Internet seit Tagen extrem ausgebremst

Brauny · 23.12.2010, 22:04

Hallo
ich habe seit Freitag das Problem, dass mein Internet total ausgebremst ist sprich:Es wird nur mit 34kb/s statt 234kb/s die Sekunde geladen, Internetseiten laden zu lange, Spiele wie GTA San Andreas Multiplayer sind unspielbar wegen extrem schwankendem Ping.Da vorher alles reibungslos lief und bei meinen Eltern und meinem Bruder ebenso keine Internetprobleme da sind, kann ich davon ausgehen das es keine Provider Probleme sind, sondern etwas an meinem PC nicht stimmen mag, da vorher alles reibungslos lief.
Hier meine Ergebnisse von Hijackthis,Malwarebytes und OTL.Vielleicht erkennt ja jemand den Grund. (Siehe Anhang)

mfg
Brauny

rea · 26.12.2010, 15:15

Hallo Brauny und willkommen im TB,

vorweg ein paar Hinweise (Bitte beachten!):

Lies meine Anleitung für dich sorgfältig durch, bevor du beginnst. Führe alle Schritte unbedingt der Reihe nach aus, da manchmal der eine Punkt den anderen voraussetzt.

Wenn dir etwas im Verlauf der Bereinigung unklar ist, frage bitte in deinem Thread nach, bevor du weitermachst - doofe Fragen gibt es nicht.

Lade alle hier angeordneten Programme nur durch die jeweiligen Links herunter! Wenn ein Link nicht funktionieren sollte, melde dich bitte.

Installiere während der Bereinigung keine weiteren Programme, ausser denen, die wir dir für die Bereinigung anordnen.

Berichte zu jedem Schritt, ob Du ihn abgearbeitet hast, bzw. ob und welche Probleme dabei aufgetreten sind.

Sollten beim Abarbeiten der Anleitung Probleme auftauchen, bitte vorerst nicht weitermachen, sondern stoppen und das Problem hier im Thread schildern.

Editiere alle persönlichen Daten wie z.B. vollständige Namen realer und privater Personen aus den geforderten Logfiles, bevor du sie postest.

Und falls eine Antwort mal länger dauern wird, freu ich mich auch über einen hinweis

Ich geb mir Mühe, alles zu finden, was nicht auf dein System gehört, aber muss dich darauf hiweisen, dass Formatieren und Neuaufsetzen in den meisten Fällen die schnellste und sicherste Variante ist ein sauberes System zu bekommen. Wenn du trotzdem bereinigen möchtest, folgt hier die Anleitung:

Poste mir die Logs bitte in Codetags direkt in den Thread anstatt sie als Ziprarchiv anzuhängen, sie scheinen nicht allzu groß zu sein.

1.) Systemscan mit OTL
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

2.) Gmer - Rootkitscan
Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.

Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Gmer startet automatisch einen ersten Scan.

Sollte sich ein Fenster mit folgender Warnung öffnen:

Code:

ATTFilter

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

Unbedingt auf "No" klicken,
in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

.
Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
Wenn der Scan fertig ist, bleibt die Zeile leer.
Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

Brauny · 26.12.2010, 16:30

Hallo rea

nun da ich bereits OTL Files hatte fing ich mit dem Scann an.Der 1. scan lief reibungslos ohne Rootkilt Meldung.Als ich dann der Anleitung gefolgt bin und nun scan drückte, lief alles 1 minute gut.Dann erschien die Meldung:3wlorftm ( in dem Falle gmer) hat ein Problem festgestellt und muss beendet werden.Nun denn dachte ich mir, starte ich es erneut und ZACK! Bluescreen!Dazu muss man sagen, alles war aus und nach der Anleitung gemacht aber trotzdem kam ein (nach 1 jahr Computerbesitz der erste) Bluescreen.

Hier sind noch die OTL Files, an GMER will ich mich nicht weiter dran wagen, da es anscheinend nicht ganz will.

Code:

ATTFilter

OTL logfile created on: 23.12.2010 21:39:38 - Run 1
OTL by OldTimer - Version 3.2.18.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581,17 Gb Total Space | 219,67 Gb Free Space | 37,80% Space Free | Partition Type: NTFS
Drive D: | 14,99 Gb Total Space | 2,79 Gb Free Space | 18,64% Space Free | Partition Type: FAT32
Drive H: | 4,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtblfs.exe (Kaspersky Lab)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Common Files\MAGIX Shared\Database2\bin\FABS.exe (MAGIX AG)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\Windows\vsnpstd3.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Shared\Database2\bin\FABS.exe (MAGIX AG)
SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Shared\Database2\bin\fbserver.exe (MAGIX®)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (cpuz132) -- C:\Users\***\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (amdide) -- C:\Windows\System32\DRIVERS\amdide.sys File not found
DRV - (ahcix86s) -- C:\Windows\System32\DRIVERS\ahcix86s.sys File not found
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (VCSVADHWSer) Avnex Virtual Audio Device (WDM) -- C:\Windows\System32\drivers\vcsvad.sys (Avnex)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.youtube.com/"
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.747
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1
FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 19:35:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.12 19:35:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\THBExt [2010.10.08 20:45:48 | 000,000,000 | ---D | M]
 
[2010.01.16 22:31:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.12.23 21:04:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions
[2010.04.27 15:26:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.05 20:50:54 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
[2010.08.14 14:39:01 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.04.21 14:59:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}-trash
[2010.12.10 19:26:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.11.03 19:31:51 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2010.04.27 15:26:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\youtube2mp3@mondayx.de
[2010.03.10 18:05:01 | 000,002,288 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\fr2rqa3m.default\searchplugins\call-of-duty-wiki-en.xml
[2010.12.05 20:51:42 | 000,002,062 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\fr2rqa3m.default\searchplugins\qip-search.xml
[2010.12.23 20:58:01 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.18 02:48:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.14 14:40:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.08 20:47:04 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.22 13:44:58 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.21 14:00:00 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2010.07.22 13:44:58 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.22 13:44:58 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.22 13:44:58 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.22 13:44:58 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\***\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: 使用快车3下载 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.02.25 16:24:44 | 000,000,051 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{5f0589ac-02cd-11df-96cc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5f0589ac-02cd-11df-96cc-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Installer.exe -- File not found
O33 - MountPoints2\{645b992f-c8dd-11df-bb74-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{645b992f-c8dd-11df-bb74-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Install.exe -- [2004.10.21 19:38:02 | 000,126,976 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{fa799ce1-09cb-11df-a2a2-002421e021bd}\Shell - "" = AutoRun
O33 - MountPoints2\{fa799ce1-09cb-11df-a2a2-002421e021bd}\Shell\AutoRun\command - "" = J:\MafiaLauncher.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\Users\***\Desktop\Detektiv Keybinder by Pablo
[2010.12.23 21:20:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.12.23 21:20:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.23 21:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.23 21:20:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.23 21:20:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.12.23 21:17:53 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup.exe
[2010.12.23 21:01:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools
[2010.12.23 21:01:01 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.12.23 20:50:14 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis.exe
[2010.12.23 12:18:59 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.12.23 12:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.12.23 10:55:41 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\GTA San Andreas User Files
[2010.12.23 10:38:22 | 000,000,000 | ---D | C] -- C:\Programme\Rockstar Games
[2010.12.23 10:29:32 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\alle
[2010.12.23 10:17:20 | 000,000,000 | ---D | C] -- C:\Programme\GAMI
[2010.12.21 15:23:59 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Kakawurst
[2010.12.20 20:26:33 | 000,034,304 | ---- | C] (AMD, Inc.) -- C:\Windows\System32\drivers\AmdLLD.sys
[2010.12.20 20:26:32 | 000,000,000 | ---D | C] -- C:\Programme\AMD
[2010.12.17 08:37:34 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Hitman Blood Money
[2010.12.17 08:28:38 | 000,000,000 | ---D | C] -- C:\Programme\Eidos
[2010.12.17 08:17:14 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Hitman iso
[2010.12.17 08:16:12 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Hitman
[2010.12.16 22:40:41 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\test
[2010.12.16 22:08:26 | 454,415,571 | ---- | C] (1 Mann Lan) -- C:\Users\***\Desktop\addons.exe
[2010.12.16 13:01:37 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\DVDVideoSoft
[2010.12.16 13:01:28 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2010.12.16 13:01:28 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft
[2010.12.15 16:08:51 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.15 16:08:43 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.15 16:08:41 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.15 16:08:40 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.15 16:08:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.15 16:07:17 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.15 16:07:17 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.15 16:07:17 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.15 16:07:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.14 09:52:57 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.12.11 09:42:03 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\sacamhack12
[2010.12.11 09:36:22 | 001,227,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dx8vb.dll
[2010.12.08 16:09:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Divinity 2
[2010.12.07 23:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Divinity 2
[2010.12.07 23:10:28 | 000,000,000 | ---D | C] -- C:\Programme\Divinity II - Ego Draconis
[2010.12.05 20:50:50 | 000,000,000 | ---D | C] -- C:\Programme\QIP 2010
[2010.12.05 08:58:39 | 000,000,000 | ---D | C] -- C:\Programme\Mafia
[2010.12.05 08:56:01 | 000,139,264 | ---- | C] (Creative Technology Ltd) -- C:\Windows\System32\eax.dll
[2010.12.05 08:56:01 | 000,000,000 | ---D | C] -- C:\Programme\Creative
[2010.12.05 08:55:59 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010.12.03 18:14:56 | 000,000,000 | ---D | C] -- C:\Programme\Postal2
[2010.11.30 23:19:04 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010.11.30 23:16:10 | 000,000,000 | ---D | C] -- C:\Programme\Postal2STP
[2010.11.28 20:00:45 | 000,000,000 | ---D | C] -- C:\Programme\osu!
[2010.11.28 20:00:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Downloaded Installations
[2010.11.26 18:57:29 | 000,254,464 | ---- | C] (Mpath Interactive) -- C:\Programme\MPLAYNOW.EXE
[2010.11.26 18:57:29 | 000,000,000 | ---D | C] -- C:\Programme\WB
[2010.11.26 18:57:29 | 000,000,000 | ---D | C] -- C:\Programme\RES
[2010.11.26 18:57:10 | 000,246,784 | ---- | C] (Stirling Technologies, Inc.) -- C:\Windows\UNINST16.EXE
[2010.11.26 18:57:10 | 000,020,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\CTL3D.DLL
[2010.11.25 20:28:34 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader
[2010.11.24 19:25:20 | 000,000,000 | ---D | C] -- C:\Programme\AutoHotkey
[2010.11.24 16:38:01 | 002,381,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.11.24 16:38:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.11.24 16:38:00 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2007.03.12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2005.11.23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Users\***\Desktop\Detektiv Keybinder by Pablo
[2010.12.23 21:42:15 | 000,742,356 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.23 21:42:15 | 000,690,518 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.23 21:42:15 | 000,173,876 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.23 21:42:15 | 000,141,156 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.23 21:41:01 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-125589784-1136540592-1035784495-1004UA.job
[2010.12.23 21:37:39 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.12.23 21:35:38 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.23 21:35:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.23 21:35:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.23 21:35:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.23 21:27:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.23 21:20:28 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.23 21:20:09 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup.exe
[2010.12.23 21:01:57 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\defogger.exe
[2010.12.23 21:01:56 | 000,288,107 | ---- | M] () -- C:\Users\***\Desktop\Gmer.zip
[2010.12.23 21:01:19 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.12.23 20:58:48 | 000,472,152 | ---- | M] () -- C:\Users\***\Desktop\Load.exe
[2010.12.23 20:50:39 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis.exe
[2010.12.23 20:25:51 | 383,028,567 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.12.22 17:41:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-125589784-1136540592-1035784495-1004Core.job
[2010.12.22 16:20:40 | 000,001,021 | ---- | M] () -- C:\Users\***\Desktop\TeamSpeak 3 Client.lnk
[2010.12.20 20:29:38 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.19 19:57:19 | 000,000,204 | ---- | M] () -- C:\Windows\System32\secustat.dat
[2010.12.16 22:43:32 | 454,415,571 | ---- | M] (1 Mann Lan) -- C:\Users\***\Desktop\addons.exe
[2010.12.16 22:13:32 | 000,001,624 | ---- | M] () -- C:\Users\***\Desktop\Deamon Tools.lnk
[2010.12.16 22:12:41 | 000,000,705 | ---- | M] () -- C:\Users\***\Desktop\Mafia.lnk
[2010.12.16 19:57:05 | 000,646,095 | ---- | M] () -- C:\Users\***\Desktop\knifem9probisiiiww.rar
[2010.12.16 13:30:49 | 000,040,960 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.15 16:27:59 | 000,381,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.11 09:36:27 | 001,227,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dx8vb.dll
[2010.12.08 20:16:57 | 000,114,243 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.12.08 20:16:57 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010.12.05 08:57:34 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.11.26 18:57:43 | 000,008,718 | ---- | M] () -- C:\Program Files\DEISL1.ISU
[2010.11.26 18:56:06 | 000,002,483 | ---- | M] () -- C:\Program Files\POSTAL.INI
[2010.11.24 19:50:32 | 000,001,352 | ---- | M] () -- C:\Users\***\Documents\AutoHotkey.ahk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.23 21:20:28 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.23 21:01:56 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\defogger.exe
[2010.12.23 21:01:47 | 000,288,107 | ---- | C] () -- C:\Users\***\Desktop\Gmer.zip
[2010.12.23 20:58:38 | 000,472,152 | ---- | C] () -- C:\Users\***\Desktop\Load.exe
[2010.12.23 20:25:51 | 383,028,567 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.12.22 16:20:40 | 000,001,021 | ---- | C] () -- C:\Users\***\Desktop\TeamSpeak 3 Client.lnk
[2010.12.16 22:13:22 | 000,001,624 | ---- | C] () -- C:\Users\***\Desktop\Deamon Tools.lnk
[2010.12.16 22:12:41 | 000,000,705 | ---- | C] () -- C:\Users\***\Desktop\Mafia.lnk
[2010.12.16 19:57:03 | 000,646,095 | ---- | C] () -- C:\Users\***\Desktop\knifem9probisiiiww.rar
[2010.12.05 08:56:00 | 000,233,472 | ---- | C] () -- C:\Windows\System32\MafiaSetup.exe
[2010.12.05 08:47:09 | 2139,502,592 | ---- | C] () -- C:\Users\***\Desktop\sd-maf.iso
[2010.11.26 18:57:30 | 005,180,072 | ---- | C] () -- C:\Programme\KATALYST.EXE
[2010.11.26 18:57:30 | 000,022,862 | ---- | C] () -- C:\Programme\README.TXT
[2010.11.26 18:57:30 | 000,002,483 | ---- | C] () -- C:\Programme\POSTAL.INI
[2010.11.26 18:57:29 | 001,020,416 | ---- | C] () -- C:\Programme\POSTAL.EXE
[2010.11.26 18:57:29 | 000,008,718 | ---- | C] () -- C:\Programme\DEISL1.ISU
[2010.11.26 18:57:29 | 000,005,832 | ---- | C] () -- C:\Programme\WEBULLET.HTM
[2010.11.26 18:57:29 | 000,000,460 | ---- | C] () -- C:\Programme\WB.INI
[2010.11.24 19:50:32 | 000,001,352 | ---- | C] () -- C:\Users\***\Documents\AutoHotkey.ahk
[2010.11.11 16:55:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.11.03 19:31:07 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010.10.09 13:27:23 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.09 13:27:21 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.05.24 22:18:13 | 000,024,206 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2010.05.10 13:12:53 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2010.05.02 09:07:24 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.04.07 14:37:23 | 000,022,328 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2010.04.05 21:12:55 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.04.05 12:49:31 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.04.05 12:49:04 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.04.01 13:18:42 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.03.31 19:11:02 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010.03.28 04:37:33 | 000,000,552 | ---- | C] () -- C:\Users\***\AppData\Local\d3d8caps.dat
[2010.03.18 11:51:23 | 000,462,249 | ---- | C] () -- C:\Users\***\AppData\Roaming\SMW SRPI SNES.ips
[2010.03.03 04:06:00 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.01.25 16:46:51 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.01.16 19:49:22 | 000,040,960 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.07.24 09:02:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.06.12 20:36:38 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.04.12 07:41:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.04.12 07:30:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004.02.27 16:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
 
