| |
| |||||||
Log-Analyse und Auswertung: Ping zu hoch/ich vermute auf ein Wurm oder trojanWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.11.2010, 17:57
| #1 |
| |  Ping zu hoch/ich vermute auf ein Wurm oder trojan ich bin ein noob in sowas und deswegen frage ich euch! Mein ping war vor knapp ein monat auf 15 jetzt ist er dauerhaft zwischen 250- 500. ich denke ich habe mir ein wurm/trojan oder irgendwelche programme am laufen die mir den traffic verbrauchen. vielleicht kann mir ja einer helfen, da dies nun ziemlich nervt. würde mich daher um antworten sehr freuen. vielen dank schon mal für eure mühe. mfg Red Scorpion Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:47:24, on 04.11.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: D:\Windows\system32\taskhost.exe D:\Windows\system32\Dwm.exe D:\Windows\Explorer.EXE D:\Windows\System32\rundll32.exe D:\Program Files\Microsoft Security Essentials\msseces.exe S:\Installierte Programme\Software\set points\SetPointP\SetPoint.exe D:\Program Files\Windows Sidebar\sidebar.exe D:\Program Files\DNA\btdna.exe D:\Program Files\Pando Networks\Media Booster\PMB.exe D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe D:\Windows\system32\taskhost.exe D:\Windows\system32\cmd.exe D:\Windows\system32\conhost.exe D:\Programme\2. Software\TS3\ts3client_win32.exe D:\Programme\2. Software\Mozilla\firefox.exe D:\Programme\2. Software\Mozilla\plugin-container.exe D:\PROGRA~1\207B4~1.SOF\FREEDO~1\fdm.exe S:\Filme + Serien + Spiele + DL\Downloads\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - D:\Program Files\DVDVideoSoftTB\tbDVDV.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\2. Software\Office\Office12\GrooveShellExtensions.dll O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - D:\Program Files\DVDVideoSoftTB\tbDVDV.dll O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Programme\2. Software\Free Download Manager\iefdm2.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - D:\Program Files\DVDVideoSoftTB\tbDVDV.dll O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry O4 - HKLM\..\Run: [MSSE] "D:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [EvtMgr6] S:\Installierte Programme\Software\set points\SetPointP\SetPoint.exe /launchGaming O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [BitTorrent DNA] "D:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [Pando Media Booster] D:\Program Files\Pando Networks\Media Booster\PMB.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O8 - Extra context menu item: Alles mit FDM herunterladen - file://D:\Programme\2. Software\Free Download Manager\dlall.htm O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://D:\Programme\2. Software\Free Download Manager\dlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://D:\Programme\2. Software\Free Download Manager\dllink.htm O8 - Extra context menu item: Free YouTube Download - D:\Users\RedScorpions\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - D:\Users\RedScorpions\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~1\207B4~1.SOF\Office\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Videos mit FDM herunterladen - file://D:\Programme\2. Software\Free Download Manager\dlfvideo.htm O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\207B4~1.SOF\Office\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\207B4~1.SOF\Office\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\207B4~1.SOF\Office\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: d:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: d:\program files\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\2. Software\Office\Office12\GrooveSystemServices.dll O23 - Service: Apache2.2 - Apache Software Foundation - S:\Installierte Programme\XAMP\xampp\apache\bin\httpd.exe O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - S:\Installierte Programme\Software\cool temp\CPUCooL\CooLSrv.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - D:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - D:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - D:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - D:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - D:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - D:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: NMSAccessU - Unknown owner - D:\Programme\2. Software\CDBurnerXP\NMSAccessU.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - D:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - D:\Windows\system32\PnkBstrA.exe O23 - Service: Steam Client Service - Valve Corporation - D:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: @D:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - D:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe |
|
04.11.2010, 21:42
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Ping zu hoch/ich vermute auf ein Wurm oder trojan Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
05.11.2010, 16:59
| #3 |
| | Ping zu hoch/ich vermute auf ein Wurm oder trojan also ich habe das mal gemacht und hoffe das es richtig ist:
__________________Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4052 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 04.11.2010 18:51:47 mbam-log-2010-11-04 (18-51-47).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 125765 Laufzeit: 5 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) und das:OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.11.2010 19:20:06 - Run 2 OTL by OldTimer - Version 3.2.17.2 Folder = D:\Users\Public\Desktop\MFtools Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files Drive D: | 69,25 Gb Total Space | 14,88 Gb Free Space | 21,48% Space Free | Partition Type: NTFS Drive E: | 69,25 Gb Total Space | 16,58 Gb Free Space | 23,94% Space Free | Partition Type: NTFS Drive S: | 1397,26 Gb Total Space | 358,66 Gb Free Space | 25,67% Space Free | Partition Type: NTFS Computer Name: REDSCORPIONS-PC | User Name: RedScorpions | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.11.04 18:24:58 | 000,576,000 | ---- | M] (OldTimer Tools) -- D:\Users\Public\Desktop\MFtools\OTL.exe PRC - [2010.10.29 10:51:03 | 000,912,344 | ---- | M] (Mozilla