| |
| |||||||
Log-Analyse und Auswertung: mein hijacklog --> bitte um hilfe antivir sowie wlan adapter funkt. nichtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.01.2011, 15:04
| #1 |
 |  mein hijacklog --> bitte um hilfe antivir sowie wlan adapter funkt. nicht Hallo allerseits. Habe seit heute einige probleme undzwar lässt sich seit heute nicht mehr mein antivir starten es ist auf disabeld und wenn ich es starten möchte tut sich nichts. Das zweite problem wäre das ich eine hijacklogfile erstellt habe und seitdem mein wlan adapter nicht mehr erkannt wird. habe neustarts durchgeführt doch der adapter wird nicht mehr erkannt somit komm ich auch nicht mehr in internet. danke im voraus für eure hilfe. Hier das ergebniss vom hijacken: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:52:46, on 24.01.2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe C:\WINDOWS\system32\dgdersvc.exe C:\Programme\Google\Update\1.2.183.39\GoogleCrashHandler.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programme\CDBurnerXP\NMSAccessU.exe C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE C:\Programme\SyncroSoft\Pos\H2O\cledx.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\MAFWTray.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Windows Live\Messenger\msnmsgr.exe C:\Programme\Rainlendar2\Rainlendar2.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Paltalk Messenger\paltalk.exe C:\Programme\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe C:\Programme\CodeMeter\Runtime\bin\CodeMeterCC.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\explorer.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe C:\Programme\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\imapi.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://trojaner-board.de. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://trojaner-board.de. R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://trojaner-board.de. R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = h**p://trojaner-board.de. R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://trojaner-board.de. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:23012 R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Programme\AskSearch\bin\DefaultSearch.dll R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Programme\Messenger_Plus_Live\tbMes0.dll R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Programme\IsoBuster\tbIsoB.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Programme\IsoBuster\tbIsoB.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Programme\Messenger_Plus_Live\tbMes0.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Programme\Messenger_Plus_Live\tbMes0.dll O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll O3 - Toolbar: Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Gutscheinmieze\toolbar.dll O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Programme\IsoBuster\tbIsoB.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [Cerberus] C:\WINDOWS\system32\System32\cscript.exe.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [H2O] C:\Programme\SyncroSoft\Pos\H2O\cledx.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\MAFWTray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Cerberus] C:\WINDOWS\system32\System32\cscript.exe.exe O4 - HKCU\..\Run: [Rainlendar2] C:\Programme\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [{3E1A597F-68F7-7987-7E7F-8A7AD13A389E}] "C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Qesex\kybeu.exe" O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe O4 - HKCU\..\Run: [Userkb] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Servpnp\crtpack.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: CodeMeter Control Center.lnk = C:\Programme\CodeMeter\Runtime\bin\CodeMeterCC.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: PalTalk.lnk = C:\Programme\Paltalk Messenger\paltalk.exe O4 - Global Startup: ZDWLan Utility.lnk = C:\Programme\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programme\Paltalk Messenger\Paltalk.exe O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - h**p://trojaner-board.de. O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - h**p://trojaner-board.de. O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Java Plug-in 1.6.0_12) - O17 - HKLM\System\CCS\Services\Tcpip\..\{0DEDD77E-3B43-4AF9-A9F0-ADCEED202E9A}: NameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{5CC003F0-2CDF-4965-96D7-90CD14EB9138}: NameServer = 192.168.2.1 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\WINDOWS\system32\dgdersvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: Google Update Service (gupdate1c9b63e59ffdb9c) (gupdate1c9b63e59ffdb9c) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\programme\gemeinsame dateien\logishrd\lvmvfm\LVPrcSrv.exe (file missing) O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Programme\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programme\WinPcap\rpcapd.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe -- End of file - 14029 bytes |
|
24.01.2011, 15:36
| #2 |
| /// Malware-holic   | mein hijacklog --> bitte um hilfe antivir sowie wlan adapter funkt. nicht öffne den internet explorer, extras, internet optionen, verbindung, lanverbindung, eintrag bei proxy server löschen, und wähle, keinen proxy verwenden. klicke übernehmen, ok
__________________internet sollte funktionieren. 3. Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten
__________________ |
|
24.01.2011, 16:27
| #3 |
| | mein hijacklog --> bitte um hilfe antivir sowie wlan adapter funkt. nicht danke für deine hilfe ersteinmal. das problem mit dem internet ist das der rechner nicht mehr den wlan adapter erkennt sprich gar keine verbindung herstellt.
__________________otl: Code:
ATTFilter OTL logfile created on: 24.01.2011 15:47:04 - Run 1 OTL by OldTimer - Version 3.2.20.5 Folder = I:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 244,14 Gb Total Space | 6,33 Gb Free Space | 2,59% Space Free | Partition Type: NTFS Drive D: | 221,61 Gb Total Space | 15,48 Gb Free Space | 6,99% Space Free | Partition Type: NTFS Drive F: | 146,48 Gb Total Space | 135,47 Gb Free Space | 92,48% Space Free | Partition Type: NTFS Drive G: | 785,02 Gb Total Space | 640,02 Gb Free Space | 81,53% Space Free | Partition Type: NTFS Drive I: | 1,88 Gb Total Space | 1,86 Gb Free Space | 98,98% Space Free | Partition Type: FAT Computer Name: MAC10-6727E048D | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.01.24 15:39:46 | 000,603,136 | ---- | M] (OldTimer Tools) -- I:\OTL.exe PRC - [2010.12.15 21:54:20 | 013,596,424 | ---- | M] (AVM Software Inc.) -- C:\Programme\Paltalk Messenger\paltalk.exe PRC - [2010.12.13 08:46:27 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.12.11 18:06:54 | 000,910,808 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.10.25 10:07:48 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\WINDOWS\system32\dgdersvc.exe PRC - [2010.10.15 10:56:20 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.2.183.39\GoogleCrashHandler.exe PRC - [2010.05.28 07:25:04 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe PRC - [2010.01.22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe PRC - [2009.08.22 11:31:06 | 005,148,672 | ---- | M] () -- C:\Programme\Rainlendar2\Rainlendar2.exe PRC - [2009.07.29 13:28:40 | 000,252,424 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\MAFWTray.exe PRC - [2009.07.13 22:18:12 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2009.02.15 00:40:10 | 000,375,808 | ---- | M] (Image-Line) -- C:\Programme\Image-Line\FL Studio 8\FL.exe PRC - [2009.02.06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Contacts\wlcomm.exe PRC - [2008.05.02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2008.05.02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe PRC - [2008.04.29 12:25:50 | 000,671,863 | ---- | M] (E-MU Systems) -- C:\Programme\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.03.20 14:35:04 | 000,023,040 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe PRC - [2007.08.23 02:20:02 | 002,007,040 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe PRC - [2007.03.23 03:20:02 | 004,984,832 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Programme\CodeMeter\Runtime\bin\CodeMeterCC.exe PRC - [2007.01.15 16:14:54 | 000,147,456 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe PRC - [2007.01.15 16:13:50 | 001,208,320 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2007.01.15 16:01:56 | 000,266,240 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe PRC - [2006.12.07 16:32:40 | 000,487,424 | ---- | M] () -- C:\Programme\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe PRC - [2005.12.18 13:18:56 | 000,307,200 | ---- | M] (Team H2O) -- C:\Programme\Syncrosoft\POS\H2O\cledx.exe PRC - [2005.11.08 19:03:02 | 000,942,080 | ---- | M] (SIA Syncrosoft) -- C:\Programme\Syncrosoft\POS\SYNSOPOS.exe PRC - [2005.09.28 16:06:30 | 000,094,208 | ---- | M] () -- C:\Programme\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe PRC - [2002.12.10 16:54:04 | 000,127,022 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVComS.exe ========== Modules (SafeList) ========== MOD - [2011.01.24 15:39:46 | 000,603,136 | ---- | M] (OldTimer Tools) -- I:\OTL.exe MOD - [2010.08.23 17:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2009.08.13 14:55:39 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll MOD - [2009.07.12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll MOD - [2008.05.02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\lgscroll.dll MOD - [2008.04.14 07:52:26 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shfolder.dll MOD - [2008.04.14 07:52:20 | 001,384,479 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvbvm60.dll MOD - [2008.04.14 07:52:10 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dinput.dll MOD - [2008.03.20 14:35:02 | 000,012,800 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\ctagent.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0) SRV - File not found [Auto | Stopped] -- -- (LVPrcSrv) SRV - [2010.12.13 08:46:37 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.12.13 08:46:30 | 000,403,624 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2010.12.13 08:46:28 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2010.12.13 08:46:28 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.10.25 10:07:48 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\dgdersvc.exe -- (dgdersvc) SRV - [2010.08.23 12:39:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.05.28 07:25:04 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2010.03.15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\Spyware Doctor\pctsSvc.exe -- (sdCoreService) SRV - [2010.03.11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\Spyware Doctor\pctsAuxs.exe -- (sdAuxService) SRV - [2010.01.22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2009.07.13 22:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2009.06.23 18:08:18 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2008.05.02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2007.08.23 02:20:02 | 002,007,040 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe) SRV - [2007.01.15 16:01:56 | 000,266,240 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2005.09.28 16:06:30 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Programme\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService) SRV - [2005.04.03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.04.04 14:54:50 | 000,077,824 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) ========== Driver Services (SafeList) ========== DRV - [2010.12.13 08:46:49 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010.12.13 08:46:49 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.11.17 23:51:47 | 000,063,360 | ---- | M] (PC Tools) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg) DRV - [2010.11.17 23:51:45 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2010.10.25 10:07:48 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2010.08.27 05:32:08 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2010.08.27 05:32:08 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV - [2010.08.27 05:32:08 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV - [2010.06.17 14:30:25 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.17 14:30:21 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2010.05.28 07:25:04 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.04.27 03:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2010.04.27 03:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2010.04.27 03:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2010.02.05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi) DRV - [2009.10.05 13:15:25 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009.10.05 13:15:24 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.02.03 11:49:04 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2008.07.02 17:03:06 | 000,086,528 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\tpkd.sys -- (TPkd) DRV - [2008.04.14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2008.03.20 16:55:16 | 000,802,840 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k) DRV - [2008.03.20 16:54:42 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia) DRV - [2008.03.20 16:52:50 | 000,159,256 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2008.03.20 16:52:22 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - [2008.03.20 16:51:56 | 000,129,560 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2008.03.20 16:49:30 | 000,524,824 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV - [2008.03.20 16:48:56 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k) DRV - [2008.03.20 16:40:38 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS) DRV - [2008.03.20 16:40:38 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX) DRV - [2008.03.20 16:38:06 | 000,134,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTEDSPIO.SYS -- (CTEDSPIO.SYS) DRV - [2008.03.20 16:38:06 | 000,134,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEDSPIO.sys -- (CTEDSPIO) DRV - [2008.03.20 16:37:36 | 000,309,784 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CTEDSPSY.SYS -- (CTEDSPSY.SYS) DRV - [2008.03.20 16:37:36 | 000,309,784 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEDSPSY.sys -- (CTEDSPSY) DRV - [2008.03.20 16:37:10 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS) DRV - [2008.03.20 16:37:10 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT) DRV - [2008.03.20 16:36:44 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS) DRV - [2008.03.20 16:36:44 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT) DRV - [2008.03.20 16:36:14 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS) DRV - [2008.03.20 16:36:14 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX) DRV - [2008.03.20 16:32:36 | 000,259,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTEDSPFX.SYS -- (CTEDSPFX.SYS) DRV - [2008.03.20 16:32:36 | 000,259,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEDSPFX.sys -- (CTEDSPFX) DRV - [2008.03.20 16:26:30 | 000,163,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTEAPSFX.SYS -- (CTEAPSFX.SYS) DRV - [2008.03.20 16:26:30 | 000,163,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEAPSFX.sys -- (CTEAPSFX) DRV - [2008.03.20 16:25:44 | 000,534,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS) DRV - [2008.03.20 16:25:44 | 000,534,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX) DRV - [2008.03.20 16:23:44 | 000,528,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS) DRV - [2008.03.20 16:23:44 | 000,528,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX) DRV - [2008.03.20 16:23:08 | 000,098,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS) DRV - [2008.03.20 16:23:08 | 000,098,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX) DRV - [2008.03.19 10:04:00 | 007,086,240 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2008.02.29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2008.02.29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2008.01.29 05:37:48 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2008.01.29 05:37:46 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2007.10.12 09:53:10 | 000,013,312 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu) DRV - [2006.08.24 13:44:14 | 000,477,696 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) DRV - [2005.11.03 11:17:34 | 000,016,896 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB) DRV - [2005.06.14 13:44:00 | 000,021,888 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ma_cmidi.sys -- (MA_CMIDI) DRV - [2005.05.09 19:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX) DRV - [2004.10.25 13:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50) DRV - [2004.03.22 20:52:12 | 000,301,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd.sys -- (snpstd) USB PC Camera (SN9C102) DRV - [2003.04.04 15:07:20 | 000,030,336 | ---- | M] (Politecnico di Torino) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2002.12.10 16:53:24 | 000,236,121 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0) DRV - [2002.04.16 11:10:52 | 000,004,899 | ---- | M] (MAGIX AG) [File_System | On_Demand | Stopped] -- D:\Programme\samplitude\mxasio.sys -- (MagixASIODrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q= IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012 IE - HKU\S-1-5-21-1078081533-764733703-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1700389 IE - HKU\S-1-5-21-1078081533-764733703-839522115-500\..\URLSearchHook: {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Programme\IsoBuster\tbIsoB.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1078081533-764733703-839522115-500\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Programme\Messenger_Plus_Live\tbMes0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1078081533-764733703-839522115-500\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Programme\AskSearch\bin\DefaultSearch.dll () IE - HKU\S-1-5-21-1078081533-764733703-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1078081533-764733703-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:23012 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "IsoBuster Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1700389&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT1700389&SearchSource=13" FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..extensions.enabledItems: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}:0.3.8.1 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.3 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03 FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.7.0.1 FF - prefs.js..extensions.enabledItems: {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}:2.6.0.15 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {9b339f6e-ddcd-401b-8764-230adbd01761}:2.5.4.7 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2 FF - prefs.js..extensions.enabledItems: {DB8CE17D-D561-4CCC-86A2-D3F2D06EA4DC}:1.0 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1700389&q=" FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Programme\Google\Google Gears\Firefox\ [2010.03.06 01:46:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.01.01 16:27:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.01.02 13:29:30 | 000,000,000 | ---D | M] [2009.02.27 10:41:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2011.01.24 12:01:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\fwst9p6m.default\extensions [2009.09.28 14:11:39 | 000,000,000 | ---D | M] (FlashGot) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\fwst9p6m.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2009.09.04 10:24:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\fwst9p6m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.01.02 13:29:50 | 000,000,000 | ---D | M] (IsoBuster Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\fwst9p6m.default\extensions\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} [2010.08.20 03:17:31 | 000,000,000 | ---D | M] (Stylish) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\fwst9p6m.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2009.03.04 06:52:36 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\fwst9p6m.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.07.15 12:17:53 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\fwst9p6m.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2010.08.12 14:02:17 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\fwst9p6m.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2009.06.08 12:13:47 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\fwst9p6m.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460} [2010.02.13 22:17:01 | 000,000,000 | ---D | M] (Messenger Plus Live Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\fwst9p6m.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761} [2010.08.12 14:02:17 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\fwst9p6m.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.11.11 11:33:08 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\fwst9p6m.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.12.31 14:59:13 | 000,000,000 | ---D | M] (Edit Cookies) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\fwst9p6m.default\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} [2011.01.02 13:29:29 | 000,000,000 | ---D | M] (Gutscheinmieze) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\fwst9p6m.default\extensions\gutscheinmieze@synatix-gmbh.de [2010.02.22 09:02:25 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\fwst9p6m.default\extensions\searchrecs@veoh.com [2009.03.10 10:09:50 | 000,000,681 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\fwst9p6m.default\searchplugins\ask.xml [2011.01.02 20:51:36 | 000,000,909 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\fwst9p6m.default\searchplugins\conduit.xml [2011.01.24 12:01:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.10.18 18:51:50 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2009.07.07 11:22:29 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Programme\Mozilla Firefox\extensions\{DB8CE17D-D561-4CCC-86A2-D3F2D06EA4DC} [2010.03.06 01:46:33 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAMME\GOOGLE\GOOGLE GEARS\FIREFOX [2010.02.26 13:15:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009.09.21 10:05:20 | 001,193,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\Mozilla Firefox\plugins\NpFv41629.dll [2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Programme\Mozilla Firefox\plugins\npmieze.dll [2010.10.21 18:43:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.21 18:43:14 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.01.02 13:29:30 | 000,000,143 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\foxsearch.src [2010.10.21 18:43:14 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.21 18:43:14 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.21 18:43:14 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.02.28 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (IsoBuster Toolbar) - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Programme\IsoBuster\tbIsoB.dll (Conduit Ltd.) O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Programme\Messenger_Plus_Live\tbMes0.dll (Conduit Ltd.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O3 - HKLM\..\Toolbar: (IsoBuster Toolbar) - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Programme\IsoBuster\tbIsoB.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Programme\Messenger_Plus_Live\tbMes0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Gutscheinmieze\toolbar.dll (Synatix GmbH) O3 - HKU\S-1-5-21-1078081533-764733703-839522115-500\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKU\S-1-5-21-1078081533-764733703-839522115-500\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-1078081533-764733703-839522115-500\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKU\S-1-5-21-1078081533-764733703-839522115-500\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1078081533-764733703-839522115-500\..