========== LOP Check ==========
 
[2010.10.24 17:41:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2010.10.12 20:59:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avnex
[2010.12.23 03:31:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BITS
[2010.01.25 17:19:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.11.28 20:00:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations
[2010.11.03 19:31:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FlashGet
[2010.11.03 19:30:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FlashGetBHO
[2010.11.14 15:01:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2010.11.10 19:22:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.04.25 01:41:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HLSW
[2010.05.24 22:18:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2010.01.17 09:02:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\runic games
[2010.03.14 17:17:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\smc
[2010.04.08 23:10:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2010.04.08 23:08:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony Setup
[2010.07.29 14:25:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SPORE
[2010.01.17 13:08:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion
[2010.02.25 15:49:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.05.15 16:14:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teeworlds
[2010.02.17 14:19:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly
[2010.06.27 19:24:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2010.04.23 18:25:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TubeBox
[2010.10.10 12:11:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2010.04.01 13:04:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue
[2010.07.15 13:05:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Unity
[2010.06.19 10:03:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Warsow 0.5
[2010.10.07 20:55:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WindSolutions
[2010.12.23 21:33:59 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:B606BA34

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 23.12.2010 21:39:38 - Run 1
OTL by OldTimer - Version 3.2.18.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581,17 Gb Total Space | 219,67 Gb Free Space | 37,80% Space Free | Partition Type: NTFS
Drive D: | 14,99 Gb Total Space | 2,79 Gb Free Space | 18,64% Space Free | Partition Type: FAT32
Drive H: | 4,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18D8B309-1F10-43AF-BD58-816B23D2BA85}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server | 
"{60185C11-81FD-44E2-8829-D72BE8E97C54}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) | 
"{77881CE2-49D0-4300-B296-7584E61D9171}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{79F9F2B1-FFDB-4B94-9E92-33E7F5A9BEBA}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{A92A184E-2EDF-45F8-9781-D7B9EEEF1089}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{BFCC54E2-8064-4110-B1A6-AF39C16AF4C1}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) | 
"{F4E97F4F-1827-4A2C-A878-8FAA9BE7560E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{FFD5E3EA-0C01-4DBF-A65F-1D7B3ADC1B17}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0015B30F-2C2E-43BE-A908-A16F66E3F83A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{019A3477-E66C-4603-9E3A-DCE9FDFA34D6}" = protocol=6 | dir=in | app=c:\starcraft ii\starcraft ii.exe | 
"{0371A660-2921-420C-9D90-2AC57A3D5F5E}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe | 
"{04A7C978-F044-4FD4-8D5F-E9FBC5C5FE1E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{075ED6B4-9D3E-4297-8B85-C90A709D2C5D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{084A3554-9D06-4EFC-8959-A69BA0A9E3DF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0B7AAD56-7B6D-4D29-8E41-C363620B153F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0CDF5960-7FD7-406D-96AD-7061F8E7D2C9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0F04B2F1-707D-41AE-A384-566DB9B29222}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{0F404EA9-3F07-4667-A789-4A7E9C9E2709}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{11F8D904-0456-46B0-BD7B-E72DD9EAD9DB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{166F7114-9269-41BD-A9B5-7D86133DAD67}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | 
"{1D8C49FC-EB02-4CC8-A96A-8A229B39BA5F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2391E4BF-D0B5-49AA-A738-FE9086DDB235}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{24B9FD5B-9A3F-4C11-9D59-75BE7985E484}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{269A4FCF-1E07-4531-A252-A174A97AC02A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{27C03EE0-0C58-4C73-82E4-EA736998F478}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{28A602AD-6EAF-4478-87A4-F8A88A21070F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{29C59390-C436-4B84-BBFD-0682CB9BB551}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{30007948-BD6D-4347-BFAA-379731AA9DFC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3000EFBB-095C-490B-A9DC-021F1AB4541C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw.exe | 
"{31FB10EE-957B-4746-A23E-F9D0FC389A1F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe | 
"{320C7255-94E8-4CAF-AB2C-E16834D16EE9}" = protocol=6 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe | 
"{332A233B-B2F3-4DC8-8EA5-F3FCB30F5895}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{37047DE3-7AFC-4201-A489-506BCC9A4CEF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3862D832-BAE1-46A8-A8CE-6F495B6F8EAA}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{3A4AE8C6-E383-40B4-94E4-CC025828F2E2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\help.htm | 
"{3CD32C17-D5E3-4C0D-AEB2-ECA1B4581635}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\satansdevil\day of defeat source\hl2.exe | 
"{3D7ED399-2B0D-42EF-A847-DD23556A17ED}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\help.htm | 
"{3DFB454E-E253-490E-8817-7884C1F5A909}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{418CE828-7DE0-4079-8577-72CD5267F8B3}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{47587DFB-9FD1-4B3D-8547-E40AE6C132B8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torched\editor.exe | 
"{490211D8-AD58-4ABE-8086-1660E7C6B324}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{5694E7C5-9FF9-4CCE-8D76-54CC5DDA8FF6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{57ACC302-6672-49C4-8926-5170A629CA18}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw.exe | 
"{5838F3FC-919B-4C6E-ABE8-FBA1BB05B5D5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{588CF5B9-8408-4755-B1D2-B44A293FF809}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe | 
"{5A182350-90D2-4801-B32A-C2BAC07A3029}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\satansdevil\garrysmod\hl2.exe | 
"{5D52019D-1325-409E-BB9A-025DF89295B5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{5DDB32D2-A019-4214-BEB8-9B4B3B0BE92C}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{5DE62AF9-E7CC-480A-888F-CAA22BD5E5D9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{60DF8CF5-6804-4E26-B125-0275F6CC3BEF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw-bi.exe | 
"{630617CF-9BC1-4729-ADE4-0D7A28B04E28}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{661F07DD-C536-4834-8663-39658DF38C80}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest immortal throne\help.htm | 
"{67354739-9435-471F-9741-3C6C786FB1A6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{795C97F8-A0F0-4379-831C-05E83EAE9C5C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7C54F273-DE94-4992-8CF2-F19186562C2A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7F4EA9FA-D2F1-4A20-B574-5B48B4B5A100}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7FB79324-EEDB-477A-AD42-241BBE4F6B4E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{83B18C70-4E8E-4B86-88BA-A33EEC073C83}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{83F9FA0C-6EA1-4912-82B0-DB378A8FF663}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8400D72A-3DBE-4209-AF6E-24130861A2D1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{84D933F7-5F34-47BC-96D1-DA6DF116E75E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8A99ADF7-3C63-43B9-9912-BF3BF91D172A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8BD2374E-CBBA-48A9-A685-F908D2DA541B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest immortal throne\help.htm | 
"{8BEF610C-0359-4A45-91ED-F8D2C3BF0DC3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8E86D4FC-C764-4346-B93C-09323B8CD204}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{927CB7BD-D2E0-4943-ADFA-B7A708C3A550}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{94638789-C49C-48B4-8084-24440A415618}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{950488AE-0CC3-4821-A1E4-1AD4E7D1466F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\satansdevil\counter-strike source\hl2.exe | 
"{966FA72B-B490-4326-A4ED-81899C4AB11D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\satansdevil\day of defeat source\hl2.exe | 
"{97122998-E718-47FE-B957-81AA96BEEB5D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{98477BA8-2D27-483D-8237-A8948ABC0ECE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{98EE0D59-D4BE-4FC1-9030-245A5A7B0DAD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trine\trine_launcher.exe | 
"{9D7B9A3B-0B9F-4CD2-BFD1-EFD1D4522A0F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9DB41C33-56C1-43CF-A2AB-2E7098270090}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9DF25309-D057-4D2F-9948-5A44C7A11F8D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest immortal throne\tqit.exe | 
"{9E2B576C-2892-403B-B0EF-0A6F20673ADF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trine\trine_launcher.exe | 
"{A647D6E6-7BBF-4175-95E6-368F6A34FB87}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A93092A0-C85E-431A-828C-8F088A7AF84B}" = protocol=17 | dir=in | app=c:\starcraft ii\starcraft ii.exe | 
"{AECF544E-DD0B-4DE3-A1C5-CE03BF27A8A6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AED8C1C0-1918-4EFF-B72E-74C3A0EE4F58}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest immortal throne\tqit.exe | 
"{AF216EE2-521A-4BA4-8E20-996CC5382DA9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{B58837F3-3D9D-4901-BFD8-9B3B52DB34F0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B64B01CF-0CC3-4870-B779-0F90FEDB6639}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BA789A8F-47BF-4EF2-A3E1-B7D5FE34A454}" = protocol=17 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe | 
"{BC9FACD4-BAA8-4D0E-9176-EDECF3CECAE2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{C5C802C9-7280-4E60-A19A-D2E735B9C1FD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{CC4D1298-CE1F-4418-B824-64D0C9FCDCFC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CD09CE19-5BE4-406E-B8D9-B686903BF022}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D0120BF9-49D8-461B-B637-B431C0D57FBA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{D0B533AD-720E-4525-A893-74F4004BE716}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\satansdevil\day of defeat\hl.exe | 
"{D1668BF5-3F95-4768-906B-CDD7B9134559}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D5BC38ED-3D08-4472-BF52-3416BEA78839}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D5E1EB80-E488-4689-9C8E-8A69C502B61E}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{D5E4BCD6-AE50-45E0-A297-9DFD6036FACA}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{D6D72F38-4F08-4896-8A07-29330AB712F8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\satansdevil\day of defeat\hl.exe | 
"{DCD2D5D4-407C-4A11-B4DE-70AA959E51F4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DDD7B56B-DDA3-49C6-9D88-75E6BCCE7590}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{E356EADC-4DBC-426C-A21A-71DDCD882967}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E3EFEBC3-E137-4213-B262-68C75785AA06}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E88CF489-A548-451B-94CD-1949E96C2CAA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torched\editor.exe | 