Corporation) -- D:\Programme\2. Software\Mozilla\firefox.exe PRC - [2010.09.15 03:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Security Essentials\msseces.exe PRC - [2010.06.26 01:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- S:\Installierte Programme\Software\set points\SetPointP\SetPoint.exe PRC - [2010.06.22 20:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- D:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE PRC - [2010.03.30 10:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe PRC - [2010.03.28 22:37:35 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- D:\Program Files\DNA\btdna.exe PRC - [2010.03.25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Security Essentials\MsMpEng.exe PRC - [2010.01.03 19:28:18 | 000,118,784 | ---- | M] () -- S:\Installierte Programme\Software\cool temp\CPUCooL\CooLSRV.exe PRC - [2009.12.19 23:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- S:\Installierte Programme\XAMP\xampp\apache\bin\httpd.exe PRC - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () -- D:\Programme\2. Software\CDBurnerXP\NMSAccessU.exe PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- D:\Windows\explorer.exe PRC - [2009.10.16 22:59:34 | 000,822,088 | ---- | M] (TuneUp Software) -- D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2009.10.16 22:56:44 | 001,010,504 | ---- | M] (TuneUp Software) -- D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2009.07.22 16:54:14 | 000,081,920 | ---- | M] (Firebird Project) -- D:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe PRC - [2009.07.22 16:53:44 | 002,736,128 | ---- | M] (Firebird Project) -- D:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\taskhost.exe PRC - [2009.05.06 18:53:50 | 001,220,608 | ---- | M] (MAGIX AG) -- D:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2008.11.18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- D:\Program Files\Creative\Shared Files\CTAudSvc.exe ========== Modules (SafeList) ========== MOD - [2010.11.04 18:24:58 | 000,576,000 | ---- | M] (OldTimer Tools) -- D:\Users\Public\Desktop\MFtools\OTL.exe MOD - [2010.05.05 07:46:55 | 000,363,520 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\StructuredQuery.dll MOD - [2010.01.26 19:37:08 | 000,097,280 | ---- | M] (Microsoft Corporation) -- D:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll MOD - [2009.07.14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\rsaenh.dll MOD - [2009.07.14 02:16:19 | 000,237,568 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\WMASF.DLL MOD - [2009.07.14 02:16:19 | 000,156,160 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\winsta.dll MOD - [2009.07.14 02:16:19 | 000,047,104 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\wkscli.dll MOD - [2009.07.14 02:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\WindowsCodecs.dll MOD - [2009.07.14 02:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\thumbcache.dll MOD - [2009.07.14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\sspicli.dll MOD - [2009.07.14 02:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\srvcli.dll MOD - [2009.07.14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\slc.dll MOD - [2009.07.14 02:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\SearchFolder.dll MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\sechost.dll MOD - [2009.07.14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\samcli.dll MOD - [2009.07.14 02:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\RpcRtRemote.dll MOD - [2009.07.14 02:16:12 | 002,504,192 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\WMVCORE.DLL MOD - [2009.07.14 02:16:12 | 000,547,328 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\PortableDeviceApi.dll MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\profapi.dll MOD - [2009.07.14 02:16:11 | 000,069,120 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ntlanman.dll MOD - [2009.07.14 02:16:03 | 001,661,440 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\networkexplorer.dll MOD - [2009.07.14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\netutils.dll MOD - [2009.07.14 02:15:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mssprxy.dll MOD - [2009.07.14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\KernelBase.dll MOD - [2009.07.14 02:15:27 | 000,009,728 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\IconCodecService.dll MOD - [2009.07.14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\EhStorShell.dll MOD - [2009.07.14 02:15:14 | 000,128,512 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\EhStorAPI.dll MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\dwmapi.dll MOD - [2009.07.14 02:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\drprov.dll MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\devobj.dll MOD - [2009.07.14 02:15:08 | 000,077,824 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\davclnt.dll MOD - [2009.07.14 02:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\davhlpr.dll MOD - [2009.07.14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\cryptsp.dll MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\cryptbase.dll MOD - [2009.07.14 02:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\cscapi.dll MOD - [2009.07.14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\cfgmgr32.dll MOD - [2009.07.14 02:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\actxprxy.dll MOD - [2009.07.14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- D:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll MOD - [2009.07.14 02:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- D:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll MOD - [2009.06.10 22:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- D:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll MOD - [2009.03.06 04:33:26 | 000,961,888 | ---- | M] (Microsoft Corporation) -- D:\Programme\2. Software\Office\Office12\GrooveUtil.dll MOD - [2009.02.12 15:19:38 | 000,178,040 | ---- | M] (Microsoft Corporation) -- D:\Programme\2. Software\Office\Office12\GrooveSystemServices.dll MOD - [2009.02.12 15:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation) -- D:\Programme\2. Software\Office\Office12\GrooveShellExtensions.dll