\Toolbar\WebBrowser: (Messenger Plus Live Toolbar) - {9B339F6E-DDCD-401B-8764-230ADBD01761} - C:\Programme\Messenger_Plus_Live\tbMes0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1078081533-764733703-839522115-500\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Gutscheinmieze\toolbar.dll (Synatix GmbH) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Cerberus] File not found O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd) O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [H2O] C:\Programme\Syncrosoft\POS\H2O\cledx.exe (Team H2O) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [LogitechGalleryRepair] C:\Programme\Logitech\ImageStudio\ISStart.exe (Logitech Inc.) O4 - HKLM..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver3\LVComS.exe (Logitech Inc.) O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\MAFWTray.exe (Avid Technology, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] File not found O4 - HKU\S-1-5-21-1078081533-764733703-839522115-500..\Run: [{3E1A597F-68F7-7987-7E7F-8A7AD13A389E}] File not found O4 - HKU\S-1-5-21-1078081533-764733703-839522115-500..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-1078081533-764733703-839522115-500..\Run: [Cerberus] File not found O4 - HKU\S-1-5-21-1078081533-764733703-839522115-500..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe () O4 - HKU\S-1-5-21-1078081533-764733703-839522115-500..\Run: [Rainlendar2] C:\Programme\Rainlendar2\Rainlendar2.exe () O4 - HKU\S-1-5-21-1078081533-764733703-839522115-500..\Run: [SetDefaultMIDI] C:\WINDOWS\System32\MIDIDEF.EXE (Creative Technology Ltd) O4 - HKU\S-1-5-21-1078081533-764733703-839522115-500..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKU\S-1-5-21-1078081533-764733703-839522115-500..\Run: [Userkb] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Servpnp\crtpack.exe () O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\CodeMeter Control Center.lnk = C:\Programme\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PalTalk.lnk = C:\Programme\Paltalk Messenger\paltalk.exe (AVM Software Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ZDWLan Utility.lnk = C:\Programme\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1078081533-764733703-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm () O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programme\Paltalk Messenger\paltalk.exe (AVM Software Inc.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O29 - HKLM SecurityProviders - (mdayyeoc.dll) - File not found O29 - HKLM SecurityProviders - (mxvjiivx.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.01.31 16:44:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.04.05 13:51:56 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ] O32 - AutoRun File - [2010.03.31 09:04:02 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.03.21 15:06:58 | 000,059,310 | RHS- | M] () - I:\autorun.inf -- [ FAT ] O33 - MountPoints2\{252208b1-efb2-11dd-9878-806d6172696f}\Shell\AutoRun\command - "" = D:\setupSNK.exe -- [2008.04.14 06:53:06 | 000,028,672 | ---- | M] (Microsoft Corporation) O33 - MountPoints2\{97a854f4-b5f8-11df-b4bc-001e90f7e609}\Shell - "" = AutoRun O33 - MountPoints2\{97a854f4-b5f8-11df-b4bc-001e90f7e609}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{97a854f4-b5f8-11df-b4bc-001e90f7e609}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: boottvdm - (C:\WINDOWS\browplUI.dll) - File not found O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe - (Logitech) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) MsConfig - StartUpReg: LogitechImageStudioTray - hkey= - key= - C:\Programme\Logitech\ImageStudio\LogiTray.exe (Logitech Inc.) MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: WdfLoadGroup - SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: nm - File not found SafeBootNet: nm.sys - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: WdfLoadGroup - SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3B88504E-B98E-AFDF-1DCD-C58A0869B9A4} - Vektorgrafik-Rendering (VML) ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {T5TBB77L-4678-0MKC-421Q-14416031DYU6} - C:\WINDOWS\system32\System32\cscript.exe.exe Restart ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: midi1 - C:\WINDOWS\System32\ma_cmidn.dll (M-Audio) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.) Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation) Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point (110914695740784640) ========== Files/Folders - Created Within 30 Days ========== [2011.01.24 13:43:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2011.01.24 11:51:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Avira [2011.01.24 11:48:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira [2011.01.24 11:47:46 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2011.01.24 11:47:43 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2011.01.24 11:47:43 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2011.01.24 11:47:43 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2011.01.24 11:47:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2011.01.24 11:40:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Avira.AntiVir.Premium.V10.0.0.641-Plus.NEW.Key [2011.01.24 10:56:26 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2011.01.24 01:34:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Messenger_Plus_Live [2011.01.24 01:34:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\DVDVideoSoftTB [2011.01.24 01:34:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\IsoBuster [2011.01.22 02:19:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Servpnp [2011.01.11 20:35:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\PaltalkScene [2011.01.11 20:35:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\PaltalkScene [2011.01.11 20:35:18 | 000,000,000 | ---D | C] -- C:\Programme\Paltalk Messenger [2011.01.04 13:47:29 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\PACE Anti-Piracy [2011.01.04 13:47:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PACE Anti-Piracy [2011.01.04 13:47:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PACE Anti-Piracy [2011.01.04 13:47:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PACE Anti-Piracy [2011.01.04 13:40:31 | 000,630,784 | ---- | C] (PACE Anti-Piracy) -- C:\WINDOWS\System32\ilinet.dll [2011.01.04 13:40:31 | 000,203,264 | ---- | C] (LibPng) -- C:\WINDOWS\System32\libpng13.dll [2011.01.04 13:40:31 | 000,086,528 | ---- | C] (PACE Anti-Piracy, Inc.) -- C:\WINDOWS\System32\drivers\tpkd.sys [2011.01.04 13:40:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\SONiVOX DVI [2011.01.04 13:40:14 | 000,000,000 | ---D | C] -- C:\Programme\SONiVOX [2011.01.04 13:39:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SONiVOX [2011.01.02 20:41:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\IsoBuster [2011.01.02 13:29:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IsoBuster [2011.01.02 13:29:52 | 000,000,000 | ---D | C] -- C:\Programme\IsoBuster [2011.01.02 13:29:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IsoBuster [2011.01.02 13:29:49 | 000,000,000 | ---D | C] -- C:\Programme\Smart Projects [2011.01.02 13:29:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Gutscheinmieze [2011.01.02 11:45:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\easytoolz [2011.01.01 17:27:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2010.12.26 14:58:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\des [2010.12.25 18:00:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\AM Chromium VA [2010.12.25 18:00:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\AM Chromium VA [2010.12.25 17:56:27 | 000,000,000 | ---D | C] -- C:\Programme\XILS-lab [2010.10.14 15:24:58 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd.dll [2010.10.14 15:24:58 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd.dll [2010.10.14 15:24:58 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd.dll [2009.12.19 14:26:50 | 026,615,399 | ---- | C] (Mohammad Ahmadi Bidakhvidi ) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Setup.exe [2008.03.20 15:35:52 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.01.24 15:45:12 | 000,000,049 | ---- | M] () -- C:\WINDOWS\kh7ptSJh [2011.01.24 15:45:12 | 000,000,048 | ---- | M] () -- C:\WINDOWS\OyLaFpY [2011.01.24 15:45:12 | 000,000,047 | ---- | M] () -- C:\WINDOWS\X2VUkW [2011.01.24 15:45:12 | 000,000,047 | ---- | M] () -- C:\WINDOWS\slVqcQews [2011.01.24 15:45:12 | 000,000,047 | ---- | M] () -- C:\WINDOWS\otJuGY [2011.01.24 15:45:12 | 000,000,047 | ---- | M] () -- C:\WINDOWS\3Pa3wiYfqd [2011.01.24 15:45:12 | 000,000,046 | ---- | M] () -- C:\WINDOWS\KG5olI [2011.01.24 15:45:12 | 000,000,046 | ---- | M] () -- C:\WINDOWS\IWwDT [2011.01.24 15:45:12 | 000,000,045 | ---- | M] () -- C:\WINDOWS\KSj8pJ [2011.01.24 15:45:12 | 000,000,045 | ---- | M] () -- C:\WINDOWS\Jj7rN [2011.01.24 15:45:12 | 000,000,045 | ---- | M] () -- C:\WINDOWS\fXxE7bT [2011.01.24 15:45:12 | 000,000,045 | ---- | M] () -- C:\WINDOWS\8VDa7CXl [2011.01.24 15:45:12 | 000,000,044 | ---- | M] () -- C:\WINDOWS\VXIEcq [2011.01.24 15:45:12 | 000,000,044 | ---- | M] () -- C:\WINDOWS\vQpJrTcBQF [2011.01.24 15:45:12 | 000,000,044 | ---- | M] () -- C:\WINDOWS\sNYXsj [2011.01.24 15:45:12 | 000,000,044 | ---- | M] () -- C:\WINDOWS\JJvvDR [2011.01.24 15:45:12 | 000,000,043 | ---- | M] () -- C:\WINDOWS\YpDSJy [2011.01.24 15:45:12 | 000,000,043 | ---- | M] () -- C:\WINDOWS\2Uk4Omx [2011.01.24 15:45:12 | 000,000,042 | ---- | M] () -- C:\WINDOWS\pfS2Um [2011.01.24 15:45:12 | 000,000,042 | ---- | M] () -- C:\WINDOWS\nvCd6if3w [2011.01.24 15:45:12 | 000,000,042 | ---- | M] () -- C:\WINDOWS\3jKGcwC [2011.01.24 15:45:12 | 000,000,041 | ---- | M] () -- C:\WINDOWS\Wrx6EWy5NX [2011.01.24 15:45:12 | 000,000,041 | ---- | M] () -- C:\WINDOWS\NEjhJ [2011.01.24 15:45:12 | 000,000,041 | ---- | M] () -- C:\WINDOWS\LeHXF [2011.01.24 15:45:12 | 000,000,040 | ---- | M] () -- C:\WINDOWS\v6OmO [2011.01.24 15:45:12 | 000,000,040 | ---- | M] () -- C:\WINDOWS\Jtd8F [2011.01.24 15:45:12 | 000,000,040 | ---- | M] () -- C:\WINDOWS\egE75Sxs [2011.01.24 15:45:12 | 000,000,040 | ---- | M] () -- C:\WINDOWS\AdSXd [2011.01.24 15:45:12 | 000,000,039 | ---- | M] () -- C:\WINDOWS\U3fOBPUBc [2011.01.24 15:45:12 | 000,000,039 | ---- | M] () -- C:\WINDOWS\t8NAq [2011.01.24 15:45:12 | 000,000,039 | ---- | M] () -- C:\WINDOWS\OqM5GLT [2011.01.24 15:45:12 | 000,000,039 | ---- | M] () -- C:\WINDOWS\5G58LL14A [2011.01.24 15:45:12 | 000,000,038 | ---- | M] () -- C:\WINDOWS\VoTElV [2011.01.24 15:45:12 | 000,000,038 | ---- | M] () -- C:\WINDOWS\O5AtO [2011.01.24 15:45:12 | 000,000,038 | ---- | M] () -- C:\WINDOWS\lolVp8E2Sq [2011.01.24 15:45:12 | 000,000,038 | ---- | M] () -- C:\WINDOWS\LmkGgkiF [2011.01.24 15:45:12 | 000,000,037 | ---- | M] () -- C:\WINDOWS\i7JEeABY [2011.01.24 15:45:12 | 000,000,037 | ---- | M] () -- C:\WINDOWS\gJhLQHw8 [2011.01.24 15:45:12 | 000,000,037 | ---- | M] () -- C:\WINDOWS\7gLkamXCV [2011.01.24 15:45:12 | 000,000,037 | ---- | M] () -- C:\WINDOWS\22BMW7 [2011.01.24 15:45:12 | 000,000,036 | ---- | M] () -- C:\WINDOWS\Tx7Wm3eg [2011.01.24 15:45:12 | 000,000,036 | ---- | M] () -- C:\WINDOWS\NWGnE5 [2011.01.24 15:45:12 | 000,000,036 | ---- | M] () -- C:\WINDOWS\NJUaq4 [2011.01.24 15:45:12 | 000,000,036 | ---- | M] () -- C:\WINDOWS\IxigT [2011.01.24 15:45:12 | 000,000,036 | ---- | M] () -- C:\WINDOWS\E1cotQ5ms [2011.01.24 15:45:12 | 000,000,035 | ---- | M] () -- C:\WINDOWS\j5MHLUC [2011.01.24 15:45:12 | 000,000,035 | ---- | M] () -- C:\WINDOWS\InU5UjE [2011.01.24 15:45:12 | 000,000,035 | ---- | M] () -- C:\WINDOWS\GCRklH23 [2011.01.24 15:45:12 | 000,000,035 | ---- | M] () -- C:\WINDOWS\fITo5SKO [2011.01.24 15:45:12 | 000,000,035 | ---- | M] () -- C:\WINDOWS\4tqPC3lA [2011.01.24 15:45:12 | 000,000,034 | ---- | M] () -- C:\WINDOWS\xwgRvKN2dT [2011.01.24 15:45:12 | 000,000,034 | ---- | M] () -- C:\WINDOWS\VAGuFigpQh [2011.01.24 15:45:12 | 000,000,034 | ---- | M] () -- C:\WINDOWS\RehIFV [2011.01.24 15:45:12 | 000,000,034 | ---- | M] () -- C:\WINDOWS\noxvIPvM8 [2011.01.24 15:45:12 | 000,000,034 | ---- | M] () -- C:\WINDOWS\jwdbJS7 [2011.01.24 15:45:12 | 000,000,034 | ---- | M] () -- C:\WINDOWS\6JJRwDUT [2011.01.24 15:45:12 | 000,000,033 | ---- | M] () -- C:\WINDOWS\y78eJvW [2011.01.24 15:45:12 | 000,000,033 | ---- | M] () -- C:\WINDOWS\QVVVN [2011.01.24 15:45:12 | 000,000,033 | ---- | M] () -- C:\WINDOWS\myAcFSqAAJ [2011.01.24 15:45:12 | 000,000,033 | ---- | M] () -- C:\WINDOWS\E78qDIH [2011.01.24 15:45:12 | 000,000,033 | ---- | M] () -- C:\WINDOWS\5nyf1fEa [2011.01.24 15:45:12 | 000,000,032 | ---- | M] () -- C:\WINDOWS\YmH1HIPww [2011.01.24 15:45:12 | 000,000,032 | ---- | M] () -- C:\WINDOWS\OQ3G8wK [2011.01.24 15:45:12 | 000,000,032 | ---- | M] () -- C:\WINDOWS\lBYMDKb [2011.01.24 15:45:12 | 000,000,032 | ---- | M] () -- C:\WINDOWS\awW5Ltxpf [2011.01.24 15:45:12 | 000,000,032 | ---- | M] () -- C:\WINDOWS\1DG6BCm [2011.01.24 15:45:12 | 000,000,031 | ---- | M] () -- C:\WINDOWS\thNrSB2V [2011.01.24 15:45:12 | 000,000,031 | ---- | M] () -- C:\WINDOWS\QD8HB [2011.01.24 15:45:12 | 000,000,031 | ---- | M] () -- C:\WINDOWS\Lixec7 [2011.01.24 15:45:12 | 000,000,031 | ---- | M] () -- C:\WINDOWS\IKTrTG [2011.01.24 15:45:12 | 000,000,031 | ---- | M] () -- C:\WINDOWS\EjLkeU [2011.01.24 15:45:12 | 000,000,031 | ---- | M] () -- C:\WINDOWS\cG5Hstso [2011.01.24 15:45:12 | 000,000,031 | ---- | M] () -- C:\WINDOWS\63Cp1Oet [2011.01.24 15:45:12 | 000,000,031 | ---- | M] () -- C:\WINDOWS\5Wa87L [2011.01.24 15:45:12 | 000,000,030 | ---- | M] () -- C:\WINDOWS\qDgOR [2011.01.24 15:45:12 | 000,000,030 | ---- | M] () -- C:\WINDOWS\nhj8qXLov [2011.01.24 15:45:12 | 000,000,030 | ---- | M] () -- C:\WINDOWS\GnFLPKDtyK [2011.01.24 15:45:12 | 000,000,030 | ---- | M] () -- C:\WINDOWS\C62hiui [2011.01.24 15:45:12 | 000,000,029 | ---- | M] () -- C:\WINDOWS\XYOHDo [2011.01.24 15:45:12 | 000,000,029 | ---- | M] () -- C:\WINDOWS\uH2whCXiG [2011.01.24 15:45:12 | 000,000,029 | ---- | M] () -- C:\WINDOWS\lRvp8qsw [2011.01.24 15:45:12 | 000,000,029 | ---- | M] () -- C:\WINDOWS\kBAie [2011.01.24 15:45:12 | 000,000,029 | ---- | M] () -- C:\WINDOWS\JfKDsowR [2011.01.24 15:45:12 | 000,000,029 | ---- | M] () -- C:\WINDOWS\birbkGtK [2011.01.24 15:45:12 | 000,000,029 | ---- | M] () -- C:\WINDOWS\ax8uM4r7LP [2011.01.24 15:45:12 | 000,000,029 | ---- | M] () -- C:\WINDOWS\APpT6oqFk [2011.01.24 15:45:12 | 000,000,028 | ---- | M] () -- C:\WINDOWS\Usf1ElUGS [2011.01.24 15:45:12 | 000,000,028 | ---- | M] () -- C:\WINDOWS\u4XNSwghot [2011.01.24 15:45:12 | 000,000,028 | ---- | M] () -- C:\WINDOWS\kipV83i [2011.01.24 15:45:12 | 000,000,028 | ---- | M] () -- C:\WINDOWS\Fd5jCgjD [2011.01.24 15:45:12 | 000,000,028 | ---- | M] () -- C:\WINDOWS\e6JaP [2011.01.24 15:45:12 | 000,000,028 | ---- | M] () -- C:\WINDOWS\dUAU1UB [2011.01.24 15:45:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\ruqvTxBnU [2011.01.24 15:45:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\GJgrd [2011.01.24 15:45:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\FgoHg [2011.01.24 15:45:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\bVIeGoH [2011.01.24 15:45:12 | 000,000,026 | ---- | M] () -- C:\WINDOWS\hUcwRlUJ [2011.01.24 14:15:38 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei4 [2011.01.24 14:15:38 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei2 [2011.01.24 14:15:38 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei3 [2011.01.24 14:15:38 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei1 [2011.01.24 14:15:38 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei7 [2011.01.24 14:15:38 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei5 [2011.01.24 14:15:38 | 000,000,468 | ---- | M] () -- C:\WINDOWS\System32\Datei0 [2011.01.24 14:15:38 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei9 [2011.01.24 14:15:38 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei8 [2011.01.24 14:15:38 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei10 [2011.01.24 14:15:38 | 000,000,465 | ---- | M] () -- C:\WINDOWS\System32\Datei6 [2011.01.24 13:47:29 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2011.01.24 13:47:05 | 000,160,101 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011.01.24 13:46:38 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.01.24 13:46:33 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.01.24 13:46:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.01.24 13:34:56 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000004-00001102-00000008-40021102}.rfx [2011.01.24 13:34:56 | 000,001,104 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000004-00001102-00000008-40021102}.rfx [2011.01.24 13:34:56 | 000,001,104 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000004-00001102-00000008-40021102}.rfx [2011.01.24 13:34:56 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000004-00001102-00000008-40021102}.rfx [2011.01.24 13:34:56 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000004-00001102-00000008-40021102}.rfx [2011.01.24 12:06:22 | 000,296,448 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\pfff6juv.exe [2011.01.24 12:01:03 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.01.24 11:48:11 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk [2011.01.24 11:26:04 | 000,000,155 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011.01.24 11:09:39 | 000,448,396 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.01.24 11:09:39 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.01.24 11:09:39 | 000,080,092 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.01.24 11:09:39 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.01.21 19:00:06 | 000,000,144 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss [2011.01.21 19:00:06 | 000,000,144 | ---- | M] () -- C:\WINDOWS\System32\msvcsv60.dll [2011.01.21 19:00:06 | 000,000,144 | ---- | M] () -- C:\WINDOWS\msocreg32.dat [2011.01.11 20:35:39 | 000,001,604 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PalTalk.lnk [2011.01.11 20:35:39 | 000,001,060 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Upgrade to Paltalk Extreme.lnk [2011.01.11 20:35:38 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\PaltalkScene.lnk [2011.01.08 10:07:54 | 000,000,134 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\default.pls [2011.01.04 13:40:31 | 000,001,059 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\SONiVOX DVI User Guide.lnk [2011.01.04 13:40:31 | 000,000,974 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Harmonica.lnk [2011.01.03 08:54:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.01.24 12:06:21 | 000,296,448 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\pfff6juv.exe [2011.01.24 11:48:11 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk [2011.01.11 20:35:39 | 000,001,060 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Upgrade to Paltalk Extreme.lnk [2011.01.11 20:35:38 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\PaltalkScene.lnk [2011.01.08 10:07:54 | 000,000,134 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\default.pls [2011.01.07 10:49:08 | 000,000,049 | ---- | C] () -- C:\WINDOWS\kh7ptSJh [2011.01.07 10:49:08 | 000,000,048 | ---- | C] () -- C:\WINDOWS\OyLaFpY [2011.01.07 10:49:08 | 000,000,047 | ---- | C] () -- C:\WINDOWS\X2VUkW [2011.01.07 10:49:08 | 000,000,047 | ---- | C] () -- C:\WINDOWS\slVqcQews [2011.01.07 10:49:08 | 000,000,047 | ---- | C] () -- C:\WINDOWS\otJuGY [2011.01.07 10:49:08 | 000,000,047 | ---- | C] () -- C:\WINDOWS\3Pa3wiYfqd [2011.01.07 10:49:08 | 000,000,046 | ---- | C] () -- C:\WINDOWS\KG5olI [2011.01.07 10:49:08 | 000,000,046 | ---- | C] () -- C:\WINDOWS\IWwDT [2011.01.07 10:49:08 | 000,000,045 | ---- | C] () -- C:\WINDOWS\KSj8pJ [2011.01.07 10:49:08 | 000,000,045 | ---- | C] () -- C:\WINDOWS\Jj7rN [2011.01.07 10:49:08 | 000,000,045 | ---- | C] () -- C:\WINDOWS\fXxE7bT [2011.01.07 10:49:08 | 000,000,045 | ---- | C] () -- C:\WINDOWS\8VDa7CXl [2011.01.07 10:49:08 | 000,000,044 | ---- | C] () -- C:\WINDOWS\VXIEcq [2011.01.07 10:49:08 | 000,000,044 | ---- | C] () -- C:\WINDOWS\vQpJrTcBQF [2011.01.07 10:49:08 | 000,000,044 | ---- | C] () -- C:\WINDOWS\sNYXsj [2011.01.07 10:49:08 | 000,000,044 | ---- | C] () -- C:\WINDOWS\JJvvDR [2011.01.07 10:49:08 | 000,000,043 | ---- | C] () -- C:\WINDOWS\YpDSJy [2011.01.07 10:49:08 | 000,000,043 | ---- | C] () -- C:\WINDOWS\2Uk4Omx [2011.01.07 10:49:08 | 000,000,042 | ---- | C] () -- C:\WINDOWS\pfS2Um [2011.01.07 10:49:08 | 000,000,042 | ---- | C] () -- C:\WINDOWS\nvCd6if3w [2011.01.07 10:49:08 | 000,000,042 | ---- | C] () -- C:\WINDOWS\3jKGcwC [2011.01.07 10:49:08 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Wrx6EWy5NX [2011.01.07 10:49:08 | 000,000,041 | ---- | C] () -- C:\WINDOWS\NEjhJ [2011.01.07 10:49:08 | 000,000,041 | ---- | C] () -- C:\WINDOWS\LeHXF [2011.01.07 10:49:08 | 000,000,040 | ---- | C] () -- C:\WINDOWS\v6OmO [2011.01.07 10:49:08 | 000,000,040 | ---- | C] () -- C:\WINDOWS\Jtd8F [2011.01.07 10:49:08 | 000,000,040 | ---- | C] () -- C:\WINDOWS\egE75Sxs [2011.01.07 10:49:08 | 000,000,040 | ---- | C] () -- C:\WINDOWS\AdSXd [2011.01.07 10:49:08 | 000,000,039 | ---- | C] () -- C:\WINDOWS\U3fOBPUBc [2011.01.07 10:49:08 | 000,000,039 | ---- | C] () -- C:\WINDOWS\t8NAq [2011.01.07 10:49:08 | 000,000,039 | ---- | C] () -- C:\WINDOWS\OqM5GLT [2011.01.07 10:49:08 | 000,000,039 | ---- | C] () -- C:\WINDOWS\5G58LL14A [2011.01.07 10:49:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\VoTElV [2011.01.07 10:49:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\O5AtO [2011.01.07 10:49:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\lolVp8E2Sq [2011.01.07 10:49:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\LmkGgkiF [2011.01.07 10:49:08 | 000,000,037 | ---- | C] () -- C:\WINDOWS\i7JEeABY [2011.01.07 10:49:08 | 000,000,037 | ---- | C] () -- C:\WINDOWS\gJhLQHw8 [2011.01.07 10:49:08 | 000,000,037 | ---- | C] () -- C:\WINDOWS\7gLkamXCV [2011.01.07 10:49:08 | 000,000,037 | ---- | C] () -- C:\WINDOWS\22BMW7 [2011.01.07 10:49:08 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tx7Wm3eg [2011.01.07 10:49:08 | 000,000,036 | ---- | C] () -- C:\WINDOWS\NWGnE5 [2011.01.07 10:49:08 | 000,000,036 | ---- | C] () -- C:\WINDOWS\NJUaq4 [2011.01.07 10:49:08 | 000,000,036 | ---- | C] () -- C:\WINDOWS\IxigT [2011.01.07 10:49:08 | 000,000,036 | ---- | C] () -- C:\WINDOWS\E1cotQ5ms [2011.01.07 10:49:08 | 000,000,035 | ---- | C] () -- C:\WINDOWS\j5MHLUC [2011.01.07 10:49:08 | 000,000,035 | ---- | C] () -- C:\WINDOWS\InU5UjE [2011.01.07 10:49:08 | 000,000,035 | ---- | C] () -- C:\WINDOWS\GCRklH23 [2011.01.07 10:49:08 | 000,000,035 | ---- | C] () -- C:\WINDOWS\fITo5SKO [2011.01.07 10:49:08 | 000,000,035 | ---- | C] () -- C:\WINDOWS\4tqPC3lA [2011.01.07 10:49:08 | 000,000,034 | ---- | C] () -- C:\WINDOWS\xwgRvKN2dT [2011.01.07 10:49:08 | 000,000,034 | ---- | C] () -- C:\WINDOWS\VAGuFigpQh [2011.01.07 10:49:08 | 000,000,034 | ---- | C] () -- C:\WINDOWS\RehIFV [2011.01.07 10:49:08 | 000,000,034 | ---- | C] () -- C:\WINDOWS\noxvIPvM8 [2011.01.07 10:49:08 | 000,000,034 | ---- | C] () -- C:\WINDOWS\jwdbJS7 [2011.01.07 10:49:08 | 000,000,034 | ---- | C] () -- C:\WINDOWS\6JJRwDUT [2011.01.07 10:49:08 | 000,000,033 | ---- | C] () -- C:\WINDOWS\y78eJvW [2011.01.07 10:49:08 | 000,000,033 | ---- | C] () -- C:\WINDOWS\QVVVN [2011.01.07 10:49:08 | 000,000,033 | ---- | C] () -- C:\WINDOWS\myAcFSqAAJ [2011.01.07 10:49:08 | 000,000,033 | ---- | C] () -- C:\WINDOWS\E78qDIH [2011.01.07 10:49:08 | 000,000,033 | ---- | C] () -- C:\WINDOWS\5nyf1fEa [2011.01.07 10:49:08 | 000,000,032 | ---- | C] () -- C:\WINDOWS\YmH1HIPww [2011.01.07 10:49:08 | 000,000,032 | ---- | C] () -- C:\WINDOWS\OQ3G8wK [2011.01.07 10:49:08 | 000,000,032 | ---- | C] () -- C:\WINDOWS\lBYMDKb [2011.01.07 10:49:08 | 000,000,032 | ---- | C] () -- C:\WINDOWS\awW5Ltxpf [2011.01.07 10:49:08 | 000,000,032 | ---- | C] () -- C:\WINDOWS\1DG6BCm [2011.01.07 10:49:08 | 000,000,031 | ---- | C] () -- C:\WINDOWS\thNrSB2V [2011.01.07 10:49:08 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QD8HB [2011.01.07 10:49:08 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Lixec7 [2011.01.07 10:49:08 | 000,000,031 | ---- | C] () -- C:\WINDOWS\IKTrTG [2011.01.07 10:49:08 | 000,000,031 | ---- | C] () -- C:\WINDOWS\EjLkeU [2011.01.07 10:49:08 | 000,000,031 | ---- | C] () -- C:\WINDOWS\cG5Hstso [2011.01.07 10:49:08 | 000,000,031 | ---- | C] () -- C:\WINDOWS\63Cp1Oet [2011.01.07 10:49:08 | 000,000,031 | ---- | C] () -- C:\WINDOWS\5Wa87L [2011.01.07 10:49:08 | 000,000,030 | ---- | C] () -- C:\WINDOWS\qDgOR [2011.01.07 10:49:08 | 000,000,030 | ---- | C] () -- C:\WINDOWS\nhj8qXLov [2011.01.07 10:49:08 | 000,000,030 | ---- | C] () -- C:\WINDOWS\GnFLPKDtyK [2011.01.07 10:49:08 | 000,000,030 | ---- | C] () -- C:\WINDOWS\C62hiui [2011.01.07 10:49:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\XYOHDo [2011.01.07 10:49:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\uH2whCXiG [2011.01.07 10:49:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\lRvp8qsw [2011.01.07 10:49:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\kBAie [2011.01.07 10:49:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\JfKDsowR [2011.01.07 10:49:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\birbkGtK [2011.01.07 10:49:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\ax8uM4r7LP [2011.01.07 10:49:08 | 000,000,029 | ---- | C] () -- C:\WINDOWS\APpT6oqFk [2011.01.07 10:49:08 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Usf1ElUGS [2011.01.07 10:49:08 | 000,000,028 | ---- | C] () -- C:\WINDOWS\u4XNSwghot [2011.01.07 10:49:08 | 000,000,028 | ---- | C] () -- C:\WINDOWS\kipV83i [2011.01.07 10:49:08 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Fd5jCgjD [2011.01.07 10:49:08 | 000,000,028 | ---- | C] () -- C:\WINDOWS\e6JaP [2011.01.07 10:49:08 | 000,000,028 | ---- | C] () -- C:\WINDOWS\dUAU1UB [2011.01.07 10:49:08 | 000,000,027 | ---- | C] () -- C:\WINDOWS\ruqvTxBnU [2011.01.07 10:49:08 | 000,000,027 | ---- | C] () -- C:\WINDOWS\GJgrd [2011.01.07 10:49:08 | 000,000,027 | ---- | C] () -- C:\WINDOWS\FgoHg [2011.01.07 10:49:08 | 000,000,027 | ---- | C] () -- C:\WINDOWS\bVIeGoH [2011.01.07 10:49:08 | 000,000,026 | ---- | C] () -- C:\WINDOWS\hUcwRlUJ [2011.01.04 13:40:31 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll [2011.01.04 13:40:31 | 000,001,059 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\SONiVOX DVI User Guide.lnk [2011.01.04 13:40:31 | 000,000,974 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Harmonica.lnk [2010.12.25 17:56:27 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\FxGoWinFu.dll [2010.12.18 20:44:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msexch41.dll [2010.12.07 08:36:07 | 000,000,162 | ---- | C] () -- C:\WINDOWS\msmmdx9.ini [2010.11.17 10:55:03 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll [2010.11.17 10:04:16 | 001,060,880 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.11.16 20:20:46 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010.11.16 20:20:46 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010.11.16 20:18:16 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc [2010.11.13 22:34:19 | 000,053,248 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\chrtmp [2010.10.14 15:25:02 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd.dll [2010.10.14 15:25:02 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd.ini [2010.10.14 15:25:00 | 000,301,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd.sys [2010.05.25 07:45:24 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2010.05.25 07:45:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2010.05.25 07:45:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2010.05.25 07:45:24 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2010.04.05 15:18:32 | 000,520,267 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll [2010.02.09 15:16:30 | 000,128,272 | R--- | C] () -- C:\WINDOWS\System32\Lfkodak.dll [2010.02.09 15:15:54 | 000,344,336 | R--- | C] () -- C:\WINDOWS\System32\Lffpx7.dll [2010.01.18 17:10:59 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibree.dll [2010.01.18 17:10:59 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibram.dll [2010.01.18 17:10:59 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibqqe.dll [2010.01.18 17:10:59 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibmmn.dll [2010.01.18 17:10:59 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibjy.dll [2010.01.18 17:10:59 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibgs.dll [2010.01.18 17:10:59 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibfg.dll [2010.01.18 17:10:59 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibff.dll [2010.01.18 17:10:59 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibeh.dll [2010.01.18 17:10:59 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibddf.dll [2010.01.18 17:10:59 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\slibtth.dll [2010.01.18 17:10:59 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\slibkhj.dll [2009.12.27 14:49:31 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009.12.08 11:28:04 | 000,000,209 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009.12.01 09:56:31 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll [2009.11.15 10:13:04 | 000,040,960 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TweetAdder [2009.11.07 15:56:31 | 000,000,155 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009.10.05 13:15:25 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009.10.05 13:15:24 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009.10.04 19:19:37 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2009.09.23 16:21:16 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI [2009.09.23 16:20:55 | 000,011,653 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2009.09.23 16:20:06 | 000,000,816 | ---- | C] () -- C:\WINDOWS\_delis32.ini [2009.07.22 11:05:59 | 004,332,032 | ---- | C] () -- C:\WINDOWS\System32\PSP MixBass2.dll [2009.07.22 11:04:28 | 004,059,136 | ---- | C] () -- C:\WINDOWS\System32\PSP MasterComp.dll [2009.07.22 11:04:28 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pspmcdx.dll [2009.07.22 11:03:47 | 006,791,168 | ---- | C] () -- C:\WINDOWS\System32\PSP Xenon.dll [2009.07.21 09:39:23 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys [2009.07.07 10:59:30 | 006,356,992 | ---- | C] () -- C:\WINDOWS\System32\PSP VintageWarmer.dll [2009.07.07 10:59:29 | 006,365,184 | ---- | C] () -- C:\WINDOWS\System32\PSP VintageWarmer2.dll [2009.06.26 09:31:58 | 000,000,101 | ---- | C] () -- C:\WINDOWS\VSWizard.ini [2009.06.15 16:00:00 | 000,140,966 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MMultiBandDynamicspresets.xml [2009.06.15 16:00:00 | 000,050,760 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MSpectralDynamicspresets.xml [2009.06.15 16:00:00 | 000,026,438 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MDynamicspresets.xml [2009.06.15 16:00:00 | 000,022,238 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MMultiBandLimiterpresets.xml [2009.06.15 16:00:00 | 000,010,486 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MEqualizerLinearPhasepresets.xml [2009.06.15 16:00:00 | 000,004,150 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MStereoProcessorpresets.xml [2009.06.15 16:00:00 | 000,001,403 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MUltraMaximizerpresets.xml [2009.06.11 22:16:12 | 000,000,047 | ---- | C] () -- C:\WINDOWS\SamControlpanel95.INI [2009.06.11 07:29:56 | 000,000,711 | ---- | C] () -- C:\WINDOWS\Sam10_E.INI [2009.05.01 06:00:01 | 000,000,276 | ---- | C] () -- C:\WINDOWS\game.ini [2009.03.05 11:51:25 | 004,874,240 | ---- | C] () -- C:\WINDOWS\System32\DSE2_DFT.dll [2009.03.04 06:23:14 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\FDlg.dll [2009.02.27 08:17:07 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll [2009.02.27 08:17:07 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL [2009.02.25 09:37:28 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll [2009.02.12 04:05:31 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2009.02.04 10:51:16 | 000,071,680 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.02.03 11:49:04 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009.02.01 12:53:19 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll [2009.01.31 20:47:22 | 000,002,240 | ---- | C] () -- C:\WINDOWS\LENDIG.sys [2009.01.31 19:08:57 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\wrmlchasv.dll [2009.01.31 19:04:15 | 000,001,327 | ---- | C] () -- C:\WINDOWS\MusicStudio.INI [2009.01.31 19:02:57 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll [2009.01.31 19:02:28 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2009.01.31 19:02:16 | 000,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2009.01.31 17:18:13 | 000,031,109 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini [2009.01.31 17:04:48 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL [2009.01.31 16:24:22 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008.03.20 15:02:24 | 000,097,461 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini [2008.03.20 15:02:24 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2008.03.20 14:36:48 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll [2008.03.19 10:04:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008.03.19 10:04:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008.03.19 10:04:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008.03.19 10:04:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008.03.19 10:04:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007.10.12 22:20:06 | 000,151,417 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2006.10.02 16:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini [2005.06.16 17:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll [2004.01.12 16:32:52 | 000,249,910 | ---- | C] () -- C:\WINDOWS\System32\VIR_Lib.dll [2002.03.02 04:10:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.03.02 09:46:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ableton [2011.01.22 07:54:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Acycel [2010.08.25 09:53:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe [2010.10.25 09:01:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Agqa [2010.11.02 14:42:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ahead [2009.03.05 09:07:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Apple Computer [2009.06.03 09:47:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Applied Acoustics Systems [2011.01.24 11:51:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Avira [2009.09.23 01:44:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canneverbe_Limited [2009.12.27 22:43:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Command & Conquer 3 Tiberium Wars [2010.10.08 21:19:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Creative [2009.02.03 11:58:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools [2009.02.03 12:01:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools Lite [2009.02.03 11:58:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools Pro [2010.10.18 19:06:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DivX [2009.02.02 16:32:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\dvdcss [2010.08.12 14:02:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers [2011.01.18 04:24:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\EmuPatchMixDSP [2009.02.01 10:49:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FabFilter [2010.06.17 20:58:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Facebook [2010.03.28 14:57:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Flatcast [2010.10.18 19:37:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FreeVideoConverter [2011.01.02 13:29:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Gutscheinmieze [2009.02.12 22:09:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Help [2009.08.02 10:16:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Identities [2010.04.13 06:16:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\iGrafx [2009.02.01 12:51:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InstallShield [2011.01.07 22:38:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ivoc [2009.07.07 11:22:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\iZotope [2009.01.31 19:28:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Juce VST Host [2009.07.27 17:17:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\KORG [2009.02.22 15:40:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech [2009.02.22 15:40:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Logitech [2009.02.03 