| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Möglicherweise Trojaner? http://www.searchqu.com/406Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.05.2011, 22:41
| #1 |
 |  Möglicherweise Trojaner? http://www.searchqu.com/406 Guten Abend Leute Ich habe mir ein ziemlich hartnäckiges Problem mit dem Namen hxxp://www.searchqu.com/406 eingefangen! Ich habe auch schon ein wenig im Forum gesucht und habe festgestellt dass das einige haben. Wie schon von anderen Usern beschrieben legt sich der Link immer vor meine IGoogle-Startseite.(neuester Firefox) Siehe Pic im Anhang. Ich habe auch ein Logfile mit Combofix erstellt. Hijackthis durchgeführt, hat aber nichts gebracht. Ich habe AVAST als Virenscanner der jeden Download scannt bevor ich diesen ausführe. Ein Virenscann mit neuestem Update hat keinen Fehler ergeben. Muss ein ganz ein schlauer gewesen sein der das programmiert hat.  Na wie auch immer. Ich höffe mir kann geholfen werden. Nun mein Logfile: Combofix Logfile: Code:
ATTFilter ComboFix 11-05-30.05 - Michl 30.05.2011 22:44:02.1.2 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.43.1031.18.4094.2835 [GMT 2:00]
ausgeführt von:: c:\users\Michl\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
c:\users\Michl\AppData\Roaming\Microsoft\Windows\Recent\The Witcher 2.url
c:\users\Michl\AppData\Roaming\Mozilla\Firefox\Profiles\wdxuh5yd.default\searchplugins\SearchquWebSearch.xml
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-28 bis 2011-05-30 ))))))))))))))))))))))))))))))
.
.
2011-05-30 20:56 . 2011-05-30 20:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-30 18:49 . 2011-05-30 18:49 -------- d-----w- c:\program files (x86)\MonitorDriver
2011-05-30 18:49 . 2011-05-30 18:49 -------- d-----w- c:\users\Michl\AppData\Roaming\InstallShield
2011-05-30 18:12 . 2008-11-04 11:12 23096 ----a-w- c:\windows\system32\drivers\MTiCtwl.sys
2011-05-30 18:11 . 2011-05-30 18:12 -------- d-----w- c:\program files\MagicTune Premium
2011-05-30 18:06 . 2011-05-30 18:08 -------- d-----w- C:\Samsung
2011-05-30 09:45 . 2011-05-30 09:45 -------- d-----w- c:\users\Michl\AppData\Roaming\Bandoo
2011-05-30 07:29 . 2011-05-30 07:29 -------- d-----w- c:\users\Michl\AppData\Local\Ilivid Player
2011-05-30 06:33 . 2011-05-30 06:34 -------- d-----w- c:\programdata\Bandoo
2011-05-30 06:33 . 2011-05-30 06:34 -------- d-----w- c:\program files (x86)\Bandoo
2011-05-30 06:33 . 2011-05-25 14:55 1524112 ----a-w- c:\windows\SysWow64\bandoolmx.dll
2011-05-30 06:32 . 2011-05-30 06:32 -------- dc-h--w- c:\programdata\{EF2D8223-8F3C-423E-BFA7-5E8BEEA8A6C2}
2011-05-30 06:31 . 2011-05-30 06:33 -------- d-----w- c:\program files (x86)\iLivid
2011-05-30 06:30 . 2011-05-30 06:31 -------- d-----w- c:\program files (x86)\Windows iLivid Toolbar
2011-05-30 06:28 . 2011-05-30 06:28 -------- d-----w- c:\users\Michl\AppData\Local\PackageAware
2011-05-28 05:15 . 2011-05-30 07:45 -------- d-----w- c:\programdata\NVIDIA
2011-05-28 05:15 . 2011-05-28 05:15 -------- d-----w- c:\users\UpdatusUser
2011-05-28 05:14 . 2011-05-14 04:27 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-05-28 05:14 . 2011-05-14 04:27 3040360 ----a-w- c:\windows\system32\nvsvc64.dll
2011-05-28 05:14 . 2011-05-14 04:27 1016936 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-28 05:14 . 2011-05-14 04:27 794216 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-05-28 05:14 . 2011-05-14 04:27 6289512 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-28 05:14 . 2011-05-14 04:27 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-05-28 05:14 . 2011-05-14 04:27 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-28 05:14 . 2011-05-28 05:14 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-05-28 04:23 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{207A9448-6CD4-498A-B792-3B55D01D5780}\mpengine.dll
2011-05-26 15:19 . 2011-05-26 15:19 -------- d-----w- c:\users\Michl\AppData\Local\PDF24
2011-05-21 16:32 . 2011-05-21 16:32 -------- d-----w- c:\program files (x86)\Conduit
2011-05-21 16:32 . 2011-05-21 16:32 -------- d-----w- c:\users\Michl\AppData\Local\Conduit
2011-05-21 16:31 . 2011-05-28 05:31 -------- d-----w- c:\users\Michl\AppData\Roaming\Xfire
