Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Hilfe! Wahrscheinlich schlimmes Rootkit

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Thema geschlossen
Alt 01.02.2011, 20:26   #16
WomTom
 
Hilfe! Wahrscheinlich schlimmes Rootkit - Standard

Hilfe! Wahrscheinlich schlimmes Rootkit



Code:
ATTFilter
OTL logfile created on: 01.02.2011 20:04:46 - Run 3
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\WomTom\Desktop\MFTools
 An unknown product Service Pack 1, v.721 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17105)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 67,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64,90 Gb Total Space | 37,06 Gb Free Space | 57,10% Space Free | Partition Type: NTFS
Drive D: | 95,00 Gb Total Space | 87,52 Gb Free Space | 92,13% Space Free | Partition Type: NTFS
Drive E: | 72,88 Gb Total Space | 62,17 Gb Free Space | 85,30% Space Free | Partition Type: NTFS
Drive F: | 60,00 Gb Total Space | 42,75 Gb Free Space | 71,25% Space Free | Partition Type: NTFS
Drive G: | 51,79 Gb Total Space | 11,54 Gb Free Space | 22,28% Space Free | Partition Type: NTFS
Drive H: | 298,09 Gb Total Space | 237,05 Gb Free Space | 79,52% Space Free | Partition Type: NTFS
 
Computer Name: WOMTOM-PC | User Name: WomTom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.01.28 17:36:37 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\WomTom\Desktop\MFTools\OTL.exe
PRC - [2010.11.30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2010.11.26 03:54:28 | 000,393,216 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.11.26 03:54:00 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.11.11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010.11.11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010.11.01 17:09:12 | 000,802,816 | ---- | M] (Sphinx Software) -- C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe
PRC - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) -- C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe
PRC - [2010.10.25 15:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- D:\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010.10.25 12:59:03 | 000,610,944 | ---- | M] (CM & V) -- d:\DVBViewer\DVBVservice.exe
PRC - [2010.09.29 22:47:00 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.09.29 22:46:32 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.09.29 22:46:24 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.05.07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010.02.12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe
PRC - [2009.12.10 23:04:22 | 000,814,344 | ---- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
PRC - [2009.09.19 14:40:54 | 000,122,880 | ---- | M] () -- C:\Windows\System32\WinMsgBalloonServer.exe
PRC - [2009.09.19 14:40:48 | 000,139,264 | ---- | M] () -- C:\Windows\System32\WinMsgBalloonClient.exe
PRC - [2009.09.19 14:39:06 | 000,122,880 | ---- | M] (AMD) -- C:\Programme\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009.09.19 14:38:48 | 000,065,536 | ---- | M] () -- C:\Programme\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.05.12 02:05:52 | 000,247,808 | ---- | M] (Winstep Software Technologies) -- D:\Winstep\WsxService.exe
PRC - [2005.01.14 16:32:38 | 000,053,248 | ---- | M] () -- C:\Windows\System32\PAStiSvc.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.01.28 17:36:37 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\WomTom\Desktop\MFTools\OTL.exe
MOD - [2010.09.29 22:50:02 | 000,100,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2010.09.29 22:49:40 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2010.09.29 22:49:14 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2010.09.29 22:48:22 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2010.09.29 22:47:24 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2010.09.29 22:26:28 | 001,681,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17105_none_41e580dc2bd7f1b8\comctl32.dll
MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.01.18 23:42:00 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\DDLLicensing.exe -- (Creative Dolby Digital Live Pack Licensing Service)
SRV - [2011.01.18 23:33:41 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.11.26 03:54:00 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.11.11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010.11.11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.11.01 16:49:58 | 000,401,408 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV - [2010.10.25 12:59:03 | 000,610,944 | ---- | M] (CM & V) [Auto | Running] -- d:\DVBViewer\DVBVservice.exe -- (DVBVRecorder)
SRV - [2010.09.29 22:50:10 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2010.09.29 22:50:00 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2010.09.29 22:49:36 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2010.09.29 22:48:26 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2010.09.29 22:48:00 | 000,804,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010.09.29 22:47:38 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2010.09.29 22:47:20 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
SRV - [2010.09.29 22:46:46 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010.05.07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Programme\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009.12.10 23:04:22 | 000,814,344 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.10.0)
SRV - [2009.09.19 14:39:06 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.05.12 02:05:52 | 000,247,808 | ---- | M] (Winstep Software Technologies) [Auto | Running] -- D:\Winstep\WsxService.exe -- (Winstep Xtreme Service)
SRV - [2005.01.14 16:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PAStiSvc.exe -- (STI Simulator)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.02.01 19:52:36 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1D8FE798-8DA2-4ED4-9917-BBED6DCF0BEA}\MpKsl77aad118.sys -- (MpKsl77aad118)
DRV - [2011.02.01 19:51:12 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1D8FE798-8DA2-4ED4-9917-BBED6DCF0BEA}\MpKsl1c7297fb.sys -- (MpKsl1c7297fb)
DRV - [2011.02.01 13:21:59 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1D8FE798-8DA2-4ED4-9917-BBED6DCF0BEA}\MpKsl68c25858.sys -- (MpKsl68c25858)
DRV - [2011.01.13 10:27:06 | 000,035,840 | ---- | M] (Cambridge Silicon Radio Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\csrusb.sys -- (csrusb)
DRV - [2011.01.13 10:27:02 | 001,534,464 | ---- | M] (Cambridge Silicon Radio Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CsrBtPort.sys -- (CsrBtPort)
DRV - [2010.11.26 05:19:20 | 006,650,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010.11.26 05:19:20 | 006,650,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.11.26 03:16:26 | 000,231,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.11.22 16:59:16 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010.11.10 02:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam Pro 9000(UVC)
DRV - [2010.11.10 02:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010.10.24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010.10.24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.09.29 22:58:50 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.09.29 22:58:50 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.09.29 22:58:50 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.09.29 22:58:48 | 000,160,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vhdmp.sys -- (vhdmp)
DRV - [2010.09.29 22:58:42 | 000,173,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2010.09.29 22:58:36 | 000,143,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2010.09.29 22:58:36 | 000,117,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2010.09.29 22:58:26 | 000,332,160 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2010.09.29 22:58:26 | 000,014,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2010.09.29 22:57:10 | 000,080,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\amdsata.sys -- (amdsata)
DRV - [2010.09.29 22:57:10 | 000,022,400 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\amdxata.sys -- (amdxata)
DRV - [2010.09.29 21:25:48 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.09.29 21:14:42 | 000,164,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2010.09.29 21:14:22 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2010.09.29 21:09:24 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2010.09.29 21:00:46 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2010.09.29 20:58:40 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2010.09.29 20:54:32 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.29 20:54:26 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.09.29 20:40:22 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\acpipmi.sys -- (AcpiPmi)
DRV - [2010.09.22 19:54:56 | 000,048,512 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RamDiskVE.sys -- (RAMDiskVE)
DRV - [2010.06.25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010.05.07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010.03.19 00:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010.03.19 00:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010.03.19 00:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010.03.19 00:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2010.03.19 00:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010.03.19 00:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010.03.19 00:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010.03.19 00:40:56 | 000,018,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctgame.sys -- (ctgame)
DRV - [2010.03.19 00:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010.03.19 00:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010.03.19 00:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010.03.19 00:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2010.03.19 00:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010.03.19 00:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2010.03.19 00:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010.03.19 00:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2010.03.19 00:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010.03.19 00:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2010.03.19 00:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2010.03.04 12:42:58 | 000,277,536 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2010.01.28 14:57:09 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009.12.18 16:19:02 | 003,482,240 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009.11.27 09:01:36 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.11.04 12:42:32 | 000,022,592 | ---- | M] (TerraTec Provide) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MtsHID.sys -- (MtsHID)
DRV - [2009.11.04 12:42:20 | 000,247,872 | ---- | M] (TerraTec Provide) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MtsBda.sys -- (MTSBDA)
DRV - [2009.09.30 15:33:56 | 000,104,976 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.09.23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.09.01 16:59:44 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/11/25 19:02:42] [Kernel | Auto | Running] -- D:\CyberLink\PowerDVD9\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009.07.24 23:29:22 | 000,017,584 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvblinktun4.sys -- (dvblinktun4)
DRV - [2009.07.24 23:29:14 | 000,017,584 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvblinktun3.sys -- (dvblinktun3)
DRV - [2009.07.24 23:29:08 | 000,017,584 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvblinktun2.sys -- (dvblinktun2)
DRV - [2009.07.24 23:29:02 | 000,017,584 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvblinktun.sys -- (dvblinktun)
DRV - [2009.07.24 23:28:56 | 000,017,456 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvblinkcap4.sys -- (dvblinkcap4)
DRV - [2009.07.24 23:28:48 | 000,017,456 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvblinkcap3.sys -- (dvblinkcap3)
DRV - [2009.07.24 23:28:42 | 000,017,456 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvblinkcap2.sys -- (dvblinkcap2)
DRV - [2009.07.24 23:28:36 | 000,017,456 | ---- | M] (DVBLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvblinkcap.sys -- (dvblinkcap)
DRV - [2009.07.17 19:52:00 | 000,155,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 02:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009.06.17 17:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009.06.17 17:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.06.17 17:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009.06.17 17:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009.03.27 01:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2008.02.22 15:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2008.02.22 15:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008.02.22 15:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2008.02.01 17:24:04 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- D:\CyberLink\PowerDVD8\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2007.04.18 08:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007.04.12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007.04.12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007.04.12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007.04.12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007.04.12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007.04.12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007.04.12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007.04.12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007.04.12 08:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007.04.12 08:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2006.10.30 16:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2005.10.18 18:48:38 | 000,154,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PA707UCM.SYS -- (PAC7311)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 64 93 E1 07 14 93 CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.3
FF - prefs.js..extensions.enabledItems: CompactMenuCE@Merci.chao:4.3.2
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.87
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.2.3
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.11.18
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.52
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\browserrecord\firefox\ext [2010.01.25 20:05:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: D:\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2010.11.29 00:45:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2010.12.01 13:15:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.16 14:51:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.12 19:00:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2011.01.27 23:25:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b10\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins
 