12:01:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia [2010.02.27 09:41:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MAGIX [2009.06.08 12:17:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes [2009.07.27 17:30:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MeldaProduction MAutoEqualizer [2010.04.13 06:15:49 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft [2009.05.15 00:29:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Move Networks [2009.02.27 10:41:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla [2009.06.26 19:32:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MSPS [2010.03.31 07:36:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nero [2010.02.26 13:18:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenOffice.org [2011.01.04 13:47:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PACE Anti-Piracy [2011.01.11 20:39:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Paltalk [2010.11.17 10:54:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PC Tools [2010.11.11 22:26:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PhotoLine [2010.12.29 21:56:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong [2009.02.04 10:49:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Propellerhead Software [2009.11.19 11:48:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Publish Providers [2010.10.31 05:10:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Qesex [2010.12.13 20:35:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\REAPER [2010.11.16 20:16:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Samsung [2011.01.22 02:19:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Servpnp [2010.05.16 11:07:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sincell [2011.01.24 13:31:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype [2011.01.24 09:22:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\skypePM [2009.11.19 11:50:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony [2009.11.19 16:12:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sony Creative Software [2009.04.28 10:04:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Steinberg [2009.03.03 09:42:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun [2010.09.01 21:02:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\U3 [2009.11.19 11:03:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\VirSyn Software Synthesizer [2009.02.02 16:32:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc [2009.01.31 19:21:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Waves Audio [2009.06.15 11:09:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Waves Preferences [2009.03.03 09:47:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\WinRAR < %APPDATA%\*.exe /s > [2009.12.19 14:26:51 | 026,615,399 | ---- | M] (Mohammad Ahmadi Bidakhvidi ) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Setup.exe [2010.06.17 20:58:14 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Facebook\uninstall.exe [2010.06.10 14:19:22 | 000,825,856 | ---- | M] (Synatix GmbH) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Gutscheinmieze\uninstall.exe [2010.10.23 18:31:11 | 002,788,816 | ---- | M] (Adobe Systems, Inc.) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2009.03.18 01:11:29 | 000,009,662 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{5492EC47-EADA-41FA-955F-5C0B488F1170}\_0BC52E6C9B231563F232D9.exe [2009.03.18 01:11:29 | 000,009,662 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{5492EC47-EADA-41FA-955F-5C0B488F1170}\_E171EDC3E7A8E0A63A75D1.exe [2010.03.13 08:12:12 | 000,022,486 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{80379774-93AF-4FAD-BB3D-67E55ACFE2AE}\_6FEFF9B68218417F98F549.exe [2010.03.13 08:12:13 | 000,022,486 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{80379774-93AF-4FAD-BB3D-67E55ACFE2AE}\_C6BF509AA1B3C451FC60F4.exe [2010.03.13 08:12:13 | 000,022,486 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{80379774-93AF-4FAD-BB3D-67E55ACFE2AE}\_D632B189C79BF94F075E27.exe [2009.06.19 11:18:46 | 000,030,208 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{AF25AEFA-F76B-48A7-A709-C69AD56AED51}\IconTmpl.108DF49C_3AB4_4A7D_B6FD_8B6286B317FA.exe [2009.06.19 11:18:46 | 000,008,192 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{AF25AEFA-F76B-48A7-A709-C69AD56AED51}\IconTmpl1.108DF49C_3AB4_4A7D_B6FD_8B6286B317FA.exe [2009.06.19 11:18:46 | 000,014,848 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Installer\{AF25AEFA-F76B-48A7-A709-C69AD56AED51}\IconTmpl4.A961A077_4BD0_4C98_86BC_EE4A98CE550D.exe [2009.02.12 19:37:34 | 000,097,144 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Move Networks\ie_bin\MovePlayerUpgrade.exe [2009.05.15 00:29:12 | 000,034,062 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Move Networks\ie_bin\Uninst.exe [2009.09.28 14:11:40 | 000,167,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\fwst9p6m.default\FlashGot.exe [2011.01.22 02:19:26 | 000,278,528 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Servpnp\crtpack.exe [2007.10.23 08:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\U3\temp\cleanup.exe [2008.05.02 09:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\U3\temp\Launchpad Removal.exe < %SYSTEMDRIVE%\*.exe > [2009.12.10 00:32:40 | 000,000,000 | ---- | M] () -- C:\msn_messenger.exe < MD5 for: AGP440.SYS > [2006.02.28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2006.02.28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2006.02.28 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2006.02.28 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2006.02.28 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: NETLOGON.DLL > [2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2006.02.28 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2006.02.28 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2006.02.28 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2006.02.28 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2006.02.28 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.02.28 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2006.02.28 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2009.02.03 11:49:04 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2009.01.31 17:22:35 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2009.01.31 17:22:35 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2009.01.31 17:22:35 | 000,425,984 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.04.14 07:52:16 | 000,087,040 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mprapi.dll [6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 212 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 @Alternate Data Stream - 1217 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:idWlrzxLQyGehPo4RHSHAh1V @Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 < End of report > |
|
24.01.2011, 16:30
| #4 |
| | mein hijacklog --> bitte um hilfe antivir sowie wlan adapter funkt. nicht extras: Code:
ATTFilter OTL Extras logfile created on: 24.01.2011 15:47:04 - Run 1
OTL by OldTimer - Version 3.2.20.5 Folder = I:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 244,14 Gb Total Space | 6,33 Gb Free Space | 2,59% Space Free | Partition Type: NTFS
Drive D: | 221,61 Gb Total Space | 15,48 Gb Free Space | 6,99% Space Free | Partition Type: NTFS
Drive F: | 146,48 Gb Total Space | 135,47 Gb Free Space | 92,48% Space Free | Partition Type: NTFS
Drive G: | 785,02 Gb Total Space | 640,02 Gb Free Space | 81,53% Space Free | Partition Type: NTFS
Drive I: | 1,88 Gb Total Space | 1,86 Gb Free Space | 98,98% Space Free | Partition Type: FAT
Computer Name: MAC10-6727E048D | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-1078081533-764733703-839522115-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\games\cof5\CoDWaW.unpacked.exe" = D:\games\cof5\CoDWaW.unpacked.exe:*:Enabled:Call of Duty(R): World at War Campaign/Coop
"C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server -- (WIBU-SYSTEMS AG)
"D:\games\anno\Anno1701.exe" = D:\games\anno\Anno1701.exe:*:Enabled:Anno 1701
"D:\games\sparta\AWE.exe" = D:\games\sparta\AWE.exe:*:Enabled:AWE
"D:\games\age3\age3.exe" = D:\games\age3\age3.exe:*:Enabled:Age of Empires 3 -- (Ensemble Studios)
"D:\games\cac\RetailExe\1.4\cnc3game.dat" = D:\games\cac\RetailExe\1.4\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars
"D:\games\dow\Dawn of War - Dark Crusade\DarkCrusade.exe" = D:\games\dow\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade -- (THQ Canada Inc.)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Programme\Paltalk Messenger\paltalk.exe" = C:\Programme\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene -- (AVM Software Inc.)
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\jivexviewer\jre\bin\JiveX[dv] light" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\jivexviewer\jre\bin\JiveX[dv] light:*:Enabled:Java(TM) 2 Platform Standard Edition binary
"E:\res\jre\bin\javaw.exe" = E:\res\jre\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Programme\NetDragon\91 Mobile\android\Android PC Suite.exe" = C:\Programme\NetDragon\91 Mobile\android\Android PC Suite.exe:*:Enabled:PC Suite -- (Chinese ORG)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A1FF29-FB6E-4A05-8D22-827B3E50DDEC}" = YoutubeFriendAdderPro
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{12F3472F-8578-4816-92A1-0374D193EE12}" = 91ÊÖ»úÖúÊÖ for Android
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{15b1946a-62b6-4b00-90fa-8f1eba05895d}" = Nero InCD-Reader
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{18CABAC3-554E-4C04-B9F7-A7261C87968C}" = S-YXG50 Trial
"{1ACF68E6-888C-4182-89F7-C10F8C8F3026}" = Sitecom USB EasyCam VP-003
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F145099-1224-4C5B-84F2-7AE6DC699F1A}" = Enigma
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218AA20E-F016-4385-9F74-04FF8E596FB2}" = SampleMoog
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3354c5d7-f149-432c-b73d-7aa27c046620}" =
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{36B246BE-24F0-4177-B5D5-F24DE6F058AE}" = Vocal Imitation Demo
"{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = MA_CMIDI
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F9170C9-A7C2-408F-A4D8-EC77250040BF}" = Sound Forge Pro 10.0
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{423C4130-EBC3-410A-B3A0-37BBF9D607D5}" = T-RackS 3 Deluxe
"{42F7C377-2A1F-44FB-A17F-053C29E81031}" = Nero 7 Premium
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC1E1A2-D7E3-42D6-AD54-69158C49AA6F}" = Visual Basic for Applications (R) Core
"{4F98AB76-2B8D-4A03-B5BB-87D33DBAA41A}" = FriendAdderElite
"{506A08D9-6AE4-4D02-9535-A6D4839F849A}" = T-RackS 3 Classic Clipper
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{5492EC47-EADA-41FA-955F-5C0B488F1170}" = Tube Increaser
"{56352E20-B3EA-4FE5-99CE-B621EA033BD6}" = FBP - Facebook Blaster Pro
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{581CE7EA-A30D-0000-1211-088635773309}" = ZyDAS IEEE 802.11 b+g Wireless LAN - USB
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{620FE3A6-F576-4ECC-9734-FA2DCFA4FF82}" = KORG Legacy Collection - ANALOG EDITION 2007
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{64522D5F-4743-4939-8E22-B1878FB68772}" = M-Audio FireWire Driver 6.0.1 (x86)
"{648C1BFD-6A70-46D8-B855-F84D95C2DC34}" = CSR
"{6559654F-2F38-491F-8411-211517C3E635}" = SampleTank 2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CA280F4-B354-4167-A262-ABE8347109D2}" = Vocal Rack Trial
"{6f4cf20b-b9a3-421b-a54b-ab13469e7fcf}" =
"{70BA5C06-2D05-47BB-91F1-0D2571B1F073}" = EZ YouTube Increaser
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7bed7e06-eded-4d8c-a3b6-7abaf5a0a13f}" =
"{7c235232-8f7b-4f9c-88e5-11ca89234bcd}" =
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80379774-93AF-4FAD-BB3D-67E55ACFE2AE}" = The Increaser
"{81974750-D4B1-4690-B168-D31F9A599542}" = SampleTron
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8397b42a-47a7-4c91-8f00-31441d0d854f}" =
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84864f88-80a4-4848-aa29-486a297b8919}" = SecurDisc Viewer
