013 (8)
  5. Skype Virus
    Plagegeister aller Art und deren Bekämpfung - 07.06.2013 (69)
  6. Skype virus
    Log-Analyse und Auswertung - 23.05.2013 (61)
  7. Skype Virus
    Plagegeister aller Art und deren Bekämpfung - 22.05.2013 (11)
  8. Skype Virus
    Plagegeister aller Art und deren Bekämpfung - 22.04.2013 (3)
  9. Probleme mit Skype, Dev-C ++ und Internet, z.B. friert der Bildschirm während der Benutzung von Skype ein
    Plagegeister aller Art und deren Bekämpfung - 21.03.2013 (17)
  10. TR/Crypt.ZPACK.Gen2 Virus in Program Files (x86)/Skype/Phone/Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 10.03.2013 (1)
  11. TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe
    Log-Analyse und Auswertung - 27.02.2013 (15)
  12. Avira meldet: 'TR/Crypt.ZPACK.Gen2' [trojan] in der Datei 'C:\Program Files\Skype\Phone\Skype.exe'
    Plagegeister aller Art und deren Bekämpfung - 08.12.2012 (2)
  13. Skype Virus
    Plagegeister aller Art und deren Bekämpfung - 04.12.2012 (8)
  14. Virus in Skype
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (4)
  15. TR/Crypt.ZPACK.Gen2 in C:\Program Files\Skype\Phone\Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (2)
  16. TR/Crypt.ZPACK.Gen2 - in Programme/Skype/Phone/Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 12.10.2011 (9)
  17. TR/Crypt.XPACK.Gen in C:\Programme\Skype\Phone\Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 24.10.2010 (2)

Zum Thema Skype Virus - Hallo ich habe gestern von einer Freundin in Skype ein Link bekommen mit Foto "Link" ich habe diesen geöffnet und es kam eine MSN seite seit dem Spielt mein PC - Skype Virus...
Archiv
Du betrachtest: Skype Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.