2011-05-21 16:31 . 2011-05-27 05:46 -------- d-----w- c:\programdata\Xfire
2011-05-21 16:31 . 2011-05-21 16:31 -------- d-----w- c:\program files (x86)\Xfire
2011-05-21 05:32 . 2011-05-21 05:32 -------- d-----w- c:\users\Michl\AppData\Local\IsolatedStorage
2011-05-21 05:32 . 2011-05-21 05:32 -------- d-----w- c:\users\Michl\AppData\Local\Futuremark_Corporation
2011-05-21 05:25 . 2011-05-21 05:25 -------- d-----w- c:\program files\Futuremark
2011-05-18 19:35 . 2011-05-18 19:35 -------- d-----w- c:\users\Michl\AppData\Local\The Witcher 2
2011-05-17 10:33 . 2011-05-17 10:33 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-05-16 13:28 . 2011-02-02 19:40 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-16 13:28 . 2011-02-02 19:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-05-15 16:28 . 2011-05-15 16:28 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-15 12:41 . 2011-05-15 12:41 -------- d-----w- c:\program files\iPod
2011-05-15 12:41 . 2011-05-15 12:41 -------- d-----w- c:\program files\iTunes
2011-05-15 12:41 . 2011-05-15 12:41 -------- d-----w- c:\program files (x86)\iTunes
2011-05-15 12:39 . 2011-05-15 12:39 -------- d-----w- c:\program files\Bonjour
2011-05-15 12:39 . 2011-05-15 12:39 -------- d-----w- c:\program files (x86)\Bonjour
2011-05-11 21:47 . 2011-05-11 21:47 71680 ----a-w- c:\windows\system32\frapsv64.dll
2011-05-11 21:47 . 2011-05-11 21:47 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
2011-05-11 09:58 . 2011-05-30 20:40 -------- d-----w- c:\program files (x86)\Common Files\Akamai
2011-05-11 09:57 . 2011-05-24 08:51 -------- d-----w- c:\program files (x86)\Kuma Games
2011-05-09 05:20 . 2011-05-09 05:20 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-05-09 05:20 . 2011-05-09 05:20 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-05-09 05:20 . 2011-05-09 05:20 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-05-09 05:20 . 2011-05-09 05:20 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-05-09 05:20 . 2011-05-09 05:20 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-05-09 05:20 . 2011-05-09 05:20 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-05-09 05:20 . 2011-05-09 05:20 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-09 05:20 . 2011-05-09 05:20 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 15:57 . 2009-08-11 15:20 1629 ----a-w- c:\programdata\xml42DB.tmp
2011-05-29 15:57 . 2009-08-11 15:20 13598 ----a-w- c:\programdata\xml422E.tmp
2011-05-29 15:57 . 2009-08-11 15:20 8942 ----a-w- c:\programdata\xml38AC.tmp
2011-05-16 09:10 . 2009-08-10 19:26 107832 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-04-17 19:57 . 2011-04-17 19:57 41872 ----a-w- c:\windows\SysWow64\xfcodec.dll
2011-04-17 19:57 . 2011-04-17 19:57 27536 ----a-w- c:\windows\system32\xfcodec64.dll
2011-04-06 14:26 . 2011-04-06 14:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:26 . 2011-04-06 14:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-10 17:18 . 2011-04-18 12:07 1360384 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:18 . 2011-04-18 12:07 1398784 ----a-w- c:\windows\system32\mfc42.dll
2011-03-10 17:03 . 2011-04-18 12:07 1162240 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-10 17:03 . 2011-04-18 12:07 1136640 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-07 12:43 . 2011-03-07 12:43 108144 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
2011-03-07 11:32 . 2009-08-10 19:26 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-03-07 11:32 . 2009-08-10 19:26 2337865 ----a-w- c:\windows\SysWow64\pbsvc.exe
2011-03-07 02:08 . 2011-03-07 02:08 93552 ----a-w- c:\windows\SysWow64\ElbyCDIO.dll
2011-03-03 16:02 . 2011-04-18 12:08 975872 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:42 . 2011-04-18 12:08 739328 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-03 13:46 . 2011-04-18 12:07 2762240 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 16:12 . 2011-04-18 12:06 117760 ----a-w- c:\windows\system32\dnsrslvr.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files (x86)\XfireXO\prxtbXfir.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\XfireXO\prxtbXfir.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files (x86)\XfireXO\prxtbXfir.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AsioThk32Reg"="CTASIO.DLL" [2009-06-03 51712]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-26 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\WI371A~1\Datamngr\datamngr.dll c:\progra~2\WI371A~1\Datamngr\IEBHO.dll c:\progra~2\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