MOD - [2008.10.25 11:44:34 | 000,022,872 | ---- | M] (Microsoft Corporation) -- D:\Programme\2. Software\Office\Office12\GrooveNew.dll ========== Win32 Services (SafeList) ========== SRV - [2010.08.13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Stopped] -- D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.05.06 10:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- D:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ) SRV - [2010.03.30 10:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2010.03.25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc) SRV - [2010.03.25 00:32:36 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.02 15:26:49 | 000,326,792 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- D:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.01.25 19:00:01 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- D:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.01.24 15:15:51 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- D:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010.01.04 23:41:00 | 003,670,928 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- D:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2010.01.03 19:28:18 | 000,118,784 | ---- | M] () [Auto | Running] -- S:\Installierte Programme\Software\cool temp\CPUCooL\CooLSRV.exe -- (CPUCooLServer) SRV - [2009.12.19 23:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- S:\Installierte Programme\XAMP\xampp\apache\bin\httpd.exe -- (Apache2.2) SRV - [2009.11.12 13:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- D:\Programme\2. Software\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2009.10.16 22:56:44 | 001,010,504 | ---- | M] (TuneUp Software) [Auto | Running] -- D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2009.10.16 22:51:40 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- D:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2009.07.22 16:54:14 | 000,081,920 | ---- | M] (Firebird Project) [Auto | Running] -- D:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance) SRV - [2009.07.22 16:53:44 | 002,736,128 | ---- | M] (Firebird Project) [On_Demand | Running] -- D:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance) SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009.07.14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Windows\System32\umpo.dll -- (Power) SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009.07.14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- D:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009.07.14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- D:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009.07.14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009.07.14 02:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- D:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS) SRV - [2009.07.14 02:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2009.07.14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.07.14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- D:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009.07.14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV) SRV - [2009.07.14 02:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- D:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2009.05.06 18:53:50 | 001,220,608 | ---- | M] (MAGIX AG) [Unknown | Running] -- D:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.11.18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- D:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2008.10.25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programme\2. Software\Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- D:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- S:\Filme + Serien + Spiele + DL\Downloads\cabal_bot_&_rider_v1.04\cabal_bot_v1.04\NtProcDrv.sys -- (NTProcDrv) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Users\REDSCO~1\AppData\Local\Temp\jnv4_mib.sys -- (jnv4_mib) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Users\REDSCO~1\AppData\Local\Temp\FMG70E0.tmp -- (GarenaPEngine) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Users\REDSCO~1\AppData\Local\Temp\17728890.03- -- (ByakkoDriver) DRV - [2010.08.12 22:48:59 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- D:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.08.12 22:48:58 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- D:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.07.13 18:11:00 | 000,007,040 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- D:\Windows\System32\drivers\FNETURPX.SYS -- (FNETURPX) DRV - [2010.04.03 21:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.03.25 20:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- D:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2010.03.18 10:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2010.03.18 10:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2010.02.22 17:23:16 | 003,022,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2010.01.24 15:40:54 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- D:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.01.03 19:28:18 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- D:\Windows\System32\drivers\ntiopnp.sys -- (ntiopnp) DRV - [2010.01.03 19:28:18 | 000,011,392 | ---- | M] () [Kernel | System | Running] -- D:\Windows\System32\drivers\ntiomin.sys -- (ntiomin) DRV - [2009.12.19 17:11:38 | 000,249,888 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167) DRV - [2009.12.11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- D:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- D:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.10.14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009.09.23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.08.03 11:10:24 | 001,148,416 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\P17.sys -- (P17) DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009.07.14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009.07.14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- D:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009.07.14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- D:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- D:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009.07.14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- D:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- D:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- D:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009.07.14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- D:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- D:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- D:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- D:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- D:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009.07.14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci) DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009.07.14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009.07.14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009.07.14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- D:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- D:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009.07.14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009.07.13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) Brother WDM-Treiber (seriell) DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009.07.13 23:02:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2008.09.04 11:23:57 | 000,099,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- D:\Windows\System32\drivers\adfs.sys -- (adfs) DRV - [2008.07.21 13:11:58 | 000,024,392 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- D:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2006.12.28 06:50:26 | 000,016,000 | ---- | M] (Sonix Technology Co., Ltd.) [Kernel | On_Demand | Stopped] -- D:\Windows\System32\drivers\9kdUSBXP.sys -- (SNL320XP) DRV - [2005.12.12 20:12:01 | 000,049,664 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- D:\Windows\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x) DRV - [2005.11.03 15:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- D:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV - [2005.09.23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- D:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus) DRV - [2005.08.10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- D:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2005.05.16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- D:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - D:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 2F DB 40 E7 C9 CA 01 [binary data] IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - D:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.2.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: D:\Programme\2. Software\Mozilla\components [2010.10.29 10:51:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: D:\Programme\2. Software\Mozilla\plugins [2010.10.29 10:51:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: D:\Programme\2. Software\Thunderbird\components [2010.10.28 22:00:49 | 000,000,000 | ---D | M] [2010.01.24 17:32:50 | 000,000,000 | ---D | M] -- D:\Users\RedScorpions\AppData\Roaming\Mozilla\Extensions [2010.01.24 17:32:50 | 000,000,000 | ---D | M] (No name found) -- D:\Users\RedScorpions\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.11.04 17:31:13 | 000,000,000 | ---D | M] -- D:\Users\RedScorpions\AppData\Roaming\Mozilla\Firefox\Profiles\rkmx0r9y.default\extensions [2010.08.19 16:24:10 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- D:\Users\RedScorpions\AppData\Roaming\Mozilla\Firefox\Profiles\rkmx0r9y.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.08.07 14:06:56 | 000,000,000 | ---D | M] (No name found) -- D:\Users\RedScorpions\AppData\Roaming\Mozilla\Firefox\Profiles\rkmx0r9y.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.11.01 23:49:06 | 000,000,000 | ---D | M] (No name found) -- D:\Users\RedScorpions\AppData\Roaming\Mozilla\Firefox\Profiles\rkmx0r9y.default\extensions\{cc409fe8-42b4-405b-a9fa-02dfcffbedde} [2010.11.03 17:00:31 | 000,000,000 | ---D | M] (Adblock Plus) -- D:\Users\RedScorpions\AppData\Roaming\Mozilla\Firefox\Profiles\rkmx0r9y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.10 15:11:27 | 000,000,000 | ---D | M] (Greasemonkey) -- D:\Users\RedScorpions\AppData\Roaming\Mozilla\Firefox\Profiles\rkmx0r9y.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.10.29 18:55:06 | 000,000,000 | ---D | M] -- D:\Users\RedScorpions\AppData\Roaming\Mozilla\Firefox\Profiles\rkmx0r9y.default\extensions\engine@conduit.com O1 HOSTS File: ([2010.01.24 16:50:55 | 000,000,857 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\2. Software\Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - D:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Programme\2. Software\Free Download Manager\iefdm2.dll () O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - D:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - D:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [AppleSyncNotifier] D:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [EvtMgr6] S:\Installierte Programme\Software\set points\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [MSSE] D:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [P17RunE] D:\Windows\System32\P17RunE.dll (Creative Technology Ltd.) O4 - HKCU..\Run: [BitTorrent DNA] D:\Program Files\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [Pando Media Booster] D:\Program Files\Pando Networks\Media Booster\PMB.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Alles mit FDM herunterladen - D:\Programme\2. Software\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - D:\Programme\2. Software\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - D:\Programme\2. Software\Free Download Manager\dllink.htm () O8 - Extra context menu item: Free YouTube Download - D:\Users\RedScorpions\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - D:\Users\RedScorpions\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\2. Software\Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Videos mit FDM herunterladen - D:\Programme\2. Software\Free Download Manager\dlfvideo.