| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Eindeutig zu viele svchost Prozesse....Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.01.2011, 18:01
| #1 |
| |  Eindeutig zu viele svchost Prozesse.... Hey, habe heute mal bei den Prozessen geschaut, und mir ist aufgefallen dass zu viele svchost Dinger laufen, habe hier gesehen dass die nichts gutes heißen müssen, und wollte fragen ob ihr schauen könnt, ob da was ungewöhnliches ist, meine CPU auslastung is zu hoch, mein Laufwerk funktioniert nicht, und ich habe seit kurzem den R6025 Fehler... Bitte helft mir.. |
|
23.01.2011, 18:13
| #2 |
| /// Malware-holic   | Eindeutig zu viele svchost Prozesse.... 1. nimm keinerlei reinigung selbstständig vor, sonst ist das nur störend.
__________________2. reiche alle evtl vorhandenen scan logs mit funden nach auch fundorte benennen. 3. Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
|
23.01.2011, 19:38
| #3 |
| | Eindeutig zu viele svchost Prozesse.... Soooo,
__________________OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.01.2011 19:13:46 - Run 4 OTL by OldTimer - Version 3.2.20.4 Folder = C:\Users\Christian\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 63,00% Memory free 12,00 Gb Paging File | 10,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 44,58 Gb Free Space | 29,91% Space Free | Partition Type: NTFS Drive D: | 149,04 Gb Total Space | 36,32 Gb Free Space | 24,37% Space Free | Partition Type: NTFS Drive F: | 136,35 Gb Total Space | 130,15 Gb Free Space | 95,45% Space Free | Partition Type: NTFS Drive G: | 149,04 Gb Total Space | 33,08 Gb Free Space | 22,19% Space Free | Partition Type: NTFS Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Christian\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe (ASUSTek.) PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe (ASUSTeK Inc.) PRC - C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe () PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe () PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe () PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe (ASUSTek.) PRC - C:\Program Files (x86)\P4P\P4P.exe () PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe () PRC - C:\Program Files\ChkMail\ChkMail\ChkMail.exe (ChkMail) PRC - C:\Windows\Cyb2k.exe (Solid Oak Software, Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Christian\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (Norton Internet Security) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation) SRV - (WBVGAservice) -- C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe () SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (ccHP) -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\ccHPx64.sys () DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys () DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys () DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS () DRV:64bit: - (BHDrvx64) -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\BHDrvx64.sys () DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys () DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SRTSP64.SYS () DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SYMEFA64.SYS () DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\Drivers\NISx64\1008000.029\SYMTDI.SYS () DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SRTSPX64.SYS () DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys () DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\DRIVERS\ewusbnet.sys () DRV:64bit: - (hwusbfake) -- C:\Windows\SysNative\DRIVERS\ewusbfake.sys () DRV:64bit: - (ZTEusbnet) -- C:\Windows\SysNative\DRIVERS\ZTEusbnet.sys () DRV:64bit: - (ZTEusbvoice) -- C:\Windows\SysNative\DRIVERS\ZTEusbvoice.sys () DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\DRIVERS\ZTEusbnmea.sys () DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\DRIVERS\ZTEusbser6k.sys () DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\DRIVERS\ZTEusbmdm6k.sys () DRV:64bit: - (massfilter) -- C:\Windows\SysNative\DRIVERS\massfilter.sys () DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys () DRV:64bit: - (lullaby) -- C:\Windows\SysNative\DRIVERS\lullaby.sys () DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys () DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys () DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys () DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys () DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys () DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys () DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys () DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys () DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys () DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys () DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys () DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys () DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys () DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys () DRV:64bit: - (EIO64) -- C:\Windows\SysNative\DRIVERS\EIO64.sys () DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys () DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys () DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys () DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys () DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys () DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100112.001\IDSviA64.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.048\EX64.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100114.048\ENG64.SYS (Symantec Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3437982719-567605747-1198494745-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-3437982719-567605747-1198494745-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKU\S-1-5-21-3437982719-567605747-1198494745-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3437982719-567605747-1198494745-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Productivity 2.2 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2903601&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-ffpro" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-ffpro" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/|hxxp://www.looki.de/info/space-pioneers/register.html" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19 FF - prefs.js..extensions.enabledItems: {a2880346-35bb-45bb-9190-eedb49c132c5}:1.300.306 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2 FF - prefs.js..extensions.enabledItems: {e0e30ae0-9a17-11de-b2f2-56dc55d89593}:2.0.2 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {e84cc2c1-b722-48fc-a39c-edb8b525c777}:3.3.0.19 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3 FF - prefs.js..keyword.URL: "hxxp://ws.infospace.com/coolchaser/ws/redir?_iceUrl=true&user_id=32213883&tool_id=60531&qkw=" FF - prefs.js..network.proxy.type: 4 FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-ffpro&p=" FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010.04.28 09:42:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.10 13:30:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 13:30:46 | 000,000,000 | ---D | M] [2009.10.17 17:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions [2011.01.23 17:24:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\bckavay7.default\extensions [2010.09.20 12:32:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\bckavay7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.20 12:32:26 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\bckavay7.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.02.18 15:58:28 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\bckavay7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.09.20 12:32:27 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\bckavay7.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2010.12.28 15:15:33 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\bckavay7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.04.12 15:45:20 | 000,000,000 | ---D | M] (CoolChaser Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\bckavay7.default\extensions\{a2880346-35bb-45bb-9190-eedb49c132c5} [2010.12.28 15:15:17 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\bckavay7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.09.29 15:13:34 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\bckavay7.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2010.10.03 20:56:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\bckavay7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.09.20 12:32:27 | 000,000,000 | ---D | M] ("MK Notifier") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\bckavay7.default\extensions\{e0e30ae0-9a17-11de-b2f2-56dc55d89593} [2011.01.18 13:46:28 | 000,000,000 | ---D | M] (Productivity 2.2 Community Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\bckavay7.default\extensions\{e84cc2c1-b722-48fc-a39c-edb8b525c777} [2010.03.10 22:49:41 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\bckavay7.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010.09.15 21:53:19 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\bckavay7.