R2 BsMobileCS;BsMobileCS;c:\program files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-16 136176]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-01-24 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-09-03 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Shared\Database2\bin\fbserver.exe [2008-08-07 3276800]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-16 136176]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe [2009-05-17 98488]
R3 UPnPService;UPnPService;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-10-21 548864]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-18 27648]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Shared\Database2\bin\FABS.exe [2008-12-16 1155072]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-14 2226792]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
S3 PciPPorts;PCI ECP Parallel Port;c:\windows\system32\DRIVERS\PciPPorts.sys [x]
S3 PciSPorts;High-Speed PCI Serial Port;c:\windows\system32\DRIVERS\PciSPorts.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-16 15:31]
.
2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-16 15:31]
.
2011-05-30 c:\windows\Tasks\User_Feed_Synchronization-{6242D63D-81AE-4DB4-A58D-CF609B1522E2}.job
- c:\windows\system32\msfeedssync.exe [2011-04-18 04:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
2011-03-24 12:30 1058712 ----a-w- c:\progra~2\WI371A~1\Datamngr\x64\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 225792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\WI371A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI371A~1\Datamngr\x64\IEBHO.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.searchqu.com/406
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 195.58.160.194 195.58.161.122
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Michl\AppData\Roaming\Mozilla\Firefox\Profiles\wdxuh5yd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-NWEReboot - (no file)
Toolbar-10 - (no file)
AddRemove-Free Studio_is1 - c:\program files (x86)\DVDVideoSoft\Free Studio\unins000.exe
AddRemove-Free Video to iPhone Converter_is1 - c:\program files (x86)\DVDVideoSoft\Free Video to iPhone Converter\unins000.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2428050025-1395815164-813026020-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:c0,86,da,25,fa,ff,50,ee,bd,fa,c7,20,7f,68,a1,12,07,e2,18,3d,5e,6e,f4,
3a,ea,eb,bd,9a,5c,26,28,73,b5,2e,fe,46,2d,35,d9,68,bb,cc,20,b6,6d,af,8e,c5,\
"??"=hex:03,19,76,33,70,8c,2e,19,d1,71,a8,71,bc,15,cf,05
.
[HKEY_USERS\S-1-5-21-2428050025-1395815164-813026020-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:07,4a,78,c8,69,94,60,d8,5a,32,57,fa,8b,2c,e2,b6,c8,8e,f4,b2,39,
4d,f3,d4,f3,65,72,e5,5a,32,59,f2,11,75,03,56,c5,2d,78,e7,5c,2c,ec,03,b5,de,\
"rkeysecu"=hex:65,63,02,0b,30,32,4d,43,7a,bf,a8,73,6d,9d,27,ea
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="96432B8E97A212BD7D91D3F5F13CB7B1B47D1490DD758ACB79043E9419DF841EAB5D3912B618454C3B12D17B61836F0DB9DC8F90AFD08C6F75D3319488DA017F1F701E4C8FC695AA08DD7BD7AD018D06EC174D57210A4DCE4E591D599D858D5159E6BDA604AB280FE7119B5421FBE640881F14A602C8721915FCEAC4D28E4170643BC641D71B23A1FD5CBBECE90B54D0E77BF1780A0BA672833AC9EC0976372DF17EA56DB3BB347E93852E4F9698B24110C6B678542018F0731FAB9A03120D4A54D30EB1A38709FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A9C6AECB7A5D1407A9C6AECB7A5D1407FC7302533105EBBF5DE26080DE44A73C8501FCAF93CBB4D7F0888C7DE04785D186453105E4004699B8347DDF55517DD06BC4C8B550260DE1381DC5D78290752975FA00719B6C6D29149A10C6910CD0D3CD31348237814FDC9F78AF14206E01A296C77621536431A56DC132FC5159930EF78B93C0662D3440DE186FE1D5B645872F022F62C467B248347A969486038EC9A33CCB622CD9470A9E1EBF2F6DA33426F4A5DB4858DAE6514CB77F5FD8B25AD705D1D4990D9CE739FCD07033E853115013CF3D28AA0318810D914673227BE60BC07ABC603FEE49540C9960677B49765B29452C9C0F8E64A144C5D6ADF0CF77BB6D8DA472AE2EF4E