| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: kazy.mekml.1 seit gerade ebenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.04.2011, 08:49
| #1 |
 |  kazy.mekml.1 seit gerade eben Seit gut einer stunde bin ich von oben genanntem Trojaner betroffen es kommen immer meldungen Kritischer festplattenfehler desktop ist schwarz nur papierkorb zu sehen schnellstart usw.. alles leer habe ein wenig im forum geschaut und schonmal die logfiles mit OTL gemacht nutze den laptop im mom im abgesicherten Modus Dake schonmal OTL.txt Code:
ATTFilter OTL logfile created on: 21.04.2011 09:30:52 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = D:\Mozilla Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free 6,00 Gb Paging File | 6,00 Gb Available in Paging File | 92,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 59,09 Gb Total Space | 13,83 Gb Free Space | 23,41% Space Free | Partition Type: NTFS Drive D: | 226,00 Gb Total Space | 136,18 Gb Free Space | 60,26% Space Free | Partition Type: NTFS Computer Name: SAMSUNG | User Name: Meier | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Mozilla Downloads\OTL.exe (OldTimer Tools) PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - D:\Mozilla Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (McAfee SiteAdvisor Service) -- File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SbieSvc) -- D:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (StarWindServiceAE) -- D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE () SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (SbieDrv) -- D:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.) DRV - (GarenaPEngine) -- C:\Users\Meier\AppData\Local\Temp\EIYFBAE.tmp () DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: staff@hide-my-ip.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: speedtest@gotomyhelp.com:1.2.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: stealthyextension@gmail.com:0.8 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.03.25 18:41:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.03.25 18:41:01 | 000,000,000 | ---D | M] [2010.07.22 11:39:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Extensions [2011.04.20 16:21:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions [2010.07.23 14:11:58 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.28 18:36:36 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.07.26 14:18:16 | 000,000,000 | -H-D | M] (FIFA Online Web Launcher) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\eafo3fflauncher@ea.com [2010.08.28 13:49:49 | 000,000,000 | -H-D | M] ("Broadband Speed Test and Diagnostics") -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\speedtest@gotomyhelp.com [2011.04.07 19:28:39 | 000,000,000 | -H-D | M] (Stealthy) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\stealthyextension@gmail.com [2011.04.07 19:28:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\stealthyextension@gmail.com\chrome [2009.10.28 21:30:35 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2010.08.16 13:19:32 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2010.08.19 09:56:53 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.16 20:01:37 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.11 15:52:14 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.02.04 12:16:35 | 000,000,000 | ---D | M] (Hide My IP) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\STAFF@HIDE-MY-IP.COM O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [MRtPNAFMRSnT] C:\ProgramData\MRtPNAFMRSnT.exe (WinTrust) O4 - HKCU..\Run: [PlayNC Launcher] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O8 - Extra context menu item: &Download by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube Download - C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6dfa23fb-b080-11df-968d-001583c2cefa}\Shell - "" = AutoRun O33 - MountPoints2\{6dfa23fb-b080-11df-968d-001583c2cefa}\Shell\AutoRun\command - "" = F:\Set-up.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\MTInstall.exe O33 - MountPoints2\G\Shell\directx\command - "" = G:\Redist\directx8a\dxsetup.exe O33 - MountPoints2\G\Shell\Gamespy\command - "" = G:\Redist\GameSpy\ArcadeInstallMTYCOON108c.exe O33 - MountPoints2\G\Shell\setup\command - "" = G:\MTInstall.