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\2. Software\Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\2. Software\Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\2. Software\Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.230 80.69.100.174 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\2. Software\Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~2\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~2\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\LBTWlgn: DllName - d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - d:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\2. Software\Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - D:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - D:\Windows\System32\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{63245a34-9996-11df-bf2b-00e04d9d5090}\Shell - "" = AutoRun O33 - MountPoints2\{63245a34-9996-11df-bf2b-00e04d9d5090}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found O33 - MountPoints2\{7638e4f3-2f5a-11df-b9ed-00e04d9d5090}\Shell - "" = AutoRun O33 - MountPoints2\{7638e4f3-2f5a-11df-b9ed-00e04d9d5090}\Shell\AutoRun\command - "" = L:\EasySuite.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.11.04 18:26:22 | 000,000,000 | ---D | C] -- D:\Users\RedScorpions\AppData\Roaming\Malwarebytes [2010.11.04 18:26:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.04 18:26:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- D:\Windows\System32\drivers\mbam.sys [2010.11.04 18:26:01 | 000,000,000 | ---D | C] -- D:\ProgramData\Malwarebytes [2010.11.04 18:24:33 | 000,000,000 | ---D | C] -- D:\Users\Public\Desktop\MFtools [2010.11.03 16:42:52 | 000,000,000 | ---D | C] -- D:\Users\RedScorpions\Desktop\Referat [2010.11.02 16:58:14 | 000,000,000 | ---D | C] -- D:\Users\RedScorpions\AppData\Roaming\Weaverslave [2010.11.01 18:08:37 | 000,000,000 | ---D | C] -- D:\Users\RedScorpions\Desktop\Ogame (1) [2010.10.29 19:21:48 | 000,000,000 | ---D | C] -- D:\ProgramData\Age of Empires 3 [2010.10.29 19:21:10 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Microsoft Games [2010.10.28 20:33:53 | 000,000,000 | ---D | C] -- D:\Users\RedScorpions\Documents\UseNeXT [2010.10.28 20:33:52 | 000,000,000 | ---D | C] -- D:\Users\RedScorpions\AppData\Roaming\UseNeXT [2010.10.28 18:22:53 | 000,000,000 | ---D | C] -- D:\Users\RedScorpions\AppData\Roaming\DVDVideoSoft [2010.10.27 21:24:43 | 000,000,000 | ---D | C] -- D:\Users\RedScorpions\AppData\Local\The Lord of the Rings Online [2010.10.27 21:08:03 | 000,000,000 | ---D | C] -- D:\Users\RedScorpions\Documents\The Lord of the Rings Online [2010.10.27 21:05:57 | 000,000,000 | ---D | C] -- D:\Users\RedScorpions\AppData\Roaming\Turbine [2010.10.27 21:05:50 | 000,000,000 | ---D | C] -- D:\Users\RedScorpions\AppData\Local\Turbine [2010.10.27 21:00:04 | 000,000,000 | ---D | C] -- D:\Users\RedScorpions\AppData\Local\ApplicationHistory [2010.10.27 20:58:35 | 000,000,000 | ---D | C] -- D:\Windows\System32\URTTEMP [2010.10.27 19:01:28 | 000,000,000 | ---D | C] -- D:\Users\RedScorpions\AppData\Local\PMB Files [2010.10.27 19:01:28 | 000,000,000 | ---D | C] -- D:\ProgramData\PMB Files [2010.10.27 19:01:22 | 000,000,000 | ---D | C] -- D:\Program Files\Pando Networks [2010.10.20 17:39:08 | 000,000,000 | ---D | C] -- D:\Users\RedScorpions\AppData\Local\FalloutNV [2010.10.16 19:43:01 | 000,000,000 | ---D | C] -- D:\ProgramData\Creative Labs [2010.10.14 22:50:30 | 000,363,520 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\StructuredQuery.dll [2010.10.14 20:36:32 | 000,000,000 | ---D | C] -- D:\Users\RedScorpions\AppData\Local\Focus Home Interactive [2010.10.09 16:31:39 | 000,000,000 | ---D | C] -- D:\Windows\Downloaded Installations [2010.10.05 20:55:51 | 000,000,000 | ---D | C] -- D:\Users\RedScorpions\Documents\FIFA 11 [2010.04.15 20:04:47 | 083,348,124 | ---- | C] (Bitfield GmbH) -- D:\Users\RedScorpions\AppData\Roaming\file_2.exe ========== Files - Modified Within 30 Days ========== [2010.11.04 19:06:33 | 000,016,944 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.04 19:06:33 | 000,016,944 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.04 19:05:42 | 000,737,838 | ---- | M] () -- D:\Windows\System32\perfh007.dat [2010.11.04 19:05:42 | 000,685,178 | ---- | M] () -- D:\Windows\System32\perfh009.dat [2010.11.04 19:05:42 | 000,159,608 | ---- | M] () -- D:\Windows\System32\perfc007.dat [2010.11.04 19:05:42 | 000,130,292 | ---- | M] () -- D:\Windows\System32\perfc009.dat [2010.11.04 19:01:23 | 000,065,536 | ---- | M] () -- D:\Windows\System32\Ikeext.etl [2010.11.04 19:01:09 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat [2010.11.04 19:00:10 | 000,000,020 | ---- | M] () -- D:\Users\RedScorpions\defogger_reenable [2010.11.04 18:57:11 | 004,194,304 | -HS- | M] () -- D:\Users\RedScorpions\NTUSER.bak [2010.11.04 18:24:38 | 000,050,477 | ---- | M] () -- D:\Users\RedScorpions\Desktop\defogger.exe [2010.11.03 20:23:26 | 000,002,042 | -H-- | M] () -- D:\Users\RedScorpions\Documents\Default.rdp [2010.11.02 22:46:18 | 000,000,349 | ---- | M] () -- D:\Users\Public\Documents\PCLECHAL.INI [2010.11.02 16:57:41 | 002,242,024 | ---- | M] () -- D:\Users\RedScorpions\Desktop\wsbeta_3.9.18.exe [2010.11.01 15:03:44 | 000,003,416 | ---- | M] () -- D:\bootsqm.dat [2010.10.29 19:21:41 | 000,001,423 | ---- | M] () -- D:\Users\RedScorpions\Desktop\age3y.exe - Verknüpfung.lnk [2010.10.29 19:17:56 | 000,001,081 | ---- | M] () -- D:\Users\Public\Desktop\Age of Empires III.lnk [2010.10.28 20:33:45 | 000,000,874 | ---- | M] () -- D:\Users\RedScorpions\Desktop\UseNeXT.lnk [2010.10.28 18:23:16 | 000,001,225 | ---- | M] () -- D:\Users\RedScorpions\Desktop\DVDVideoSoft Free Studio.lnk [2010.10.27 22:52:00 | 000,001,529 | ---- | M] () -- D:\Users\RedScorpions\Desktop\Der Herr der Ringe Online - Beta.lnk [2010.10.27 21:48:38 | 000,001,794 | ---- | M] () -- D:\Users\RedScorpions\Desktop\TurbineLauncher.exe - Verknüpfung.lnk [2010.10.27 21:00:04 | 000,000,100 | ---- | M] () -- D:\Users\RedScorpions\AppData\Local\fusioncache.dat [2010.10.24 13:46:23 | 000,001,187 | ---- | M] () -- D:\Users\Public\Desktop\Fallout New Vegas.lnk [2010.10.19 21:51:33 | 000,222,080 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\MpSigStub.exe [2010.10.16 19:10:53 | 000,001,175 | ---- | M] () -- D:\Users\RedScorpions\Desktop\Landwirtschafts Simulator 2011 .lnk [2010.10.14 20:37:43 | 000,001,164 | ---- | M] () -- D:\Users\Public\Desktop\Cities XL 2011.lnk [2010.10.14 18:54:04 | 000,001,045 | ---- | M] () -- D:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.10.14 16:28:35 | 000,021,840 | ---- | M] () -- D:\Windows\System32\SIntfNT.dll [2010.10.14 16:28:35 | 000,017,212 | ---- | M] () -- D:\Windows\System32\SIntf32.dll [2010.10.14 16:28:35 | 000,012,067 | ---- | M] () -- D:\Windows\System32\SIntf16.dll [2010.10.14 12:39:38 | 000,000,886 | ---- | M] () -- D:\Users\RedScorpions\Desktop\EVEREST Ultimate Edition.lnk [2010.10.12 19:54:20 | 000,016,400 | ---- | M] (Logitech, Inc.) -- D:\Windows\System32\drivers\LNonPnP.sys [2010.10.09 21:51:57 | 000,001,907 | ---- | M] () -- D:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.10.07 18:21:50 | 004,157,568 | ---- | M] () -- D:\Users\RedScorpions\Desktop\Nur die bessten sterben Jung Hardstyle Mix.mp3 ========== Files Created - No Company Name ========== [2010.11.04 18:59:57 | 000,000,020 | ---- | C] () -- D:\Users\RedScorpions\defogger_reenable [2010.11.04 18:56:50 | 000,000,000 | -HS- | C] () -- D:\Users\RedScorpions\NTUSER.tmp.LOG2 [2010.11.04 18:56:50 | 000,000,000 | -HS- | C] () -- D:\Users\RedScorpions\NTUSER.tmp.LOG1 [2010.11.04 18:24:38 | 000,050,477 | ---- | C] () -- D:\Users\RedScorpions\Desktop\defogger.exe [2010.11.03 19:11:46 | 000,065,536 | ---- | C] () -- D:\Windows\System32\Ikeext.etl [2010.11.02 16:57:34 | 002,242,024 | ---- | C] () -- D:\Users\RedScorpions\Desktop\wsbeta_3.9.18.exe [2010.11.01 15:03:44 | 000,003,416 | ---- | C] () -- D:\bootsqm.dat [2010.10.29 19:21:41 | 000,001,423 | ---- | C] () -- D:\Users\RedScorpions\Desktop\age3y.exe - Verknüpfung.lnk [2010.10.29 19:17:56 | 000,001,081 | ---- | C] () -- D:\Users\Public\Desktop\Age of Empires III.lnk [2010.10.28 20:33:45 | 000,000,874 | ---- | C] () -- D:\Users\RedScorpions\Desktop\UseNeXT.lnk [2010.10.27 22:52:00 | 000,001,529 | ---- | C] () -- D:\Users\RedScorpions\Desktop\Der Herr der Ringe Online - Beta.lnk [2010.10.27 21:48:38 | 000,001,794 | ---- | C] () -- D:\Users\RedScorpions\Desktop\TurbineLauncher.exe - Verknüpfung.lnk [2010.10.27 21:00:04 | 000,000,100 | ---- | C] () -- D:\Users\RedScorpions\AppData\Local\fusioncache.dat [2010.10.24 13:46:23 | 000,001,187 | ---- | C] () -- D:\Users\Public\Desktop\Fallout New Vegas.lnk [2010.10.16 19:10:53 | 000,001,175 | ---- | C] () -- D:\Users\RedScorpions\Desktop\Landwirtschafts Simulator 2011 .lnk [2010.10.14 20:37:43 | 000,001,164 | ---- | C] () -- D:\Users\Public\Desktop\Cities XL 2011.lnk [2010.10.14 18:54:04 | 000,001,045 | ---- | C] () -- D:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.10.14 12:39:38 | 000,000,886 | ---- | C] () -- D:\Users\RedScorpions\Desktop\EVEREST Ultimate Edition.lnk [2010.10.09 21:51:57 | 000,001,907 | ---- | C] () -- D:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.10.07 18:21:50 | 004,157,568 | ---- | C] () -- D:\Users\RedScorpions\Desktop\Nur die bessten sterben Jung Hardstyle Mix.mp3 [2010.09.12 20:48:41 | 000,034,308 | ---- | C] () -- D:\Windows\System32\BASSMOD.dll [2010.08.22 15:38:15 | 000,000,034 | ---- | C] () -- D:\Users\RedScorpions\AppData\Roaming\locale.ini [2010.08.12 22:48:59 | 000,281,760 | ---- | C] () -- D:\Windows\System32\drivers\atksgt.sys [2010.08.12 22:48:58 | 000,025,888 | ---- | C] () -- D:\Windows\System32\drivers\lirsgt.sys [2010.07.16 17:01:03 | 000,000,240 | ---- | C] () -- D:\Windows\RomeTW.ini [2010.06.09 16:31:29 | 000,197,120 | ---- | C] () -- D:\Windows\patchw32.dll [2010.05.01 12:09:45 | 000,000,000 | ---- | C] () -- D:\Users\RedScorpions\AppData\Roaming\chrtmp [2010.05.01 12:09:34 | 003,144,915 | ---- | C] () -- D:\Users\RedScorpions\AppData\Roaming\Serials World.exe [2010.04.28 20:03:15 | 000,007,605 | ---- | C] () -- D:\Users\RedScorpions\AppData\Local\Resmon.ResmonCfg [2010.04.14 19:46:36 | 000,043,520 | ---- | C] () -- D:\Windows\System32\CmdLineExt03.dll [2010.04.12 16:08:59 | 000,144,144 | ---- | C] () -- D:\Windows\System32\MASE32.DLL [2010.04.12 16:08:59 | 000,063,248 | ---- | C] () -- D:\Windows\System32\MASD32.DLL [2010.04.12 16:08:58 | 000,201,488 | ---- | C] () -- D:\Windows\System32\MACD32.DLL [2010.04.12 16:08:58 | 000,141,584 | ---- | C] () -- D:\Windows\System32\MAMC32.DLL [2010.04.12 16:08:58 | 000,033,040 | ---- | C] () -- D:\Windows\System32\MA32.DLL [2010.04.10 15:05:51 | 000,022,328 | ---- | C] () -- D:\Users\RedScorpions\AppData\Roaming\PnkBstrK.sys [2010.03.13 18:04:10 | 000,080,416 | ---- | C] () -- D:\Windows\System32\RtNicProp32.dll [2010.03.11 00:10:40 | 000,001,024 | ---- | C] () -- D:\Windows\ppengine.ini [2010.02.20 17:29:33 | 000,021,840 | ---- | C] () -- D:\Windows\System32\SIntfNT.dll [2010.02.20 17:29:33 | 000,017,212 | ---- | C] () -- D:\Windows\System32\SIntf32.dll [2010.02.20 17:29:33 | 000,012,067 | ---- | C] () -- D:\Windows\System32\SIntf16.dll [2010.02.20 17:26:42 | 000,000,276 | ---- | C] () -- D:\Windows\SIERRA.INI [2010.02.04 18:24:42 | 000,006,144 | ---- | C] () -- D:\Users\RedScorpions\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.02 22:33:25 | 000,120,200 | ---- | C] () -- D:\Windows\System32\DLLDEV32i.dll [2010.01.30 19:36:48 | 000,022,328 | ---- | C] () -- D:\Windows\System32\drivers\PnkBstrK.sys [2010.01.24 18:26:28 | 000,000,990 | -HS- | C] () -- D:\Users\RedScorpions\AppData\Roaming\systemfl.