3D28609888F6A4FA0496B13838A0A3C7A313131AC0889A0C51B02424F7A9BC4F24A4AF3954082DCFDFB4EF1FED4EAE7DB8659EA535EE350874976DE3A77DC69936039BD57DD3F35D5BA9B5A755D087E98EE66AA491DFEC2656C2BD6BD2C7C6659784E9A546DB3BF0C75A77610459C6F8604A32EF824610C47EE839CA455E593DDE628CF5B2855398C0EE8FEBE62C67C005781441284719219AC0BB4FE60EA9C3DF687B8FBF97EB2C35D794433BD0CBAE4EA92D287877C914978EC38A1724282186651C28B826F92232E19A9E194539497B911509024B216CC157A5425E2049714E6126F2518C70F203D2AA5875867C6FD2D57CA298B28069BBC29CBE23C2E03D81EF556244290353640B3459FAF7763832765610F1F5515AF9B90727E3FA24313A74E21A9BCB2E7DFDCE0A56E731951177A5E484676174F8854EEB1D9DFA4267310928E1CF9FBD9A22E807BF8B140C92A700CC795D9AD142DFA24879E43604F2F595CF0231DA01501C3058D0A2BCA5AB3C3D8BD884A3E94A01937053747E137FDF9E8ADADFE36F585A006B7AE55F6642F25D5986D794FD971AACDCFD5F99AA91D5C9A3F6AAB372DBEBBBEE73BD9691F9AB7B5DCD8CC4FBC2F21B61F6CA0DF45CCDDF736D0E481BF3E7E0DA243172892F815522421DF8C6C6D61634235316B00D2D1A9B0191ED78518CA74FEA29D9F9DD0C7"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-05-30 22:58:02
ComboFix-quarantined-files.txt 2011-05-30 20:58
.
Vor Suchlauf: 26 Verzeichnis(se), 24.973.291.520 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 32.796.090.368 Bytes frei
.
- - End Of File - - F00A9372940E351F68BB9CDD92EDBED2
|
|
31.05.2011, 20:25
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Möglicherweise Trojaner? http://www.searchqu.com/406 Bitte beachten => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html Einen ganz klaren Hinweis gibt es auch zu http://www.trojaner-board.de/95175-combofix.html Zitat:
__________________ |
|
31.05.2011, 20:29
| #3 |
| /// TB-Ausbilder | Möglicherweise Trojaner? http://www.searchqu.com/406 Mein Name ist M-K-D-B und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Ich bereite jetzt einen Fix vor und melde mich so bald als möglich mit weiteren Anweisungen. |
|
31.05.2011, 20:30
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Möglicherweise Trojaner? http://www.searchqu.com/406 Mach du mal weiter, M-K-D-B 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
31.05.2011, 20:49
| #5 | |
| /// TB-Ausbilder | Möglicherweise Trojaner? http://www.searchqu.com/406Zitat:
|
|
31.05.2011, 21:20
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Möglicherweise Trojaner? http://www.searchqu.com/406 Nein tust du nicht, ich hab eh genug Fälle offen 
__________________ --> Möglicherweise Trojaner? http://www.searchqu.com/406 |
|
01.06.2011, 06:35
| #7 |
| | Möglicherweise Trojaner? http://www.searchqu.com/406 Tag Leute Bitte streitet euch nicht, Ihr hilfsbereiten Seelen.  @ M-K-D-B Ab sofort tu ich nichts mehr, ausser du sagst es mir. Gestern hab ich aber noch folgendes gemacht. Ich habe mir die neueste Virendefiniton von AVAST geholt und bin im abgesicherten Modus hochgefahren. Habe AVAST dann per Hand ausgeführt und einen Deepscann gemacht. Hat ewig lange gedauert. Gebracht hat es freilich nichts, ausser einigen interessanten Ergebnissen, siehe Pic im Anhang. Was mir noch aufgefallen ist das ich, seit ich mir das "Ding" eingetretten habe, dauern Festplattenzugriffe habe falls das von Interesse ist. THX for Help Oberonaut. |
|
01.06.2011, 15:14
| #8 | |||
| /// TB-Ausbilder | Möglicherweise Trojaner? http://www.searchqu.com/406 Hallo Oberoanut, Zitat:
 Zitat:
Schritt # 1: Fragen beantworten Bitte beantworte mir folgende Fragen:
Schritt # 2: Deinstallation von Programmen
Schritt # 3: CFScript mit ComboFix ausführen Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter DDS::
uInternet Settings,ProxyOverride = *.local
FireFox::
FF - ProfilePath - c:\users\Michl\AppData\Roaming\Mozilla\Firefox\Profiles\wdxuh5yd.default\
FF - prefs.js: browser.search.defaulturl - http://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - http://www.searchqu.com/406
FF - prefs.js: keyword.URL - http://www.searchqu.com/web?src=ffb&systemid=406&q=
Wichtig:
Schritt # 4: Kontrollscan mit Malwarebytes' Anti-Malware (MBAM) Downloade Dir bitte Malwarebytes' Anti-Malware
Schritt # 5: aswMBR.exe ausführen Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Schritt # 6: Benutzerdefinierter Scan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%PROGRAMFILES%\*.