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^Meier^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - D:\Program Files\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - D:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: EA Core - hkey= - key= - File not found MsConfig - StartUpReg: NBAgent - hkey= - key= - D:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) MsConfig - StartUpReg: Pando Media Booster - hkey= - key= - C:\Program Files\Pando Networks\Media Booster\PMB.exe () MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - D:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) MsConfig - StartUpReg: SandboxieControl - hkey= - key= - D:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) MsConfig - StartUpReg: Steam - hkey= - key= - File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: USBToolTip - hkey= - key= - C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH) MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: vidc.mjpg - pvmjpg30.dll File not found Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.04.21 08:41:45 | 000,000,000 | -H-D | C] -- C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery [2011.04.21 08:32:28 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe [2011.04.15 18:13:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.04.15 16:14:32 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.15 16:14:32 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.15 16:14:14 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.15 16:14:14 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.15 16:14:14 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.15 16:14:07 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.15 16:14:07 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.15 16:14:07 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.15 16:14:07 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.15 16:14:06 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.15 16:14:06 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.15 16:14:06 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.15 16:14:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.15 16:14:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.15 16:14:06 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.15 16:14:06 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.15 16:14:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.15 16:14:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.15 16:14:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.15 16:13:54 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.15 16:13:53 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.15 16:13:49 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.15 16:13:47 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.15 16:13:44 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.15 16:13:44 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.08 12:19:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acoustica MP3 To Wave Converter Plus [2011.04.08 12:13:16 | 000,000,000 | -H-D | C] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoft [2011.03.27 08:12:11 | 000,000,000 | -H-D | C] -- C:\Users\Meier\AppData\Local\Microsoft Games [2011.03.23 13:19:21 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.03.23 13:19:21 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2010.08.25 19:59:08 | 000,004,096 | -H-- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.21 09:15:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.21 09:11:45 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.21 09:11:45 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.21 09:11:44 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.04.21 08:54:43 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~42589960 [2011.04.21 08:54:43 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~42589960r [2011.04.21 08:54:30 | 000,000,336 | -H-- | M] () -- C:\ProgramData\42589960 [2011.04.21 08:41:46 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~46128904 [2011.04.21 08:41:46 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~46128904r [2011.04.21 08:41:45 | 000,000,583 | -H-- | M] () -- C:\Users\Meier\Desktop\Windows Recovery.lnk [2011.04.21 