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2011.01.18 13:46:28 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\bckavay7.default\extensions\engine@conduit.com [2010.05.30 14:22:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\bckavay7.default\extensions\ffxtlbr@Facemoods.com [2010.01.27 19:34:54 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\bckavay7.default\extensions\moveplayer@movenetworks.com [2011.01.18 21:17:42 | 000,002,385 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bckavay7.default\searchplugins\askcom.xml [2011.01.17 14:45:38 | 000,000,935 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bckavay7.default\searchplugins\conduit.xml [2009.10.18 13:44:42 | 000,002,399 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bckavay7.default\searchplugins\daemon-search.xml [2011.01.23 18:04:37 | 000,000,961 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bckavay7.default\searchplugins\icqplugin-1.xml [2010.12.11 23:06:54 | 000,000,961 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bckavay7.default\searchplugins\icqplugin-10.xml [2010.01.06 17:53:40 | 000,000,961 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bckavay7.default\searchplugins\icqplugin-2.xml [2010.01.26 06:47:18 | 000,000,961 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bckavay7.default\searchplugins\icqplugin-3.xml [2010.03.11 17:08:31 | 000,000,961 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bckavay7.default\searchplugins\icqplugin-4.xml [2010.04.28 11:31:47 | 000,000,961 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bckavay7.default\searchplugins\icqplugin-5.xml [2010.09.14 02:44:10 | 000,000,961 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bckavay7.default\searchplugins\icqplugin-6.xml [2010.10.05 22:17:25 | 000,000,961 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bckavay7.default\searchplugins\icqplugin-7.xml [2010.10.25 09:53:17 | 000,000,961 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bckavay7.default\searchplugins\icqplugin-8.xml [2010.10.30 09:28:29 | 000,000,961 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bckavay7.default\searchplugins\icqplugin-9.xml [2008.07.10 13:07:28 | 000,000,944 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bckavay7.default\searchplugins\icqplugin.xml [2010.04.12 15:45:28 | 000,001,753 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bckavay7.default\searchplugins\search-the-web.xml [2010.09.15 21:53:04 | 000,003,915 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bckavay7.default\searchplugins\sweetim.xml [2011.01.23 11:37:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2009.10.17 17:25:46 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.01.26 06:47:11 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.04.01 16:25:58 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.04.28 09:42:52 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN [2011.01.23 11:37:56 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN [2008.06.19 19:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\mozilla firefox\plugins\MyCamera.dll [2008.06.19 19:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPCIG.dll [2010.10.05 12:14:07 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.05 12:14:07 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.10.05 12:14:07 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.05 12:14:07 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.05 12:14:07 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL (Symantec Corporation) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3:64bit: - HKU\S-1-5-21-3437982719-567605747-1198494745-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found O3 - HKU\S-1-5-21-3437982719-567605747-1198494745-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ATK) O4 - HKLM..\Run: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe () O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [C2K] C:\Windows\Cyb2k.exe (Solid Oak Software, Inc.) O4 - HKLM..\Run: [ChkMail] C:\Program Files\ChkMail\ChkMail\ChkMail.exe (ChkMail) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe (ASUSTek.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [PowerForPhone] C:\Program Files (x86)\P4P\P4P.exe () O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3437982719-567605747-1198494745-1000..\Run: [kfdpfsdfusr.exe] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O7 - HKU\S-1-5-21-3437982719-567605747-1198494745-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\lspcs.dll (Solid Oak) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\lspcs.dll (Solid Oak) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\lspcs.dll (Solid Oak) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\lspcs.dll (Solid Oak) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\lspcs.dll (Solid Oak) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWow64\lspcs.dll (Solid Oak) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.33 192.168.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll (Symantec Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Christian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1c4e1fbd-0440-11df-881c-002243cba6b1}\Shell - "" = Autorun O33 - MountPoints2\{1c4e1fbd-0440-11df-881c-002243cba6b1}\Shell\verb\command - "" = C:\Windows\SysWow64\explorer.exe -- [2009.08.26 04:03:41 | 002,927,104 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{230a4955-066b-11df-899d-002243cba6b1}\Shell - "" = AutoRun O33 - MountPoints2\{230a4955-066b-11df-899d-002243cba6b1}\Shell\AutoRun\command - "" = I:\NPSAI.exe O33 - MountPoints2\{790d1d51-91ee-11de-8510-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{790d1d51-91ee-11de-8510-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\{795761d6-4315-11df-8688-002243cba6b1}\Shell\1\Command - "" = .\recycled\info.exe O33 - MountPoints2\{7ace28a8-a1f3-11df-b1c3-002243cba6b1}\Shell\AutoRun\command - "" = I:\installer.exe O33 - MountPoints2\{7f79bccf-64db-11df-ac8f-002243cba6b1}\Shell\AutoRun\command - "" = I:\Menu.exe O33 - MountPoints2\{a1f48919-3f16-11df-aeb9-002243cba6b1}\Shell - "" = AutoRun O33 - MountPoints2\{a1f48919-3f16-11df-aeb9-002243cba6b1}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{af83c9f2-3d8e-11df-ba3b-002243cba6b1}\Shell - "" = AutoRun O33 - MountPoints2\{af83c9f2-3d8e-11df-ba3b-002243cba6b1}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{b2dfec26-3e4c-11df-a788-001e101fb45e}\Shell - "" = AutoRun O33 - MountPoints2\{b2dfec26-3e4c-11df-a788-001e101fb45e}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{e17b0a16-375c-11df-9670-002243cba6b1}\Shell - "" = AutoRun O33 - MountPoints2\{e17b0a16-375c-11df-9670-002243cba6b1}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{e17b0a2a-375c-11df-9670-002243cba6b1}\Shell - "" = AutoRun O33 - MountPoints2\{e17b0a2a-375c-11df-9670-002243cba6b1}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{f014561e-c552-11de-a5d3-002243cba6b1}\Shell - "" = AutoRun O33 - MountPoints2\{f014561e-c552-11de-a5d3-002243cba6b1}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a O33 - MountPoints2\{f673bed4-2478-11df-b7ae-002243cba6b1}\Shell - "" = AutoRun O33 - MountPoints2\{f673bed4-2478-11df-b7ae-002243cba6b1}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{fc4acb25-ea51-11de-8608-002243cba6b1}\Shell - "" = AutoRun O33 - MountPoints2\{fc4acb25-ea51-11de-8608-002243cba6b1}\Shell\AutoRun\command - "" = J:\LaunchU3.exe O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: SymEFA.sys - C:\Windows\SysNative\drivers\NISx64\1008000.029\SYMEFA64.SYS () SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: SymEFA.sys - C:\Windows\SysNative\drivers\NISx64\1008000.029\SYMEFA64.SYS () SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm () Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.01.22 16:21:19 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\LOTR Hexen no cd [2011.01.21 13:29:42 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\Brushes [2011.01.20 15:31:27 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes [2011.01.20 15:31:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.01.20 15:31:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.20 15:31:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.20 15:30:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.01.20 14:08:17 | 000,000,000 | ---D | C] -- C:\_OTL [2011.01.19 13:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2011.01.18 14:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services [2011.01.18 14:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2011.01.18 14:45:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2011.01.18 14:45:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2011.01.18 14:44:29 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\Visual Studio 2010 [2011.01.18 14:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express [2011.01.18 14:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0 [2011.01.18 14:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules [2011.01.18 14:40:48 | 000,000,000 | ---D | C] -- C:\Windows\symbols [2011.01.18 14:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0 [2011.01.18 14:40:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs [2011.01.18 14:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer [2011.01.18 14:34:08 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll [2011.01.18 14:34:08 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msisip.dll [2011.01.18 14:34:08 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msimsg.dll [2011.01.18 14:34:07 | 002,241,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msi.dll [2011.01.18 14:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2011.01.17 21:49:01 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Uniblue [2011.01.17 21:45:17 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\PackageAware [2011.01.14 16:07:30 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\GTA [2011.01.14 14:06:24 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\AC 1 No CD [2011.01.12 17:12:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2011.01.12 17:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2011.01.12 17:06:57 | 014,899,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2011.01.12 17:06:57 | 005,473,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2011.01.12 17:06:55 | 013,019,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2011.01.12 17:06:55 | 010,023,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2011.01.12 17:06:55 | 004,837,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2011.01.12 17:06:55 | 002,912,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2011.01.12 17:06:55 | 002,666,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2011.01.12 17:06:55 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2011.01.12 17:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2011.01.12 17:05:38 | 000,000,000 | ---D | C] -- C:\NVIDIA [2011.01.12 12:47:02 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll [2011.01.06 21:31:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Line Rider [2011.01.03 19:07:18 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\SülvestOr [2010.12.31 14:37:21 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\Präsentation1 [2010.12.31 14:15:10 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\B OF [2010.12.28 15:15:17 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers ========== Files - Modified Within 30 Days ========== [2011.01.23 19:15:31 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7F09DA99-472F-43DC-B004-89F728D5F72C}.job [2011.01.23 17:37:48 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.23 17:37:48 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.23 13:33:34 | 000,968,720 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.01.23 13:33:34 | 000,659,132 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.01.23 13:33:34 | 000,151,340 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.01.23 13:33:34 | 000,125,198 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.01.23 13:33:34 | 000,046,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.01.23 11:38:20 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2011.01.23 11:37:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.23 11:37:46 | 2146,471,935 | -HS- | M] () -- C:\hiberfil.sys [2011.01.23 00:32:10 | 000,001,660 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.01.20 15:31:00 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.20 10:45:18 | 000,948,726 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.01.19 09:51:33 | 000,000,680 | ---- | M] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat [2011.01.14 16:10:22 | 000,464,121 | ---- | M] () -- C:\Users\Christian\Desktop\AnalysisLog.sr0 [2011.01.13 22:30:26 | 000,168,448 | ---- | M] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.12 16:05:23 | 000,032,251 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.01.12 16:05:19 | 000,032,251 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.01.09 14:10:33 | 000,011,809 | ---- | M] () -- C:\Users\Christian\Desktop\Microsoft Office Word Document (neu).docx [2010.12.29 14:26:05 | 008,515,961 | ---- | M] () -- C:\Users\Christian\Desktop\Präsentation1.pptx [2010.12.28 16:26:13 | 000,462,848 | ---- | M] () -- C:\Windows\SysNative\odbc32.dll [2010.12.28 15:57:35 | 000,409,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll [2010.12.28 15:15:02 | 000,001,242 | ---- | M] () -- C:\Users\Christian\Desktop\Free YouTube to MP3 Converter.lnk ========== Files Created - No Company Name ========== [2011.01.21 17:01:21 | 000,556,300 | ---- | C] () -- C:\Users\Christian\AppData\Local\dd_vcredistMSI7411.txt [2011.01.21 17:01:19 | 000,017,368 | ---- | C] () -- C:\Users\Christian\AppData\Local\dd_vcredistUI7411.txt [2011.01.20 15:31:00 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.20 15:30:57 | 000,024,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys [2011.01.18 14:45:22 | 000,242,880 | ---- | C] () -- C:\Users\Christian\AppData\Local\dd_HelpSetupLP_MSI219E.txt [2011.01.18 14:45:19 | 000,336,524 | ---- | C] () -- C:\Users\Christian\AppData\Local\dd_HelpSetup_MSI2194.txt [2011.01.18 14:45:11 | 000,715,576 | ---- | C] () -- C:\Users\Christian\AppData\Local\dd_SSCERuntime_64_MSI217A.txt [2011.01.18 14:45:03 | 000,731,534 | ---- | C] () -- C:\Users\Christian\AppData\Local\dd_SSCERuntime_MSI2160.txt [2011.01.18 14:42:11 | 019,015,882 | ---- | C] () -- C:\Users\Christian\AppData\Local\dd_VSMsiLog1F2E.txt [2011.01.18 14:41:20 | 001,540,236 | ---- | C] () -- C:\Users\Christian\AppData\Local\dd_netfx_dtp1E87.txt [2011.01.18 14:40:08 | 001,325,442 | ---- | C] () -- C:\Users\Christian\AppData\Local\dd_vsexpbsln64_1001D99.txt [2011.01.18 14:34:09 | 000,125,440 | ---- | C] () -- C:\Windows\SysNative\msiexec.exe [2011.01.18 14:34:08 | 000,022,528 | ---- | C] () -- C:\Windows\SysNative\msisip.dll [2011.01.18 14:34:08 | 000,002,560 | ---- | C] () -- C:\Windows\SysNative\msimsg.dll [2011.01.18 14:34:07 | 003,107,840 | ---- | C] () -- C:\Windows\SysNative\msi.dll [2011.01.18 14:34:07 | 000,503,296 | ---- | C] () -- C:\Windows\SysNative\msihnd.dll [2011.01.18 14:30:30 | 000,434,116 | ---- | C] () -- C:\Users\Christian\AppData\Local\dd_VC_Red_MSI163D.txt [2011.01.18 14:30:26 | 000,332,466 | ---- | C] () -- C:\Users\Christian\AppData\Local\dd_dw20shared_x86_msi1630.txt [2011.01.18 14:25:36 | 000,144,356 | ---- | C] () -- C:\Users\Christian\AppData\Local\dd_depcheck_VC_EXP_100.txt [2011.01.18 14:25:34 | 000,711,228 | ---- | C] () -- C:\Users\Christian\AppData\Local\dd_install_vc_xcor_100.txt [2011.01.18 14:25:34 | 000,007,222 | ---- | C] () -- C:\Users\Christian\AppData\Local\uxeventlog.txt [2011.01.18 14:25:34 | 000,000,002 | ---- | C] () -- C:\Users\Christian\AppData\Local\dd_error_vc_xcor_100.txt [2011.01.18 13:20:37 | 000,550,484 | ---- | C] () -- C:\Users\Christian\AppData\Local\dd_vcredistMSI60B6.txt [2011.01.18 13:20:34 | 000,014,332 | ---- | C] () -- C:\Users\Christian\AppData\Local\dd_vcredistUI60B6.txt [2011.01.14 16:10:11 | 000,464,121 | ---- | C] () -- C:\Users\Christian\Desktop\AnalysisLog.sr0 [2011.01.12 17:06:57 | 020,284,008 | ---- | C] () -- C:\Windows\SysNative\nvoglv64.dll [2011.01.12 17:06:57 | 007,491,688 | ---- | C] () -- C:\Windows\SysNative\nvwgf2umx.dll [2011.01.12 17:06:56 | 012,432,616 | ---- | C] () -- C:\Windows\SysNative\drivers\nvlddmkm.sys [2011.01.12 17:06:56 | 001,500,264 | ---- | C] () -- C:\Windows\SysNative\nvdispco642050.dll [2011.01.12 17:06:56 | 001,308,776 | ---- | C] () -- C:\Windows\SysNative\nvgenco642030.dll [2011.01.12 17:06:56 | 000,007,877 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2011.01.12 17:06:55 | 018,597,480 | ---- | C] () -- C:\Windows\SysNative\nvcompiler.dll [2011.01.12 17:06:55 | 006,471,784 | ---- | C] () -- C:\Windows\SysNative\nvcuda.dll [2011.01.12 17:06:55 | 003,112,552 | ---- | C] () -- C:\Windows\SysNative\nvcuvid.dll [2011.01.12 17:06:55 | 002,934,888 | ---- | C] () -- C:\Windows\SysNative\nvcuvenc.dll [2011.01.12 17:06:55 | 000,067,176 | ---- | C] () -- C:\Windows\SysNative\OpenCL.dll [2011.01.12 17:06:55 | 000,011,240 | ---- | C] () -- C:\Windows\SysNative\drivers\nvBridge.kmd [2011.01.12 12:47:02 | 000,462,848 | ---- | C] () -- C:\Windows\SysNative\odbc32.dll [2011.01.12 12:47:00 | 001,251,840 | ---- | C] () -- C:\Windows\SysNative\sdclt.exe [2011.01.09 13:42:08 | 000,011,809 | ---- | C] () -- C:\Users\Christian\Desktop\Microsoft Office Word Document (neu).docx [2010.12.28 15:15:02 | 000,001,242 | ---- | C] () -- C:\Users\Christian\Desktop\Free YouTube to MP3 Converter.lnk [2010.12.26 00:45:43 | 008,515,961 | ---- | C] () -- C:\Users\Christian\Desktop\Präsentation1.pptx [2010.11.17 16:34:37 | 000,124,416 | ---- | C] () -- C:\Windows\SysWow64\dXCtrls.dll [2010.11.17 16:34:36 | 000,544,256 | ---- | C] () -- C:\Windows\SysWow64\janGraphics.dll [2010.11.05 22:08:56 | 000,074,284 | ---- | C] () -- C:\Windows\SysWow64\adwfil.dll [2010.11.05 22:08:56 | 000,012,990 | ---- | C] () -- C:\Windows\SysWow64\gblfil.dll [2010.11.05 22:08:56 | 000,010,758 | ---- | C] () -- C:\Windows\SysWow64\chtfil.dll [2010.11.05 22:08:56 | 000,005,338 | ---- | C] () -- C:\Windows\SysWow64\wfileu.drv [2010.11.05 22:08:56 | 000,005,142 | ---- | C] () -- C:\Windows\SysWow64\iawfil.dll [2010.11.05 22:08:56 | 000,004,826 | ---- | C] () -- C:\Windows\SysWow64\vgamfil.dll [2010.11.05 22:08:56 | 000,004,442 | ---- | C] () -- C:\Windows\SysWow64\hatfil.dll [2010.11.05 22:08:56 | 000,003,818 | ---- | C] () -- C:\Windows\SysWow64\viofil.dll [2010.11.05 22:08:56 | 000,003,444 | ---- | C] () -- C:\Windows\SysWow64\srchin.dll [2010.11.05 22:08:56 | 000,002,782 | ---- | C] () -- C:\Windows\SysWow64\lgwfil.dll [2010.11.05 22:08:56 | 000,001,830 | ---- | C] () -- C:\Windows\SysWow64\cultfil.dll [2010.11.05 22:08:56 | 000,001,378 | ---- | C] () -- C:\Windows\SysWow64\gdwfil.dll [2010.11.05 22:08:56 | 000,000,980 | ---- | C] () -- C:\Windows\SysWow64\imgfil.dll [2010.11.05 22:08:56 | 000,000,482 | ---- | C] () -- C:\Windows\SysWow64\snetfil.dll [2010.11.05 22:08:56 | 000,000,400 | ---- | C] () -- C:\Windows\bsnlst.dll [2010.11.05 22:08:56 | 000,000,306 | ---- | C] () -- C:\Windows\SysWow64\picsfil.dll [2010.11.05 22:08:56 | 000,000,258 | ---- | C] () -- C:\Windows\SysWow64\srchout.dll [2010.11.05 22:08:54 | 000,286,720 | ---- | C] () -- C:\Windows\sqlite3.dll [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.10.02 09:42:24 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.09.25 17:36:13 | 000,421,332 | ---- | C] () -- C:\Users\Christian\AppData\Local\dd_vcredistMSI0B13.txt [2010.09.25 17:36:12 | 000,011,474 | ---- | C] () -- C:\Users\Christian\AppData\Local\dd_vcredistUI0B13.txt [2010.08.24 19:19:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2010.08.07 21:51:13 | 000,027,968 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\OFMissionEditorConfig.xml [2010.05.21 23:03:51 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2009.12.17 16:01:09 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\AscSQLite.dll [2009.11.24 22:30:10 | 000,000,108 | ---- | C] () -- C:\Windows\WFT-E3Utility.INI [2009.11.17 17:27:12 | 000,948,726 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.11.16 16:26:45 | 000,000,680 | ---- | C] () -- C:\Users\Christian\AppData\Local\d3d9caps.dat [2009.11.14 11:27:22 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2009.11.14 11:27:20 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2009.10.28 18:55:04 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2009.10.27 08:08:37 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll [2009.10.26 18:52:14 | 000,000,709 | ---- | C] () -- C:\Windows\CoD.INI [2009.10.22 17:22:09 | 000,024,226 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\UserTile.png [2009.10.18 09:11:58 | 000,032,251 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.10.17 