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8ED43CF1-5E56-4D0C-AEB1-A9F9C164B9BC}" = Miroslav Philharmonik CE
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9624502C-3D39-41A0-8917-858EC16769CE}" = KORG M1 Le
"{97F40ED6-C2F9-422F-BFDC-BDABAD01675A}" = T-RackS 3 Vintage Compressor 670
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B7802FF-2E35-4361-8A82-D207C7E9F99B}" = Camtasia Studio 5
"{9CEF84F6-1AE8-49EF-8D02-D3884E9CD694}" = T-RackS 3 Classic Multiband Limiter
"{9e12ecc4-3702-4609-866f-fb0973f9e233}" = Nero 9 Lite
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB85EE3E-1791-4A85-BD60-CD1349ECBD6C}" = Samplitude 11
"{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1" = Bass Station 1.51
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AF25AEFA-F76B-48A7-A709-C69AD56AED51}" = CodeMeter Runtime Kit v3.20c
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0E565B0-03A0-40D9-A514-000634AA58C6}" = KORG Legacy Collection - DIGITAL EDITION
"{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}" = Microsoft Games for Windows - LIVE Redistributable
"{D416328F-D3ED-4DFD-A8E0-C31466E8E039}" = Tube Toolbox
"{D5696FE6-4D4A-4680-B0CE-2D043F908350}" = Visual Basic for Applications (R) Core - English
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D972F309-7376-4B25-10AA-04C80D13E1F4}" = iGrafx 2009
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E622ECC4-4310-4D7B-B401-159E0C22516A}" = Final Master Trial
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EABACFC4-1CB1-438E-A418-0A3B21CD30D1}" = Waves Gold Processors 3.6
"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F659CCC7-63C8-49CC-8A76-34131CE5D3A8}" = Tube Toolbox
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA200000-0001-0000-0000-074957833700}" = ABBYY PDF Transformer 2.0
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4Front Mastering Bundle DX and VST_is1" = 4Front Mastering Bundle DX and VST R1.2
"ACE-HIGH MP3 WAV WMA OGG Converter" = ACE-HIGH MP3 WAV WMA OGG Converter
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AKAI professional VST Collection v1.0" = AKAI professional VST Collection v1.0
"AM Chromium VA1.0" = AM Chromium VA
"Analog Factory SE_is1" = Analog Factory SE 1.2
"Antares Auto-Tune v4.39" = Antares Auto-Tune v4.39
"Antares Microphone Modeler DX v1.32" = Antares Microphone Modeler DX v1.32
"Applied Accoustics UltraAnalog VA-1 v1.01" = Applied Accoustics UltraAnalog VA-1 v1.01
"Art Vista Virtual Grand Piano" = Art Vista Virtual Grand Piano
"Arturia Arp2600 V v1.0" = Arturia Arp2600 V v1.0
"Arturia Moog Modular V v1.1" = Arturia Moog Modular V v1.1
"ASIO4ALL" = ASIO4ALL
"Ask Toolbar_is1" = Ask Toolbar
"asterisk key" = Asterisk Key 10.0
"Atmosphere_is1" = Atmosphere
"AudioRealism" = AudioRealism Bass Line 2 (remove only)
"AudioRealism Bass Line Pro_is1" = ABLPro 1.1.0
"AV Voice Changer Software DIAMOND 6.0" = AV Voice Changer Software DIAMOND 6.0
"Avira AntiVir Desktop" = Avira AntiVir Premium
"Best Service Chris Hein - Guitars" = Best Service Chris Hein - Guitars
"Best Service Ethno World 3 Complete" = Best Service Ethno World 3 Complete
"Bome's Midi Translator Pro Version_is1" = Bome's Midi Translator Pro Version 1.6.1
"Brainworx BX Digital VST_is1" = Brainworx BX Digital VST v1.09
"broomstickbass-1.0.0" = Broomstick Bass 1.0.0
"Browser Defender_is1" = Browser Defender 2.0.6.15
"burnatonce_is1" = burnatonce
"Cakewalk Dimension Pro_is1" = Dimension Pro
"Cakewalk RgcAudio z3ta Plus v1.5.2 VSTi DXi REPACK" = Cakewalk RgcAudio z3ta Plus v1.5.2 VSTi DXi REPACK
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"Collab" = Collab
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"Cryostasis: The Sleep of Reason_is1" = Cryostasis The Sleep of Reason
"CrySonic SINDO" = CrySonic SINDO
"CS-80V_is1" = CS-80V 1.6
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"East West Adrenaline" = East West Adrenaline
"East West Boesendorfer 290" = East West Boesendorfer 290
"East West Colossus" = East West Colossus
"East West EWQLSO Gold Edition" = East West EWQLSO Gold Edition
"East West Hardcore Bass XP" = East West Hardcore Bass XP
"East West Ra" = East West Ra
"E-MU Audio Drivers Hotfix" = E-MU Audio Drivers
"EMU PatchMix DSP" = E-muPatchMix DSP
"FL Studio 8" = FL Studio 8
"FL Studio 9" = FL Studio 9
"Flatcast_is1" = Flatcast
"Free Video Converter_is1" = Free Video Converter V 2.9
"Free YouTube Download_is1" = Free YouTube Download 2.9
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"FriendBlasterPro_is1" = FriendBlasterPro
"Future Music Future Loops" = Future Music Future Loops
"GFORCE_SOFTWARE_MINIMONSTA_RTAS_VSTi_v1.06-PLZ" = GFORCE_SOFTWARE_MINIMONSTA_RTAS_VSTi_v1.06-PLZ
"GMedia Music impOSCar VSTi v1.0.0.1" = GMedia Music impOSCar VSTi v1.0.0.1
"Google Chrome" = Google Chrome
"G-sonique Renegade VSTi" = G-sonique Renegade VSTi
"Gutscheinmieze - Toolbar" = Gutscheinmieze - Toolbar
"Har-Bal v2.0" = Har-Bal v2.0
"HijackThis" = HijackThis 2.0.2
"HS2_is1" = Steinberg Hypersonic 2
"ie8" = Windows Internet Explorer 8
"iGrafx 2009" = iGrafx 2009
"IL Autogun" = IL Autogun
"IL Download Manager" = IL Download Manager
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"IsoBuster Toolbar" = IsoBuster Toolbar
"IsoBuster_is1" = IsoBuster 2.8
"iZotope Ozone 4_is1" = iZotope Ozone 4
"iZotope RX_is1" = iZotope RX
"Jupiter-8V_is1" = Jupiter-8V 1.0
"Korg Legacy Collection v1.1.9" = Korg Legacy Collection v1.1.9
"Live 6.0.1" = Live 6.0.1
"LUXONIX Purity_is1" = LUXONIX Purity VSTi v1.03
"LUXONIX Ravity 16 VST v1.4.3" = LUXONIX Ravity 16 VST v1.4.3
"Magic ISO Maker v5.4 (build 0256)" = Magic ISO Maker v5.4 (build 0256)
"MAGIX 3D Maker ES" = MAGIX 3D Maker (embeded)
"Magix Samplitude FX Suite VST_is1" = Magix Samplitude FX Suite VST v1.0
"MAGIX Screenshare ES" = MAGIX Screenshare
"MAGIX Speed burnR ES" = MAGIX Speed burnR
"Mastering Effects Bundle 2 for Sound Forge Pro_is1" = Mastering Effects Bundle 2 for Sound Forge Pro
"M-Audio Drum and Bass Rig_is1" = M-Audio Drum and Bass Rig 1.0.0
"M-Audio Key Rig_is1" = M-Audio Key Rig 1.0.0
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live Toolbar" = Messenger_Plus_Live Toolbar
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Minimonsta" = GForce - Minimonsta
"minimoog V_is1" = minimoog V 1.6
"Mozilla Firefox (3.5.16)" = Mozilla Firefox (3.5.16)
"Mp3 Song Plays Increaser" = Mp3 Song Plays Increaser
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"M-Tron" = M-Tron
"Native Instruments Absynth 4" = Native Instruments Absynth 4
"Native Instruments B4 II" = Native Instruments B4 II
"Native Instruments Bandstand" = Native Instruments Bandstand
"Native Instruments Kontakt 3" = Native Instruments Kontakt 3
"Native Instruments Kore 2" = Native Instruments Kore 2
"Native Instruments Pro-53" = Native Instruments Pro-53
"Native Instruments Service Center" = Native Instruments Service Center
"NetTools_is1" = NetTools 5.0
"NI Service Center" = NI Service Center
"NomadFactory Blue Tubes Analog TrackBox VST RTAS_is1" = NomadFactory Blue Tubes Analog TrackBox VST RTAS v1.3
"NomadFactory Blue Tubes Dynamics Pack VST RTAS_is1" = NomadFactory Blue Tubes Dynamics Pack VST RTAS v3.2
"NomadFactory Blue Tubes Effects Pack VST RTAS_is1" = NomadFactory Blue Tubes Effects Pack VST RTAS v3.2
"NomadFactory Blue Tubes Equalizers Pack VST RTAS_is1" = NomadFactory Blue Tubes Equalizers Pack VST RTAS v3.2
"NomadFactory BlueVerb DRV-2080 VST RTAS_is1" = NomadFactory BlueVerb DRV-2080 VST RTAS v1.4
"NomadFactory Essential Studio Suite VST RTAS_is1" = NomadFactory Essential Studio Suite VST RTAS v1.5
"NomadFactory Liquid Bundle VST RTAS_is1" = NomadFactory Liquid Bundle VST RTAS v2.4
"NomadFactory Program Equalizer EQP-4 VST RTAS_is1" = NomadFactory Program Equalizer EQP-4 VST RTAS v1.3
"NomadFactory Rock Amp Legends VST RTAS_is1" = NomadFactory Rock Amp Legends VST RTAS v1.5
"NomadFactory Studio Channel SC-226 VST RTAS_is1" = NomadFactory Studio Channel SC-226 VST RTAS v1.3
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Overloud BREVERB VST RTAS_is1" = Overloud BREVERB VST RTAS v1.1
"PalTalk8.2" = PaltalkScene
"PhotoLine_is1" = PhotoLine 15.0.0.0
"PoiZone" = PoiZone
"Polyvoks Station VSTi_is1" = Polyvoks Station VSTi v1.4
"Predator_is1" = Rob Papen Predator V1.1.1
"PSP Audioware Xenon_is1" = PSP Audioware Xenon v1.0
"PSP MixPack2 2.0.3" = PSP MixPack2 2.0.3
"PSP sQuad 1.1.1" = PSP sQuad 1.1.1
"PSP VintageWarmer2 2.1.4" = PSP VintageWarmer2 2.1.4
"PSP_Audioware_Mastercomp_DX_RTAS_VST_v1.0-PLZ" = PSP_Audioware_Mastercomp_DX_RTAS_VST_v1.0-PLZ
"Pultronic EQ-110P_is1" = G-sonique Pultronic EQ-110P VST 1.0
"Rainlendar2" = Rainlendar2 (remove only)
"REAPER" = REAPER
"Refresher" = Refresher
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"Rob Papen Blue VSTi v1.01 " = Rob Papen Blue VSTi v1.01
"Rocksonics Effervescence VST v2.0" = Rocksonics Effervescence VST v2.0
"RoomVerb M2 2.0" = SpinAudio RoomVerb M2 2.0
"Samplitude 10 US" = Samplitude 10 10.0.0.0 (US)
"Sawer" = Sawer
"Smokin' Guns_is1" = Smokin' Guns 1.0
"Sonalksis Plug-Ins for Windows_is1" = Sonalksis Plug-Ins for Windows 3.00
"Sonic Syndicate Talkbox TB1 VST v1.0" = Sonic Syndicate Talkbox TB1 VST v1.0
"SONiVOX 2.0 DVI Harmonica_is1" = SONiVOX DVI Harmonica
"Sonnox Oxford Inflator Native VST_is1" = Sonnox Oxford Inflator Native VST v1.5.1
"Sonnox Oxford Inflator PowerCore VST_is1" = Sonnox Oxford Inflator PowerCore VST v1.5.1
"Sonnox Oxford Limiter Native VST_is1" = Sonnox Oxford Limiter Native VST v1.1.1
"Sonnox Oxford R3 Dynamics Native VST_is1" = Sonnox Oxford R3 Dynamics Native VST v1.3.1
"Sonnox Oxford R3 Dynamics PowerCore VST_is1" = Sonnox Oxford R3 Dynamics PowerCore VST v1.3.1
"Sonnox Oxford R3 EQ Native VST_is1" = Sonnox Oxford R3 EQ Native VST v1.6.1
"Sonnox Oxford R3 EQ PowerCore VST_is1" = Sonnox Oxford R3 EQ PowerCore VST v1.6.1
"Sonnox Oxford Reverb Native VST_is1" = Sonnox Oxford Reverb Native VST v1.0
"Sonnox Oxford TransMod Native VST_is1" = Sonnox Oxford TransMod Native VST v1.3.1
"Sonnox Oxford TransMod PowerCore VST_is1" = Sonnox Oxford TransMod PowerCore VST v1.3.1
"Spyware Doctor" = Spyware Doctor 7.0
"Starcraft" = Starcraft
"Steinberg Virtual Bassist v1.0.0.504" = Steinberg Virtual Bassist v1.0.0.504
"Sylenth1_is1" = Sylenth1 v1.01.3
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle
"timeworks Reverb 4080L" = timeworks Reverb 4080L
"Total Video Converter 3.50_is1" = Total Video Converter 3.50
"Toxic Biohazard" = Toxic Biohazard
"Trilogy_is1" = Trilogy
"TruePianos: Amber Module_is1" = TruePianos: Amber Module 1.4.0
"TruePianos: Diamond Module_is1" = TruePianos: Diamond Module 1.4.0
"TruePianos: Emerald Module_is1" = TruePianos: Emerald Module 1.4.0
"TruePianos: Sapphire Module (Pedal sounds included)_is1" = TruePianos: Sapphire Module 1.4.0
"TruePianos: Sapphire Module_is1" = TruePianos: Sapphire Module 1.4.0
"TruePianos_is1" = TruePianos 1.4.1
"TubeBlasterPro_is1" = TubeBlasterPro
"Uninstall_is1" = Uninstall 1.0.0.1
"URS Classic Console Strip Pro VST RTAS_is1" = URS Classic Console Strip Pro VST RTAS v1.0
"Veoh Web Player Beta" = Veoh Web Player
"Vir2 Instruments VI.ONE" = Vir2 Instruments VI.ONE
"VirSyn MATRIX VST RTAS_is1" = VirSyn MATRIX VST RTAS v1.2.1
"VLC media player" = VideoLAN VLC media player 0.8.4a
"VolkoBaglama" = VolkoBaglama
"WaveLabLite" = WaveLab LE 6
"Waves API Collection" = Waves API Collection
"Waves SSL Collection v1.2" = Waves SSL Collection v1.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 3.0
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XBass 4000 Analog Bass Saturation_is1" = G-Sonique XBass 4000 Analog Bass Saturation VST 1.0
"XILS-lab polyKB_is1" = XILS-lab polyKB VSTi RTAS v1.0.1
"XILS-lab XILS-3_is1" = XILS-lab XILS-3 VSTi RTAS v1.3.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zero-G Nostalgia" = Zero-G Nostalgia
"Zero-G Sounds of the 70s" = Zero-G Sounds of the 70s
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1078081533-764733703-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 24.01.2011 08:17:43 | Computer Name = MAC10-6727E048D | Source = UserInit | ID = 1000
Description = Folgendes Skript konnte nicht ausgeführt werden: C:\Dokumente und
Einstellungen\Administrator\Desktop\fastboot.bat. Das System kann die angegebene
Datei nicht finden.