"{E92A05F7-052B-4ADA-AC96-78DEDF0777F7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe | 
"{EADA4C7C-81AC-40D8-9D40-28CFBF9F0185}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\satansdevil\counter-strike source\hl2.exe | 
"{ECAE8295-A0A4-4FE2-9060-6D3A5603E86C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ED9C17F4-9E77-4A69-A4E6-E8C2DBBB5CEB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EE5A56EA-80BB-466F-8695-CCCFB7020DB5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\satansdevil\garrysmod\hl2.exe | 
"{F6EAAB43-C41F-4EFF-8A2A-331EE16A91D2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw-bi.exe | 
"{FA7B874D-2C26-4EAE-BC0F-5FDFFDB2721D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"TCP Query User{00FBF39C-E456-4676-89AA-3CE1B0E92D9E}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{0B00423C-14F0-4355-8352-E10F3DA36B59}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{14B3D75E-AED7-4ABB-9B1C-97F87E5901D0}C:\users\public\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\launcher.exe | 
"TCP Query User{174839E8-C7C0-42C0-A2A0-21FDA18718F9}C:\program files\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files\hlsw\hlsw.exe | 
"TCP Query User{1F7B412F-758F-49E6-B1E0-7DBD57CDB6BF}C:\program files\steam\steamapps\satansdevil\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\satansdevil\team fortress 2\hl2.exe | 
"TCP Query User{3C9CD4E3-BEFF-4E2C-A002-475EAF823ADE}C:\program files\steam\steamapps\common\titan quest\titan quest.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\titan quest.exe | 
"TCP Query User{4219818A-225D-42A1-86FF-599B56EF760D}C:\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\starcraft\starcraft.exe | 
"TCP Query User{52541761-2351-49AE-A342-79B040F167E0}C:\users\****\downloads\loleudownloader.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\loleudownloader.exe | 
"TCP Query User{5DF21010-E94B-42C3-97C5-B0478348FDA3}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe | 
"TCP Query User{779332E5-E980-4D83-83EF-831138F025D6}C:\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\starcraft ii\versions\base16605\sc2.exe | 
"TCP Query User{C50E8E54-17B6-4F2A-A50D-01DA802DD7E2}C:\program files\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe | 
"TCP Query User{CC7A1841-6F23-4D37-9CD6-C8B0EDBB495C}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe.exe | 
"TCP Query User{DC26D9A1-E676-4691-B886-77F5A234304D}C:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{DE70B447-D396-490F-BA54-49F311DE6D75}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{DE84835B-EC48-40EB-8CE5-41E416450DD8}C:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"TCP Query User{FD6C44BC-4A25-41A9-B8D8-7DD9F05A1A62}C:\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=c:\starcraft ii\versions\base16561\sc2.exe | 
"UDP Query User{10CCF8F7-7783-40D7-B4C0-528C31CA48D6}C:\program files\steam\steamapps\satansdevil\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\satansdevil\team fortress 2\hl2.exe | 
"UDP Query User{1409DF71-9998-41E8-90CD-33DDD54D9157}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{2A40A214-B47A-4094-88AF-1460A16B2ECE}C:\program files\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files\hlsw\hlsw.exe | 
"UDP Query User{303A4053-CBB9-40F9-86E8-D5780E63050D}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{35B57E77-41E3-43BD-90A8-5C6489B43068}C:\users\public\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\launcher.exe | 
"UDP Query User{3A026671-C200-4A50-B999-2A6E234A275F}C:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{46E232B9-233F-4595-A78E-0A316C9C491D}C:\users\***\downloads\loleudownloader.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\loleudownloader.exe | 
"UDP Query User{5F9EA9E9-4C91-4659-9C7D-5B4D1FB9EB86}C:\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\starcraft\starcraft.exe | 
"UDP Query User{600B51AD-3439-4885-A9D7-EAFC73203825}C:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{9054F45D-FC3F-431E-AE66-2BC04FC87B2B}C:\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=c:\starcraft ii\versions\base16561\sc2.exe | 
"UDP Query User{97F16B50-4249-40EF-B923-DA6BF9D67C3C}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe | 
"UDP Query User{AC8A45D4-D32E-4706-AB49-E1C5B41CF89E}C:\program files\steam\steamapps\common\titan quest\titan quest.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\titan quest.exe | 
"UDP Query User{B40390C6-9C4B-4014-A2B4-3B4158959097}C:\program files\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe | 
"UDP Query User{BCBB972E-6791-411C-AD20-DCF4CD170BEC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{DD97E332-F69B-4CA3-B3C6-9876BE8CB927}C:\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\starcraft ii\versions\base16605\sc2.exe | 
"UDP Query User{FADBA5B6-08B4-4274-8E08-CD430E29F5DE}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{090EFAEF-E0C1-5311-7A96-817BC18B43BB}" = ccc-utility
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19666E73-D9E5-44D4-8F33-037ED151ECBC}" = Firebird SQL Server - MAGIX Edition
"{1BF43B74-1EDE-060E-A612-56A116A381F8}" = Catalyst Control Center Core Implementation
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.5
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 21
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{437220AC-2A97-8338-E012-74B8DF30E9DA}" = Catalyst Control Center InstallProxy
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4E2CD272-0F2F-98EA-9596-510EF0D24E28}" = ccc-core-static
"{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin Wireless USB Adapter Setup
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72C02F89-9E8E-2DBD-11D7-EB5F075FE081}" = Catalyst Control Center Graphics Previews Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DB77BE4-629D-458D-BD68-9F36667C2177}" = TubeBox!
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C19FFB1-25FC-43FC-AC78-919E5E2A6DD0}" = TortoiseSVN 1.6.6.17493 (32 bit)
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"{9DD16C0E-B9E7-417C-0C30-E57916C353E3}" = CCC Help English
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9EC63FE1-D017-460D-90B1-CCC97239AF73}" = Media Go
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A1E1D1EE-3F04-CC1A-8498-0D48463F579D}" = Catalyst Control Center Localization All
"{A680643A-1155-02F6-6B29-BF4FBA1190E8}" = Catalyst Control Center Graphics Full Existing
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{ABB6F00C-9722-82C2-FE1E-893313CCF612}" = Catalyst Control Center Graphics Light
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{B04836D8-4170-D430-6297-3DD084AAEC09}" = Catalyst Control Center Graphics Full New
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BCC78381-4B63-5352-BF57-BDBF7A77823A}" = Catalyst Control Center HydraVision Full
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE03D1DC-FD8D-2F5C-5FAD-02570BA0383B}" = Catalyst Control Center InstallProxy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{DF181652-D4F9-7D64-AED8-57D31E8D0410}" = Media Go Video Playback Engine 1.32.101.05130
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EE02955B-74BC-3995-6B67-2A9D1651D4F5}" = Catalyst Control Center Graphics Previews Vista
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F34D6DAE-7777-5C40-E143-8A0D6A048F75}" = ATI Catalyst Install Manager
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12345_is1" = WeGame Client Public Beta 2.0.2
"7-Zip" = 7-Zip 9.04 beta
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Active WebCam" = Active WebCam
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AutoHotkey" = AutoHotkey 1.0.48.05
"AV Voice Changer Software GOLD 7.0" = AV Voice Changer Software GOLD 7.0
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EA Download Manager" = EA Download Manager
"EAX Unified" = EAX Unified
"FlashGet 3.5" = FlashGet 3.5
"Fraps" = Fraps (remove only)
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.10
"GAMI (Gta-Action Mod-Installer)" = GAMI (Gta-Action Mod-Installer)
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HLSW_is1" = HLSW v1.3.2.1
"Icy Tower v1.4_is1" = Icy Tower v1.4
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"JDownloader" = JDownloader
"Mafia" = Mafia
"MAGIX MP3 Maker 15 Download-Version D" = MAGIX MP3 Maker 15 Download-Version 10.0.0.279 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"myBabylon_English Toolbar" = myBabylon_English Toolbar
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Postal 2 Apocalypse Weekend Expansion Pack" = Postal 2 Apocalypse Weekend Expansion Pack
"Postal 2 Share The Pain" = Postal 2 Share The Pain
"PROHYBRIDR" = 2007 Microsoft Office system
"RPGAdvocates_RTP_1.0" = Common RTP 1.0
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 240" = Counter-Strike: Source
"Steam App 30" = Day of Defeat
"Steam App 300" = Day of Defeat: Source
"Steam App 35700" = Trine
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 41500" = Torchlight
"Steam App 41520" = Torchlight Editor
"Steam App 440" = Team Fortress 2
"Steam App 4540" = Titan Quest
"Steam App 4550" = Titan Quest: Immortal Throne
"Steam App 4700" = Medieval II: Total War
"Steam App 4760" = Rome: Total War - Gold Edition
"Steam App 630" = Alien Swarm
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.9
"VRS" = VRS Recording System
"VTFEdit_is1" = VTFEdit 1.2.5
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Darth Mod M2TW 1.4D" = Darth Mod M2TW 1.4D
"Google Chrome" = Google Chrome
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.12.2010 05:28:35 | Computer Name = ***-PC | Source = VSS | ID = 8194
Description = 
 
Error - 23.12.2010 05:34:05 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.12.2010 05:38:23 | Computer Name = ***-PC | Source = VSS | ID = 8194
Description = 
 
Error - 23.12.2010 08:28:50 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.12.2010 10:34:07 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.12.2010 13:15:53 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.12.2010 13:21:17 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung HitmanBloodMoney.exe, Version 0.0.0.0, Zeitstempel
 0x445e8b88, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0x624, Anwendungsstartzeit
 01cba2c56d1b44a3.
 
Error - 23.12.2010 15:14:01 | Computer Name = ***-PC | Source = VSS | ID = 8194
Description = 
 
Error - 23.12.2010 15:26:01 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.12.2010 16:35:12 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 23.12.2010 14:51:39 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 23.12.2010 15:17:32 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 23.12.2010 15:23:02 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 23.12.2010 15:23:07 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 23.12.2010 15:25:55 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 23.12.2010 um 20:23:14 unerwartet heruntergefahren.
 
Error - 23.12.2010 15:26:03 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 23.12.2010 15:43:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 23.12.2010 15:43:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 23.12.2010 15:43:59 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 23.12.2010 16:35:16 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >

rea · 26.12.2010, 18:18

1.) Teatimer abstellen

Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt. Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind):
Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten.

2.) Software deinstallieren
=> Start
=> Systemsteuerung
=> Programme und Funktionen
=> Programm deinstallieren
Wähle nun jeweils eine Software aus:

Code:

ATTFilter

Google Toolbar for Internet Explorer
Google Update Helper
myBabylon_English Toolbar

=> ändern/entfernen und deinstallieren.

Deinstalliere bitte jede Software aus dieser Liste, die vorhanden ist.

3.) Fixen mit OTL

Starte bitte die OTL.exe.
Vista-&Win7-User mit Rechtsklick "als Administrator starten"

Kopiere nun den Inhalt der folgenden Codebox in die Benutzerdefinierte Scans/Fixes - Textbox.