$dk [2010.01.24 16:54:34 | 000,000,040 | -HS- | C] () -- D:\ProgramData\.zreglib [2010.01.24 15:37:03 | 000,007,168 | ---- | C] () -- D:\Windows\System32\drivers\StarOpen.sys [2010.01.24 14:37:29 | 000,148,480 | ---- | C] () -- D:\Windows\System32\APOMngr.DLL [2010.01.24 14:37:29 | 000,073,728 | ---- | C] () -- D:\Windows\System32\CmdRtr.DLL [2010.01.03 19:28:18 | 000,012,800 | ---- | C] () -- D:\Windows\System32\drivers\ntiopnp.sys [2010.01.03 19:28:18 | 000,011,392 | ---- | C] () -- D:\Windows\System32\drivers\ntiomin.sys [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll [2009.04.21 03:04:26 | 000,003,930 | ---- | C] () -- D:\Windows\System32\ludap17.ini [2008.11.13 06:07:24 | 000,002,177 | ---- | C] () -- D:\Windows\P17EP.ini [2007.09.06 01:01:22 | 000,012,288 | ---- | C] () -- D:\Windows\System32\DivXWMPExtType.dll [2007.08.23 17:55:34 | 003,596,288 | ---- | C] () -- D:\Windows\System32\qt-dx331.dll [2005.03.08 06:17:00 | 000,000,054 | ---- | C] () -- D:\Windows\System32\ctzapxx.ini [1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- D:\Windows\System32\iyvu9_32.dll ========== Files - Unicode (All) ========== [2010.08.06 23:38:31 | 000,000,000 | ---D | M](D:\Users\RedScorpions\Documents\?? ???) -- D:\Users\RedScorpions\Documents\넥슨 플러그 [2010.08.06 23:38:31 | 000,000,000 | ---D | C](D:\Users\RedScorpions\Documents\?? ???) -- D:\Users\RedScorpions\Documents\넥슨 플러그 ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> D:\Windows:F6A7A7674D027C2B < End of report > UND NUN DIES: netsvcs msconfig drivers32 /all %SYSTEMDRIVE%\*.* %systemroot%\system32\*.wt %systemroot%\system32\*.ruy %systemroot%\Fonts\*.com %systemroot%\Fonts\*.dll %systemroot%\Fonts\*.ini %systemroot%\Fonts\*.ini2 %systemroot%\system32\spool\prtprocs\w32x86\*.* %systemroot%\REPAIR\*.bak1 %systemroot%\REPAIR\*.ini %systemroot%\system32\*.jpg %systemroot%\*.scr %systemroot%\*._sy %APPDATA%\Adobe\Update\*.* %ALLUSERSPROFILE%\Favorites\*.* %APPDATA%\Microsoft\*.* %PROGRAMFILES%\*.* %APPDATA%\Update\*.* %systemroot%\*. /mp /s CREATERESTOREPOINT %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\user32.dll /md5 %systemroot%\system32\ws2_32.dll /md5 %systemroot%\system32\ws2help.dll /md5 /md5start explorer.exe winlogon.exe wininit.exe /md5stop HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs UND NUN DIES: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15507 - hxxp://www.gmer.net
Rootkit scan 2010-11-04 19:17:05
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 WDC_WD740GD-00FLA0 21.08U21
Running: gmer.exe; Driver: D:\Users\REDSCO~1\AppData\Local\Temp\ffkyrpob.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8344B599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8346FF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
init D:\Windows\System32\drivers\FNETURPX.SYS entry point in "init" section [0x90452380]
.text D:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA042E300, 0x3B6D8, 0xE8000020]
.text D:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA0471300, 0x1BEE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text D:\Programme\2. Software\Mozilla\firefox.exe[5680] ntdll.dll!LdrLoadDll 7702F625 5 Bytes JMP 00ED13F0 D:\Programme\2. Software\Mozilla\firefox.exe (Firefox/Mozilla Corporation)
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000055 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:2812] A056FF2E
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\2. Software\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x40 0x25 0xC9 0x18 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x30 0xE3 0xBB 0xA3 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF9 0x56 0x31 0x58 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xAB 0x8A 0xCC 0xFA ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x8E 0x6E 0xB8 0x95 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\2. Software\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD4 0x94 0xF6 0xF5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x30 0xE3 0xBB 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5F 0x7B 0xA5 0x76 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x54 0xE8 0x43 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xAC 0x86 0xED 0xF6 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programme\2. Software\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD4 0x94 0xF6 0xF5 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x30 0xE3 0xBB 0xA3 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5F 0x7B 0xA5 0x76 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x54 0xE8 0x43 0x55 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xAC 0x86 0xED 0xF6 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@S:\Installierte Programme\Software\pinnacle studio 14 hd\Content\MotionTitles\-Looks\Standard\01 \x2013 Soft Shadow Looks.ixLook 1
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ D:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ D:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ D:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ D:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ D:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ D:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ D:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ D:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ D:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ D:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ D:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ D:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
---- EOF - GMER 1.0.15 ----
und das:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.11.2010 18:53:44 - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = D:\Users\Public\Desktop\MFtools
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive D: | 69,25 Gb Total Space | 14,98 Gb Free Space | 21,63% Space Free | Partition Type: NTFS
Drive E: | 69,25 Gb Total Space | 16,58 Gb Free Space | 23,94% Space Free | Partition Type: NTFS
Drive S: | 1397,26 Gb Total Space | 358,66 Gb Free Space | 25,67% Space Free | Partition Type: NTFS
Computer Name: REDSCORPIONS-PC | User Name: RedScorpions | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- D:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- D:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\2. Software\Mozilla\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Programme\2. Software\Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Programme\2. Software\Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\2. Software\VLC Media Player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~1\207B4~1.SOF\Office\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\2. Software\VLC Media Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [RapidShareManagerMail] -- D:\Program Files\RapidShareManager\RapidShareManager.exe -mailto "%1" (RapidShare AG)