08:41:36 | 000,000,336 | -H-- | M] () -- C:\ProgramData\46128904 [2011.04.21 08:32:28 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe [2011.04.21 06:52:17 | 000,632,252 | -H-- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.21 06:52:17 | 000,598,900 | -H-- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.21 06:52:17 | 000,127,464 | -H-- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.21 06:52:17 | 000,104,914 | -H-- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.20 20:32:18 | 000,171,008 | -H-- | M] () -- C:\Users\Meier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.20 16:34:59 | 000,000,370 | -H-- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2011.04.15 18:32:00 | 003,810,392 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.08 12:19:07 | 000,000,777 | -H-- | M] () -- C:\Users\Public\Desktop\Acoustica MP3 To Wave Converter PLUS.lnk [2011.04.08 12:17:05 | 000,001,032 | -H-- | M] () -- C:\Users\Meier\Desktop\DVDVideoSoft Free Studio.lnk [2011.04.08 12:17:01 | 000,000,849 | -H-- | M] () -- C:\Users\Meier\Desktop\Free Audio Converter.lnk [2011.04.03 12:14:09 | 000,015,008 | -H-- | M] () -- C:\Users\Meier\Desktop\OpenDocument Text (neu).odt [2011.04.02 13:49:46 | 000,000,915 | -H-- | M] () -- C:\Users\Meier\Desktop\Free YouTube to MP3 Converter.lnk [2011.03.27 08:39:50 | 000,000,349 | -H-- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.21 08:54:43 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~42589960 [2011.04.21 08:54:43 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~42589960r [2011.04.21 08:54:30 | 000,000,336 | -H-- | C] () -- C:\ProgramData\42589960 [2011.04.21 08:41:46 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~46128904 [2011.04.21 08:41:46 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~46128904r [2011.04.21 08:41:45 | 000,000,583 | -H-- | C] () -- C:\Users\Meier\Desktop\Windows Recovery.lnk [2011.04.21 08:41:36 | 000,000,336 | -H-- | C] () -- C:\ProgramData\46128904 [2011.04.08 12:19:07 | 000,000,777 | -H-- | C] () -- C:\Users\Public\Desktop\Acoustica MP3 To Wave Converter PLUS.lnk [2011.04.08 12:13:19 | 000,000,849 | -H-- | C] () -- C:\Users\Meier\Desktop\Free Audio Converter.lnk [2011.04.03 11:13:59 | 000,015,008 | -H-- | C] () -- C:\Users\Meier\Desktop\OpenDocument Text (neu).odt [2011.04.02 13:49:46 | 000,000,915 | -H-- | C] () -- C:\Users\Meier\Desktop\Free YouTube to MP3 Converter.lnk [2011.04.02 13:17:36 | 000,000,370 | -H-- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.11.07 20:54:46 | 000,000,010 | -H-- | C] () -- C:\Windows\popcinfo.dat [2010.10.31 15:25:58 | 000,001,666 | -H-- | C] () -- C:\Windows\Sandboxie.ini [2010.10.25 14:48:52 | 000,000,331 | -H-- | C] () -- C:\Windows\SIERRA.INI [2010.10.25 10:20:49 | 000,000,556 | -H-- | C] () -- C:\Windows\ODBC.INI [2010.10.14 02:36:44 | 000,179,263 | -H-- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.09.24 21:47:43 | 000,000,069 | -H-- | C] () -- C:\Windows\NeroDigital.ini [2010.08.25 20:30:02 | 000,439,308 | -H-- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010.08.25 20:30:00 | 000,982,240 | -H-- | C] () -- C:\Windows\System32\igkrng500.bin [2010.08.25 20:30:00 | 000,092,356 | -H-- | C] () -- C:\Windows\System32\igfcg500m.bin [2010.08.25 19:57:00 | 000,000,151 | -H-- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010.08.25 19:52:00 | 000,208,896 | -H-- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.08.25 19:52:00 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\iglhcp32.dll [2010.08.24 17:46:00 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2010.08.03 15:14:30 | 000,233,472 | -H-- | C] () -- C:\Windows\System32\MafiaSetup.exe [2010.07.26 14:20:42 | 000,139,152 | -H-- | C] () -- C:\Users\Meier\AppData\Roaming\PnkBstrK.sys [2010.07.26 10:58:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.07.26 10:58:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.07.25 18:36:29 | 000,171,008 | -H-- | C] () -- C:\Users\Meier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.24 16:11:17 | 000,000,013 | -H-- | C] () -- C:\Users\Meier\AppData\Roaming\Update.cfg [2010.07.23 21:15:01 | 001,970,176 | -H-- | C] () -- C:\Windows\System32\d3dx9.dll [2010.07.22 11:38:52 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat [2009.08.03 