Denke daran, vor dem Fix die **** wieder in deinen Benutzernamen zu ändern!!!

Code:

ATTFilter

:OTL
O32 - AutoRun File - [2005.02.25 16:24:44 | 000,000,051 | R--- | M] () - H:\autorun.inf -- [ UDF ]
File not found -- C:\Users\***\Desktop\Detektiv Keybinder by Pablo
[2010.12.19 19:57:19 | 000,000,204 | ---- | M] () -- C:\Windows\System32\secustat.dat
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:B606BA34
:Commands
[PURITY]
[EMPTYTEMP]
[CREATERESTOREPOINT]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
Klick auf OK.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

Versuche nach diesem Schritt erneut mit GMER zu scannen.

Worum handelt es sich bei diesen/m Dateien/Ordner?
C:\Users\***\Desktop\knifem9probisiiiww.rar
C:\Users\***\Desktop\test
C:\Users\***\Desktop\addons.exe

Worum handelt es sich bei deinem Laufwerk H:\ ?

Brauny · 26.12.2010, 23:09

Hey

C:\Users\***\Desktop\knifem9probisiiiww.rar ---> ein Counter Strike Source Skin Mod, den ich selbst gebastelt habe

C:\Users\***\Desktop\test --->ein Ordner mit AddOns von dem Spiel Garry's Mod

C:\Users\***\Desktop\addons.exe --->Ein Programm, dass AddOns vom Spiel Garry's Mod gepackt hatte und beim Start alles entpackt.

So folgte ich deinen Schritten und wagte mich mal wieder an GMER.Nachdem es sehr lange geladen hatte war es da, stellte alles ein und fing an zu scannen.10 Sekunden alles reibungslos bis ich dann einen Bluescreen bekam, dass wegen pwryjpog.sys das System zur Sicherheit runtergefahren wird (die genaue Meldung war nicht bekannt, hab mich nur auf den Namen fixiert.

So versuchte ich es mal im Abgesichtern Modus, wo das Programm erneut abstürzte (hat ein Problem gefunden, muss beendet werden).Das Programm stürzte bei \device\harddiskVolumeShadowcopy1 ab.

mfg
Brauny

rea · 26.12.2010, 23:23

Okay, dann poste mir erstmal das Fixlog von OTL und beantworte die andere Frage noch.

Brauny · 26.12.2010, 23:30

Das Fixlog hab ich leider nicht gespeichert, hatte in dem Moment leider nicht dran gedacht...oder lässt sich das woanders finden?

Zum Laufwerk H...das ist mein CD Laufwerk.

mfg
Brauny

rea · 27.12.2010, 00:10

Schau auf deinem Desktop oder im Ordner C:\_OTL. Beim nächsten Mal vorher die Anleitung lesen.

Wenns nicht da ist, mach mit der neuen Anleitung weiter.

Gmer hat das leider manchmal, dass es kein Logfile erzeugt sondern abstürzt. Ist recht schade, aber wir steigen auf andere Rootkitscanner um:

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

1.) Rootkit-Suche mit Avira AntiRootkit

Lade Avira AntiRootkit herunter, indem Du auf den Download-Button klickst. Speichere die Datei auf Deinem Desktop.

Du solltest jetzt antivir_rootkit.zip auf Deinem Desktop finden.
Entpacke das Archiv auf Deinen Desktop (antivir_rootkit.zip kannst Du jetzt manuell löschen).
Doppelklick auf die avirarkd.exe => OK.
Klicke auf Start scan.
Wenn der Suchlauf beendet ist, klicke auf View report und kopiere das Log hier in den Thread.

2.) Rootkit-Suche mit RootRepeal

Gehe hierhin, scrolle runter und downloade RootRepeal.zip.
Entpacke die Datei auf Deinen Desktop.
Doppelklicke die RootRepeal.exe, um den Scanner zu starten.
Klicke auf den Reiter Report und dann auf den Button Scan.
Mache einen Haken bei den folgenden Elementen und klicke Ok.
.
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Shadow SSDT
.
Im Anschluss wirst Du gefragt, welche Laufwerke gescannt werden sollen.
Wähle C:\ und klicke wieder Ok.
Der Suchlauf beginnt automatisch, es wird eine Weile dauern, bitte Geduld.
Wenn der Suchlauf beendet ist, klicke auf Save Report.
Speichere das Logfile als RootRepeal.txt auf dem Desktop.
Kopiere den Inhalt hier in den Thread.

3.) OSAM
Und erstelle bitte ein Logfile mit OSAM. (Einfach draufklicken, um zur Anleitung zu kommen)

4.) Erneuter Systemscan mit OTL

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standart Ausgabe
Unter Extra Registrierung, wähle bitte Benutze SafeList
Setze jeweils den Haken bei LOP Prüfung & Purity Prüfung
Klicke nun auf Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste beide Logfiles hier in den Thread.

Brauny · 27.12.2010, 01:50

Hallo

so habe nun alle Scans bis auf den von AntiVir gemacht, da AntiVir mich dazu auffordert AntiVir zu installieren, aber da ich Kaspersky schon drauf habe und Kaspersky dadurch entfernt wird, werde ich den Scan auch nicht durchführen.

Hier die Logs von RootRepeal,Osam und die neuen OTL files mit anderen einstellungen.Da alles insgesamt zu groß ist, gibts diese in einem zip Archiv.

mfg
Brauny

rea · 27.12.2010, 02:22

Hi,
poste die Logs bitte einzeln direkt in den Thread, jeweils mit Codetags umschlossen. Du kannst gern, wenns denn nötig ist 2 Beiträge dafür verwenden. Ich schau mir die Logs dann morgen an

Brauny · 27.12.2010, 02:27

Code:

ATTFilter

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2010/12/27 00:16
Program Version:		Version 1.3.5.0
Windows Version:		Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x941B4000	Size: 45056	File Visible: No	Signed: -
Status: -

Name: dump_msahci.sys
Image Path: C:\Windows\System32\Drivers\dump_msahci.sys
Address: 0x941BF000	Size: 40960	File Visible: No	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x833F1000	Size: 49152	File Visible: No	Signed: -
Status: -

Name: spmt.sys
Image Path: C:\Windows\System32\Drivers\spmt.sys
Address: 0x8060C000	Size: 995328	File Visible: No	Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\System Volume Information\{666e940b-113b-11e0-be08-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{79eefdb4-0e73-11e0-8e63-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7ed2ca99-0c49-11e0-8936-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7ed2ca9d-0c49-11e0-8936-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7ed2caa3-0c49-11e0-8936-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3d93e3e0-0eb8-11e0-827e-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3f31aed3-0dc7-11e0-ac27-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{84adb4d0-0e77-11e0-95c1-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b78d7d0f-0f80-11e0-a97b-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b99a2003-1006-11e0-821b-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e17a0231-0f45-11e0-888a-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e17a0251-0f45-11e0-888a-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e17a026e-0f45-11e0-888a-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e17a0272-0f45-11e0-888a-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e17a0276-0f45-11e0-888a-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e17a027a-0f45-11e0-888a-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0da7a342-0aa8-11e0-9f27-f4272d2fd9e0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0da7a353-0aa8-11e0-9f27-f4272d2fd9e0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0ded87b7-0d03-11e0-80c0-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e17a027e-0f45-11e0-888a-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e17a0282-0f45-11e0-888a-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{f79fca38-0b50-11e0-bc80-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4974_none_f0c009be84e41666.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.debugmfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_3389d53e5a2d10c0.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30411.0_none_d70c8009a3652bd4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4974_none_f0f30f20f89ddc75.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4027_none_cbeeb6564710a1d1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.debugcrt_1fc8b3b9a1e18e3b_8.0.50727.42_none_ef74ff32550b5bf0.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_0e9108e3b72e14d4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4027_none_4daf0ae87dd59b6e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_50940634bcb759cb.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.debugmfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_f455012451df8b23.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4974_none_80bb23871e9ab973.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30411.0_none_7f955bd5da1ee32d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4974_none_0e9463c1b72afcdd.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_bdf22a22ab9e15d5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30411.0_none_7816760bdeed6010.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4027_none_d08a21a2442db2dc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4974_none_ed0290eafb227cfc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0bcaee084e72e5d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4974_none_497745fb754785d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_f48176b4f6540019.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30411.0_none_d48b2b1c591268e6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_5d1777c2e857a23b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b59bae9d65014b98.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30411.0_none_7bd3eedf68aef97a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.debugcrt_1fc8b3b9a1e18e3b_8.0.50727.42_none_3825408a574a21cb.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4db266e67dd280ef.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4027_none_516ad2630f4bd825.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_5926f98ceadc42c2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4974_none_4bf89ae8bf9a48c0.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_5ce47260749ddc2c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30411.0_none_dba7eb55a0823cdf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_3b0e32bdc9afe437.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f47e1bd6f6571810.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4027_none_03c6f934205fcb15.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b81d038aaf540e86.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_6b86c0e9b0196766.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4974_none_51cdc180bbe4500f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4027_none_49ebec99141a5508.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_ecff360cfb2594f3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_49ef489714173a89.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_80b7c8a91e9dd16a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.web.resources_b03f5f7f11d50a3a_6.0.6002.18232_de-de_5281c6e07b670138\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.web.resources_b03f5f7f11d50a3a_6.0.6002.18315_de-de_527f81d07b691bbe\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.web.resources_b03f5f7f11d50a3a_6.0.6002.22372_de-de_3bb82148950ac69a\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.web.resources_b03f5f7f11d50a3a_6.0.6002.22493_de-de_3bba0af09509133a\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.security.resources_b03f5f7f11d50a3a_6.0.6002.18222_de-de_52e7823c4ca4d7f9\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\APPLIC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\APPLIC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.security.resources_b03f5f7f11d50a3a_6.0.6002.22354_de-de_3c1caeca6649b746\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: c:\program files\nero\nero8\nero backitup\biub05a.txt
Status: Allocation size mismatch (API: 216, Raw: 0)

Path: c:\program files\nero\nero8\nero backitup\biu7290.txt
Status: Allocation size mismatch (API: 216, Raw: 0)

Path: c:\program files\nero\nero8\nero backitup\biu7647.txt
Status: Allocation size mismatch (API: 216, Raw: 0)

Path: c:\program files\nero\nero8\nero backitup\biu7de5.txt
Status: Allocation size mismatch (API: 216, Raw: 0)

Path: c:\program files\nero\nero8\nero backitup\biu6d23.txt
Status: Allocation size mismatch (API: 216, Raw: 0)

Path: c:\program files\nero\nero8\nero backitup\biu6f07.txt
Status: Allocation size mismatch (API: 216, Raw: 0)

Path: c:\program files\nero\nero8\nero backitup\biu7148.txt
Status: Allocation size mismatch (API: 216, Raw: 0)

Path: c:\program files\nero\nero8\nero backitup\biu7aab.txt
Status: Allocation size mismatch (API: 216, Raw: 0)

Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_de_b03f5f7f11d50a3a\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_de_b03f5f7f11d50a3a\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: c:\users\***\appdata\local\mozilla\firefox\profiles\fr2rqa3m.default\urlclassifier3.sqlite-journal
Status: Allocation size mismatch (API: 12058624, Raw: 0)

Path: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fr2rqa3m.default\sessionstore.js
Status: Could not get file information (Error 0xc0000008)

Path: c:\users\***\appdata\local\mozilla\firefox\profiles\fr2rqa3m.default\cache\_cache_001_
Status: Allocation size mismatch (API: 696320, Raw: 688128)

Path: c:\users\***\appdata\local\mozilla\firefox\profiles\fr2rqa3m.default\cache\_cache_002_
Status: Allocation size mismatch (API: 753664, Raw: 671744)

Processes
-------------------
Path: System
PID: 4	Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1416	Status: Locked to the Windows API!