17:24:16 | 000,032,251 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.10.17 13:35:10 | 000,168,448 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.26 04:56:10 | 000,000,024 | ---- | C] () -- C:\Windows\SysWow64\ChkMail.ini [2009.08.26 03:48:08 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log [2009.08.26 03:47:34 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log [2009.04.08 18:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll [2008.11.08 02:08:20 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll [2008.08.04 19:29:59 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2008.05.22 16:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg [2008.04.30 03:22:42 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini [2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008.01.21 03:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2007.06.12 17:34:50 | 000,035,822 | ---- | C] () -- C:\Program Files (x86)\Common Files\ASPG_icon.ico [2007.03.10 19:46:12 | 001,159,168 | ---- | C] () -- C:\Windows\xvidcore.dll ========== LOP Check ========== [2009.10.31 17:15:31 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Canon [2009.10.18 13:46:35 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DAEMON Tools Lite [2010.12.28 15:15:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers [2011.01.22 20:05:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ICQ [2010.11.04 14:58:50 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\IrfanView [2010.07.25 21:19:57 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Leadertech [2011.01.23 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien [2009.10.22 17:22:09 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PeerNetworking [2010.01.21 10:27:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Samsung [2010.11.13 12:21:22 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Sierra [2010.11.06 18:28:08 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Sierra Entertainment [2010.11.17 17:38:28 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\The Creative Assembly [2010.11.04 14:58:51 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TS3Client [2010.12.06 21:44:27 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Ubisoft [2011.01.17 21:49:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Uniblue [2010.02.28 16:06:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Vodafone [2011.01.23 00:32:10 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.01.23 19:15:31 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7F09DA99-472F-43DC-B004-89F728D5F72C}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.01.13 21:43:28 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Adobe [2009.10.31 17:15:31 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Canon [2009.12.28 15:18:36 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\CyberLink [2009.10.18 13:46:35 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DAEMON Tools Lite [2010.08.15 15:36:11 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DivX [2010.12.28 15:15:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers [2010.02.28 16:25:40 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FLEXnet [2011.01.22 20:05:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ICQ [2009.10.17 13:28:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Identities [2010.12.06 21:49:30 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\InstallShield [2010.11.04 14:58:50 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\IrfanView [2010.07.25 21:19:57 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Leadertech [2009.10.17 13:28:29 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Macromedia [2011.01.20 15:31:27 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Malwarebytes [2006.11.02 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Media Center Programs [2011.01.23 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien [2011.01.18 14:44:29 | 000,000,000 | --SD | M] -- C:\Users\Christian\AppData\Roaming\Microsoft [2009.10.17 17:19:32 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Mozilla [2009.10.22 17:22:09 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PeerNetworking [2010.01.21 10:27:52 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Samsung [2009.10.28 19:17:23 | 000,000,000 | RH-D | M] -- C:\Users\Christian\AppData\Roaming\SecuROM [2010.11.13 12:21:22 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Sierra [2010.11.06 18:28:08 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Sierra Entertainment [2011.01.20 18:19:19 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Skype [2011.01.20 18:07:05 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\skypePM [2010.11.17 17:38:28 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\The Creative Assembly [2010.11.04 14:58:51 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TS3Client [2009.12.16 15:53:16 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\U3 [2010.12.06 21:44:27 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Ubisoft [2011.01.17 21:49:01 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Uniblue [2010.12.16 11:56:40 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\vlc [2010.02.28 16:06:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Vodafone [2009.12.14 14:33:22 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\WinRAR [2009.11.29 22:42:20 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ZoomBrowser EX < %APPDATA%\*.exe /s > [2005.06.06 10:29:14 | 000,110,592 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\U3\0DE0F86161F2BA5F\cleanup.exe [2006.02.21 11:31:16 | 002,592,768 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\U3\0DE0F86161F2BA5F\LaunchPad.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 03:46:51 | 000,064,568 | ---- | M] () MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys [2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < MD5 for: ATAPI.SYS > [2008.01.21 03:46:50 | 000,022,584 | ---- | M] () MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\SysNative\drivers\atapi.sys [2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 12:16:48 | 000,014,848 | ---- | M] () MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll [2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.08.26 04:03:42 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe [2009.08.26 04:03:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SysWOW64\explorer.exe [2009.08.26 04:03:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe [2009.08.26 04:03:42 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe [2009.08.26 04:03:41 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe [2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe [2009.08.26 04:03:42 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe [2009.08.26 04:03:41 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\explorer.exe [2009.08.26 04:03:41 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe [2009.08.26 04:03:41 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe [2009.08.26 04:03:42 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe [2008.01.21 03:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe [2008.01.21 03:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe < MD5 for: IASTOR.SYS > [2009.02.11 10:26:17 | 000,407,576 | ---- | M] () MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Windows\SysNative\drivers\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:46:59 | 000,290,872 | ---- | M] () MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys [2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.01.21 03:51:03 | 000,716,800 | ---- | M] () MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\SysNative\netlogon.dll [2008.01.21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll [2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll < MD5 for: NVSTOR.SYS > [2008.01.21 03:46:54 | 000,054,328 | ---- | M] () MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys [2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll [2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008.01.21 03:49:49 | 000,235,520 | ---- | M] () MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\SysNative\scecli.dll [2008.01.21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\SysWOW64\user32.dll [2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll [2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll [2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll [2008.01.21 03:48:29 | 000,820,224 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll [2008.01.21 03:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 03:49:46 | 000,028,160 | ---- | M] () MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008.01.21 03:49:47 | 000,406,016 | ---- | M] () MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SysNative\winlogon.exe [2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe [2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:49:42 | 000,020,992 | ---- | M] () MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2010.09.10 19:18:25 | 010,624,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\wmp.dll < End of report > Extras :OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.01.2011 19:13:46 - Run 4
OTL by OldTimer - Version 3.2.20.4 Folder = C:\Users\Christian\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 63,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 44,58 Gb Free Space | 29,91% Space Free | Partition Type: NTFS
Drive D: | 149,04 Gb Total Space | 36,32 Gb Free Space | 24,37% Space Free | Partition Type: NTFS
Drive F: | 136,35 Gb Total Space | 130,15 Gb Free Space | 95,45% Space Free | Partition Type: NTFS
Drive G: | 149,04 Gb Total Space | 33,08 Gb Free Space | 22,19% Space Free | Partition Type: NTFS