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
Schritt # 7: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
03.06.2011, 09:35
| #9 |
| | Möglicherweise Trojaner? http://www.searchqu.com/406 Hallo Zu den gefragten HD zugriffen. Na ja, die HD hat ständig volle Auslasstung, will sagen Schreib und Lesezugriffe. Welche Programm das sind kann ich nicht sagen. Ich hab dir mal zwecks besserer Erklärung ein Pic vom Resourssenmonitor hochgelden. Zu Schritt 2........War erfolgreich. Zu Schritt 3.........Hab alles so wie beschrieben gemacht. Es kommt aber eine Fehlermeldung. Siehe Pic im Anhang. Vorher hat sich Combofix aber wie vorgesehen problemlos geupdatet.  |
|
03.06.2011, 13:17
| #10 | |||
| /// TB-Ausbilder | Möglicherweise Trojaner? http://www.searchqu.com/406 Hallo Oberoanut, Zitat:
Zitat:
Zitat:
Lösche die vorhandene ComboFix.exe von deinem Desktop und lade dir eine neue herunter. Vergewisse dich, dass du die Zeilen meines Fixes in den Windows Editor kopierst und als Textdatei (.txt) abspeicherst! Genau beschrieben steht das Ganze auch nochmal unter Schritt # 1! Schritt # 1: CFScript mit ComboFix ausführen Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter DDS::
uInternet Settings,ProxyOverride = *.local
FireFox::
FF - ProfilePath - c:\users\Michl\AppData\Roaming\Mozilla\Firefox\Profiles\wdxuh5yd.default\
FF - prefs.js: browser.search.defaulturl - http://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - http://www.searchqu.com/406
FF - prefs.js: keyword.URL - http://www.searchqu.com/web?src=ffb&systemid=406&q=
Wichtig:
Schritt # 2: Kontrollscan mit Malwarebytes' Anti-Malware (MBAM) Downloade Dir bitte Malwarebytes' Anti-Malware
Schritt # 3: aswMBR.exe ausführen Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Schritt # 4: Benutzerdefinierter Scan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%PROGRAMFILES%\*.