[2009.11.24 19:14:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WomTom\AppData\Roaming\mozilla\Extensions
[2011.01.30 13:10:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WomTom\AppData\Roaming\mozilla\Firefox\Profiles\zskd4c4f.default\extensions
[2011.01.29 05:44:03 | 000,001,056 | ---- | M] () -- C:\Users\WomTom\AppData\Roaming\Mozilla\Firefox\Profiles\zskd4c4f.default\searchplugins\icqplugin.xml
[2011.01.23 15:33:14 | 000,002,306 | ---- | M] () -- C:\Users\WomTom\AppData\Roaming\Mozilla\Firefox\Profiles\zskd4c4f.default\searchplugins\wot-safe-search.xml
[2010.12.16 00:29:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.08.08 17:59:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.21 15:42:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- 
[2010.12.01 13:15:53 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX
() (No name found) -- C:\USERS\WOMTOM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZSKD4C4F.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7}.XPI
() (No name found) -- C:\USERS\WOMTOM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZSKD4C4F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.10.21 21:43:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.21 21:43:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.21 21:43:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.21 21:43:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.21 21:43:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.01.29 20:59:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\rpbrowserrecordplugin.dll File not found
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows7FirewallControl] C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Alles mit FlashGet laden - D:\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download by Orbit - D:\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - D:\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Mit FlashGet laden - D:\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Add to &Evernote - D:\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - D:\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube Download - C:\Users\WomTom\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\WomTom\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - D:\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - D:\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.01.21 22:00:36 | 000,000,000 | ---D | M] - D:\AutoHotkey -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.01 18:24:29 | 000,000,000 | ---D | C] -- C:\Users\WomTom\Desktop\PC_Rettung
[2011.01.31 17:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2011.01.31 17:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2011.01.31 17:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2011.01.31 17:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software
[2011.01.31 17:52:00 | 000,000,000 | ---D | C] -- C:\Programme\NCH Software
[2011.01.31 17:51:59 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\NCH Software
[2011.01.29 21:44:47 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client
[2011.01.29 20:59:52 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011.01.29 20:58:05 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Local\temp
[2011.01.29 20:46:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.01.29 20:46:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.01.29 20:46:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.01.29 20:42:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.01.29 20:13:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.01.29 15:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rootkit Unhooker LE
[2011.01.29 15:12:56 | 000,000,000 | ---D | C] -- C:\Users\WomTom\Desktop\MustBeRandomlyNamed
[2011.01.29 15:12:24 | 000,719,574 | ---- | C] (UG North                                                    ) -- C:\Users\WomTom\Desktop\RkU3.8.388.590.exe
[2011.01.29 14:55:43 | 001,350,232 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\WomTom\Desktop\tdsskiller.exe
[2011.01.29 14:49:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.01.29 09:34:27 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\Wireshark
[2011.01.29 09:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2011.01.29 09:19:10 | 000,000,000 | ---D | C] -- C:\Programme\WinPcap
[2011.01.28 17:48:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.01.28 17:46:29 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.01.28 17:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.01.28 17:36:33 | 000,000,000 | ---D | C] -- C:\Users\WomTom\Desktop\MFTools
[2011.01.28 15:36:18 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\QuickScan
[2011.01.28 12:20:30 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2011.01.28 11:53:37 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\KillProcess
[2011.01.28 11:53:29 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KillProcess
[2011.01.28 11:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KillProcess
[2011.01.28 11:53:28 | 000,000,000 | ---D | C] -- C:\Users\WomTom\Documents\KillProcess Kill Lists
[2011.01.28 11:53:28 | 000,000,000 | ---D | C] -- C:\Programme\KillProcess
[2011.01.27 17:14:50 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live Safety Center
[2011.01.27 15:16:10 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\Malwarebytes
[2011.01.27 15:15:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.01.27 15:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.27 15:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.27 15:15:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.01.27 13:57:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.01.27 13:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.01.26 20:00:32 | 000,000,000 | ---D | C] -- C:\Users\WomTom\Documents\Stardock
[2011.01.26 20:00:32 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\Stardock
[2011.01.26 20:00:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\{56FC2B0D-3D08-45E7-B370-9A9DACA17E2F}
[2011.01.26 20:00:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Stardock
[2011.01.26 20:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2011.01.26 19:39:18 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox 4.0 Beta 10
[2011.01.26 12:03:26 | 000,000,000 | ---D | C] -- C:\ProgramData\RL Vision
[2011.01.26 12:01:04 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMCT232.ocx
[2011.01.26 12:01:04 | 000,102,400 | ---- | C] (RL Vision) -- C:\Windows\System32\FlashRenHelper.dll
[2011.01.26 12:01:04 | 000,028,672 | ---- | C] (UniCont Soft) -- C:\Windows\System32\FolderWatcher.dll
[2011.01.26 12:01:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Renamer
[2011.01.26 04:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftLocker
[2011.01.26 04:53:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Quick File Renamer
[2011.01.26 04:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\UPS Controller
[2011.01.26 04:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SLGlobal
[2011.01.26 04:53:04 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\Quick File Renamer
[2011.01.26 03:24:25 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FHindustries
[2011.01.26 03:22:50 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\GetRightToGo
[2011.01.25 16:19:57 | 000,000,000 | ---D | C] -- C:\Users\WomTom\Documents\Meine empfangenen Dateien
[2011.01.21 22:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
[2011.01.20 21:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2011.01.20 21:34:33 | 000,000,000 | ---D | C] -- C:\Programme\Foxit Software
[2011.01.20 01:54:37 | 000,000,000 | ---D | C] -- C:\Users\WomTom\Documents\Videomaskenprojekte
[2011.01.20 00:41:52 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Creative
[2011.01.20 00:41:50 | 000,000,000 | -H-D | C] -- C:\Programme\Creative Installation Information
[2011.01.19 13:10:14 | 000,011,776 | ---- | C] (Creative Technology Limited) -- C:\Windows\INRES.DLL
[2011.01.19 13:10:14 | 000,010,240 | ---- | C] (Creative Technology Ltd) -- C:\Windows\CTDCRES.DLL
[2011.01.19 12:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2011.01.18 23:41:35 | 000,171,680 | ---- | C] (Creative Technology Ltd) -- C:\Windows\System32\CTOPT352.dll
[2011.01.18 23:41:35 | 000,061,440 | ---- | C] (Creative Technology Ltd) -- C:\Windows\System32\CTChkAud.dll
[2011.01.18 23:35:25 | 000,065,536 | ---- | C] (Creative Technology Ltd) -- C:\Windows\System32\ctdvda32.dll
[2011.01.18 23:33:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Creative Labs Shared
[2011.01.18 23:29:15 | 000,000,000 | ---D | C] -- C:\Programme\Creative
[2011.01.18 23:25:06 | 000,086,016 | ---- | C] (Creative Technology Ltd) -- C:\Windows\System32\cttele.dll
[2011.01.18 23:24:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\data
[2011.01.18 22:57:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Powertoys for Windows XP
[2011.01.18 20:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atiz
[2011.01.18 15:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.01.18 15:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.01.18 15:22:14 | 000,000,000 | ---D | C] -- C:\Users\WomTom\Documents\SightSpeed Recordings