SSDT
-------------------
#: 012	Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450abd0

#: 021	Function Name: NtAlpcConnectPort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450c52c

#: 022	Function Name: NtAlpcCreatePort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450c782

#: 038	Function Name: NtAlpcSendWaitReceivePort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450c9fc

#: 048	Function Name: NtClose
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450b450

#: 054	Function Name: NtConnectPort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450bb32

#: 058	Function Name: NtCreateEvent
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450bf3c

#: 060	Function Name: NtCreateFile
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450b5f8

#: 067	Function Name: NtCreateMutant
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450be14

#: 068	Function Name: NtCreateNamedPipeFile
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450a7d6

#: 071	Function Name: NtCreatePort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450bcd0

#: 075	Function Name: NtCreateSection
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450a992

#: 076	Function Name: NtCreateSemaphore
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450c06e

#: 077	Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450dcb0

#: 078	Function Name: NtCreateThread
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450b0ee

#: 115	Function Name: NtCreateWaitablePort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450bd72

#: 116	Function Name: NtDebugActiveProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450d6a2

#: 129	Function Name: NtDuplicateObject
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450e672

#: 150	Function Name: NtFsControlFile
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450b752

#: 165	Function Name: NtLoadDriver
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450d734

#: 177	Function Name: NtMapViewOfSection
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450dd64

#: 184	Function Name: NtOpenEvent
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450bfde

#: 186	Function Name: NtOpenFile
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450b4d2

#: 191	Function Name: NtOpenMutant
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450beac

#: 194	Function Name: NtOpenProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450add6

#: 197	Function Name: NtOpenSection
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450dcda

#: 198	Function Name: NtOpenSemaphore
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450c110

#: 201	Function Name: NtOpenThread
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450acfa

#: 219	Function Name: NtQueryDirectoryObject
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450cc3e

#: 242	Function Name: NtQuerySection
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450e07c

#: 255	Function Name: NtQueueApcThread
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450d9ca

#: 270	Function Name: NtReplyPort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450c49a

#: 271	Function Name: NtReplyWaitReceivePort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450c360

#: 276	Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450d442

#: 282	Function Name: NtResumeThread
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450e554

#: 286	Function Name: NtSecureConnectPort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450b86c

#: 289	Function Name: NtSetContextThread
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450b30c

#: 307	Function Name: NtSetInformationToken
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450ccf2

#: 314	Function Name: NtSetSecurityObject
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450d82e

#: 317	Function Name: NtSetSystemInformation
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450e1bc

#: 330	Function Name: NtSuspendProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450e2a0

#: 331	Function Name: NtSuspendThread
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450e3c8

#: 332	Function Name: NtSystemDebugControl
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450d5ce

#: 334	Function Name: NtTerminateProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450af4e

#: 335	Function Name: NtTerminateThread
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450aea4

#: 348	Function Name: NtUnmapViewOfSection
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450df32

#: 358	Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450b02e

#: 382	Function Name: NtCreateThreadEx
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450b1ee

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System	Address: 0x863471f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System	Address: 0x863471f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System	Address: 0x863471f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System	Address: 0x863471f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x863471f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x863471f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System	Address: 0x863471f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System	Address: 0x863471f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x863471f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x863471f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x863471f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x863471f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: Shadow SSDT
-------------------
#: 013	Function Name: NtGdiBitBlt
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451bd1c

#: 235	Function Name: NtGdiMaskBlt
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451bde6

#: 245	Function Name: NtGdiPlgBlt
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451be50

#: 301	Function Name: NtGdiStretchBlt
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451bd80

#: 317	Function Name: NtUserAttachThreadInput
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451b930

#: 333	Function Name: NtUserCallOneParam
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451bce8

#: 391	Function Name: NtUserFindWindowEx
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451bb1e

#: 397	Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451b898

#: 428	Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451bc20

#: 430	Function Name: NtUserGetKeyState
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451b8e4

#: 479	Function Name: NtUserMessageCall
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451ba70

#: 497	Function Name: NtUserPostMessage
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451b9c6

#: 498	Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451ba1a

#: 513	Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451bbb0

#: 525	Function Name: NtUserSendInput
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451bad0

#: 573	Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451b7e8

#: 576	Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451b83e

==EOF==

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 00:10:02 on 27.12.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Kaspersky Lab" - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
"AppInit_DLLs" - "Kaspersky Lab" - C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-125589784-1136540592-1035784495-1004Core.job" - "Google Inc." - C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-125589784-1136540592-1035784495-1004UA.job" - "Google Inc." - C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ahcix86s" (ahcix86s) - ? - C:\Windows\System32\DRIVERS\ahcix86s.sys  (File not found)
"AMD Low Level Device Driver" (AmdLLD) - ? - C:\Windows\System32\DRIVERS\AmdLLD.sys  (File not found)
"amdide" (amdide) - ? - C:\Windows\System32\DRIVERS\amdide.sys  (File not found)
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"awggm53m" (awggm53m) - "Microsoft Corporation" - C:\Windows\system32\drivers\awggm53m.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"cpuz132" (cpuz132) - ? - C:\Users\***\AppData\Local\Temp\cpuz132\cpuz132_x32.sys  (File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{0561EC90-CE54-4f0c-9C55-E226110A740C} "{0561EC90-CE54-4f0c-9C55-E226110A740C}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? -   (File not found | COM-object registry key not found)
{5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? -   (File not found | COM-object registry key not found)
{327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Exctractor" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{30351346-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{30351347-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{30351348-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134A-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134B-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134C-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134D-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134E-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134F-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{30351350-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{C5994560-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994561-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994562-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994563-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994564-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994565-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994566-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994567-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994568-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} "QIPBHO Class" - "qip.ru" - C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
 "{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll
{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} "FlashGetBHO" - "Trend Media Group" - C:\Users\***\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} "QIPBHO Class" - "qip.ru" - C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AVP" - "Kaspersky Lab" - "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe"
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - "C:\Program Files\Cyberlink\Shared files\RichVideo.exe"  (File not found)
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Shared\Database2\bin\FABS.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Shared\Database2\bin\fbserver.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Kaspersky Security Suite CBE 10" (AVP) - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
"UPnPService" (UPnPService) - "Magix AG" - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"klogon" - "Kaspersky Lab" - C:\Windows\system32\klogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Brauny · 27.12.2010, 02:28

Code:

ATTFilter

OTL logfile created on: 27.12.2010 01:35:04 - Run 1
OTL by OldTimer - Version 3.2.18.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581,17 Gb Total Space | 240,55 Gb Free Space | 41,39% Space Free | Partition Type: NTFS
Drive D: | 14,99 Gb Total Space | 2,79 Gb Free Space | 18,64% Space Free | Partition Type: FAT32
Drive H: | 4,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.26 22:42:14 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2010.11.19 15:32:52 | 000,743,232 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010.11.19 15:31:52 | 001,051,968 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2010.09.01 07:39:18 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.06.10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.05.06 08:08:30 | 000,207,448 | ---- | M] (Kaspersky Lab) -- C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtblfs.exe
PRC - [2010.03.26 17:02:56 | 008,546,848 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2010.03.03 05:12:32 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.03.03 05:11:58 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.10.20 00:11:52 | 000,616,712 | ---- | M] (hxxp://tortoisesvn.net) -- C:\Programme\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.02.23 10:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008.12.16 09:52:02 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Shared\Database2\bin\FABS.exe
PRC - [2008.11.24 21:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.11.24 21:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2006.10.26 12:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe
PRC - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.26 22:42:14 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Cyberlink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2010.12.24 15:06:02 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.11.19 15:31:52 | 001,051,968 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.11.19 15:29:54 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.11.05 19:44:16 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.08.18 00:49:16 | 000,797,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010.06.10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.05.06 08:10:22 | 000,361,120 | ---- | M] (Kaspersky Lab) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe -- (AVP)
SRV - [2010.03.18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2010.03.03 05:11:58 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.02.23 10:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008.12.16 09:52:02 | 001,155,072 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Shared\Database2\bin\FABS.exe -- (Fabs)
SRV - [2008.10.21 14:50:00 | 000,548,864 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2008.08.07 09:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\Database2\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\AmdLLD.sys -- (AmdLLD)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\DRIVERS\amdide.sys -- (amdide)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2010.10.09 13:27:23 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.10.09 13:27:21 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.10.08 20:44:38 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010.03.26 17:24:58 | 003,048,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010.03.03 05:22:26 | 005,340,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2010.03.03 04:07:16 | 000,152,064 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.02.24 13:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.01.25 16:55:07 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.12.20 10:53:32 | 000,234,016 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.10.14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\klbg.sys -- (klbg)
DRV - [2009.10.02 18:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.09.23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.09.14 13:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009.09.01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009.05.27 10:32:04 | 000,516,608 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009.05.20 17:04:40 | 000,157,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.12.26 11:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008.09.26 12:30:54 | 000,651,264 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2008.04.28 14:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.03.27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.autohotkey.com/docs/Tutorial.htm"
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.747
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1
FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 19:35:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.12 19:35:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\THBExt [2010.10.08 20:45:48 | 000,000,000 | ---D | M]
 