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
Schritt # 5: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
|
|
04.06.2011, 06:41
| #11 |
| | Möglicherweise Trojaner? http://www.searchqu.com/406 Hi M-K-D-M Ab Schritt 3 hat jetzt alles funltioniert. Ich hab alle Anweisungen deines neuen Postings nacheinnader abegearbeitet. Hier die Ergebnisse: Schritt 1 Combofix: Die CFScript.txt ist zwar durchgegangen aber ich finde kein Log mit Namen CFScript.txt nirgendwo auf meinem Pc. Nur eines das Log geheissenen hat wo aber Combofix drinnengestanden hat. Hab es dir sicherheitshalber hochgeladen. Heisst halt Log.txt. Schritt 2 Malwarebytes hat keine Fehler gefunden. Deshalb war auch nix anzuhacken. Siehe Pic. Schritt 3 aswMBR ausgeführt. Das Log hast du in der Anlage! Als Schritt 4 habe ich noch den Scann mit OTL gemacht. Findest du auch in der Anlage. Leider kannt ich die txt Datein nicht hochladen da immer die Fehlermeldung kommt. Sie Pic. Geändert von Oberoanut (04.06.2011 um 06:48 Uhr) |
|
04.06.2011, 09:42
| #12 |
| | Möglicherweise Trojaner? http://www.searchqu.com/406 Ach ja, das wollte ich noch melden. Ich habe jetzt wieder meine geliebtes IGoogle als Startseite. Nur die von mir durchgeführteten personaliesierungen funzen nicht mehr.Schau bitte das Pic an. Soll ich die AddONs überprüfen? |
|
04.06.2011, 09:57
| #13 | |||
| /// TB-Ausbilder | Möglicherweise Trojaner? http://www.searchqu.com/406 Hallo Oberoanut, Zitat:
Zitat:
Du kannst die Textdateien auch mit 7-Zip oder WinRAR packen und dann als Archiv hier hochladen. Oder was noch einfacher ist: Öffne ein Textdokument, kopiere den ganzen Inhalt und füge ihn direkt hier ins Forum mit der nächsten Antwort ein. Zitat:
Um dir weiter helfen zu können, benötige ich die genannten Logfiles von OTL. |
|
04.06.2011, 16:06
| #14 |
| | Möglicherweise Trojaner? http://www.searchqu.com/406 OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.06.2011 18:43:44 - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Michl\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 48,80% Memory free
12,47 Gb Paging File | 10,45 Gb Available in Paging File | 83,78% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 178,79 Gb Total Space | 38,61 Gb Free Space | 21,59% Space Free | Partition Type: NTFS
Drive D: | 119,30 Gb Total Space | 34,63 Gb Free Space | 29,03% Space Free | Partition Type: NTFS
Drive E: | 340,65 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: MICHL-PC | User Name: Michl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = A4 15 D5 A6 0A 12 CA 01 [binary data]
"VistaSp2" = 56 31 0E B9 8B 12 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0178B4D4-AD64-4EE5-A9BC-5E25F9460FBF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{06B6E1C6-F5F6-498D-843C-04E59A7D07CC}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{078CA9E6-2C98-4BB7-A5B0-758B01CD13E0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1803F978-7D43-48F5-98CC-4D042A4C23B3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{18370743-7A0F-4DE7-97A0-8E98C3AE334E}" = rport=138 | protocol=17 | dir=out | app=system |
"{18B44616-0027-472D-B2FD-2609DF1D77E6}" = rport=139 | protocol=6 | dir=out | app=system |
"{1EEB1B26-860A-4E78-A75C-FDE45CEEC2F8}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) |
"{21471F00-8E9F-46CB-9108-57351DB3F5AF}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{31839FDF-EBC9-4EB1-A206-424696317BE1}" = lport=51110 | protocol=6 | dir=in | name=akamai netsession interface |
"{3383428B-5880-4077-A1A7-6CC22A99E5C8}" = lport=58638 | protocol=6 | dir=in | name=pando media booster |
"{352120F2-9455-4D70-85AC-47A07A342DE6}" = lport=58638 | protocol=17 | dir=in | name=pando media booster |
"{419BA4D8-8047-488F-8500-AD6E10DB62B8}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{42F29363-B669-4696-B4B7-3679B516DCD9}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{47136509-D612-4127-8186-DCB66363C8E3}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{496C096C-B181-4763-A21A-BDEF6BC36020}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{4A40B1E6-3047-475F-8B72-976EA40910CC}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{5C7ACC72-FE5A-456A-941C-BE66C82B891B}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{5CBF0157-2383-406D-AF54-81A19C1A4C50}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{5F7AB8F2-9E63-4A51-AC02-55B5AAD2994A}" = lport=138 | protocol=17 | dir=in | app=system |
"{61BD9739-A1A2-48D0-AD8B-F053C0FE0842}" = lport=445 | protocol=6 | dir=in | app=system |
"{63284D86-D59A-4A05-AF9F-6434BF0C5F2B}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server |
"{63E08E73-0CE6-4456-81E4-34D382A979B9}" = rport=445 | protocol=6 | dir=out | app=system |