[2011.01.18 15:22:13 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Local\LogiShrd
[2011.01.18 15:19:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\logishrd
[2011.01.18 15:19:29 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\LWS
[2011.01.16 14:32:48 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\Snapter Images
[2011.01.15 22:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.01.15 22:43:55 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2011.01.13 10:27:06 | 000,035,840 | ---- | C] (Cambridge Silicon Radio Limited) -- C:\Windows\System32\drivers\csrusb.sys
[2011.01.13 10:27:02 | 001,534,464 | ---- | C] (Cambridge Silicon Radio Limited) -- C:\Windows\System32\drivers\CsrBtPort.sys
[2011.01.12 23:14:53 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.12 03:46:42 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\vlc
[2011.01.12 03:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.01.10 22:44:31 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Local\DVDVideoSoft_Ltd
[2011.01.10 20:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.2
[2011.01.10 20:52:25 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2
[2011.01.10 15:05:21 | 000,188,928 | ---- | C] (SONIX) -- C:\Windows\FixCamera.exe
[2011.01.08 19:59:34 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\amcap.exe
[2011.01.07 18:14:46 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\ManyCam
[2011.01.07 00:28:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\f4
[2011.01.04 15:00:41 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Roaming\Camfrog
[2011.01.04 15:00:40 | 000,000,000 | ---D | C] -- C:\Users\WomTom\AppData\Local\CrashRpt
[2011.01.03 19:13:24 | 000,000,000 | ---D | C] -- C:\Windows\TempDF18C668-4E15-D238-8831-60FA558EB771-Signatures
[2010.12.21 17:43:48 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\WomTom\AppData\Roaming\pcouffin.sys
[2010.11.29 13:18:12 | 000,010,752 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2010.01.25 20:05:14 | 000,014,336 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\wmdmhelper.dll
[2010.01.25 20:05:13 | 000,712,704 | ---- | C] ( ) -- C:\Programme\dtdr3260.dll
[2010.01.25 20:05:12 | 000,651,264 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rjbres.dll
[2010.01.25 20:05:12 | 000,352,256 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rjdlg.dll
[2010.01.25 20:05:12 | 000,139,264 | ---- | C] (Inner Media, Inc.) -- C:\Programme\DUNZIP32.dll
[2010.01.25 20:05:12 | 000,036,352 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\ierjplug.dll
[2010.01.25 20:05:12 | 000,019,456 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\tnetdtct.dll
[2010.01.25 20:05:12 | 000,019,456 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rjprog.dll
[2010.01.25 20:05:12 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\fixrjb.exe
[2010.01.25 20:05:11 | 000,081,920 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\tsasdk.dll
[2010.01.25 20:05:11 | 000,057,344 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\tpasdk.dll
[2010.01.25 20:05:11 | 000,041,472 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\mmcdda32.dll
[2010.01.25 20:05:10 | 000,032,768 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpwa3260.dll
[2010.01.25 20:05:09 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Programme\dbghelp.dll
[2010.01.25 20:05:09 | 000,329,312 | ---- | C] (RealPlayer) -- C:\Programme\rpbrowserrecordplugin.dll
[2010.01.25 20:05:09 | 000,043,056 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpshellsearch.dll
[2010.01.25 20:05:08 | 000,065,536 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rjwmapln.dll
[2010.01.25 20:05:06 | 000,053,248 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpau3260.dll
[2010.01.25 20:05:01 | 000,112,168 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rdsf3260.dll
[2010.01.25 20:05:01 | 000,086,016 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpplugprot.dll
[2010.01.25 20:05:01 | 000,063,016 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpshell.dll
[2010.01.25 20:04:58 | 000,014,888 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rphelperapp.exe
[2010.01.25 20:04:58 | 000,007,168 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\realjbox.exe
[2010.01.25 20:04:40 | 000,222,728 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\realplay.exe
[2010.01.25 20:04:38 | 000,198,208 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\RecordingManager.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.01 19:59:50 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.01 19:59:50 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.01 19:52:40 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.01 19:52:27 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011.02.01 19:52:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.01 19:52:16 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.01 19:51:38 | 000,032,592 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx
[2011.02.01 19:51:38 | 000,032,592 | ---- | M] () -- C:\Windows\System32\BMXState-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx
[2011.02.01 19:51:38 | 000,032,088 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx
[2011.02.01 19:51:38 | 000,032,088 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx
[2011.02.01 19:51:38 | 000,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx
[2011.02.01 19:38:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.01 19:02:01 | 000,659,538 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.02.01 19:02:01 | 000,620,814 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.01 19:02:01 | 000,131,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.02.01 19:02:01 | 000,108,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.01 01:35:32 | 000,005,527 | ---- | M] () -- C:\Windows\System32\sys3Start.lic
[2011.01.31 17:58:19 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Debut Video Capture Software.lnk
[2011.01.31 16:19:46 | 000,005,632 | ---- | M] () -- C:\Users\WomTom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.29 21:45:20 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.01.29 20:59:47 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.01.29 20:45:17 | 000,000,406 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011.01.29 20:40:50 | 004,262,047 | R--- | M] () -- C:\Users\WomTom\Desktop\Cafi.exe
[2011.01.29 15:11:15 | 000,629,057 | ---- | M] () -- C:\Users\WomTom\Desktop\RkU3.8.388.590.rar
[2011.01.29 14:55:12 | 001,350,232 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\WomTom\Desktop\tdsskiller.exe
[2011.01.28 17:57:39 | 000,000,000 | ---- | M] () -- C:\Users\WomTom\defogger_reenable
[2011.01.28 17:46:29 | 000,000,904 | ---- | M] () -- C:\Users\WomTom\Desktop\NTREGOPT.lnk
[2011.01.28 11:53:29 | 000,001,011 | ---- | M] () -- C:\Users\WomTom\Desktop\KillProcess.lnk
[2011.01.27 15:15:57 | 000,000,626 | ---- | M] () -- C:\Users\WomTom\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.27 14:18:27 | 000,000,769 | ---- | M] () -- C:\Users\WomTom\Desktop\Spybot - Search & Destroy.lnk
[2011.01.26 19:39:20 | 000,002,100 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 10.lnk
[2011.01.26 12:01:04 | 000,000,543 | ---- | M] () -- C:\Users\Public\Desktop\Flash Renamer.lnk
[2011.01.26 03:24:25 | 000,000,364 | ---- | M] () -- C:\Users\WomTom\Desktop\A+FileRename.appref-ms
[2011.01.25 16:56:31 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_CsrBtPort_01009.Wdf
[2011.01.25 16:56:18 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_csrusb_01009.Wdf
[2011.01.21 22:17:08 | 000,000,209 | ---- | M] () -- C:\Users\WomTom\Documents\cam.ahk
[2011.01.21 21:20:43 | 000,001,352 | ---- | M] () -- C:\Users\WomTom\Documents\AutoHotkey.ahk
[2011.01.21 00:19:07 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2011.01.20 21:34:52 | 000,001,198 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2011.01.20 01:08:41 | 004,958,588 | ---- | M] () -- C:\Windows\{00000002-00000000-00000007-00001102-00000004-20021102}.CDF
[2011.01.20 01:04:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ctzapxx.ini
[2011.01.20 00:18:23 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011.01.20 00:18:23 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011.01.19 20:13:39 | 000,001,588 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
[2011.01.18 23:41:59 | 000,002,157 | ---- | M] () -- C:\Users\Public\Desktop\DDL und DTS Connect-Lizenzaktivierung.lnk
[2011.01.18 20:14:48 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\BookDrive Editor Pro.lnk
[2011.01.18 16:20:42 | 000,001,041 | ---- | M] () -- C:\Users\WomTom\AppData\Roaming\vso_ts_preview.xml
[2011.01.16 14:32:45 | 000,005,500 | ---- | M] () -- C:\Windows\System32\sys5start.lic
[2011.01.14 00:33:40 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2011.01.13 10:27:06 | 000,035,840 | ---- | M] (Cambridge Silicon Radio Limited) -- C:\Windows\System32\drivers\csrusb.sys
[2011.01.13 10:27:02 | 001,534,464 | ---- | M] (Cambridge Silicon Radio Limited) -- C:\Windows\System32\drivers\CsrBtPort.sys
[2011.01.12 03:45:34 | 000,000,613 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
 