[2010.01.16 22:31:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.12.27 00:55:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions
[2010.04.27 15:26:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.05 20:50:54 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
[2010.08.14 14:39:01 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.04.21 14:59:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}-trash
[2010.12.24 21:32:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.11.03 19:31:51 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2010.04.27 15:26:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\youtube2mp3@mondayx.de
[2010.03.10 18:05:01 | 000,002,288 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\fr2rqa3m.default\searchplugins\call-of-duty-wiki-en.xml
[2010.12.05 20:51:42 | 000,002,062 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\fr2rqa3m.default\searchplugins\qip-search.xml
[2010.12.27 00:55:31 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.18 02:48:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.14 14:40:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.08 20:47:04 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.22 13:44:58 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.21 14:00:00 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2010.07.22 13:44:58 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.22 13:44:58 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.22 13:44:58 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.22 13:44:58 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\***\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\******\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: 使用快车3下载 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.02.25 16:24:44 | 000,000,051 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{5f0589ac-02cd-11df-96cc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5f0589ac-02cd-11df-96cc-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Installer.exe -- File not found
O33 - MountPoints2\{645b992f-c8dd-11df-bb74-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{645b992f-c8dd-11df-bb74-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Install.exe -- [2004.10.21 19:38:02 | 000,126,976 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{fa799ce1-09cb-11df-a2a2-002421e021bd}\Shell - "" = AutoRun
O33 - MountPoints2\{fa799ce1-09cb-11df-a2a2-002421e021bd}\Shell\AutoRun\command - "" = J:\MafiaLauncher.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\Users\***\Desktop\Detektiv Keybinder by Pablo
[2010.12.27 00:15:20 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\RootRepeal
[2010.12.27 00:13:26 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\avira_antirootkit
[2010.12.27 00:06:33 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\osam_autorun_manager_version_portable
[2010.12.26 22:43:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.12.26 22:42:12 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.12.26 14:25:08 | 000,000,000 | ---D | C] -- C:\Programme\TeamSpeak 3 Client
[2010.12.26 14:23:51 | 013,326,816 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Users\***\Desktop\TeamSpeak3-Client-win32-3.0.0-beta36.exe
[2010.12.24 23:47:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ENBSeries Configurator for GTA San Andreas
[2010.12.24 23:47:43 | 000,000,000 | ---D | C] -- C:\Programme\ENBSeries Configurator for GTA San Andreas
[2010.12.24 22:23:11 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\TXD Workshop
[2010.12.24 15:06:08 | 000,030,528 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010.12.24 15:06:05 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.12.24 15:06:05 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.12.24 15:05:27 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2010
[2010.12.24 15:01:23 | 019,904,832 | ---- | C] (TuneUp Software) -- C:\Users\***\Desktop\TU2010TrialDE.exe
[2010.12.23 21:20:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.12.23 21:20:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.23 21:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.23 21:20:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.23 21:20:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.12.23 21:17:53 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup.exe
[2010.12.23 20:50:14 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis.exe
[2010.12.23 12:18:59 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.12.23 12:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.12.23 10:55:41 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\GTA San Andreas User Files
[2010.12.23 10:38:22 | 000,000,000 | ---D | C] -- C:\Programme\Rockstar Games
[2010.12.23 10:29:32 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\alle
[2010.12.23 10:17:20 | 000,000,000 | ---D | C] -- C:\Programme\GAMI
[2010.12.21 15:23:59 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Kakawurst
[2010.12.17 08:37:34 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Hitman Blood Money
[2010.12.17 08:28:38 | 000,000,000 | ---D | C] -- C:\Programme\Eidos
[2010.12.17 08:17:14 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Hitman iso
[2010.12.17 08:16:12 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Hitman
[2010.12.16 22:40:41 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\test
[2010.12.16 22:08:26 | 454,415,571 | ---- | C] (1 Mann Lan) -- C:\Users\***\Desktop\addons.exe
[2010.12.16 13:01:37 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\DVDVideoSoft
[2010.12.16 13:01:28 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2010.12.16 13:01:28 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft
[2010.12.15 16:08:51 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.15 16:08:43 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.15 16:08:41 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.15 16:08:40 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.15 16:08:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.15 16:07:17 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.15 16:07:17 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.15 16:07:17 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.15 16:07:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.14 09:52:57 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.12.11 09:42:03 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\sacamhack12
[2010.12.11 09:36:22 | 001,227,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dx8vb.dll
[2010.12.08 16:09:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Divinity 2
[2010.12.07 23:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Divinity 2
[2010.12.07 23:10:28 | 000,000,000 | ---D | C] -- C:\Programme\Divinity II - Ego Draconis
[2010.12.05 20:50:50 | 000,000,000 | ---D | C] -- C:\Programme\QIP 2010
[2010.12.05 08:58:39 | 000,000,000 | ---D | C] -- C:\Programme\Mafia
[2010.12.05 08:56:01 | 000,139,264 | ---- | C] (Creative Technology Ltd) -- C:\Windows\System32\eax.dll
[2010.12.05 08:56:01 | 000,000,000 | ---D | C] -- C:\Programme\Creative
[2010.12.05 08:55:59 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010.12.03 18:14:56 | 000,000,000 | ---D | C] -- C:\Programme\Postal2
[2010.11.30 23:19:04 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010.11.30 23:16:10 | 000,000,000 | ---D | C] -- C:\Programme\Postal2STP
[2010.11.28 20:00:45 | 000,000,000 | ---D | C] -- C:\Programme\osu!
[2010.11.28 20:00:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Downloaded Installations
[2010.11.26 18:57:29 | 000,254,464 | ---- | C] (Mpath Interactive) -- C:\Programme\MPLAYNOW.EXE
[2007.03.12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2005.11.23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Users\***\Desktop\Detektiv Keybinder by Pablo
[2010.12.27 01:27:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.27 01:04:48 | 000,000,184 | ---- | M] () -- C:\Users\***\Desktop\Google.ahk
[2010.12.27 00:59:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.27 00:59:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.27 00:41:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-125589784-1136540592-1035784495-1004UA.job
[2010.12.27 00:15:09 | 000,465,298 | ---- | M] () -- C:\Users\***\Desktop\RootRepeal.rar
[2010.12.27 00:13:00 | 000,089,324 | ---- | M] () -- C:\Users\***\Desktop\avira_antivir_antirootkit_en.zip
[2010.12.27 00:12:44 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.26 23:06:55 | 000,742,356 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.26 23:06:55 | 000,690,518 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.26 23:06:55 | 000,173,876 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.26 23:06:55 | 000,141,156 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.26 22:59:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.26 22:55:14 | 385,498,455 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.12.26 22:42:14 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.12.26 17:41:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-125589784-1136540592-1035784495-1004Core.job
[2010.12.26 16:10:29 | 000,296,448 | ---- | M] () -- C:\Users\***\Desktop\3wloftrm.exe
[2010.12.26 14:25:09 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.12.26 14:24:50 | 013,326,816 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Users\***\Desktop\TeamSpeak3-Client-win32-3.0.0-beta36.exe
[2010.12.25 19:03:17 | 000,002,710 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2010.12.25 19:03:03 | 000,001,349 | ---- | M] () -- C:\Users\***\Desktop\muzzle_texture4.png
[2010.12.25 17:25:33 | 000,444,416 | ---- | M] () -- C:\Users\***\Desktop\desert_eagle.txd
[2010.12.25 16:21:19 | 000,001,271 | ---- | M] () -- C:\Users\***\Desktop\bloodpool_64.png
[2010.12.25 14:40:56 | 000,040,960 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.25 11:42:14 | 000,000,287 | ---- | M] () -- C:\Users\***\Desktop\radardisc.png
[2010.12.25 00:20:30 | 000,000,354 | ---- | M] () -- C:\Users\***\Desktop\radar_centre.png
[2010.12.25 00:19:02 | 000,000,256 | ---- | M] () -- C:\Users\***\Desktop\siteM16.png
[2010.12.24 23:47:43 | 000,002,162 | ---- | M] () -- C:\Users\***\Desktop\ENBSeries Configurator for GTA San Andreas.lnk
[2010.12.24 23:46:11 | 004,866,209 | ---- | M] () -- C:\Users\***\Desktop\SAStreamMemFix.rar
[2010.12.24 23:45:25 | 001,443,095 | ---- | M] () -- C:\Users\***\Desktop\ENB-Series-Configurator.rar
[2010.12.24 22:22:44 | 000,430,455 | ---- | M] () -- C:\Users\***\Desktop\txdworkshop40.rar
[2010.12.24 15:47:31 | 000,830,065 | ---- | M] () -- C:\Users\***\Desktop\3304_1122614819_Faggio.zip
[2010.12.24 15:46:19 | 000,148,442 | ---- | M] () -- C:\Users\***\Desktop\11447_Stage 6 Aerox Engine Sounds.rar
[2010.12.24 15:05:57 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.12.24 15:05:57 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.12.24 15:02:59 | 019,904,832 | ---- | M] (TuneUp Software) -- C:\Users\***\Desktop\TU2010TrialDE.exe
[2010.12.24 13:10:56 | 000,331,828 | ---- | M] () -- C:\Users\***\Desktop\undercover hud addon.rar
[2010.12.23 22:42:54 | 000,381,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.23 22:12:15 | 000,033,115 | ---- | M] () -- C:\Users\***\Desktop\Logs.zip
[2010.12.23 22:04:18 | 000,030,547 | ---- | M] () -- C:\Users\***\Desktop\Log Dateien.zip
[2010.12.23 22:01:00 | 000,030,419 | ---- | M] () -- C:\Users\***\Desktop\Log Dateien.rar
[2010.12.23 21:20:28 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.23 21:20:09 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup.exe
[2010.12.23 20:50:39 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis.exe
[2010.12.23 10:54:04 | 009,408,623 | ---- | M] () -- C:\Users\***\Desktop\sa-downgrade patch 0.3.1.rar
[2010.12.20 20:29:38 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.16 22:43:32 | 454,415,571 | ---- | M] (1 Mann Lan) -- C:\Users\***\Desktop\addons.exe
[2010.12.16 22:13:32 | 000,001,624 | ---- | M] () -- C:\Users\***\Desktop\Deamon Tools.lnk
[2010.12.16 22:12:41 | 000,000,705 | ---- | M] () -- C:\Users\***\Desktop\Mafia.lnk
[2010.12.16 19:57:05 | 000,646,095 | ---- | M] () -- C:\Users\***\Desktop\knifem9probisiiiww.rar
[2010.12.11 09:36:27 | 001,227,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dx8vb.dll
[2010.12.08 20:16:57 | 000,114,243 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.12.08 20:16:57 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010.12.05 08:57:34 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
 
========== Files Created - No Company Name ==========
 
[2010.12.27 00:46:12 | 000,000,184 | ---- | C] () -- C:\Users\***\Desktop\Google.ahk
[2010.12.27 00:15:08 | 000,465,298 | ---- | C] () -- C:\Users\***\Desktop\RootRepeal.rar
[2010.12.27 00:12:59 | 000,089,324 | ---- | C] () -- C:\Users\***\Desktop\avira_antivir_antirootkit_en.zip
[2010.12.26 16:10:28 | 000,296,448 | ---- | C] () -- C:\Users\***\Desktop\3wloftrm.exe
[2010.12.26 14:25:09 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.12.25 19:03:17 | 000,002,710 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2010.12.25 19:03:03 | 000,001,349 | ---- | C] () -- C:\Users\***\Desktop\muzzle_texture4.png
[2010.12.25 17:25:33 | 000,444,416 | ---- | C] () -- C:\Users\***\Desktop\desert_eagle.txd
[2010.12.25 16:21:19 | 000,001,271 | ---- | C] () -- C:\Users\***\Desktop\bloodpool_64.png
[2010.12.25 00:20:30 | 000,000,354 | ---- | C] () -- C:\Users\***\Desktop\radar_centre.png
[2010.12.24 23:47:43 | 000,002,162 | ---- | C] () -- C:\Users\***\Desktop\ENBSeries Configurator for GTA San Andreas.lnk
[2010.12.24 23:45:15 | 004,866,209 | ---- | C] () -- C:\Users\***\Desktop\SAStreamMemFix.rar
[2010.12.24 23:45:04 | 001,443,095 | ---- | C] () -- C:\Users\***\Desktop\ENB-Series-Configurator.rar
[2010.12.24 22:29:52 | 000,000,256 | ---- | C] () -- C:\Users\***\Desktop\siteM16.png
[2010.12.24 22:25:31 | 000,000,287 | ---- | C] () -- C:\Users\***\Desktop\radardisc.png
[2010.12.24 22:22:43 | 000,430,455 | ---- | C] () -- C:\Users\***\Desktop\txdworkshop40.rar
[2010.12.24 15:47:31 | 000,830,065 | ---- | C] () -- C:\Users\***\Desktop\3304_1122614819_Faggio.zip
[2010.12.24 15:46:18 | 000,148,442 | ---- | C] () -- C:\Users\***\Desktop\11447_Stage 6 Aerox Engine Sounds.rar
[2010.12.24 15:05:57 | 000,001,871 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.12.24 15:05:57 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.12.24 13:10:55 | 000,331,828 | ---- | C] () -- C:\Users\***\Desktop\undercover hud addon.rar
[2010.12.23 22:12:15 | 000,033,115 | ---- | C] () -- C:\Users\***\Desktop\Logs.zip
[2010.12.23 22:04:18 | 000,030,547 | ---- | C] () -- C:\Users\***\Desktop\Log Dateien.zip
[2010.12.23 22:00:59 | 000,030,419 | ---- | C] () -- C:\Users\***\Desktop\Log Dateien.rar
[2010.12.23 21:20:28 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.23 20:25:51 | 385,498,455 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.12.23 10:52:54 | 009,408,623 | ---- | C] () -- C:\Users\***\Desktop\sa-downgrade patch 0.3.1.rar
[2010.12.16 22:13:22 | 000,001,624 | ---- | C] () -- C:\Users\***\Desktop\Deamon Tools.lnk
[2010.12.16 22:12:41 | 000,000,705 | ---- | C] () -- C:\Users\***\Desktop\Mafia.lnk
[2010.12.16 19:57:03 | 000,646,095 | ---- | C] () -- C:\Users\***\Desktop\knifem9probisiiiww.rar
[2010.12.05 08:56:00 | 000,233,472 | ---- | C] () -- C:\Windows\System32\MafiaSetup.exe
[2010.12.05 08:47:09 | 2139,502,592 | ---- | C] () -- C:\Users\***\Desktop\sd-maf.iso
[2010.11.26 18:57:30 | 005,180,072 | ---- | C] () -- C:\Programme\KATALYST.EXE
[2010.11.26 18:57:30 | 000,022,862 | ---- | C] () -- C:\Programme\README.TXT
[2010.11.26 18:57:30 | 000,002,483 | ---- | C] () -- C:\Programme\POSTAL.INI
[2010.11.26 18:57:29 | 001,020,416 | ---- | C] () -- C:\Programme\POSTAL.EXE
[2010.11.26 18:57:29 | 000,008,718 | ---- | C] () -- C:\Programme\DEISL1.ISU
[2010.11.26 18:57:29 | 000,005,832 | ---- | C] () -- C:\Programme\WEBULLET.HTM
[2010.11.26 18:57:29 | 000,000,460 | ---- | C] () -- C:\Programme\WB.INI
[2010.11.11 16:55:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.11.03 19:31:07 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010.10.09 13:27:23 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.09 13:27:21 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.05.24 22:18:13 | 000,024,206 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2010.05.10 13:12:53 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2010.05.02 09:07:24 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.04.07 14:37:23 | 000,022,328 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2010.04.05 21:12:55 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.04.05 12:49:31 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.04.05 12:49:04 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.04.01 13:18:42 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.03.31 19:11:02 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010.03.28 04:37:33 | 000,000,552 | ---- | C] () -- C:\Users\***\AppData\Local\d3d8caps.dat
[2010.03.18 11:51:23 | 000,462,249 | ---- | C] () -- C:\Users\***\AppData\Roaming\SMW SRPI SNES.ips
[2010.03.03 04:06:00 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.01.25 16:46:51 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.01.16 19:49:22 | 000,040,960 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.07.24 09:02:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.06.12 20:36:38 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.04.12 07:41:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.04.12 07:30:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004.02.27 16:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
 