00:21:54 | 000,197,912 | -H-- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.08.03 00:21:52 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.08.03 00:21:52 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009.07.24 05:49:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.07.24 05:20:06 | 000,307,200 | -H-- | C] () -- C:\Windows\SetDisplayResolution.exe [2009.07.24 05:19:37 | 000,000,135 | RH-- | C] () -- C:\Windows\System32\lngEng.ini [2009.07.24 05:19:37 | 000,000,117 | -H-- | C] () -- C:\Windows\System32\lngKor.ini [2009.07.24 05:17:29 | 000,004,280 | -H-- | C] () -- C:\Windows\HotFixList.ini [2009.07.24 05:17:08 | 000,073,728 | -H-- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.07.24 03:52:31 | 000,632,252 | -H-- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.24 03:52:31 | 000,290,748 | -H-- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.24 03:52:31 | 000,127,464 | -H-- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.24 03:52:31 | 000,036,916 | -H-- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.24 03:35:48 | 001,060,424 | -H-- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2009.07.24 03:35:40 | 000,147,456 | -H-- | C] () -- C:\Windows\System32\igfxCoIn_v1540.dll [2009.07.24 03:35:40 | 000,147,172 | -H-- | C] () -- C:\Windows\System32\igfcg550.bin [2008.02.09 18:03:07 | 000,024,576 | -H-- | C] () -- C:\Windows\System32\drivers\Marker.exe [2007.02.26 09:49:12 | 006,139,774 | -H-- | C] () -- C:\Windows\imagine digital freedom.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 003,810,392 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,598,900 | -H-- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,914 | -H-- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010.11.06 17:51:20 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Alawar [2010.11.06 13:48:43 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Boomzap [2010.07.28 14:33:16 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Canneverbe Limited [2010.09.21 12:05:49 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Canon [2010.09.16 20:16:01 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2010.09.11 13:43:49 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Command and Conquer 4 [2010.08.31 22:07:41 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DAEMON Tools Pro [2011.04.08 12:13:16 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoft [2011.04.02 13:50:02 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers [2010.07.24 23:31:46 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\GrabPro [2010.08.22 16:18:53 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\ICQ [2010.07.24 01:57:18 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\MessengerGadget [2010.11.06 15:52:51 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\My Games [2010.09.05 11:58:06 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Need for Speed World [2010.08.16 13:24:03 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\OpenOffice.org [2011.04.20 21:11:11 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Orbit [2010.12.23 12:02:47 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Process Hacker 2 [2010.07.24 23:32:31 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\ProgSense [2010.08.05 12:47:18 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2010.11.06 19:12:24 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Super-Cow [2010.10.01 19:29:51 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Zylom [2011.04.20 16:34:59 | 000,000,370 | -H-- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2011.04.21 09:11:45 | 000,032,582 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.08.05 12:30:26 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Adobe [2010.08.05 12:47:19 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Adobe Mini Bridge CS5 [2010.11.06 17:51:20 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Alawar [2010.11.17 13:17:12 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\ArcSoft [2010.07.22 12:56:35 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Avira [2010.11.06 13:48:43 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Boomzap [2010.07.28 14:33:16 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Canneverbe