========== Files Created - No Company Name ==========
 
[2011.01.31 17:58:19 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
[2011.01.31 17:52:05 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Debut Video Capture Software.lnk
[2011.01.29 21:44:49 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011.01.29 20:46:09 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.01.29 20:46:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.01.29 20:46:09 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.01.29 20:46:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.01.29 20:46:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.01.29 20:40:44 | 004,262,047 | R--- | C] () -- C:\Users\WomTom\Desktop\Cafi.exe
[2011.01.29 15:11:45 | 000,629,057 | ---- | C] () -- C:\Users\WomTom\Desktop\RkU3.8.388.590.rar
[2011.01.29 09:15:58 | 000,000,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2011.01.28 17:57:39 | 000,000,000 | ---- | C] () -- C:\Users\WomTom\defogger_reenable
[2011.01.28 17:46:29 | 000,000,904 | ---- | C] () -- C:\Users\WomTom\Desktop\NTREGOPT.lnk
[2011.01.28 11:53:29 | 000,001,011 | ---- | C] () -- C:\Users\WomTom\Desktop\KillProcess.lnk
[2011.01.27 15:15:57 | 000,000,626 | ---- | C] () -- C:\Users\WomTom\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.27 14:18:27 | 000,000,769 | ---- | C] () -- C:\Users\WomTom\Desktop\Spybot - Search & Destroy.lnk
[2011.01.26 19:39:20 | 000,002,103 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 4.0 Beta 10.lnk
[2011.01.26 19:39:20 | 000,002,100 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 10.lnk
[2011.01.26 12:01:04 | 000,017,804 | ---- | C] () -- C:\Windows\System32\shlctxmnu.tlb
[2011.01.26 12:01:04 | 000,011,012 | ---- | C] () -- C:\Windows\System32\threadapi.tlb
[2011.01.26 12:01:04 | 000,000,543 | ---- | C] () -- C:\Users\Public\Desktop\Flash Renamer.lnk
[2011.01.26 03:24:25 | 000,000,364 | ---- | C] () -- C:\Users\WomTom\Desktop\A+FileRename.appref-ms
[2011.01.25 16:56:31 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_CsrBtPort_01009.Wdf
[2011.01.25 16:56:18 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_csrusb_01009.Wdf
[2011.01.21 22:17:08 | 000,000,209 | ---- | C] () -- C:\Users\WomTom\Documents\cam.ahk
[2011.01.21 21:20:43 | 000,001,352 | ---- | C] () -- C:\Users\WomTom\Documents\AutoHotkey.ahk
[2011.01.20 01:06:43 | 000,032,088 | ---- | C] () -- C:\Windows\System32\BMXBkpCtrlState-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx
[2011.01.20 00:54:08 | 004,958,588 | ---- | C] () -- C:\Windows\{00000002-00000000-00000007-00001102-00000004-20021102}.CDF
[2011.01.20 00:20:55 | 000,032,088 | ---- | C] () -- C:\Windows\System32\BMXCtrlState-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx
[2011.01.20 00:20:55 | 000,011,564 | ---- | C] () -- C:\Windows\System32\DVCState-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx
[2011.01.19 20:13:39 | 000,001,588 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
[2011.01.18 23:41:35 | 000,006,010 | ---- | C] () -- C:\Windows\System32\CTOPT352.cat
[2011.01.18 23:35:25 | 001,746,360 | ---- | C] () -- C:\Windows\System32\CTAA1.DAT
[2011.01.18 23:32:41 | 007,572,224 | ---- | C] () -- C:\Windows\System32\CT8MGM.SF2
[2011.01.18 23:32:41 | 004,174,814 | ---- | C] () -- C:\Windows\System32\CT4MGM.SF2
[2011.01.18 23:26:34 | 000,032,592 | ---- | C] () -- C:\Windows\System32\BMXStateBkp-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx
[2011.01.18 23:26:34 | 000,032,592 | ---- | C] () -- C:\Windows\System32\BMXState-{00000002-00000000-00000007-00001102-00000004-20021102}.rfx
[2011.01.18 20:14:48 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\BookDrive Editor Pro.lnk
[2011.01.18 15:18:46 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\lvuvc.hs
[2011.01.16 16:13:06 | 000,005,527 | ---- | C] () -- C:\Windows\System32\sys3Start.lic
[2011.01.16 14:32:29 | 000,005,500 | ---- | C] () -- C:\Windows\System32\sys5start.lic
[2011.01.12 03:45:33 | 000,000,613 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.01.10 15:05:23 | 003,482,240 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2011.01.10 15:05:22 | 000,027,264 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2011.01.03 19:14:27 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2010.12.21 17:43:49 | 000,000,034 | ---- | C] () -- C:\Users\WomTom\AppData\Roaming\pcouffin.log
[2010.12.21 17:43:48 | 000,007,887 | ---- | C] () -- C:\Users\WomTom\AppData\Roaming\pcouffin.cat
[2010.12.21 17:43:48 | 000,001,144 | ---- | C] () -- C:\Users\WomTom\AppData\Roaming\pcouffin.inf
[2010.12.21 17:36:06 | 000,001,041 | ---- | C] () -- C:\Users\WomTom\AppData\Roaming\vso_ts_preview.xml
[2010.12.21 16:54:39 | 000,020,693 | ---- | C] () -- C:\Users\WomTom\AppData\Local\StarPort.log
[2010.12.21 15:56:57 | 000,000,228 | ---- | C] () -- C:\Users\WomTom\AppData\Roaming\trueburner.ini
[2010.12.20 20:23:42 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.11.29 14:21:31 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2010.11.29 13:18:13 | 000,077,824 | ---- | C] () -- C:\Windows\System32\ctmmactl.dll
[2010.11.29 13:18:12 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CTBurst.dll
[2010.11.29 13:18:04 | 000,050,466 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2010.11.10 02:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010.11.10 02:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010.11.10 02:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010.09.22 19:54:56 | 000,048,512 | ---- | C] () -- C:\Windows\System32\drivers\RamDiskVE.sys
[2010.07.08 12:16:31 | 000,026,427 | ---- | C] () -- C:\Windows\CSTBox.INI
[2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010.05.21 20:28:31 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.05.21 20:28:30 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.05.07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010.05.07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010.01.28 14:07:31 | 000,007,620 | ---- | C] () -- C:\Users\WomTom\AppData\Local\Resmon.ResmonCfg
[2010.01.26 21:45:15 | 000,005,632 | ---- | C] () -- C:\Users\WomTom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.25 20:05:12 | 000,002,851 | ---- | C] () -- C:\Programme\cdroms.cfg
[2010.01.25 20:05:10 | 000,119,808 | ---- | C] () -- C:\Programme\waiting.avi
[2010.01.25 20:05:10 | 000,027,278 | ---- | C] () -- C:\Programme\frw.bmp
[2010.01.25 20:05:10 | 000,016,296 | ---- | C] () -- C:\Programme\realtfon.fon
[2010.01.25 20:05:09 | 000,067,473 | ---- | C] () -- C:\Programme\realplay.chm
[2010.01.25 20:05:09 | 000,057,762 | ---- | C] () -- C:\Programme\howto.chm
[2010.01.25 20:05:09 | 000,001,209 | ---- | C] () -- C:\Programme\flvplay.swf
[2010.01.25 20:05:06 | 000,053,098 | ---- | C] () -- C:\Programme\presets.rnx
[2010.01.25 20:05:06 | 000,052,829 | ---- | C] () -- C:\Programme\RealNetworks License.html
[2010.01.25 20:05:06 | 000,052,829 | ---- | C] () -- C:\Programme\playrlic.html
[2010.01.25 20:05:06 | 000,051,355 | ---- | C] () -- C:\Programme\RealNetworks License.txt
[2010.01.25 20:05:06 | 000,051,355 | ---- | C] () -- C:\Programme\playrlic.txt
[2010.01.25 20:05:05 | 000,000,480 | ---- | C] () -- C:\Programme\keys.dat
[2010.01.25 20:05:04 | 000,847,007 | ---- | C] () -- C:\Programme\normal.vs
[2010.01.25 20:05:04 | 000,061,495 | ---- | C] () -- C:\Programme\ssimages.vs
[2010.01.25 20:05:01 | 000,102,400 | ---- | C] () -- C:\Programme\HXAudioDeviceHook.dll
[2010.01.25 20:05:00 | 000,001,161 | ---- | C] () -- C:\Programme\autoplaylist.dat
[2010.01.25 20:05:00 | 000,000,043 | ---- | C] () -- C:\Programme\strs23.dat
[2010.01.25 20:05:00 | 000,000,013 | ---- | C] () -- C:\Programme\strs26.dat
[2010.01.25 20:04:40 | 000,023,558 | ---- | C] () -- C:\Programme\freeoffers.ico
[2010.01.25 20:04:40 | 000,017,846 | ---- | C] () -- C:\Programme\videotest.rm
[2010.01.25 20:04:40 | 000,000,221 | ---- | C] () -- C:\Programme\subscription.rnx
[2010.01.25 20:04:40 | 000,000,177 | ---- | C] () -- C:\Programme\freeoffers.rnx
[2010.01.10 14:32:50 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.12.18 15:26:30 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini
[2009.12.10 14:39:10 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.12.03 08:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.11.27 13:45:57 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.11.27 09:02:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.11.27 08:54:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.11.25 02:05:11 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ctrldll.dll
[2009.08.16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2007.04.12 08:10:28 | 000,105,728 | ---- | C] () -- C:\Windows\System32\APOMgrH.dll
[2007.04.09 12:55:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.10.02 09:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\System32\kill.ini
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DDB01966