"{73A319A2-4498-4195-A694-9DD1D74FD5F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{77913F17-FB48-449A-BDAC-4F53E08F5CCF}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{789AF40D-E7D7-4B4E-9C18-0CC99E95A1F5}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{79C7B78C-7617-4DF6-99A6-D7F881FCD898}" = rport=137 | protocol=17 | dir=out | app=system |
"{7DEAA28B-0165-4779-B70D-5A052D04BC59}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) |
"{7F7915A1-E802-475C-84D7-D43550A35982}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{86C6B99F-030E-4C14-B91A-B32397552A3F}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) |
"{ABC1BEB0-1829-4962-80B3-C885851B0EEB}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\rpcagentsrv.exe |
"{AFE0887B-9DDE-448E-9E30-427AFB26D9EE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B236DA09-E01C-448A-9F62-E947A1995F5D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B2EB82F0-E417-4F7B-968A-4E4785C967D4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B49D5A59-4A5F-48B0-8A97-5A0B7827775D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BD7EF39F-E33D-4F35-B675-DF219F63B031}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{C1CDB01D-7099-44AC-9973-23481DFB167F}" = lport=58638 | protocol=6 | dir=in | name=pando media booster |
"{C1FB27E6-62F3-4DC6-ACDA-080BC28B44B2}" = lport=58638 | protocol=17 | dir=in | name=pando media booster |
"{C45B4BFB-07FA-48C4-9883-96DD494FB123}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C4F5990B-FA47-4641-8352-00A43640DB69}" = lport=139 | protocol=6 | dir=in | app=system |
"{C51B099B-CEEC-4084-A13B-CCC30F757314}" = lport=61850 | protocol=6 | dir=in | name=bittorrent 7.2 |
"{C729F6D3-2C98-45A0-B8B2-5A88143F7C3E}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{C778836C-E716-49E3-895C-A53CCDEAE02C}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) |
"{CFB1BF22-6A64-4BF3-B66A-6B6353F559CF}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{D20A186F-061D-42E3-95C7-7CA177ACB68A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D3E46B9A-F26C-4F99-9149-FDB4D4860442}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{D8080320-3CFB-4B58-8BB3-36EAB7A8C65E}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{E39EE1E2-F3D1-4517-833F-60717D456368}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E649275A-6140-4816-A167-0064FE18AAF5}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{F3D8264C-1CE6-4E47-9325-F04FF34C276A}" = lport=137 | protocol=17 | dir=in | app=system |
"{F85F1DDA-D15A-4BC1-8B65-C1BEC04FC140}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00029D0C-79A4-4BE3-936A-9C1112473605}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{02605633-86CB-40CE-9CCE-6FC14BBA5FF8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{0607F5C2-C5F8-4BD7-875F-E12F6C05BBD6}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{078CDBB3-0B31-446F-813B-A7A9024632F6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{08033F94-67E7-4BBD-B387-6D40BD0D4B67}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{099FEBDF-7AE1-47F6-BBEF-84104FC83287}" = protocol=17 | dir=in | app=d:\torrent\bittorrent.exe |
"{09E43FE4-BCA2-4F71-A717-F11CCDC75A6D}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{0DF5B17B-A645-4942-ACBE-ED13DB74867E}" = protocol=17 | dir=in | app=d:\ofp2\ofdr.exe |
"{141098F5-1545-4A64-92D0-9FE0AFCD9442}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{15830C7B-9372-4905-9947-F7521CAF8017}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{167FF43E-4E15-4801-A9C9-7AAD1C20A303}" = protocol=6 | dir=in | app=c:\program files (x86)\kuma games\kuma.exe |
"{169DE562-16E4-4EBD-B922-65B8633E0288}" = protocol=6 | dir=in | app=d:\perfect world entertainment\forsaken world de\patcher.exe |
"{1D9C8689-117A-4902-BFA6-0F0128C2CF90}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{22D56D7E-8EB7-4DDC-80F2-B4E8454A73E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{262B645C-231F-447B-95F2-95004D8D6CFF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{29BFD687-5C4B-4F69-8250-B18392756B56}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{2D8D2E32-692E-4793-B61E-2A17408FC90F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{2D982674-D124-43AF-9A39-AC0AE47E3EB1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{34708BFA-66A9-490B-A241-3106C957BE32}" = protocol=17 | dir=in | app=d:\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{36C12581-0273-40B6-B16A-20AE7A2190B9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\magix shared\upnpservice\upnpservice.exe |
"{3B397BCA-FE7B-40AC-BAB6-FB620AAD4C9F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\rgsc\rgsclauncher.exe |
"{3DA88608-E76E-4B01-A4A1-C77396D746A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
"{3F9A843E-AFC1-4860-BAB5-0519DEFEBD13}" = protocol=6 | dir=in | app=d:\ofp2\ofdr.exe |