Limited [2010.09.21 12:05:49 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Canon [2010.09.16 20:16:01 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2010.09.11 13:43:49 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Command and Conquer 4 [2010.08.31 22:07:41 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DAEMON Tools Pro [2010.08.03 08:46:19 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DivX [2011.04.08 12:13:16 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoft [2011.04.02 13:50:02 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers [2010.07.24 23:31:46 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\GrabPro [2010.08.22 16:18:53 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\ICQ [2010.10.01 19:29:51 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Identities [2010.07.22 12:32:40 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\InstallShield [2010.07.22 11:24:25 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Macromedia [2006.11.02 14:37:34 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Media Center Programs [2010.07.24 01:57:18 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\MessengerGadget [2010.08.31 21:52:09 | 000,000,000 | --SD | M] -- C:\Users\Meier\AppData\Roaming\Microsoft [2010.07.22 11:39:02 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Mozilla [2010.11.06 15:52:51 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\My Games [2010.09.05 11:58:06 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Need for Speed World [2010.08.04 15:49:54 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Nero [2010.08.16 13:24:03 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\OpenOffice.org [2011.04.20 21:11:11 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Orbit [2010.12.23 12:02:47 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Process Hacker 2 [2010.07.24 23:32:31 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\ProgSense [2010.08.05 12:47:18 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2010.11.06 19:12:24 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Super-Cow [2010.11.28 12:28:35 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\vlc [2010.07.22 14:07:18 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\WinRAR [2010.10.01 19:29:51 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Zylom < %APPDATA%\*.exe /s > [2010.08.04 20:26:52 | 000,038,784 | -H-- | M] () -- C:\Users\Meier\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010.11.27 14:57:02 | 000,029,926 | RH-- | M] () -- C:\Users\Meier\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe [2010.08.31 21:52:09 | 000,010,134 | RH-- | M] () -- C:\Users\Meier\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | -H-- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2009.02.11 10:26:18 | 000,407,576 | -H-- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.02.11 10:11:50 | 000,329,752 | -H-- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009.02.11 10:11:50 | 000,329,752 | -H-- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys [2009.02.11 10:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | -H-- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | -H-- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | -H-- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | -H-- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | -H-- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | -H-- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | -H-- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 21.04.2011 09:30:52 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Mozilla Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,09 Gb Total Space | 13,83 Gb Free Space | 23,41% Space Free | Partition Type: NTFS
Drive D: | 226,00 Gb Total Space | 136,18 Gb Free Space | 60,26% Space Free | Partition Type: NTFS
Computer Name: SAMSUNG | User Name: Meier | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\Orbitdownloader\orbitdm.exe" = D:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Program Files\Orbitdownloader\orbitnet.exe" = D:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14F3A794-E653-4742-87A0-E0D9B74A1150}" = lport=2300 | protocol=17 | dir=in | name=wolfteam port |