Error - 24.01.2011 08:18:53 | Computer Name = MAC10-6727E048D | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <INIT11> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code:
Error - 24.01.2011 08:21:00 | Computer Name = MAC10-6727E048D | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung svchost.exe, Version 5.1.2600.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x001a624b.
Error - 24.01.2011 08:28:54 | Computer Name = MAC10-6727E048D | Source = UserInit | ID = 1000
Description = Folgendes Skript konnte nicht ausgeführt werden: C:\Dokumente und
Einstellungen\Administrator\Desktop\fastboot.bat. Das System kann die angegebene
Datei nicht finden.
Error - 24.01.2011 08:29:55 | Computer Name = MAC10-6727E048D | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <INIT11> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code:
Error - 24.01.2011 08:32:16 | Computer Name = MAC10-6727E048D | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung svchost.exe, Version 5.1.2600.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x001a624b.
Error - 24.01.2011 08:34:53 | Computer Name = MAC10-6727E048D | Source = UserInit | ID = 1000
Description = Folgendes Skript konnte nicht ausgeführt werden: C:\Dokumente und
Einstellungen\Administrator\Desktop\fastboot.bat. Das System kann die angegebene
Datei nicht finden.
Error - 24.01.2011 08:45:35 | Computer Name = MAC10-6727E048D | Source = UserInit | ID = 1000
Description = Folgendes Skript konnte nicht ausgeführt werden: C:\Dokumente und
Einstellungen\Administrator\Desktop\fastboot.bat. Das System kann die angegebene
Datei nicht finden.
Error - 24.01.2011 08:46:34 | Computer Name = MAC10-6727E048D | Source = Avira AntiVir | ID = 4112
Description = An error occurred during a resource request to the Windows NT system.
The resource <INIT11> has not been allocated. This could be due to an out-of-memory
error or any other system failure. Returned error code:
Error - 24.01.2011 08:48:25 | Computer Name = MAC10-6727E048D | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung svchost.exe, Version 5.1.2600.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x001a624b.
[ System Events ]
Error - 24.01.2011 08:47:42 | Computer Name = MAC10-6727E048D | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Process Monitor" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 24.01.2011 08:47:42 | Computer Name = MAC10-6727E048D | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Nero BackItUp Scheduler 4.0" wurde aufgrund folgenden
Fehlers nicht gestartet: %%2
Error - 24.01.2011 08:47:42 | Computer Name = MAC10-6727E048D | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Windows-Bilderfassung
(WIA).
Error - 24.01.2011 08:47:42 | Computer Name = MAC10-6727E048D | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows-Bilderfassung (WIA)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 24.01.2011 08:47:42 | Computer Name = MAC10-6727E048D | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Avira AntiVir MailGuard" ist vom Dienst "Avira AntiVir
Guard" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0
Error - 24.01.2011 08:47:42 | Computer Name = MAC10-6727E048D | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Avira AntiVir WebGuard" ist vom Dienst "Avira AntiVir
Guard" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0
Error - 24.01.2011 08:53:00 | Computer Name = MAC10-6727E048D | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Starten Sie
den Dienst neu.) durchzuführen, ist fehlgeschlagen. Fehler: %%1056
Error - 24.01.2011 09:16:46 | Computer Name = MAC10-6727E048D | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Starten Sie
den Dienst neu.) durchzuführen, ist fehlgeschlagen. Fehler: %%1056
Error - 24.01.2011 10:45:51 | Computer Name = MAC10-6727E048D | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Starten Sie
den Dienst neu.) durchzuführen, ist fehlgeschlagen. Fehler: %%1056
Error - 24.01.2011 10:48:47 | Computer Name = MAC10-6727E048D | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Starten Sie
den Dienst neu.) durchzuführen, ist fehlgeschlagen. Fehler: %%1056
< End of report >
|
|
24.01.2011, 16:39
| #5 |
| /// Malware-holic | mein hijacklog --> bitte um hilfe antivir sowie wlan adapter funkt. nicht 1. spybot bitte deinstalieren, stört die reinigung, pc neustarten. 2. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL O29 - HKLM SecurityProviders - (mdayyeoc.dll) - File not found O29 - HKLM SecurityProviders - (mxvjiivx.dll) - File not found O36 - AppCertDlls: boottvdm - (C:\WINDOWS\browplUI.dll) - File not found :Files C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Servpnp :\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Servpnp :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. öffne arbeitsplatz, c: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. lade das archiv in unserem upload channel hoch. http://www.trojaner-board.de/54791-a...ner-board.html machst du onlinebanking /einkäufe?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
24.01.2011, 17:55
| #6 |
| | mein hijacklog --> bitte um hilfe antivir sowie wlan adapter funkt. nicht nein kein onlinebanking. [/CODE]All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:mdayyeoc.dll deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:mxvjiivx.dll deleted successfully. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\boottvdm:C:\WINDOWS\browplUI.dll deleted successfully. ========== FILES ========== C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Servpnp folder moved successfully. Error: Unable to interpret <:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Servpnp> in the current context! ========== COMMANDS ========== [EMPTYFLASH] User: Administrator ->Flash cache emptied: 2794855 bytes User: All Users User: Default User User: LocalService User: NetworkService Total Flash Files Cleaned = 3,00 mb [EMPTYTEMP] User: Administrator ->Temp folder emptied: 4165610226 bytes ->Temporary Internet Files folder emptied: 84735200 bytes ->Java cache emptied: 83366023 bytes ->FireFox cache emptied: 83604150 bytes ->Google Chrome cache emptied: 15373569 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 82513 bytes ->Temporary Internet Files folder emptied: 33708 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 948130 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2148906 bytes %systemroot%\System32 .tmp files removed: 3116788 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 29490268 bytes RecycleBin emptied: 14904 bytes Total Files Cleaned = 4.262,00 mb OTL by OldTimer - Version 3.2.20.5 log created on 01242011_170609 Files\Folders moved on Reboot... Registry entries deleted on Reboot... [/CODE] |
|
24.01.2011, 18:03
| #7 |
| /// Malware-holic | mein hijacklog --> bitte um hilfe antivir sowie wlan adapter funkt. nicht ok, pc neustarten. kannst du dann moved files noch mal neu packen, oder ist der ordner wirklich nur 2 kb groß?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
24.01.2011, 18:11
| #8 |
| | mein hijacklog --> bitte um hilfe antivir sowie wlan adapter funkt. nicht ups ich wollte schauen was so gelöscht wurde und habe die datei geöffnet und gemert das dort die viren drinne waren. und jetzt ist die datei weg wie ich grade sehe. da ich garde an einem laptop bin ist es egal wegen den viren. ist die datei jetzt weg ? |
|
25.01.2011, 10:23
| #9 |
| | mein hijacklog --> bitte um hilfe antivir sowie wlan adapter funkt. nicht keine weitere hilfe mehr? |
|
25.01.2011, 11:19
| #10 |
| /// Malware-holic | mein hijacklog --> bitte um hilfe antivir sowie wlan adapter funkt. nicht waru öffnest du die datei, wofür machen wir dann hier die arbeit... wenn du glück hast hast dich gleich noch mal neu infiziert. neues otl log.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
25.01.2011, 11:47
| #11 |
| | mein hijacklog --> bitte um hilfe antivir sowie wlan adapter funkt. nicht weil ich dumm war. die datei habe ich nicht an meinem rechner geöffnet sondern an einem laptop der sowieso formatiert werden musste. mein antivir funktioniert immer noch nicht. wie geht es jetzt weiter? bitte um hilfe |
|
25.01.2011, 12:04
| #12 |
| /// Malware-holic | mein hijacklog --> bitte um hilfe antivir sowie wlan adapter funkt. nicht du hast mir auf seite 1 zwar die frage nach dem online baking mit nein beantwortet, aber ob du einkaufst hast du mir nicht gesagt.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
25.01.2011, 12:22
| #13 |
| | mein hijacklog --> bitte um hilfe antivir sowie wlan adapter funkt. nicht nein einkaufen tu ich auch nicht. |
|
25.01.2011, 12:36
| #14 |
| /// Malware-holic | mein hijacklog --> bitte um hilfe antivir sowie wlan adapter funkt. nicht ok will ja nur sicher gehen, da man dann anders vor ehen sollte. hast du schon versucht den lan treiber neu zu instalieren? bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
25.01.2011, 15:27
| #15 |
| | mein hijacklog --> bitte um hilfe antivir sowie wlan adapter funkt. nicht ALso ich hatte einige male mir etwas vom inet bestellt vlt so 1o-15 mal. Abet tu rs jetzt nicht regelmäßig. |
|
| Themen zu mein hijacklog --> bitte um hilfe antivir sowie wlan adapter funkt. nicht |
| adobe, antivir, antivir guard, askbar, avg, avira, bho, browser, cdburnerxp, defender, desktop, einstellungen, error, explorer, google, hijackthis, hkus\s-1-5-18, internet explorer, plug-in, rundll, security, skype.exe, software, spyware, starten, system, windows, windows xp, wlan, {dfefcdee-cf1a-4fc8-88ad-48514e463b27} |
Linear-Darstellung