< End of report >
         

Alt 01.02.2011, 20:28   #17
WomTom
 
Hilfe! Wahrscheinlich schlimmes Rootkit - Standard

Hilfe! Wahrscheinlich schlimmes Rootkit



Code:
ATTFilter
OTL Extras logfile created on: 01.02.2011 20:04:46 - Run 3
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\WomTom\Desktop\MFTools
 An unknown product Service Pack 1, v.721 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17105)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 67,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64,90 Gb Total Space | 37,06 Gb Free Space | 57,10% Space Free | Partition Type: NTFS
Drive D: | 95,00 Gb Total Space | 87,52 Gb Free Space | 92,13% Space Free | Partition Type: NTFS
Drive E: | 72,88 Gb Total Space | 62,17 Gb Free Space | 85,30% Space Free | Partition Type: NTFS
Drive F: | 60,00 Gb Total Space | 42,75 Gb Free Space | 71,25% Space Free | Partition Type: NTFS
Drive G: | 51,79 Gb Total Space | 11,54 Gb Free Space | 22,28% Space Free | Partition Type: NTFS
Drive H: | 298,09 Gb Total Space | 237,05 Gb Free Space | 79,52% Space Free | Partition Type: NTFS
 
Computer Name: WOMTOM-PC | User Name: WomTom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Orbitdownloader\orbitdm.exe" = D:\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Orbitdownloader\orbitnet.exe" = D:\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0306D1CA-FB52-99A0-2F2D-A753DE6FAAA5}" = Catalyst Control Center Graphics Previews Common
"{03851D50-931A-A7B4-C499-83E2D27A6A56}" = WMV9/VC-1 Video Playback
"{04FE949D-172D-45B4-ACE6-6BCFAB5EC563}" = Mindjet MindManager 9
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{11C88EEC-23FC-4181-B6E4-22247E2ABD28}" = Microsoft Expression Web 3
"{12E80513-E131-EEB9-56E1-AAB7850B7151}" = ATI Stream SDK v2 Developer
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}" = CanoScan Toolbox Ver4.5
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1A039D69-3A53-4133-995F-85EE25711011}" = Microsoft Expression Media 2 SP2
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{26E18E78-4CC5-30B2-1ABD-2B5B9063B8F8}" = CCC Help English
"{2B301F4D-8CBF-9BFE-C3C3-FF033858C8AC}" = ccc-utility
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32BA25A2-CFD6-4809-A645-254532C90466}" = Microsoft Expression Studio 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB3F9D4-0020-4A93-A7EB-C931C09ABD29}" = n-tv plus
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper Version 2.7.5
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit June 2009 (Version 3.5.40619.1)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{706EA4A8-97B5-4C29-A0F3-0B38C666F0C4}" = QuarkXPress
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1
"{76737576-1615-4c43-b726-08e8ea284a18}" = Nero 9 Lite
"{768DB68F-A366-A1D7-A69F-FC491919296F}" = Catalyst Control Center InstallProxy
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7AA5E78D-BE64-4EA2-9CA7-DE37DCB3009A}" = Microsoft Expression Blend 3 SDK
"{7C668763-D786-460C-8921-079B8954C352}" = Microsoft Expression Studio 3
"{81B23FE2-2BD6-3593-51CD-59A52B9B9125}" = ccc-core-static
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{857DA860-472D-483E-AC6E-B9D7DDCDB0BA}" = Microsoft Expression Design 3
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client DE-DE Language Pack
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A1EBF29-7CF8-471E-B90B-95FF36AC8248}" = Topaz Simplify 3
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A839F4C2-3C29-07A2-77A7-5C37F4D0432D}" = ATI Catalyst Install Manager
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AABB8DC0-EAD9-AB1A-481D-0780B0277FF7}" = AMD Drag and Drop Transcoding
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.07
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BBD363AA-3F9E-4569-8A52-D1DEECCF5121}" = SoundPackager
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C82185E8-C27B-4EF4-2009-2222BC2C2B6D}" = Microsoft MapPoint Europe 2009
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E1C4F4F3-067B-4E16-87AB-1DF79D287126}" = Microsoft Expression Blend 3
"{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1" = Rootkit Unhooker LE 3.8 SR 2
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E8FC40D9-D7E5-49FC-B58C-D366A3F35874}" = Microsoft Expression Encoder 3
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1000000-0001-0000-0000-074957833700}" = ABBYY FineReader 10 Professional Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F30F4040-D69D-4055-81AD-D08BF8138FD0}_is1" = DVBViewer Recording Properties
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4429C5D-CA5D-4408-BBCB-853CF5076886}" = BookDrive Editor Pro
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F7DB6677-661D-4835-AAD8-1B7F4C98D7CE}" = Switcher 2.0.0
"{F9263444-9913-4896-8D7C-E056C4C5FB38}_is1" = MSRSD v4.26
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"AC3Filter" = AC3Filter (remove only)
"AcMgrDDL" = DDL und DTS Connect-Lizenzaktivierung
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"AudioCS" = Creative-Audiokonsole
"AutoHotkey" = AutoHotkey 1.0.48.05
"Blend_3.0.1938.0" = Microsoft Expression Blend 3
"CD Bremse_is1" = CD Bremse 1.49
"Citavi" = Citavi 2.5
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1
"Creative MediaSource DVD-Audio Player" = Creative MediaSource DVD-Audio Player
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Debut" = Debut Video Capture Software
"Design_6.0.1739.0" = Microsoft Expression Design 3
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DriverAgent.exe" = DriverAgent by eSupport.com
"DTS Connect Pack" = DTS Connect Pack
"DVBViewer Pro_is1" = DVBViewer Pro
"DVBViewer Recording Service_is1" = DVBViewer Recording Service
"Easy Video Downloader_is1" = Easy Video Downloader v. 2.0
"Encoder_3.0.1332.0" = Microsoft Expression Encoder 3
"Equalizer" = Creative-Grafik-Equalizer
"ERUNT_is1" = ERUNT 1.1j
"ExpressionStudio_2.0.133.0" = Microsoft Expression Studio 2
"ExpressionStudio_3.0.1064.0" = Microsoft Expression Studio 3
"FileZilla Client" = FileZilla Client 3.3.5
"Flash Renamer_is1" = Flash Renamer 6.31
"FlashGet" = FlashGet 1.9.6.1073
"Foxit Reader" = Foxit Reader
"Fraunhofer MP3 Codec Pro 1.263" = Fraunhofer MP3 Codec Pro 1.263
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.4.10
"Free Studio_is1" = Free Studio version 4.8
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6.16
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"IsoBuster_is1" = IsoBuster 2.6
"KillProcess" = KillProcess 2.44
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.9.0
"Kyocera Product Library" = Kyocera Product Library
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Movie Studio for Samsung" = Movie Studio for Samsung 2.0
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Firefox 4.0b10 (x86 de)" = Mozilla Firefox 4.0b10 (x86 de)
"Mp3tag" = Mp3tag v2.46a
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"PDF-XChange 3_is1" = PDF-XChange 3
"RealPlayer 12.0" = RealPlayer
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SDEPRO20_is1" = SDExplorer 2.1
"SFBM" = SoundFont-Bank-Manager
"SoundPackager" = SoundPackager
"Spdifer_is1" = Spdifer 0.3b
"SPEAKER" = Creative Lautsprechereinstellungen
"ToonIt PS" = ToonIt!
"Topaz Simplify 3" = Topaz Simplify 3
"UltraISO_is1" = UltraISO Premium V9.36
"Uninstall_is1" = Uninstall 1.0.0.1
"URLSnooper 2_is1" = URL Snooper v2.28.01
"VLC media player" = VLC media player 1.1.5
"WaveStudio 7" = Creative WaveStudio 7
"Web_3.0.3813.0" = Microsoft Expression Web 3
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows7FirewallControl_is1" = Windows7FirewallControl (i386) 4.0.144.38
"WinISO_is1" = WinISO 5.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR Archivierer
"Winstep Xtreme_is1" = Nexus 10.1 Update
"Wireshark" = Wireshark 1.4.3
"ZDFmediathek_is1" = ZDFmediathek Version 2.0.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f58cbb372ebb2ec8" = Media Center Studio
"fc92d19c2b82cf91" = A+FileRename
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.11.2010 15:19:02 | Computer Name = WomTom-PC | Source = MsiInstaller | ID = 11706
Description = 
 