"{208A00FA-10A6-4584-BDF6-B84153B8D04B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{20D028DC-E2FF-4AA2-BAE6-D57BEA8198C4}" = lport=445 | protocol=6 | dir=in | app=system |
"{3CF4BAE3-B7A8-420C-9F33-1E3E5BE7E104}" = lport=13000 | protocol=17 | dir=in | name=hockeydash |
"{56BBB4AF-1C79-49AD-BA89-69A78E1BA809}" = rport=137 | protocol=17 | dir=out | app=system |
"{5E81563F-F878-45A1-ABC2-53A78BBF2EC8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{60F82C58-B1F5-430D-B939-695ADBE7913D}" = lport=137 | protocol=17 | dir=in | app=system |
"{7825D50A-BC25-4214-9FF6-5F5DA05758BC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{78A0BE29-B16C-4D3C-8DFD-617697596852}" = rport=139 | protocol=6 | dir=out | app=system |
"{80CAAB0C-C66C-4B58-BB5E-ADEAAB104BE3}" = lport=49158 | protocol=6 | dir=in | name=akamai netsession interface |
"{83C4E23B-E6B4-48FF-B3AB-F3B8C078A9DA}" = rport=138 | protocol=17 | dir=out | app=system |
"{B5A334D3-744D-4556-9DE4-ED2280B3527D}" = rport=445 | protocol=6 | dir=out | app=system |
"{BA9C339F-776C-48CA-8F3C-9CABA20A0AC5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C5D50928-0BDF-4E0D-A9C9-78DC6296097D}" = lport=139 | protocol=6 | dir=in | app=system |
"{E15B5776-2905-4B62-806C-E92D836B8C14}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{E839F652-3F03-47EF-822A-87177B51B29E}" = lport=8500 | protocol=6 | dir=in | name=hockeydash |
"{EDA4BBDD-1E33-4B4C-83ED-256B45259F11}" = lport=138 | protocol=17 | dir=in | app=system |
"{F11A2D0C-81E9-4DF8-A381-3F1EAA9F44FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031E18BE-36FA-46DA-955C-BEC759A44F1E}" = protocol=17 | dir=in | app=d:\program files\gamigo ag\levelr\levelr.bin |
"{14482ABA-8BA3-45D7-AE86-B5AD8BBC91FC}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{145BCCAE-FF8C-4C68-8D62-3BFAD7B090AD}" = protocol=17 | dir=in | app=d:\program files\icq7.2\icq.exe |
"{18918E82-3E45-42B0-B765-5BF014E12EAD}" = protocol=6 | dir=in | app=d:\program files\ogplanet\hockeydash\hockeydash.exe |
"{28DB716E-D044-41C8-BC84-D0746782E0EF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{29DE2C06-67AF-4ECB-99CD-D144FDDE8A51}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3D17E532-8C8A-41E9-8AC5-091711619F9F}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{41FB5A3B-B8DB-4F89-BE04-B0C50FD174FD}" = protocol=6 | dir=in | app=d:\program files\icq7.2\icq.exe |
"{4E64293B-AD1C-47A1-83A9-99B3BB6DE2F8}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4FEC96A0-E32B-4EB8-ADBD-886F5D907146}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{509C77DC-CDA7-4143-8FE5-73C9AFF929E1}" = protocol=6 | dir=in | app=d:\program files\pinnacle\studio 14\programs\studio.exe |
"{5A721190-AF02-4F9C-BFE0-4BA4C969A297}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5CAB55F0-198A-494F-A879-D1DAC471E84F}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe |
"{625A5FCC-ABAB-47C7-9EE1-1F3B9DCE7DF2}" = protocol=17 | dir=in | app=d:\aeriagames\wolfteam-de\launcher.exe |
"{63160B43-9B30-442C-921F-7A38C30F4E12}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{708A77A5-9AD9-4C9C-A64F-495E9E1A351B}" = protocol=17 | dir=in | app=d:\program files\pinnacle\studio 14\programs\studio.exe |
"{75EC1325-75C3-468B-AE34-AE7FC32CE0A3}" = protocol=17 | dir=in | app=d:\program files\ogplanet\hockeydash\hockeydash.exe |
"{7945870D-0B0A-44D5-89C7-2D466FC1206F}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe |
"{79739634-264F-4246-85CB-8AF22DC10AEA}" = protocol=6 | dir=in | app=d:\program files\icq7.2\icq.exe |
"{7A9A1701-68FA-481A-9269-AF3ABA85252E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7E062F10-FDFB-4AE7-89EB-0B020A64E833}" = protocol=6 | dir=in | app=d:\program files\pinnacle\studio 14\programs\rm.exe |
"{7F3B7155-E63D-4C45-8D83-967F583CF909}" = protocol=6 | dir=in | app=d:\program files\pinnacle\studio 14\programs\umi.exe |
"{8827AF14-989F-414A-BB3B-DE1FFC28085F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{90E5B175-8DDE-4517-B3C6-46821AD32383}" = protocol=17 | dir=in | app=d:\program files\icq7.2\aolload.exe |
"{938A1A2D-A5D3-42E2-A824-3E69ACE5FD02}" = protocol=17 | dir=in | app=d:\program files\icq7.2\aolload.exe |
"{96B2DA6E-944D-4046-8459-13BE12E2C60A}" = protocol=17 | dir=in | app=d:\program files\pinnacle\studio 14\programs\umi.exe |