========== LOP Check ==========
 
[2010.10.24 17:41:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2010.10.12 20:59:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avnex
[2010.12.23 03:31:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BITS
[2010.01.25 17:19:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.11.28 20:00:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations
[2010.12.24 23:49:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ENBSeries Configurator for GTA San Andreas
[2010.11.03 19:31:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FlashGet
[2010.11.03 19:30:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FlashGetBHO
[2010.11.14 15:01:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2010.12.25 11:34:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.12.24 15:12:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HLSW
[2010.05.24 22:18:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2010.01.17 09:02:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\runic games
[2010.03.14 17:17:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\smc
[2010.04.08 23:10:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2010.04.08 23:08:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony Setup
[2010.07.29 14:25:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SPORE
[2010.01.17 13:08:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion
[2010.02.25 15:49:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.05.15 16:14:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teeworlds
[2010.02.17 14:19:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly
[2010.06.27 19:24:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2010.04.23 18:25:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TubeBox
[2010.10.10 12:11:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2010.04.01 13:04:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue
[2010.07.15 13:05:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Unity
[2010.06.19 10:03:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Warsow 0.5
[2010.10.07 20:55:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WindSolutions
[2010.12.26 22:44:22 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 27.12.2010 01:35:04 - Run 1
OTL by OldTimer - Version 3.2.18.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581,17 Gb Total Space | 240,55 Gb Free Space | 41,39% Space Free | Partition Type: NTFS
Drive D: | 14,99 Gb Total Space | 2,79 Gb Free Space | 18,64% Space Free | Partition Type: FAT32
Drive H: | 4,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18D8B309-1F10-43AF-BD58-816B23D2BA85}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server | 
"{60185C11-81FD-44E2-8829-D72BE8E97C54}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) | 
"{77881CE2-49D0-4300-B296-7584E61D9171}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{79F9F2B1-FFDB-4B94-9E92-33E7F5A9BEBA}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{A92A184E-2EDF-45F8-9781-D7B9EEEF1089}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{BFCC54E2-8064-4110-B1A6-AF39C16AF4C1}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) | 
"{F4E97F4F-1827-4A2C-A878-8FAA9BE7560E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{FFD5E3EA-0C01-4DBF-A65F-1D7B3ADC1B17}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0015B30F-2C2E-43BE-A908-A16F66E3F83A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{019A3477-E66C-4603-9E3A-DCE9FDFA34D6}" = protocol=6 | dir=in | app=c:\starcraft ii\starcraft ii.exe | 
"{04A7C978-F044-4FD4-8D5F-E9FBC5C5FE1E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{075ED6B4-9D3E-4297-8B85-C90A709D2C5D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{084A3554-9D06-4EFC-8959-A69BA0A9E3DF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0B7AAD56-7B6D-4D29-8E41-C363620B153F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0CDF5960-7FD7-406D-96AD-7061F8E7D2C9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0F04B2F1-707D-41AE-A384-566DB9B29222}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{0F404EA9-3F07-4667-A789-4A7E9C9E2709}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{11F8D904-0456-46B0-BD7B-E72DD9EAD9DB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1D8C49FC-EB02-4CC8-A96A-8A229B39BA5F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2391E4BF-D0B5-49AA-A738-FE9086DDB235}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{24B9FD5B-9A3F-4C11-9D59-75BE7985E484}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{269A4FCF-1E07-4531-A252-A174A97AC02A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{27C03EE0-0C58-4C73-82E4-EA736998F478}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{28A602AD-6EAF-4478-87A4-F8A88A21070F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{29C59390-C436-4B84-BBFD-0682CB9BB551}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{30007948-BD6D-4347-BFAA-379731AA9DFC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3000EFBB-095C-490B-A9DC-021F1AB4541C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw.exe | 
"{31FB10EE-957B-4746-A23E-F9D0FC389A1F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe | 
"{320C7255-94E8-4CAF-AB2C-E16834D16EE9}" = protocol=6 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe | 
"{332A233B-B2F3-4DC8-8EA5-F3FCB30F5895}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{37047DE3-7AFC-4201-A489-506BCC9A4CEF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3862D832-BAE1-46A8-A8CE-6F495B6F8EAA}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{3A4AE8C6-E383-40B4-94E4-CC025828F2E2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\help.htm | 
"{3D7ED399-2B0D-42EF-A847-DD23556A17ED}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\help.htm | 
"{3DFB454E-E253-490E-8817-7884C1F5A909}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4163060A-2CE9-4F79-AAA1-0FCDC52B53CB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\satansdevil\day of defeat\hl.exe | 
"{418CE828-7DE0-4079-8577-72CD5267F8B3}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{47587DFB-9FD1-4B3D-8547-E40AE6C132B8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torched\editor.exe | 
"{490211D8-AD58-4ABE-8086-1660E7C6B324}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{5694E7C5-9FF9-4CCE-8D76-54CC5DDA8FF6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{57ACC302-6672-49C4-8926-5170A629CA18}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw.exe | 
"{5838F3FC-919B-4C6E-ABE8-FBA1BB05B5D5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5D52019D-1325-409E-BB9A-025DF89295B5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{5DDB32D2-A019-4214-BEB8-9B4B3B0BE92C}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{5DE62AF9-E7CC-480A-888F-CAA22BD5E5D9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{60DF8CF5-6804-4E26-B125-0275F6CC3BEF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw-bi.exe | 
"{630617CF-9BC1-4729-ADE4-0D7A28B04E28}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{661F07DD-C536-4834-8663-39658DF38C80}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest immortal throne\help.htm | 
"{67354739-9435-471F-9741-3C6C786FB1A6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{67521540-DDEB-4E98-8C50-78FC948445A2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\satansdevil\day of defeat\hl.exe | 
"{795C97F8-A0F0-4379-831C-05E83EAE9C5C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7C54F273-DE94-4992-8CF2-F19186562C2A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7F4EA9FA-D2F1-4A20-B574-5B48B4B5A100}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7FB79324-EEDB-477A-AD42-241BBE4F6B4E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{83B18C70-4E8E-4B86-88BA-A33EEC073C83}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{83F9FA0C-6EA1-4912-82B0-DB378A8FF663}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8400D72A-3DBE-4209-AF6E-24130861A2D1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{84D933F7-5F34-47BC-96D1-DA6DF116E75E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8A99ADF7-3C63-43B9-9912-BF3BF91D172A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8BD2374E-CBBA-48A9-A685-F908D2DA541B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest immortal throne\help.htm | 
"{8BEF610C-0359-4A45-91ED-F8D2C3BF0DC3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8DB1D253-6DE8-4362-8529-A422FDEF86E1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\satansdevil\garrysmod\hl2.exe | 
"{8E86D4FC-C764-4346-B93C-09323B8CD204}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{927CB7BD-D2E0-4943-ADFA-B7A708C3A550}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{94638789-C49C-48B4-8084-24440A415618}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{97122998-E718-47FE-B957-81AA96BEEB5D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{98477BA8-2D27-483D-8237-A8948ABC0ECE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{98EE0D59-D4BE-4FC1-9030-245A5A7B0DAD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trine\trine_launcher.exe | 
"{9D7B9A3B-0B9F-4CD2-BFD1-EFD1D4522A0F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9DB41C33-56C1-43CF-A2AB-2E7098270090}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9DF25309-D057-4D2F-9948-5A44C7A11F8D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest immortal throne\tqit.exe | 
"{9E2B576C-2892-403B-B0EF-0A6F20673ADF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trine\trine_launcher.exe | 
"{A647D6E6-7BBF-4175-95E6-368F6A34FB87}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A93092A0-C85E-431A-828C-8F088A7AF84B}" = protocol=17 | dir=in | app=c:\starcraft ii\starcraft ii.exe | 
"{AECF544E-DD0B-4DE3-A1C5-CE03BF27A8A6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AED8C1C0-1918-4EFF-B72E-74C3A0EE4F58}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest immortal throne\tqit.exe | 
"{AF216EE2-521A-4BA4-8E20-996CC5382DA9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{B58837F3-3D9D-4901-BFD8-9B3B52DB34F0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B64B01CF-0CC3-4870-B779-0F90FEDB6639}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B8D68992-B9D1-4B95-AF1B-7A11DB5B0651}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\satansdevil\garrysmod\hl2.exe | 
"{BA789A8F-47BF-4EF2-A3E1-B7D5FE34A454}" = protocol=17 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe | 
"{BC9FACD4-BAA8-4D0E-9176-EDECF3CECAE2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{C5C802C9-7280-4E60-A19A-D2E735B9C1FD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{CC4D1298-CE1F-4418-B824-64D0C9FCDCFC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CD09CE19-5BE4-406E-B8D9-B686903BF022}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D0120BF9-49D8-461B-B637-B431C0D57FBA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{D1668BF5-3F95-4768-906B-CDD7B9134559}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D5BC38ED-3D08-4472-BF52-3416BEA78839}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D5E1EB80-E488-4689-9C8E-8A69C502B61E}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{D5E4BCD6-AE50-45E0-A297-9DFD6036FACA}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{DCD2D5D4-407C-4A11-B4DE-70AA959E51F4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DDD7B56B-DDA3-49C6-9D88-75E6BCCE7590}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{E356EADC-4DBC-426C-A21A-71DDCD882967}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E3EFEBC3-E137-4213-B262-68C75785AA06}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E88CF489-A548-451B-94CD-1949E96C2CAA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torched\editor.exe | 
"{E92A05F7-052B-4ADA-AC96-78DEDF0777F7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe | 
"{ECAE8295-A0A4-4FE2-9060-6D3A5603E86C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ED9C17F4-9E77-4A69-A4E6-E8C2DBBB5CEB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F6EAAB43-C41F-4EFF-8A2A-331EE16A91D2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw-bi.exe | 
"{FA7B874D-2C26-4EAE-BC0F-5FDFFDB2721D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"TCP Query User{00FBF39C-E456-4676-89AA-3CE1B0E92D9E}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{0B00423C-14F0-4355-8352-E10F3DA36B59}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{14B3D75E-AED7-4ABB-9B1C-97F87E5901D0}C:\users\public\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\launcher.exe | 
"TCP Query User{3C9CD4E3-BEFF-4E2C-A002-475EAF823ADE}C:\program files\steam\steamapps\common\titan quest\titan quest.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\titan quest.exe | 
"TCP Query User{4219818A-225D-42A1-86FF-599B56EF760D}C:\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\starcraft\starcraft.exe | 
"TCP Query User{5DF21010-E94B-42C3-97C5-B0478348FDA3}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe | 
"TCP Query User{779332E5-E980-4D83-83EF-831138F025D6}C:\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\starcraft ii\versions\base16605\sc2.exe | 
"TCP Query User{C50E8E54-17B6-4F2A-A50D-01DA802DD7E2}C:\program files\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe | 
"TCP Query User{CC7A1841-6F23-4D37-9CD6-C8B0EDBB495C}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe.exe | 
"TCP Query User{DC26D9A1-E676-4691-B886-77F5A234304D}C:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{DE70B447-D396-490F-BA54-49F311DE6D75}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{DE84835B-EC48-40EB-8CE5-41E416450DD8}C:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"TCP Query User{FD6C44BC-4A25-41A9-B8D8-7DD9F05A1A62}C:\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=c:\starcraft ii\versions\base16561\sc2.exe | 
"UDP Query User{1409DF71-9998-41E8-90CD-33DDD54D9157}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{303A4053-CBB9-40F9-86E8-D5780E63050D}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{35B57E77-41E3-43BD-90A8-5C6489B43068}C:\users\public\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\launcher.exe | 
"UDP Query User{3A026671-C200-4A50-B999-2A6E234A275F}C:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{5F9EA9E9-4C91-4659-9C7D-5B4D1FB9EB86}C:\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\starcraft\starcraft.exe | 
"UDP Query User{600B51AD-3439-4885-A9D7-EAFC73203825}C:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{9054F45D-FC3F-431E-AE66-2BC04FC87B2B}C:\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=c:\starcraft ii\versions\base16561\sc2.exe | 
"UDP Query User{97F16B50-4249-40EF-B923-DA6BF9D67C3C}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe | 
"UDP Query User{AC8A45D4-D32E-4706-AB49-E1C5B41CF89E}C:\program files\steam\steamapps\common\titan quest\titan quest.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\titan quest.exe | 
"UDP Query User{B40390C6-9C4B-4014-A2B4-3B4158959097}C:\program files\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe | 
"UDP Query User{BCBB972E-6791-411C-AD20-DCF4CD170BEC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{DD97E332-F69B-4CA3-B3C6-9876BE8CB927}C:\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\starcraft ii\versions\base16605\sc2.exe | 
"UDP Query User{FADBA5B6-08B4-4274-8E08-CD430E29F5DE}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{090EFAEF-E0C1-5311-7A96-817BC18B43BB}" = ccc-utility
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{19666E73-D9E5-44D4-8F33-037ED151ECBC}" = Firebird SQL Server - MAGIX Edition
"{1BF43B74-1EDE-060E-A612-56A116A381F8}" = Catalyst Control Center Core Implementation
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.5
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 21
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{437220AC-2A97-8338-E012-74B8DF30E9DA}" = Catalyst Control Center InstallProxy
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4E2CD272-0F2F-98EA-9596-510EF0D24E28}" = ccc-core-static
"{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin Wireless USB Adapter Setup
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72C02F89-9E8E-2DBD-11D7-EB5F075FE081}" = Catalyst Control Center Graphics Previews Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{783C086A-159E-4E45-B42C-F6E2C4FB14C0}" = ENBSeries Configurator for GTA San Andreas
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DB77BE4-629D-458D-BD68-9F36667C2177}" = TubeBox!
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C19FFB1-25FC-43FC-AC78-919E5E2A6DD0}" = TortoiseSVN 1.6.6.17493 (32 bit)
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"{9DD16C0E-B9E7-417C-0C30-E57916C353E3}" = CCC Help English
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A1E1D1EE-3F04-CC1A-8498-0D48463F579D}" = Catalyst Control Center Localization All
"{A680643A-1155-02F6-6B29-BF4FBA1190E8}" = Catalyst Control Center Graphics Full Existing
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{ABB6F00C-9722-82C2-FE1E-893313CCF612}" = Catalyst Control Center Graphics Light
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{B04836D8-4170-D430-6297-3DD084AAEC09}" = Catalyst Control Center Graphics Full New
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BCC78381-4B63-5352-BF57-BDBF7A77823A}" = Catalyst Control Center HydraVision Full
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE03D1DC-FD8D-2F5C-5FAD-02570BA0383B}" = Catalyst Control Center InstallProxy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{DF181652-D4F9-7D64-AED8-57D31E8D0410}" = Media Go Video Playback Engine 1.32.101.05130
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EE02955B-74BC-3995-6B67-2A9D1651D4F5}" = Catalyst Control Center Graphics Previews Vista
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F34D6DAE-7777-5C40-E143-8A0D6A048F75}" = ATI Catalyst Install Manager
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.04 beta
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Active WebCam" = Active WebCam
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AutoHotkey" = AutoHotkey 1.0.48.05
"AV Voice Changer Software GOLD 7.0" = AV Voice Changer Software GOLD 7.0
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EA Download Manager" = EA Download Manager
"EAX Unified" = EAX Unified
"FlashGet 3.5" = FlashGet 3.5
"Fraps" = Fraps (remove only)
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.10
"GAMI (Gta-Action Mod-Installer)" = GAMI (Gta-Action Mod-Installer)
"HijackThis" = HijackThis 2.0.2
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"JDownloader" = JDownloader
"Mafia" = Mafia
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Postal 2 Apocalypse Weekend Expansion Pack" = Postal 2 Apocalypse Weekend Expansion Pack
"Postal 2 Share The Pain" = Postal 2 Share The Pain
"PROHYBRIDR" = 2007 Microsoft Office system
"RPGAdvocates_RTP_1.0" = Common RTP 1.0
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 240" = Counter-Strike: Source
"Steam App 30" = Day of Defeat
"Steam App 300" = Day of Defeat: Source
"Steam App 35700" = Trine
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 41500" = Torchlight
"Steam App 41520" = Torchlight Editor
"Steam App 440" = Team Fortress 2
"Steam App 4540" = Titan Quest
"Steam App 4550" = Titan Quest: Immortal Throne
"Steam App 4700" = Medieval II: Total War
"Steam App 4760" = Rome: Total War - Gold Edition
"Steam App 630" = Alien Swarm
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.9
"VRS" = VRS Recording System
"VTFEdit_is1" = VTFEdit 1.2.5
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Darth Mod M2TW 1.4D" = Darth Mod M2TW 1.4D
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.12.2010 06:06:38 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.12.2010 11:19:15 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.12.2010 11:23:52 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.12.2010 17:31:23 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.12.2010 17:47:04 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.12.2010 17:56:07 | Computer Name = ***-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 26.12.2010 17:56:48 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.12.2010 17:58:00 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung 3wloftrm.exe, Version 1.0.15.15530, Zeitstempel
 0x4cd7c3b7, fehlerhaftes Modul 3wloftrm.exe, Version 1.0.15.15530, Zeitstempel 
0x4cd7c3b7, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c551,  Prozess-ID 0x6dc, Anwendungsstartzeit
 01cba547d7a00ad3.
 