Error - 30.11.2010 15:19:05 | Computer Name = WomTom-PC | Source = MsiInstaller | ID = 11706
Description = 
 
Error - 30.11.2010 15:19:52 | Computer Name = WomTom-PC | Source = MsiInstaller | ID = 11706
Description = 
 
Error - 30.11.2010 15:19:55 | Computer Name = WomTom-PC | Source = MsiInstaller | ID = 11706
Description = 
 
Error - 01.12.2010 11:10:53 | Computer Name = WomTom-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: dvbviewer.exe, Version: 4.5.0.0, 
Zeitstempel: 0x2a425e19  Name des fehlerhaften Moduls: dvbviewer.exe, Version: 4.5.0.0,
 Zeitstempel: 0x2a425e19  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00016e39  ID des fehlerhaften
 Prozesses: 0x16d4  Startzeit der fehlerhaften Anwendung: 0x01cb91635da57ab7  Pfad der
 fehlerhaften Anwendung: D:\DVBViewer\dvbviewer.exe  Pfad des fehlerhaften Moduls:
 D:\DVBViewer\dvbviewer.exe  Berichtskennung: 3062613e-fd5d-11df-99ca-001d7d939171
 
Error - 01.12.2010 22:30:00 | Computer Name = WomTom-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: dvbviewer.exe, Version: 4.5.0.0, 
Zeitstempel: 0x2a425e19  Name des fehlerhaften Moduls: dvbviewer.exe, Version: 4.5.0.0,
 Zeitstempel: 0x2a425e19  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00016daf  ID des fehlerhaften
 Prozesses: 0x15bc  Startzeit der fehlerhaften Anwendung: 0x01cb91c89ad178cd  Pfad der
 fehlerhaften Anwendung: D:\DVBViewer\dvbviewer.exe  Pfad des fehlerhaften Moduls:
 D:\DVBViewer\dvbviewer.exe  Berichtskennung: 0f4fedc3-fdbc-11df-99ca-001d7d939171
 
Error - 02.12.2010 08:10:03 | Computer Name = WomTom-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TTTVRC.exe, Version: 5.17.0.387, 
Zeitstempel: 0x4a1bb90b  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, 
Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0xeb141c04  ID des fehlerhaften
 Prozesses: 0xb60  Startzeit der fehlerhaften Anwendung: 0x01cb9217f373d2db  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Common Files\TerraTec\Remote\TTTVRC.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 1737bf69-fe0d-11df-bd83-001d7d939171
 
Error - 03.12.2010 10:55:53 | Computer Name = WomTom-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TTTVRC.exe, Version: 5.17.0.387, 
Zeitstempel: 0x4a1bb90b  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, 
Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0xeb141e04  ID des fehlerhaften
 Prozesses: 0x1e4  Startzeit der fehlerhaften Anwendung: 0x01cb92da62724f75  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Common Files\TerraTec\Remote\TTTVRC.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 6cc2a09f-feed-11df-a749-001d7d939171
 
Error - 04.12.2010 11:01:04 | Computer Name = WomTom-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: dvbviewer.exe, Version: 4.5.0.0, 
Zeitstempel: 0x2a425e19  Name des fehlerhaften Moduls: dvbviewer.exe, Version: 4.5.0.0,
 Zeitstempel: 0x2a425e19  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00016dfd  ID des fehlerhaften
 Prozesses: 0x1568  Startzeit der fehlerhaften Anwendung: 0x01cb93b1df414f3d  Pfad der
 fehlerhaften Anwendung: D:\DVBViewer\dvbviewer.exe  Pfad des fehlerhaften Moduls:
 D:\DVBViewer\dvbviewer.exe  Berichtskennung: 503a14b5-ffb7-11df-8027-001d7d939171
 
Error - 08.12.2010 07:34:51 | Computer Name = WomTom-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: dvbviewer.exe, Version: 4.5.0.0, 
Zeitstempel: 0x2a425e19  Name des fehlerhaften Moduls: dvbviewer.exe, Version: 4.5.0.0,
 Zeitstempel: 0x2a425e19  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00016df7  ID des fehlerhaften
 Prozesses: 0x17d8  Startzeit der fehlerhaften Anwendung: 0x01cb96c784e1b0ea  Pfad der
 fehlerhaften Anwendung: D:\DVBViewer\dvbviewer.exe  Pfad des fehlerhaften Moduls:
 D:\DVBViewer\dvbviewer.exe  Berichtskennung: 2adc2956-02bf-11e0-acd6-001d7d939171
 
[ Media Center Events ]
Error - 04.01.2010 12:44:42 | Computer Name = WomTom-PC | Source = MCUpdate | ID = 0
Description = 17:44:42 - Fehler beim Herstellen der Internetverbindung.  17:44:42 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 04.01.2010 12:45:13 | Computer Name = WomTom-PC | Source = MCUpdate | ID = 0
Description = 17:44:47 - Fehler beim Herstellen der Internetverbindung.  17:44:47 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.03.2010 16:33:09 | Computer Name = WomTom-PC | Source = MCUpdate | ID = 0
Description = 21:33:09 - Fehler beim Herstellen der Internetverbindung.  21:33:09 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.03.2010 16:33:50 | Computer Name = WomTom-PC | Source = MCUpdate | ID = 0
Description = 21:33:38 - Fehler beim Herstellen der Internetverbindung.  21:33:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 31.01.2011 06:49:55 | Computer Name = WomTom-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   StarRAM  TCPZ
 
Error - 01.02.2011 08:22:01 | Computer Name = WomTom-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   StarRAM  TCPZ
 
Error - 01.02.2011 11:57:00 | Computer Name = WomTom-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
 
Error - 01.02.2011 11:57:01 | Computer Name = WomTom-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
 
Error - 01.02.2011 11:57:01 | Computer Name = WomTom-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
 
Error - 01.02.2011 11:57:02 | Computer Name = WomTom-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
 
Error - 01.02.2011 11:57:02 | Computer Name = WomTom-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
 
Error - 01.02.2011 14:48:23 | Computer Name = WomTom-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows7FirewallService" wurde unerwartet beendet. Dies ist
 bereits 1 Mal passiert.
 
Error - 01.02.2011 14:50:49 | Computer Name = WomTom-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Microsoft Antimalware Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 15000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 01.02.2011 14:52:37 | Computer Name = WomTom-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   StarRAM  TCPZ
 
 
< End of report >
         
__________________


Alt 02.02.2011, 15:31   #18
M-K-D-B
/// TB-Ausbilder
 
Hilfe! Wahrscheinlich schlimmes Rootkit - Standard

Hilfe! Wahrscheinlich schlimmes Rootkit



Hallo WomTom,



Dein OTL-Fix hat wieder nicht funktioniert. Also versuchen wir das gleich nochmal. Beachte, dass du alle Zeilen genau wie in der folgenden Code-Box auch bei OTL einfügst.



Schritt # 1: Fix mit OTL
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DDB01966

:commands
[Emptytemp]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread




Schritt # 2: Wichtige Updates
Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Hacken für den McAfee SecurityScan.
Als alternative würde ich dir den schlankeren Foxit Reader empfehlen





Schritt # 3: Java deinstallieren/neu installieren
Deine Javaversion ist veraltet. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen müssen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von prm753 herunter und entpacke es auf den Desktop. JavaRA ist geeignet für Windows 9x, 2k, XP und Vista (mit deaktivierter Benuterkontensteuerung).
  • Schließe alle Browserfenster.
  • Doppelklicke die JavaRa.exe, um das Programm zu starten.
  • Die Sprache auswählen, nimm Englisch und klicke "Select".
  • Klicke auf Additional Task, mache Haken bei Remove Useless JRE Files und Remove Sun Download Manager.
  • Klicke auf Go und jeweils auf Ok und schließe das Fenster "Additional Tasks" wieder.
  • Klicke auf Remove Older Versions, um alte Java-Versionen, die auf dem Rechner installiert sind, zu entfernen.
  • Klicke auf Yes wenn es verlangt wird. Wenn JavaRa fertig, erscheint eine Notiz, dass ein Logfile erstellt wurde, klicke OK.
  • Das Logfile wird im Editor geöffnet, bitte speichern und später hier posten.
  • Kontrolliere in Systemsteuerung => Programme, ob noch Java-Versionen vorhanden sind und deinstalliere diese.
  • Rechner neu starten.
Downloade nun Java (Java Runtime Environment (JRE) 6 Update 23) von Oracle und installiere es. Vor dem Download musst Du die Lizenzbedingungen akzeptieren, indem Du "Accept License Agreement" aktivierst. Erweiterte Optionen anhaken, Sponsoren-Programm (Toolbar oder ähnliches) ggfs. abwählen.