"{9953B4B4-41BC-4A60-B4D0-51A475A464DA}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9B4FAF45-F301-4EB6-9DE1-F6295DBA383C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9CE18D3A-760D-4754-95DD-5F41135D0EE8}" = protocol=6 | dir=in | app=d:\program files\gamigo ag\levelr\levelr.bin |
"{ABC33052-224A-49F2-B049-B86AA22C87B0}" = protocol=6 | dir=in | app=d:\program files\icq7.2\aolload.exe |
"{AC6DDA29-085F-4E2E-9C94-3A7A9B19D86E}" = protocol=6 | dir=in | app=d:\program files\icq7.2\aolload.exe |
"{B43C8941-CE32-4207-9358-27C1961DE26C}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C629D4C0-D0E2-47D5-85A1-AB690BF75CD2}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C6306FD0-9544-4525-AD7D-A567006CB5DA}" = protocol=17 | dir=in | app=d:\program files\icq7.2\aolload.exe |
"{CEE6AA81-8DAE-4CB6-9155-A8EFF12F20E6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D0A768C8-4813-4B16-95DE-E0B509741A6D}" = protocol=17 | dir=in | app=d:\program files\icq7.2\icq.exe |
"{D18788D9-C34A-4C6D-9019-2FE674E1B734}" = protocol=17 | dir=in | app=d:\program files\pinnacle\studio 14\programs\rm.exe |
"{D64072C8-B969-4D70-B509-80C5E36E3F5D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{E04A4866-9913-4593-9AC2-39B34D64186D}" = protocol=6 | dir=in | app=d:\program files\icq7.2\icq.exe |
"{E62D4474-897C-4754-86CF-ACF4C3EF0F58}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E95772DD-A2D3-46D0-83F6-E146AA9101A8}" = protocol=6 | dir=in | app=d:\program files\icq7.2\aolload.exe |
"{E99363F6-9838-4A88-B24F-F17827D7BB6A}" = protocol=6 | dir=in | app=d:\aeriagames\wolfteam-de\launcher.exe |
"{EA7CD89E-9DF4-4587-945C-7214063469EB}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{ED0F6723-DF8E-4F8D-9ED9-199A13462D46}" = protocol=17 | dir=in | app=d:\program files\icq7.2\icq.exe |
"{F619090B-946A-453A-989F-D821D70C4C00}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F9711B46-B28B-433E-BBF6-AE0DDA226F1C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"TCP Query User{0154C858-B048-4274-BB52-4E2BED70EA39}D:\program files\garena\garena.exe" = protocol=6 | dir=in | app=d:\program files\garena\garena.exe |
"TCP Query User{0C912525-BBD0-4D72-84B3-4D8E2F9F7D05}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{2049B93A-BC75-44D8-A749-91B1F6FBB0FC}D:\program files\ea sports\fifa online\nfe.exe" = protocol=6 | dir=in | app=d:\program files\ea sports\fifa online\nfe.exe |
"TCP Query User{20DAB239-6877-4B28-9A7F-B6AC503BAB75}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{2B9257CA-A7A7-442E-B137-FD0483EA2322}D:\program files\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=6 | dir=in | app=d:\program files\command & conquer 4 tiberian twilight\data\cnc4.game |
"TCP Query User{2F3C5C8D-EE19-4057-AEAE-FC3A71F28505}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{4C8B99BF-8106-42CE-881E-AAEEC388D511}D:\program files\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=d:\program files\left 4 dead\left4dead.exe |
"TCP Query User{6F1124EE-844F-41D6-B384-492B7539FE4E}D:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=d:\program files\atari\test drive unlimited\testdriveunlimited.exe |
"TCP Query User{765D6057-E03D-4F06-A3A8-D53435162FFB}D:\aeriagames\rohan\rohanclient.exe" = protocol=6 | dir=in | app=d:\aeriagames\rohan\rohanclient.exe |
"TCP Query User{DF306364-8A97-458B-ADA7-61BFE493432F}D:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=6 | dir=in | app=d:\aeriagames\wolfteam-de\wolfteam.bin |
"TCP Query User{E3168FDA-A813-4D8B-820A-469E05E29203}D:\program files\steamless left4dead2 pack\left4dead2.exe" = protocol=6 | dir=in | app=d:\program files\steamless left4dead2 pack\left4dead2.exe |
"TCP Query User{ED95F4BC-19A0-43E2-9D47-D97AB9EDA5C0}D:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=d:\program files\electronic arts\eadm\core.exe |
"TCP Query User{F227E3F9-3DC5-406A-BD5F-47B7980A34DB}D:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=d:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{331ADF06-E73E-427E-92B5-C5BAE3FDB54B}D:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=d:\program files\atari\test drive unlimited\testdriveunlimited.exe |