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-3437982719-567605747-1198494745-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FA04D7D3-EFEB-4D7D-B068-55D9890DD591}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0624D363-90FD-46A4-A4C5-FE8F5B9EC680}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{1650E400-B5E0-4653-9D34-A8DECC10C603}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{1EF31B10-3FCE-4CB0-9792-E523D4AAF6E1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{2760082C-DD6A-496B-AC14-1ECC87E8C6B6}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\empire total war\empire.exe |
"{2D0FED2F-4DC3-4F07-8347-CF03A57FC111}" = protocol=17 | dir=in | app=d:\gta iv\grand theft auto iv\launchgtaiv.exe |
"{3AC0BB08-4BDF-404F-BC63-49746B838151}" = protocol=17 | dir=in | app=d:\steam\steamapps\crazies\day of defeat source\hl2.exe |
"{4AAA8465-2087-44F3-BB24-0C4AA52C2CFA}" = protocol=6 | dir=in | app=d:\steam\steamapps\crazies\counter-strike source\hl2.exe |
"{5AE13074-6B72-4336-9992-AC6BB1A2DD65}" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"{729BA1AC-B60D-4A73-A4C3-54B12C212D30}" = protocol=6 | dir=in | app=d:\gta iv\grand theft auto iv\launchgtaiv.exe |
"{7589CF98-E02D-48DB-BC06-82BF0B78135F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{8BEDFC0D-3D34-49E3-B334-A6DC51C1EA5C}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\empire total war\empire.exe |
"{97E87BCA-1FCC-471C-B724-0438F35C9C56}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{98A6A48C-B65C-4FE0-BC92-C0C1AB398245}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\napoleon total war\napoleon.exe |
"{9DE22782-FA95-4DBE-9839-8FE04607EE11}" = protocol=6 | dir=in | app=d:\dungeon siege ii\dungeonsiege2.exe |
"{9E433375-9AB5-496A-AF3E-8FD0FF7C1437}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\napoleon total war\napoleon.exe |
"{B741EC17-00C8-4A86-9C8A-993AA0C20974}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{C8F34014-E4D0-46CA-939F-D0FFD9DE4D59}" = protocol=17 | dir=in | app=d:\dungeon siege ii\dungeonsiege2.exe |
"{DC5292E9-57CC-456F-8E4F-B8F3101B84FB}" = protocol=6 | dir=in | app=d:\steam\steamapps\crazies\day of defeat source\hl2.exe |
"{E0A0140A-ACE3-46E9-84B2-BC322DC23609}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{EC66B146-FBF7-48DE-968F-810170BFF7ED}" = protocol=17 | dir=in | app=d:\steam\steamapps\crazies\counter-strike source\hl2.exe |
"{F4221A0F-67EF-4C9F-BBA0-7A0923F01BCD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{FA30BE49-685C-4E43-BFC6-5B3E8ABF1410}" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"TCP Query User{044EC94E-0F1E-43E5-BF20-500034870A1A}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{0DD6E23D-1CFB-4612-B74F-5C71B90666C6}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{2DE1E1D4-ADA8-41AD-A60B-A7A5E80BD4EE}C:\windows\cyb2k.exe" = protocol=6 | dir=in | app=c:\windows\cyb2k.exe |
"TCP Query User{3128C404-6DD6-4E73-B09D-F9ED576ABD4B}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{36BE49FB-1E74-49DA-9764-8E7914130EA7}D:\empire earth i ii iii\empire earth i zde\ee-aoc.exe" = protocol=6 | dir=in | app=d:\empire earth i ii iii\empire earth i zde\ee-aoc.exe |
"TCP Query User{48F94CDB-5B45-4A8F-ADF4-D4F498796E96}D:\aufstieg des hexenkönigs\game.dat" = protocol=6 | dir=in | app=d:\aufstieg des hexenkönigs\game.dat |
"TCP Query User{4C0EBA35-3D51-46FA-AEB0-C6AF0EB8302C}C:\windows\cyb2k.exe" = protocol=6 | dir=in | app=c:\windows\cyb2k.exe |
"TCP Query User{7A3FB132-6B70-48EB-974F-9054A0A71329}C:\program files (x86)\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"TCP Query User{89511757-80A1-49EE-AAD3-62D084EB46D0}D:\steam\steamapps\crazies\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\crazies\counter-strike source\hl2.exe |
"TCP Query User{A73663A7-D6A8-4F64-B70A-1E82EBB46E39}C:\program files (x86)\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"TCP Query User{B2968482-ACA3-4769-934E-6511F602C79F}D:\steam\steam.exe" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"TCP Query User{DBE24C2F-DB8E-4ECC-BFA5-64875B34E8E3}D:\empire earth i ii iii\empire earth i\empire earth.exe" = protocol=6 | dir=in | app=d:\empire earth i ii iii\empire earth i\empire earth.exe |
"TCP Query User{E36D2E5F-B975-4B0E-9A9F-4E5B21ED4D24}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{E6F463E6-DDF5-4802-9307-F201D6AED6B6}D:\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=d:\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{00C8729D-99D3-42A2-B787-60274C258689}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{0B40CFE2-039F-4D80-ABDE-CBE8459E5AE5}D:\empire earth i ii iii\empire earth i\empire earth.exe" = protocol=17 | dir=in | app=d:\empire earth i ii iii\empire earth i\empire earth.exe |
"UDP Query User{0F305AB0-743F-491C-9EE0-1E637659C7AB}C:\windows\cyb2k.exe" = protocol=17 | dir=in | app=c:\windows\cyb2k.exe |
"UDP Query User{302FE542-8C14-4926-AE09-5E557410890B}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{43798254-9CD0-4352-99B9-C45C92BB96A8}D:\steam\steam.exe" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"UDP Query User{53D97C22-F80D-424C-998A-4D7741B27046}D:\empire earth i ii iii\empire earth i zde\ee-aoc.exe" = protocol=17 | dir=in | app=d:\empire earth i ii iii\empire earth i zde\ee-aoc.exe |
"UDP Query User{5D50367E-3AA4-44F8-925B-98420A373264}C:\program files (x86)\windows live\messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"UDP Query User{810B20F0-FF32-4170-A19F-00EDA703D6F1}D:\steam\steamapps\crazies\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\crazies\counter-strike source\hl2.exe |
"UDP Query User{9DE42C3F-6321-4C0F-814E-3CC19553662B}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{B7A86B9D-9AAC-4C55-9BD1-769F90B62A3A}D:\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=d:\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{DE9ECE63-30D5-4827-8C34-A8A70CE83C6A}C:\program files (x86)\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"UDP Query User{E2B89C2D-C4A9-41BC-92AC-71BB854FBA3F}C:\program files (x86)\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"UDP Query User{E35714F2-18A1-4B68-94B6-BDE9DD8C31F9}C:\windows\cyb2k.exe" = protocol=17 | dir=in | app=c:\windows\cyb2k.exe |
"UDP Query User{F1EE3BED-29F3-42A7-8762-AAAF6F347B68}D:\aufstieg des hexenkönigs\game.dat" = protocol=17 | dir=in | app=d:\aufstieg des hexenkönigs\game.dat |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007
"{90120000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB 2.0 UVC 2.0M WebCam" = USB 2.0 UVC 2.0M WebCam
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{250F0996-1830-40C8-9B1D-6874D808DD95}" = ChkMail
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2E41963B-151C-4D8B-BE5D-15A4F161719F}" = GoGear Spark Device Manager
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{439F7BFD-4F1B-4CAE-834A-4136396C2738}" = ASUS Turbo Gear Enhanced VGA Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-040C-1000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0410-1000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0413-1000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{912CE296-3D73-4A9D-B3FB-70A5CF7A8568}" = Empire Earth Ultimate Edition
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99A4344A-C723-4661-A507-D9D939480358}" = Cisco LEAP Module
"{9BFD5911-93E3-42BB-BFCD-50E4BA5B8D67}" = Cisco EAP-FAST Module
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{B4C4FE8A-96B2-4321-BEEB-AF1D8CB9F418}" = Magic Total Video Converter
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C3B6103A-C76F-45CF-898E-22E74BD33CFF}" = Direct Console 2.0
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CCF22908-ECD2-4068-84F1-BA02DA1EC72D}" = GoGear Spark Device Manager
"{CD344FA5-6657-47CD-940F-8727EED35595}" = Cisco PEAP Module
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E8CC51B4-F039-4A13-8C23-57661C5A90AC}" = Express Gate
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Call of Duty" = Call of Duty
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"divx650vfw_is1" = DivX Pro 6.8.0 VFW
"DPP" = Canon Utilities Digital Photo Professional 3.5
"DungeonSiege2" = Dungeon Siege 2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"FLV Player" = FLV Player 2.0 (build 25)
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.31
"ICQToolbar" = ICQ Toolbar
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Mozilla Firefox (3.5.16)" = Mozilla Firefox (3.5.16)
"MyCamera" = Canon Utilities MyCamera
"NIS" = Norton Internet Security
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PROHYBRIDR" = 2007 Microsoft Office system
"PunkBusterSvc" = PunkBuster Services
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 10500" = Empire: Total War
"Steam App 34030" = Napoleon: Total War
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 1.1.4
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
hoffe es war alles richtig... |
|
23.01.2011, 20:25
| #4 |
| /// Malware-holic | Eindeutig zu viele svchost Prozesse.... du hast Malwarebytes genutzt, habe ich nicht geschrieben, dass ich alle scan logs sehen möchte?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
24.01.2011, 15:15
| #5 |
| | Eindeutig zu viele svchost Prozesse.... Entschuldige, malware hat ncihts gefunden... wie gehts jetzt weiter ? Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5560 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 24.01.2011 15:06:01 mbam-log-2011-01-24 (15-06-01).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|) Durchsuchte Objekte: 432330 Laufzeit: 1 Stunde(n), 3 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
24.01.2011, 15:38
| #6 |
| /// Malware-holic | Eindeutig zu viele svchost Prozesse.... bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ --> Eindeutig zu viele svchost Prozesse.... |
|
24.01.2011, 17:07
| #7 |
| | Eindeutig zu viele svchost Prozesse.... Combofix Logfile: Code:
ATTFilter ComboFix 11-01-23.07 - Christian 24.01.2011 15:58:46.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.6142.3754 [GMT 1:00]
ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\jestertb.dll
F:\install.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-12-24 bis 2011-01-24 ))))))))))))))))))))))))))))))
.