Schritt # 4: ESET Online Scanner
Bitte während des Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threads kein Haken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.




Schritt # 5: Durchführung einer Sicherheitskontrolle
Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.
Poste den Inhalt bitte hier.





Schritt # 6: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
  • das Logfile des OTL-Fix ,
  • das Logfile des ESET Online Scanners und
  • das Logfile von SecurityCheck.
__________________

Alt 02.02.2011, 19:43   #19
WomTom
 
Hilfe! Wahrscheinlich schlimmes Rootkit - Standard

Hilfe! Wahrscheinlich schlimmes Rootkit



All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsot\Internet Explorer\Restrictions\ not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
ADS C:\ProgramData\TempFC5A2B2 deleted successfully.
ADS C:\ProgramData\Temp:A8ADE5D8 deleted successfully.
ADS C:\ProgramData\TempDB01966 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: WomTom
->Temp folder emptied: 3079852 bytes
->Temporary Internet Files folder emptied: 105958 bytes
->Java cache emptied: 624338 bytes
->FireFox cache emptied: 44970959 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1689 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70626 bytes
RecycleBin emptied: 778960 bytes

Total Files Cleaned = 47,00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02022011_160534

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\hsperfdata_WOMTOM-PC$\1780 not found!

Registry entries deleted on Reboot...

Alt 02.02.2011, 19:44   #20
WomTom
 
Hilfe! Wahrscheinlich schlimmes Rootkit - Standard

Hilfe! Wahrscheinlich schlimmes Rootkit



Code:
ATTFilter
JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Feb 02 16:22:10 2011

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

Found and removed: Applications\java.exe

Found and removed: Applications\javaw.exe

Found and removed: JavaPlugin.FamilyVersionSupport

Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

Found and removed: JavaScript

Found and removed: JavaScript Author

Found and removed: JavaScript1.1

Found and removed: JavaScript1.1 Author

Found and removed: JavaScript1.2

Found and removed: JavaScript1.2 Author

Found and removed: SOFTWARE\Classes\JavaPlugin

Found and removed: SOFTWARE\Classes\JavaPlugin.160_22

------------------------------------

Finished reporting.



There was an error removing C:\Users\WomTom\Start Menu\Programs\Sun Download Manager 2.0 (local). The error returned was 124.

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Feb 02 16:23:36 2011

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing \Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

------------------------------------

Finished reporting.
         


Alt 02.02.2011, 19:45   #21
WomTom
 
Hilfe! Wahrscheinlich schlimmes Rootkit - Standard

Hilfe! Wahrscheinlich schlimmes Rootkit



Results of screen317's Security Check version 0.99.8
Windows 7 Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

ESET Online Scanner v3
Windows7FirewallControl (i386) 4.0.144.38
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 23
Adobe Flash Player 10.1.102.64
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````

Alt 02.02.2011, 19:56   #22
WomTom
 
Hilfe! Wahrscheinlich schlimmes Rootkit - Standard

Hilfe! Wahrscheinlich schlimmes Rootkit



Mit der Deinstallation von Java gab es Probleme. Das Ausführen des Javara hat zwar geklappt, jedoch war noch ein Java update in Systemsteuerung-> Software vorhanden, das ich nicht deinstallieren konnte (ein Fehler, verursacht durch regutils.dll). Das neue Java Packet lies sich mit dem gleichen Fehler auch erst nicht installieren. Konnte das update jedoch mit einem anderen tool deinstallieren und die Installation des neuen Java-Packets hat dann auch geklappt. Der Eset Onlinescanner hat mit Firefox nicht funktioniert. Er hat vorm updatedownload abgebrochen (Meldung: Proxy configured?). Auf den Seiten von Eset steht jedoch, dass er den Donloadproxy selbst erkennt. Ich bin auch nicht mit Proxy online. Im Internetexplorer hat dem Anschein nach dann alles geklappt. Aber nur dem Anschein nach. Es wurden keine Fehler gemeldet oder Ähnliches. Jedoch hat er nur eine Sekunde gestartet und dann stand gleich beendet da und keine Funde. Antivirus, Firewall, Anti-Malware war alles deaktiviert. Siehe Logfile:

Alt 02.02.2011, 19:57   #23
WomTom
 
Hilfe! Wahrscheinlich schlimmes Rootkit - Standard

Hilfe! Wahrscheinlich schlimmes Rootkit



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=0
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=b76ad0d24cf43d409395358721ca7790
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-02 05:59:51
# local_time=2011-02-02 06:59:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1, v.721
# compatibility_mode=512 16777215 100 0 459561 459561 0 0
# compatibility_mode=5893 16776574 100 94 438599 48300782 0 0
# compatibility_mode=8192 67108863 100 0 4485 4485 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
esets_scanner_update returned -1 esets_gle=0
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=b76ad0d24cf43d409395358721ca7790
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-02 06:01:13
# local_time=2011-02-02 07:01:13 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1, v.721
# compatibility_mode=512 16777215 100 0 459643 459643 0 0
# compatibility_mode=5893 16776574 100 94 438681 48300864 0 0
# compatibility_mode=8192 67108863 100 0 4567 4567 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
esets_scanner_update returned -1 esets_gle=0
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=b76ad0d24cf43d409395358721ca7790
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true

Alt 02.02.2011, 20:50   #24
M-K-D-B
/// TB-Ausbilder
 
Hilfe! Wahrscheinlich schlimmes Rootkit - Standard

Hilfe! Wahrscheinlich schlimmes Rootkit



Hallo WomTom,


folgendes funktioniert nur mit dem Internet Explorer:


Schritt # 1: Kaspersky Online ScannerBitte während des Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Java muss installiert, aktiv und erlaubt sein.
  • Bebilderte Anleitung von sundavis.
    • Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick.
    • Wir werden Dir helfen, die Funde manuell vom System zu entfernen.
  • Die Datenschutzerklärung akzeptieren.
  • Programm installieren lassen.
  • Update der Signaturen installieren lassen.
  • Wenn der Status "Complete" ist,
  • Scan-Einstellungen (Settings) Standard lassen
  • Links den Link "My Computer" anklicken.
  • Scan beginnt automatisch.
  • Wenn der Scan fertig ist, auf "View scan report" klicken,
  • "Save report as" und Dateityp auf .txt umstellen,
  • und auf dem Desktop als Kaspersky.txt speichern.
  • Logdatei hier posten.
  • Deinstallation ist nicht nötig, alle Dateien werden in temporären Ordnern gespeichert.




Schritt # 2: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
  • das Logfile von Kaspersky Online Scanner.

Alt 03.02.2011, 10:55   #25
WomTom
 
Hilfe! Wahrscheinlich schlimmes Rootkit - Standard

Hilfe! Wahrscheinlich schlimmes Rootkit



Also, Kaspersky hat auch nicht funktioniert (Meldung: License expired) -> Bin ich wohl auch nicht der einzige bei dem das so ist... Eset hat dann aber komischer Weise doch funktioniert:

Alt 03.02.2011, 10:57   #26
WomTom
 
Hilfe! Wahrscheinlich schlimmes Rootkit - Standard

Hilfe! Wahrscheinlich schlimmes Rootkit



ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=0
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=b76ad0d24cf43d409395358721ca7790
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-03 01:05:36
# local_time=2011-02-03 02:05:36 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1, v.721
# compatibility_mode=512 16777215 100 0 485106 485106 0 0
# compatibility_mode=5893 16776574 100 94 467744 48326327 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=b76ad0d24cf43d409395358721ca7790
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-03 03:26:23
# local_time=2011-02-03 04:26:23 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1, v.721
# compatibility_mode=512 16777215 100 0 485247 485247 0 0
# compatibility_mode=5893 16776574 100 94 467885 48326468 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=190306
# found=9
# cleaned=0
# scan_time=8305
C:\downloads\sdexplorer-formerly-skydrive-explorer-2.1.2.154.exe a variant of Win32/Sefnit.AL trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Win7codecs\Tools\Settings32.exe Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Win7codecs\{C68B319D-E153-4557-BAEB-0987320636A7}\Win7codecs.msi Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Win7codecs\{C68B319D-E153-4557-BAEB-0987320636A7}\Win7codecs.msi Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\FixCamera.exe a variant of Win32/KillProc.B application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\f23ec.msi Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\7c9cd3cb-7cf6756b multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\7d85bff8-2863eb84 multiple threats (unable to clean) 00000000000000000000000000000000 I
D:\Spybot - Search & Destroy\HISYUQOMNUNWSWYDQU.scr probably unknown NewHeur_PE virus (unable to clean) 00000000000000000000000000000000 I