"UDP Query User{4FD0CE6F-EF8C-46F0-9294-E1E0F27A3B2B}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{59E10071-A191-496E-9474-C24026D83D7F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{695EE8C5-EB83-490E-869B-8251A447645C}D:\program files\garena\garena.exe" = protocol=17 | dir=in | app=d:\program files\garena\garena.exe |
"UDP Query User{6BD876F0-8478-4344-A385-087E35512EE5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{7141627E-FB5D-46FB-B374-C031D4C8AC09}D:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=17 | dir=in | app=d:\aeriagames\wolfteam-de\wolfteam.bin |
"UDP Query User{7316A955-D8A0-47E0-A9ED-BB2D909C1A95}D:\aeriagames\rohan\rohanclient.exe" = protocol=17 | dir=in | app=d:\aeriagames\rohan\rohanclient.exe |
"UDP Query User{7888E5C5-AE5F-4910-801C-C404E2E2777A}D:\program files\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=17 | dir=in | app=d:\program files\command & conquer 4 tiberian twilight\data\cnc4.game |
"UDP Query User{789E9993-519A-4E23-A517-42865290795A}D:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=d:\program files\electronic arts\eadm\core.exe |
"UDP Query User{9B3958B9-2089-4533-A191-6A0383A95B7A}D:\program files\ea sports\fifa online\nfe.exe" = protocol=17 | dir=in | app=d:\program files\ea sports\fifa online\nfe.exe |
"UDP Query User{9D723CFA-0C83-4FEA-B59D-D43712C1ADC0}D:\program files\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=d:\program files\left 4 dead\left4dead.exe |
"UDP Query User{BF690DF6-727A-4984-AB2D-20010F9B7D22}D:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=d:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{E95C6208-AE70-4F61-8F64-F9D9517BED7D}D:\program files\steamless left4dead2 pack\left4dead2.exe" = protocol=17 | dir=in | app=d:\program files\steamless left4dead2 pack\left4dead2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1B3EC2E9-67E3-4D10-B1B8-BD71D7DC8930}" = Eternia LastChaos
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 22
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3832FA99-2EDD-41E0-94AD-FBF9FABAFEF9}" = Atheros WLAN Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{68CAE442-579C-4D84-AA5F-253852522ED5}" = PCTroubleshooting
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{8043219B-D2C0-4561-90AB-3F1113ED5A87}" = HERRSCHER DES OLYMP - ZEUS & HERRSCHER von ATLANTIS - POSEIDON
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{852019C5-8AF7-4ECF-BB25-79AE53FBD245}_is1" = Strassenbau Simulator 1.2.16
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B975F4A1-63B6-11D4-BFEC-005004AF2D32}" = Monopoly Tycoon
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAB2778A-31C8-43CC-98C9-FF9FE2842D55}" = Eternia LastChaos
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acoustica MP3 To Wave Converter PLUS" = Acoustica MP3 To Wave Converter PLUS
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"EAX Unified" = EAX Unified
"FLAC" = FLAC 1.2.1b (remove only)
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Audio Converter_is1" = Free Audio Converter version 2.2.16.324
"Free YouTube Download_is1" = Free YouTube Download 2.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"IsoBuster_is1" = IsoBuster 2.8
"JDownloader" = JDownloader
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"Left 4 Dead" = Left 4 Dead
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Monopoly Deluxe" = Monopoly Deluxe
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"PowerISO" = PowerISO
"PROHYBRIDR" = 2007 Microsoft Office system
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"Sandboxie" = Sandboxie 3.50
"Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
| Themen zu kazy.mekml.1 seit gerade eben |
| 4d36e972-e325-11ce-bfc1-08002be10318, ad-aware, akamai, autorun, avgntflt.sys, avira, bho, c:\windows\system32\rundll32.exe, canon, converter, desktop, diagnostics, disabletaskmgr, document, downloader, excel, fehler, festplatte, festplattenfehler, firefox, home, iastor.sys, iexplore.exe, jdownloader, kazy.mekml.1, kritischer festplattenfehler, location, microsoft office 2003, microsoft office word, mozilla, mp3, nvstor.sys, office 2007, oldtimer, otl.exe, pando media booster, plug-in, poweriso, realtek, registry, saver, scan, sched.exe, security update, siteadvisor, software, speedtest, sptd.sys, start menu, svchost.exe, trojaner, usb, vista, wrapper |
Baum-Darstellung