2011-01-24 15:36 . 2011-01-24 15:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-23 19:18 . 2011-01-23 19:18 -------- d-----w- c:\program files (x86)\The Final Quiz Game
2011-01-21 09:43 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4535378-5C9C-4679-BAA3-CDE84DECDFDF}\mpengine.dll
2011-01-20 14:31 . 2011-01-20 14:31 -------- d-----w- c:\users\Christian\AppData\Roaming\Malwarebytes
2011-01-20 14:31 . 2011-01-20 14:31 -------- d-----w- c:\programdata\Malwarebytes
2011-01-20 14:31 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-20 14:30 . 2011-01-20 14:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-20 14:30 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-20 13:08 . 2011-01-20 13:22 -------- d-----w- C:\_OTL
2011-01-18 13:45 . 2011-01-18 13:45 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-01-18 13:45 . 2011-01-18 13:45 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-01-18 13:45 . 2011-01-18 13:45 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-01-18 13:45 . 2011-01-18 13:45 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-01-18 13:44 . 2011-01-18 13:44 113440 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1031\ResourceCache.dll
2011-01-18 13:42 . 2011-01-18 13:43 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2011-01-18 13:42 . 2011-01-18 13:42 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2011-01-18 13:40 . 2011-01-18 13:40 -------- d-----w- c:\windows\symbols
2011-01-18 13:40 . 2011-01-18 13:40 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2011-01-18 13:40 . 2011-01-18 13:40 -------- d-----w- c:\program files\Microsoft Help Viewer
2011-01-18 13:40 . 2011-01-18 13:40 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2011-01-18 13:34 . 2008-11-13 06:04 125440 ----a-w- c:\windows\system32\msiexec.exe
2011-01-18 13:34 . 2008-11-13 06:09 22528 ----a-w- c:\windows\system32\msisip.dll
2011-01-18 13:34 . 2008-11-13 04:50 332800 ----a-w- c:\windows\SysWow64\msihnd.dll
2011-01-18 13:34 . 2008-11-13 04:50 16384 ----a-w- c:\windows\SysWow64\msisip.dll
2011-01-18 13:34 . 2008-11-13 04:49 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2011-01-18 13:34 . 2008-11-13 03:37 2560 ----a-w- c:\windows\system32\msimsg.dll
2011-01-18 13:34 . 2008-11-13 02:28 2560 ----a-w- c:\windows\SysWow64\msimsg.dll
2011-01-18 13:34 . 2008-11-13 06:09 503296 ----a-w- c:\windows\system32\msihnd.dll
2011-01-18 13:34 . 2008-11-13 06:09 3107840 ----a-w- c:\windows\system32\msi.dll
2011-01-18 13:34 . 2008-11-13 04:50 2241536 ----a-w- c:\windows\SysWow64\msi.dll
2011-01-18 13:00 . 2011-01-19 10:19 -------- d-----w- c:\programdata\SecTaskMan
2011-01-17 20:49 . 2011-01-17 20:49 -------- d-----w- c:\users\Christian\AppData\Roaming\Uniblue
2011-01-17 20:45 . 2011-01-17 20:45 -------- d-----w- c:\users\Christian\AppData\Local\PackageAware
2011-01-12 16:12 . 2011-01-12 16:13 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-01-12 16:10 . 2011-01-12 16:10 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-01-12 16:05 . 2011-01-12 16:05 -------- d-----w- C:\NVIDIA
2010-12-28 14:15 . 2010-12-28 14:15 -------- d-----w- c:\users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-23 10:38 . 2009-10-17 12:23 45056 ----a-w- c:\windows\system32\acovcnt.exe
2010-12-23 11:14 . 2010-12-23 11:14 1222408 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-11-26 12:52 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2010-11-26 12:52 . 2009-08-18 10:24 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-11-06 11:10 . 2010-12-16 18:24 357376 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-11-06 11:10 . 2010-12-16 18:24 270336 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-11-06 04:35 . 2010-12-16 18:24 499712 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-06 04:35 . 2010-12-16 18:24 655872 ----a-w- c:\windows\system32\taskschd.dll
2010-11-06 04:35 . 2010-12-16 18:24 410112 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-06 04:35 . 2010-12-16 18:24 854528 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-05 00:53 . 2010-12-16 18:24 171520 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-11-04 21:16 . 2010-12-16 18:24 267776 ----a-w- c:\windows\system32\taskeng.exe
2010-10-28 15:18 . 2010-12-16 18:25 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 15:02 . 2010-12-16 18:25 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-10-28 13:23 . 2010-12-16 18:25 367104 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:17 . 2010-12-16 18:24 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-28 13:03 . 2010-12-16 18:25 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-10-28 12:56 . 2010-12-16 18:24 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1555968]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-07 159744]
"ADSMTray"="c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]
"DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2009-04-08 2861624]
"PowerForPhone"="c:\program files (x86)\P4P\P4P.exe" [2008-01-26 778240]
"ChkMail"="c:\program files\ChkMail\ChkMail\ChkMail.exe" [2007-07-14 741376]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2008-10-01 1126400]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-08-26 3054136]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-08-26 47672]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"C2K"="c:\windows\Cyb2k.exe" [2006-05-19 3103232]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-30 1026088]
Philips GoGear Spark Gere-Manager.lnk - c:\program files (x86)\Philips\GoGear Spark Device Manager\main.exe [2010-8-7 7974455]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008000.029\BHDrvx64.sys [2009-10-17 334384]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Inhalt des "geplante Tasks" Ordners
2011-01-24 c:\windows\Tasks\User_Feed_Synchronization-{7F09DA99-472F-43DC-B004-89F728D5F72C}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-04-28 7731232]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-20 1833504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1216808]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mLocal Page = %SystemRoot%\system32\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Christian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\bckavay7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2903601&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/|hxxp://www.looki.de/info/space-pioneers/register.html
FF - prefs.js: keyword.URL - hxxp://ws.infospace.com/coolchaser/ws/redir?_iceUrl=true&user_id=32213883&tool_id=60531&qkw=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\program files (x86)\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - %profile%\extensions\moveplayer@movenetworks.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: CoolChaser Toolbar: {a2880346-35bb-45bb-9190-eedb49c132c5} - %profile%\extensions\{a2880346-35bb-45bb-9190-eedb49c132c5}