Alt 04.02.2011, 19:01   #27
M-K-D-B
/// TB-Ausbilder
 
Hilfe! Wahrscheinlich schlimmes Rootkit - Standard

Hilfe! Wahrscheinlich schlimmes Rootkit



Hallo WomTom,



Schritt # 1: Fragen beantworten
Bitte beantworte uns folgende Fragen:
  • Woher hast du diese Datei?
    Code:
    ATTFilter
    C:\downloads\sdexplorer-formerly-skydrive-explorer-2.1.2.154.exe
             
  • Laut ESET Online Scanner ist diese Datei mit Malware infiziert bzw. selbst Malware. Daher empfehle ich dir dringend, diese Datei manuell zu löschen und auch den Papierkorb anschließend zu leeren.




Schritt # 2: Java Cache leeren
  • Folge dem Pfad: Start > Systemsteuerung > Programme > Java
  • Unter dem Tab Allgemein wähle unten Einstellungen
  • Klicke auf Dateien löschen und bestätige mit Ok.
  • Schließe Java.



Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Dein Rechner ist sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.




Schritt # 3: ComboFix deinstallieren
Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.
Code:
ATTFilter
Combofix /Uninstall
         


Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.





Schritt # 4: Systembereinigung mit OTL
Als nächstes müssen wir alle Programme, die zur Malwarebeseitigung notwendig waren, entfernen:
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Button Bereinigung.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.




Schritt # 5: Systembereinigung mit Load.exe
Als nächstes müssen wir weitere Programme, die zur Malwarebeseitigung notwendig waren, entfernen:
  • Starte bitte die Load.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Button Clean Up.
  • Starte deinen Rechner neu auf.




Schritt # 6: Programme deinstallieren
  • Deinstalliere als nächstes bitte folgende Programme über die Systemsteuerung:
    • HijackThis
    • ESET Online Scanner
    • ERUNT
  • Führe gegebenenfalls einen Neustart deines Rechners durch.
  • Deinstalliere gegebenenfalls weitere Dateien und Programme, die wir verwendet haben, manuell, falls sie noch nicht von deinem Rechner entfernt wurden.



Schritt # 7: Systemwiederherstellungspunkte löschen
Es ist nicht auszuschließen, dass durch die Malware auch Wiederherstellungspunkte infiziert sind. Dieses Problem behebst du wie folgt:
  • Windows + R Taste drücken --> cleanmgr ( eingeben ) --> OK
  • Wähle nun deine Systemplatte ( normal C: ).
  • Klicke auf Systemdateien bereinigen --> erneut die Systemplatte wählen --> Reiter Weitere Optionen
  • und klicke auf Systemwiederherstellung und Schattenkopien bereinigen.




Schritt # 8: Windows Update aktivieren
Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.
  • Windows + R Taste drücken.
  • Kopiere nun folgenden Text in die Kommandozeile:
    Code:
    ATTFilter
    RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl
             
  • Klicke auf Ok.
  • Stelle sicher, dass die automatischen Updates aktiviert sind.




Schritt # 9: Schutz vor weiteren Infektionen
Damit du in Zukunft vor ähnlichen Infektionen geschützt bist, empfehle ich dir noch ein paar nützliche Programme inklusive ein paar Tipps.
  • Vergewissere dich, dass dein Virenscanner stets aktuell ist und regelmäßig Updates erhält.
  • Daneben empfehle ich dir die Verwendung eines der folgenden Anti-Malware tools:
  • SpywareBlaster
    Eine Anleitung findest du hier
  • MVPs hosts file
    Eine Einführung findest du hier
  • Öffne keine E-Mails oder deren Anhänge, wenn du den Absender nicht kennst!
  • Verwende keine Filesharing Programme, da damit sehr oft Malware übertragen wird!
  • Verwende keine Keygens, Cracks, Cheats, etc.!
  • Halte ALLE deine Programme aktuell, z. B. mit dem Online Secunia Inspector!




Schritt # 10: Deine Rückmeldung
Bitte gib uns kurz Bescheid, wenn alles erledigt ist und du keine Fragen mehr hast, damit ich das Thema aus meinen Abos löschen kann.

Alt 05.02.2011, 21:04   #28
WomTom
 
Hilfe! Wahrscheinlich schlimmes Rootkit - Standard

Hilfe! Wahrscheinlich schlimmes Rootkit



So, alles Ausgeführt. Die besagte Datei stammte aus einer unsicheren Quelle. Wurde aber nicht ausgeführt und gelöscht. Vielen Dank nochmal. Ihr seit echte Helden hier. Threat kann geschlossen werden.

Alt 06.02.2011, 11:16   #29
M-K-D-B
/// TB-Ausbilder
 
Hilfe! Wahrscheinlich schlimmes Rootkit - Standard

Hilfe! Wahrscheinlich schlimmes Rootkit



Es freut uns, dass wir helfen konnten.

Damit ist dieses Thema beendet.

Thema geschlossen

Themen zu Hilfe! Wahrscheinlich schlimmes Rootkit
avira, bluescreen, dringend, firefox, firewall, gefährlich, hijack, hijackthis, leitet, ms security essentials, problem, programme, revealer, rootkit, scan, security, seite, seiten, starten, suchmaschine, tabs mit werbung, updates, werbung, windows, windows updates, öffnet




Ähnliche Themen: Hilfe! Wahrscheinlich schlimmes Rootkit


  1. Schweres Problem -Rootkit wahrscheinlich
    Log-Analyse und Auswertung - 18.03.2010 (3)
  2. Habe wahrscheinlich einen Virus....bitte um dringende Hilfe
    Plagegeister aller Art und deren Bekämpfung - 31.08.2009 (2)
  3. Benötige Hilfe, da PC wahrscheinlich mit Virus befallen ist.
    Log-Analyse und Auswertung - 26.07.2009 (5)
  4. PC wahrscheinlich infiziert, bitte um Hilfe und Prüfung
    Log-Analyse und Auswertung - 12.07.2009 (59)
  5. Hilfe Rootkit!!!
    Log-Analyse und Auswertung - 29.06.2009 (0)
  6. PC sehr wahrscheinlich infiziert / Bitte um Hilfe
    Log-Analyse und Auswertung - 10.02.2009 (1)
  7. HILFE zu Win32:Rootkit-gen [Rtk] !!!!!!!!!!
    Mülltonne - 08.12.2008 (0)
  8. HEUR/Malware ist das was schlimmes?
    Mülltonne - 08.11.2008 (0)
  9. Win 32 rootkit gen Hilfe!!!
    Log-Analyse und Auswertung - 21.05.2008 (27)
  10. Bitte um Hilfe. PC ist wahrscheinlich infiziert
    Plagegeister aller Art und deren Bekämpfung - 21.12.2007 (11)
  11. Wahrscheinlich trojaner/wurm verseucht bitte um Hilfe
    Log-Analyse und Auswertung - 18.05.2007 (5)
  12. Bitte um Hilfe bei TR/Rootkit.L.
    Log-Analyse und Auswertung - 20.07.2005 (0)
  13. Hilfeee!Hab mir auch was schlimmes eingefangen!!!
    Log-Analyse und Auswertung - 19.01.2005 (10)
  14. Hilfe, hab mir irgendwas schlimmes eingefangen
    Log-Analyse und Auswertung - 14.01.2005 (4)
  15. schlimmes log?
    Log-Analyse und Auswertung - 20.12.2004 (10)
  16. Hilfe für wahrscheinlich verseuchten PC?!
    Log-Analyse und Auswertung - 07.12.2004 (5)
  17. Keine Sorge nichts schlimmes!
    Alles rund um Mac OSX & Linux - 11.02.2003 (1)

Zum Thema Hilfe! Wahrscheinlich schlimmes Rootkit - Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 01.02.2011 20:04:46 - Run 3 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\WomTom\Desktop\MFTools An unknown product Service Pack 1, v.721 - Hilfe! Wahrscheinlich schlimmes Rootkit...
Archiv
Du betrachtest: Hilfe! Wahrscheinlich schlimmes Rootkit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.