Error - 26.12.2010 18:01:19 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.12.2010 19:01:59 | Computer Name = ***-PC | Source = VSS | ID = 8194
Description = 
 
[ System Events ]
Error - 26.12.2010 17:56:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 26.12.2010 17:56:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 26.12.2010 17:56:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 26.12.2010 17:56:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 26.12.2010 17:56:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 26.12.2010 17:56:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 26.12.2010 17:56:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 26.12.2010 17:56:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 26.12.2010 18:01:20 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 26.12.2010 18:01:20 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >

rea · 27.12.2010, 02:34

Danke und bis später

rea · 27.12.2010, 18:05

Du nutzt den IE 9? Ist das ne Beta? Normalerweise ist ja der IE 8 der aktuelle.

1.) Fixen mit OTL

Starte bitte die OTL.exe.
Vista-&Win7-User mit Rechtsklick "als Administrator starten"

Kopiere nun den Inhalt der folgenden Codebox in die Benutzerdefinierte Scans/Fixes - Textbox.

Denke daran, vor dem Fix die **** wieder in deinen Benutzernamen zu ändern!!!

Code:

ATTFilter

:OTL
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
[2010.04.21 14:59:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}-trash
O32 - AutoRun File - [2005.02.25 16:24:44 | 000,000,051 | R--- | M] () - H:\autorun.inf -- [ UDF ]
File not found -- C:\Users\***\Desktop\Detektiv Keybinder by Pablo
:Commands
[PURITY]
[EMPTYTEMP]
[CREATERESTOREPOINT]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
Klick auf OK.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

2.) Desinfizierung/Absicherung externer Medien

Lade Dir den Flash Disinfector von sUBs und speichere Flash_Disinfector.exe auf Deinem Desktop ab.
Gehe nun wie folgt vor:

1. Trenne den Rechner physikalisch vom Netz.
2. Deaktiviere den Hintergrundwächter deines AVP.
3. Schließe jetzt alle externe Datenträgeran Deinen Rechner an.
4. Starte den Flash Disinfector mit einem Doppelklick und folge ggf. den Anweisungen.
5. Wenn der Scan zuende ist, kannst du das Programm schließen.
6. Starte Deinen Rechner neu.

Hinweis:
Flash Disinfector desinfiziert all Deine Laufwerke von Autoruninfektionen und erstellt einen versteckten Ordner mit demselben Namen, so dass dein Datenträger in Zukunft vor dieser Infektion geschützt ist.
Während dem Scan wird Dein Desktop kurzfristig verschwinden und dann wiederkommen. Das ist normal.

3.) Hijackthis
Du benutzt eine nicht aktuelle Version, die neueste ist HijackThis 2.0.4.
Deinstalliere HijackThis und lade dir zb HIER die neueste Version 2.0.4. und installiere es.

4.) Java aktualisieren
Deine Javaversion ist nicht aktuell. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, deinstalliere zunächst alle vorhandenen Java-Versionen über Systemsteuerung => Software => deinstallieren. Starte den Rechner neu.
Downloade nun die Offline-Version von Java Version 6 Update 23 von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

5.) Sicherheitsrisiko Adobe Arcrobat Reader

Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Wir empfehlen daher, die alte Version über Systemsteuerung => Software zu deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Starte den Rechner neu und downloade den aktuellen Acrobat-Reader X herunter und installiere ihn.

Da der Adobe Acrobat Reader immer häufiger für gezielte Verbreitung von Malware genutzt wird, schlage ich vor, stattdessen einen alternativen PDF-Anzeiger zu nutzen, beispielsweise kannst Du den Foxit PDF Reader installieren. Er ist "schlanker" und benutzt weniger Resourcen. Achte bei der Installation unbedingt darauf, dass die Ask-Toolbar und/oder Foxit-Toolbar bzw. Sponsoren nicht mitinstalliert werden (ggfs. sofort über Systemsteuerung => Software wieder deinstallieren).

Erstelle und poste mir abschliessend wieder zwei neue OTL-Logfiles.

Brauny · 28.12.2010, 00:31

Flash disinfector will bei mir nicht starten, Java und Adobe sind nun aufm neusten Stand.Und ja beim IE 9 handelt es sich um eine Beta, aber das ist Nebensache da ich keinen IE benutze sondern lieber Firefox.

Hier die Logs:

Code:

ATTFilter

All processes killed
========== OTL ==========
Prefs.js httpsearch.babylon.comweb{searchTerms}babsrc=browsersearch&ai=13054 removed from browser.search.defaulturl
Prefs.js Search the web (Babylon) removed from browser.search.order.1
CUsersBraunyAppDataRoamingmozillaFirefoxProfilesfr2rqa3m.defaultextensions{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}-trashcomponents folder moved successfully.
CUsersBraunyAppDataRoamingmozillaFirefoxProfilesfr2rqa3m.defaultextensions{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}-trashchrome folder moved successfully.
CUsersBraunyAppDataRoamingmozillaFirefoxProfilesfr2rqa3m.defaultextensions{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}-trash folder moved successfully.
File move failed. Hautorun.inf scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User All Users
 
User Brauny
-Temp folder emptied 944774 bytes
-Temporary Internet Files folder emptied 814556 bytes
-Java cache emptied 0 bytes
-FireFox cache emptied 95839402 bytes
-Google Chrome cache emptied 0 bytes
-Flash cache emptied 848 bytes
 
User Default
-Temp folder emptied 0 bytes
-Temporary Internet Files folder emptied 0 bytes
-Flash cache emptied 0 bytes
 
User Default User
-Temp folder emptied 0 bytes
-Temporary Internet Files folder emptied 0 bytes
-Flash cache emptied 0 bytes
 
User Public
 
%systemdrive% .tmp files removed 0 bytes
%systemroot% .tmp files removed 0 bytes
%systemroot%System32 .tmp files removed 0 bytes
%systemroot%System32drivers .tmp files removed 0 bytes
Windows Temp folder emptied 526872 bytes
RecycleBin emptied 0 bytes
 
Total Files Cleaned = 94,00 mb
 

 
OTL by OldTimer - Version 3.2.18.0 log created on 12272010_213011

FilesFolders moved on Reboot...
File move failed. Hautorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...

26.12.2010, 23:23	#6
rea /// Helfer-Team	Internet seit Tagen extrem ausgebremst Okay, dann poste mir erstmal das Fixlog von OTL und beantworte die andere Frage noch. __________________ --> Internet seit Tagen extrem ausgebremst

27.12.2010, 02:22	#10
rea /// Helfer-Team	Internet seit Tagen extrem ausgebremst Hi, poste die Logs bitte einzeln direkt in den Thread, jeweils mit Codetags umschlossen. Du kannst gern, wenns denn nötig ist 2 Beiträge dafür verwenden. Ich schau mir die Logs dann morgen an __________________ mfg, rea Auch du brauchst Hilfe bei einem Malwareproblem? TB-Spendenkonto Hier könnte ein schlauer Spruch stehen. Naja .... könnte!

27.12.2010, 02:34	#13
rea /// Helfer-Team	Internet seit Tagen extrem ausgebremst Danke und bis später __________________ mfg, rea Auch du brauchst Hilfe bei einem Malwareproblem? TB-Spendenkonto Hier könnte ein schlauer Spruch stehen. Naja .... könnte!

Internet seit Tagen extrem ausgebremst

Log-Analyse und Auswertung: Internet seit Tagen extrem ausgebremst