FF - Ext: MK Notifier: {e0e30ae0-9a17-11de-b2f2-56dc55d89593} - %profile%\extensions\{e0e30ae0-9a17-11de-b2f2-56dc55d89593}
FF - Ext: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - %profile%\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - %profile%\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Productivity 2.2 Community Toolbar: {e84cc2c1-b722-48fc-a39c-edb8b525c777} - %profile%\extensions\{e84cc2c1-b722-48fc-a39c-edb8b525c777}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
Wow6432Node-HKCU-Run-kfdpfsdfusr.exe - c:\kfdpfsdfusr\kfdpfsdfusr.exe
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Free YouTube Download_is1 - c:\program files (x86)\DVDVideoSoft\Free YouTube Download\unins000.exe
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-3437982719-567605747-1198494745-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:61,a4,a5,9a,8a,4a,77,a8,6d,34,24,c4,af,ea,96,a7,72,ac,88,f8,89,fc,af,
f0,9e,13,9a,d4,75,c2,69,79,3a,e1,27,b1,a1,3d,c8,9d,76,07,26,d6,24,53,c0,c4,\
"??"=hex:9f,e1,3a,bf,ae,da,1e,e3,13,78,1c,aa,bb,c7,96,3e
[HKEY_USERS\S-1-5-21-3437982719-567605747-1198494745-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:31,db,e9,ba,e0,1f,f2,5f,0a,81,46,c5,35,e4,27,8b,95,01,2a,4a,ba,
1d,6f,58,5d,c3,c7,85,40,9a,37,65,2d,a1,3f,21,2f,45,fe,57,0f,75,1b,95,e1,2a,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-01-24 16:56:14
ComboFix-quarantined-files.txt 2011-01-24 15:56
Vor Suchlauf: 13 Verzeichnis(se), 44.627.124.224 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 44.904.177.664 Bytes frei
- - End Of File - - 17C00FC7D30A2A216B59648E2A12F4E4
|
|
24.01.2011, 17:19
| #8 |
| /// Malware-holic | Eindeutig zu viele svchost Prozesse.... falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
24.01.2011, 18:03
| #9 |
| | Eindeutig zu viele svchost Prozesse.... Habe hinter jeder Systemdatei Windows / asus unbekannt geschrieben, da ich nciht weiß in wie fern ich das brauche... 2007 Microsoft Office system Microsoft Corporation 23.12.2009 1.147MB 12.0.6425.1000 benötigt Activation Assistant for the 2007 Microsoft Office suites Microsoft Corporation 25.08.2009 14,0MB unbekannt Adobe AIR Adobe Systems Inc. 04.10.2010 30,7MB 1.5.3.9120 unbekannt Adobe Community Help Adobe Systems Incorporated 04.10.2010 2,52MB 3.0.0.400 unbekannt Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 17.10.2009 10.0.12.36 unbekannt Adobe Flash Player 10 Plugin Adobe Systems Incorporated 18.01.2011 10.1.102.64 unbekannt Adobe Media Player Adobe Systems Incorporated 04.10.2010 2,70MB 1.8 unbekannt Adobe Reader 9.2 - Deutsch Adobe Systems Incorporated 28.12.2009 161,4MB 9.2.0 unbekannt ANNO 1404 Ubisoft 23.01.2011 3.412MB 1.01.0000 benötigt Apple Application Support Apple Inc. 05.01.2010 32,4MB 1.1.0 unnötig Apple Software Update Apple Inc. 05.01.2010 2,16MB 2.1.1.116 unnötig Assassin's Creed Ubisoft 25.10.2009 6.817MB 1.02 benötigt ASUS CopyProtect ASUS 24.08.2009 3,47MB 1.0.0012 unbekannt ASUS Data Security Manager ASUS 24.08.2009 15,0MB 1.00.0011 unbekannt ASUS LifeFrame3 ASUS 24.08.2009 27,7MB 3.0.19 unbekannt ASUS Live Update ASUS 25.08.2009 0,43MB 2.5.7 unbekannt ASUS MultiFrame 25.08.2009 2,36MB 1.0.0018 unbekannt ASUS SmartLogon ASUS 24.08.2009 10,9MB 1.0.0005 unbekannt ASUS Splendid Video Enhancement Technology ASUS 24.08.2009 25,0MB 1.02.0025 unbekannt ASUS Turbo Gear Enhanced VGA Driver ASUSTeK Computer Inc. 25.08.2009 0,27MB 0.0.0.18 unbekannt ASUS Virtual Camera asus 24.08.2009 2,88MB 1.0.14 unbekannt Asus_Camera_ScreenSaver ASUS 25.08.2009 2.0.0008 unbekannt Atheros Client Installation Program Atheros 24.08.2009 1,29MB 7.0 unbekannt ATK Generic Function Service ATK 24.08.2009 0,45MB 1.00.0008 unbekannt ATK Hotkey ASUS 24.08.2009 5,80MB 1.0.0049 unbekannt ATK Media ASUS 24.08.2009 0,18MB 2.0.0004 unbekannt ATKOSD2 ASUS 24.08.2009 7,99MB 7.0.0003 unbekannt Aufstieg des Hexenkönigs™ 21.01.2010 2.896MB benötigt Call of Duty 25.10.2009 1.154MB benötigt Call of Duty: Modern Warfare 2 Infinity Ward 10.02.2010 11.492MB benötigt Call of Duty: Modern Warfare 2 - Multiplayer Infinity Ward 10.02.2010 11.492MB benötigt CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Inc. 30.10.2009 107,9MB 1.6.0.12 benötigt Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Inc. 30.10.2009 11,3MB 6.4.2.16 benötigt Canon Internet Library for ZoomBrowser EX Canon Inc. 30.10.2009 107,9MB 1.6.2.7 benötigt Canon Utilities CameraWindow Canon Inc. 30.10.2009 2,27MB 7.1.0.2 benötigt Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX Canon Inc. 30.10.2009 11,3MB 6.4.2.16 benötigt Canon Utilities Digital Photo Professional 3.5 Canon Inc. 30.10.2009 73,5MB 3.5.2.0 benötigt Canon Utilities EOS Utility Canon Inc. 30.10.2009 36,3MB 2.5.0.1 benötigt Canon Utilities MyCamera Canon Inc. 30.10.2009 8,41MB 7.0.0.3 benötigt Canon Utilities PhotoStitch Canon Inc. 30.10.2009 6,14MB 3.1.22.46 benötigt Canon Utilities Picture Style Editor Canon Inc. 30.10.2009 70,5MB 1.4.2.0 benötigt Canon Utilities RemoteCapture Task for ZoomBrowser EX Canon Inc. 30.10.2009 9,10MB 1.7.1.9 benötigt Canon Utilities WFT-E1/E2/E3 Utility Canon Inc. 30.10.2009 2,96MB 3.2.2.3 benötigt Canon Utilities ZoomBrowser EX Canon Inc. 30.10.2009 107,9MB 6.2.0.29 benötigt Canon ZoomBrowser EX Memory Card Utility Canon Inc. 30.10.2009 12,6MB 1.2.0.9 benötigt CCleaner Piriform 23.01.2011 6,64MB 3.02 unbekannt ChkMail ChkMail 24.08.2009 0,71MB 2.0.0.16 unbekannt Cisco EAP-FAST Module Cisco Systems, Inc. 24.08.2009 1,56MB 2.2.10 unbekannt Cisco LEAP Module Cisco Systems, Inc. 24.08.2009 0,62MB 1.0.16 unbekannt Cisco PEAP Module Cisco Systems, Inc. 24.08.2009 1,24MB 1.1.3 unbekannt Counter-Strike: Source Valve 27.12.2009 501MB 1.0.0.0 bennötigt CrowdStar Gamebar 24.01.2011 unnötig CyberLink LabelPrint CyberLink Corp. 24.08.2009 88,4MB 2.5.1720 unbekannt CyberLink Power2Go CyberLink Corp. 24.08.2009 108,4MB 6.1.2713 unbekannt Die Schlacht um Mittelerde™ II 30.10.2009 5.243MB benötigt Direct Console 2.0 ASUS 24.08.2009 9,53MB 2.0.7 unbekannt DivX Pro 6.8.0 VFW 13.11.2009 0,66MB 6.8.0.14 unbekannt DivX-Setup DivX, Inc. 21.09.2010 2,20MB 2.0.4.2 unbekannt Dungeon Siege 2 Microsoft 20.12.2010 2.289MB benötigt Empire Earth Ultimate Edition The Games Company 04.11.2010 3.211MB 1.0 benötigt Empire: Total War The Creative Assembly 16.11.2010 16.530MB benötigt Express Gate DeviceVM, Inc. 24.08.2009 366MB 1.1.9.2 unbekannt FLV Player 2.0 (build 25) Martijn de Visser 02.12.2009 1,95MB 2.0 (build 25) unbekannt Free YouTube Download 2.3 DVDVideoSoft Limited. 13.11.2009 2,65MB benötigt Free YouTube to MP3 Converter version 3.9.31 DVDVideoSoft Limited. 