Directory [RapidShareManagerUpload] -- D:\Program Files\RapidShareManager\RapidShareManager.exe -sendto "%1" (RapidShare AG)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{021CB753-D388-4C3B-8E40-554E226F54F2}" = Shadow Ops Red Mercury
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{09F4655B-C804-4AD0-B7DF-078E338F8F85}" = League of Legends
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F01BC13-7B82-4143-88AB-AA62CE6EF431}_is1" = RF-United 1.0
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{13C1E98C-4434-4026-AADB-4A8A348B9402}" = ANNO 1404 Venedig Entwickler-Tools
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A4E47DC-6701-4A85-AA16-C1F99A44598C}" = SpellForce 2 - Shadow Wars
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}" = Need for Speed™ ProStreet
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D7BC89C-347E-4570-B308-87BC9BA7FD8D}_is1" = Fort Zombie
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{433B5FA7-7355-4BB9-A55A-9E76C725DB51}" = CABAL Online
"{454070F6-2CAF-49DE-84E7-07DC177789FB}" = GPCabal LW
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}" = Command & Conquer Die ersten 10 Jahre
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CBE3180-6BA3-4593-91A1-ED3221348E40}" = USB Missile Launcher
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{797D1DB3-BA0F-4A2D-9F99-5D2C09D0A7FE}" = Car Tycoon
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7AC2D4-1077-45C8-826A-16445B5E0DB7}" = Pinnacle DistanTV Server
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{874C584E-B2B1-435A-A907-315183B1F867}" = Uplink
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AAFBDB00-2B9E-49AF-9C29-2FB7290DC8C4}" = Autobahn
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE8F2625-8404-43AD-9D1E-969C0CA08431}" = Serials World 3.2.9.039
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E26DEDC7-1A99-4F8C-9615-6DB112E6495B}_is1" = Texas Hold'em Poker 3D - Deluxe Edition 1.0
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online: Die Belagerung des Düsterwalds v03.0
"68a8eb3f-bd2e-4535-a290-d89cf3453924_is1" = Der Herr der Ringe Online v03.02.03.8014
"AC2-FileShredder" = AC2-FileShredder 1.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_26b63376f4efc354dae41af6b5e3343" = Adobe Premiere Pro CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Alcatraz/DE-German_is1" = Alcatraz
"AnyDVD" = AnyDVD
"ASIO4ALL" = ASIO4ALL
"AudioCS" = Creative Audio-Systemsteuerung
"CABAL Online (Europe)_is1" = CABAL Online
"CABAL Online_is1" = CABAL Online
"CCleaner" = CCleaner (remove only)
"Cities XL 2011" = Cities XL 2011
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Combat Arms EU" = Combat Arms EU
"CPUCooL" = CPUCooL (remove only)
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Eigenschaften von Creative Sound Blaster
"DeutschlandSpieltTOP100Pack" = DeutschlandSpieltTOP100Pack
"DFÜ-Speed" = DFÜ-Speed
"DriftCity_EU" = Drift City
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EA Download Manager" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.00
"Fallout New Vegas_is1" = Fallout New Vegas
"FarmingSimulator2009GoldDE_is1" = Landwirtschafts-Simulator 2009 Gold
"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
"FBDBServer_2_1_is1" = Firebird 2.1.3.18185 (Win32)
"FileZilla Client" = FileZilla Client 3.3.0.1
"FL Studio 9" = FL Studio 9
"Free Download Manager_is1" = Free Download Manager 3.0
"Free Studio_is1" = Free Studio version 4.9.13
"Free YouTube Download_is1" = Free YouTube Download 2.10
"Garena" = Garena
"Hardcore" = Hardcore
"HLSW_is1" = HLSW v1.3.3.7b
"Icy Tower v1.4_is1" = Icy Tower v1.4
"IL Download Manager" = IL Download Manager
"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"JDownloader" = JDownloader
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"League of Legends_is1" = League of Legends
"LogMeIn Hamachi" = LogMeIn Hamachi
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"MAGIX Music Maker 16 Premium Download-Version D" = MAGIX Music Maker 16 Premium Download-Version
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PcCloneEX" = PcCloneEX
"PoiZone" = PoiZone
"PunkBusterSvc" = PunkBuster Services
"RapidShare Manager" = RapidShare Manager
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"SAM3" = SAM Broadcaster (remove only)
"Sawer" = Sawer
"Shutdown4U" = Shutdown4U
"Software Informer_is1" = Software Informer 1.0 BETA
"SP6" = Logitech SetPoint 6.15
"Steam App 17510" = Age of Chivalry
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base
"Steam App 33310" = R.U.S.E. Beta
"Steam App 630" = Alien Swarm
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeraCopy_is1" = TeraCopy 2.12
"Toxic Biohazard" = Toxic Biohazard
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"UseNeXT_is1" = UseNeXT
"UT2004" = Unreal Tournament 2004
"Video Converter 3" = Video Converter 3
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.0.3
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"FolderLock6" = Folder Lock
"GameRanger" = GameRanger
"NCsoft-AionEU" = Aion
"Warcraft III" = Warcraft III: All Products
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
und das: defogger_disable by jpshortstuff (23.02.10.1) Log created at 18:59 on 04/11/2010 (RedScorpions) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... Unable to read sptd.sys SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- |
|
05.11.2010, 17:07
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ping zu hoch/ich vermute auf ein Wurm oder trojanZitat:
Du musst Malwarebytes updaten und einen Vollscan machen.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu Ping zu hoch/ich vermute auf ein Wurm oder trojan |
| adobe, bho, bonjour, browser, cdburnerxp, converter, dll, explorer, frage, free download, hijack, hijackthis, internet, internet explorer, microsoft security, microsoft security essentials, mozilla, mp3, nvidia, pando media booster, plug-in, programme, rundll, security, senden, software, system, temp, trojan, windows, wurm |
Linear-Darstellung