27.12.2010 3,30MB benötigt GoGear Spark Device Manager Philips 06.08.2010 16,7MB 0.1 unbekannt Grand Theft Auto IV Rockstar Games 21.11.2010 15.339MB 1.00.0000 benötigt ICQ Toolbar ICQ 17.10.2009 3.0.0 unnötig ICQ7 ICQ 25.01.2010 37,4MB 7.0 benötigt IrfanView (remove only) 27.11.2009 1,61MB benötigt Java(TM) 6 Update 18 Sun Microsystems, Inc. 21.02.2010 94,5MB 6.0.180 unbekannt Magic Total Video Converter Magic Software 13.11.2009 85,3MB 6.20.0000 unbekannt Malwarebytes' Anti-Malware Malwarebytes Corporation 19.01.2011 4,82MB benötigt Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 18.10.2009 42,1MB unbekannt Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 17.10.2009 42,1MB unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 24.11.2010 189,3MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 24.11.2010 46,5MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Extended Microsoft Corporation 17.01.2011 46,4MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 17.01.2011 12,0MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Corporation 17.01.2011 83,5MB 4.0.30319 unbekannt Microsoft Games for Windows - LIVE Microsoft Corporation 17.11.2010 6,01MB 3.4.54.0 unbekannt Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 17.11.2010 31,3MB 3.4.18.0 unbekannt Microsoft Help Viewer 1.0 Microsoft Corporation 17.01.2011 6,54MB 1.0.30319 unbekannt Microsoft Help Viewer 1.0 Language Pack - DEU Microsoft Corporation 17.01.2011 6,54MB 1.0.30319 unbekannt Microsoft Office Enterprise 2007 Microsoft Corporation 23.12.2009 1.147MB 12.0.6425.1000 unbekannt Microsoft SQL Server Compact 3.5 SP2 DEU Microsoft Corporation 17.01.2011 3,69MB 3.5.8080.0 unbekannt Microsoft SQL Server Compact 3.5 SP2 x64 DEU Microsoft Corporation 17.01.2011 4,82MB 3.5.8080.0 unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 19.01.2011 0,25MB 8.0.50727.4053 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 20.01.2011 0,61MB 9.0.21022 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 Microsoft Corporation 17.01.2011 0,58MB 9.0.30729.4974 unbekannt Microsoft Visual C++ 2010 Express - DEU Microsoft Corporation 17.01.2011 391MB 10.0.30319 unbekannt Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU Microsoft Corporation 17.01.2011 4,46MB 10.0.30319 unbekannt Mozilla Firefox (3.5.16) Mozilla 09.12.2010 31,8MB 3.5.16 (de) benötigt MSXML 4.0 SP2 (KB954430) Microsoft Corporation 18.12.2009 1,28MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 18.12.2009 1,34MB 4.20.9876.0 unbekannt Napoleon: Total War The Creative Assembly 16.11.2010 23.024MB benötigt NB Probe 25.08.2009 2,52MB unbekannt Norton Internet Security Symantec Corporation 03.02.2010 30,7MB 16.8.0.41 benötigt NVIDIA 3D Vision Treiber 260.99 NVIDIA Corporation 11.01.2011 18,1MB 260.99 unbekannt NVIDIA Grafiktreiber 260.99 NVIDIA Corporation 11.01.2011 126,2MB 260.99 unbekannt NVIDIA PhysX-Systemsoftware 260.99 NVIDIA Corporation 11.01.2011 79,0MB 260.99 unbekannt P4P P4P 24.08.2009 0,75MB 1.0.0.17 unbekannt PunkBuster Services Even Balance, Inc. 27.12.2009 0.986 unnötig QuickTime Apple Inc. 05.01.2010 77,3MB 7.65.17.80 unnötig Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek 24.08.2009 1,49MB 1.00.0000 unbekannt Realtek High Definition Audio Driver Realtek Semiconductor Corp. 24.08.2009 11,1MB 6.0.1.5836 unbekannt RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01 25.08.2009 2,11MB 3.55.01 unbekannt Rockstar Games Social Club Rockstar Games 21.11.2010 1,89MB 1.00.0000 benötigt Samsung New PC Studio Samsung Electronics Co., Ltd. 20.01.2010 121,6MB 1.00.0000 benötigt Skype Toolbars Skype Technologies S.A. 31.03.2010 5,25MB 1.0.4051 unbekannt Skype™ 4.2 Skype Technologies S.A. 31.03.2010 31,8MB 4.2.155 benötigt Steam(TM) Valve 27.12.2009 16,6MB 1.0.0.0 benötigt Synaptics Pointing Device Driver Synaptics 25.08.2009 14,2MB 10.1.8.0 unbekannt TeamSpeak 3 Client TeamSpeak Systems GmbH 24.09.2010 30,2MB benötigt The Final Quiz Game 1.04 Benjamin Bahnsen Software 22.01.2011 8,47MB unnötig USB 2.0 UVC 2.0M WebCam 25.08.2009 unbekannt VLC media player 1.1.4 VideoLAN 03.10.2010 22,5MB 1.1.4 benötigt WIDCOMM Bluetooth Software Broadcom Corporation 24.08.2009 50,1MB 5.2.0.800 unbekannt Windows Live Essentials Microsoft Corporation 09.11.2009 44,0MB 14.0.8089.0726 unbekannt Windows Live ID Sign-in Assistant Microsoft Corporation 17.11.2010 8,12MB 6.500.3165.0 unbekannt Windows Live-Uploadtool Microsoft Corporation 09.11.2009 0,22MB 14.0.8014.1029 unbekannt WinFlash 25.08.2009 1,37MB unbekannt WinRAR 13.12.2009 4,36MB benötigt Wireless Console 2 ATK 24.08.2009 2.0.10 unbekannt |
|
24.01.2011, 18:15
| #10 |
| /// Malware-holic | Eindeutig zu viele svchost Prozesse.... Adobe AIR Adobe Community Help Adobe Media Player Adobe Reader 9.2 ersetzen: Adobe - Adobe Reader herunterladen - Alle Versionen bitte den mcafee security scan nicht mit instalieren. öffne den adobe reader, bearbeiten, voreinstellungen, javascript, dort den haken raus, internet, ebenfalls alle haken raus. so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden. unter allgemein, nur zertifizierte zusatzmodule verwenden anhaken. unter update, auf instalieren stellen. klicke übernehmen /ok deinstaliere. Apple beide. ASUS Splendid Video Enhancement Technology ASUS Virtual Camera Asus_Camera_ScreenSaver ChkMail CrowdStar CyberLink beide. DivX beide. FLV Player ICQ Toolbar Java(TM) 6 Update 18 updaten: Java SE Downloads klicke auf download jre. deinstaliere Magic Total Video Converter Microsoft Games beide, Microsoft SQL Server beide. norton: da ist aktuell 2011 bitte auf der homepage upgraden, sollte mit deiner lizenz möglich sein. deinstaliere: P4P Skype Toolbars öffne skype, update und skype 5 instalieren. deinstaliere: The Final Quiz Game Windows Live (alle) bereinige mit dem CCleaner dateien und die registry. scanne mit dem geupdattem norton, berichte wie der pc läuft.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
24.01.2011, 19:02
| #11 |
| | Eindeutig zu viele svchost Prozesse.... also, ich habe mit CCleaner die regirtry bereinigt... den unterbegriff dateien finde ich nicht.. bei norton war das leider nur ne testversion, und ich müsste geld bezahlen um ne neue zu machen... Wo ist der Unterbegriff Dateien bei CCleaner ? |
|
24.01.2011, 19:12
| #12 |
| /// Malware-holic | Eindeutig zu viele svchost Prozesse.... bei analyse. naja dann brauchst du nen anderes av programm was soll dir denn bitte ne testversion nützen?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Eindeutig zu viele svchost Prozesse.... |
| auslastung, cpu, cpu auslastung, dinger, frage, fragen, funktionier, funktioniert, funktioniert nicht, gutes, helft, heute, kurzem, laufe, laufen, laufwerk, nichts, prozesse, prozessen, svchost, ungewöhnliches, zu hoch |
Linear-Darstellung