"{461FD8AD-E9F7-4E25-A258-676911408A05}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{464EE3FE-B462-4377-9385-1289016952EE}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{4BB4E3EC-82DC-4BF6-9204-77ABE1EFF2D7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4E02A7B4-CE79-4067-841C-3FDDADC1F3BF}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{53713714-09B7-4926-81BB-0345B39818E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bonuscontent\launch.bat |
"{54393781-7BED-40CE-B984-C8EAAD3D955B}" = protocol=17 | dir=in | app=c:\windows\temp\inode_config.exe |
"{54BB7639-1ACA-4131-85B1-08541566B77F}" = protocol=17 | dir=in | app=d:\perfect world entertainment\forsaken world de\patcher.exe |
"{567CF991-FCE9-4522-BFDC-D44E78E6DCFD}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5697000C-120F-4F42-B17C-F7834998FFB6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{5810280F-DDE1-41DC-B5E2-5D2C80898F13}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{58875C1A-6050-44EB-84B5-2DE5865B55D0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5B80EF23-FBF1-4FC0-B842-8B13E51C4321}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\daoriginslauncher.exe |
"{5C1DC662-A491-45DE-B7F9-529CC66D0184}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{5E91D8D3-9E7B-4DDB-ADBE-B43F26F07FE1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe |
"{5F76F72C-EFDD-485B-82E1-6EBC37F2EAFD}" = protocol=17 | dir=in | app=d:\two worlds ii\twoworlds2.exe |
"{60784B9F-C048-4BE9-B85A-F856BB08089C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6400136F-DEA9-461E-A0EF-42746A98FA26}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{66D6E3E4-3959-448C-8945-DB989846ED35}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{6938B234-9CA7-4445-955E-5A48B7AA3056}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{69FD9D73-D103-4F9B-8A74-700778C6260B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{6E43AB73-01D0-488F-BB51-800314221953}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{6E7176BD-D032-43A7-B876-10182237C751}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{6EFED271-A428-49E4-8D77-106399D165BA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{732901EA-432A-412A-BBD5-9D81F27F8836}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{7480314E-C22A-4FD0-97E8-A90187EC6955}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{74A26A45-86FC-4BDE-8351-567D40E3A7EC}" = protocol=6 | dir=in | app=d:\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{763B2917-060D-4346-BAD3-64F1AF463F5A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe |
"{773AC544-1377-452F-8FC5-2F5BA7CFB160}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7BE3D29A-39F8-4053-8072-6FC5B5EF0B0F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\magix shared\upnpservice\upnpservice.exe |
"{7C3D183D-2C83-4CD1-8A55-6E2C18A7F55B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{85FCAA85-5800-4CEC-9A00-60F645457A19}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{8930E3C8-1EAD-4795-9CB9-B7A6A27937B6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8F13C242-EB63-443E-9D1D-68F1604400F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
"{8FC886BF-7136-4AFA-B17C-71C0812D1100}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{91137021-56FD-4E82-B018-BD0A45BD02C7}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\toolbar\dtuser.exe |
"{92587D7B-C5E2-496E-850E-6D7EB95E5FBA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{93B58710-FAEA-4D09-A5BD-FABF3FCCC5B9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{940BE8E6-957A-4057-9D35-D3FAE58EBEC0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{950BA699-AA9F-4342-83FE-75D2AF1A7803}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{952E269C-8245-4C7E-BE00-7FA20105D1C9}" = protocol=17 | dir=in | app=d:\bfbc2\bfbc2updater.exe |
"{95DE03B9-09B4-4911-87FA-E28AE85DBBAD}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\rpcagentsrv.exe |
"{973E8290-81D2-4A5F-87DD-F3FE048B810E}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{99FBB628-5DE4-41F8-BC9B-E8F124020A62}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{9A97478F-E08E-45EC-9F2C-C7B2A95B5A0D}" = protocol=6 | dir=in | app=d:\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{9D0E2728-C66A-485F-AC65-44FA7A00BC36}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\rgsc\rgsclauncher.exe |
"{9D40F525-EB7C-484E-A2D9-D2B53388111C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9EAA830C-267A-44E0-BCD8-1D7ECE17F44E}" = protocol=6 | dir=in | app=d:\two worlds ii\twoworlds2.exe |
"{A23AA91B-6B94-4E63-B69A-D155FAAA6A55}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{A512EB83-936D-4CAE-875D-8E97B7698544}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{A59E1598-8D5A-4299-91F7-0457617934B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bonuscontent\launch.bat |
"{A8E75999-A2F4-4C0E-8B61-4A844A4DB27B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
"{AAC6BAD2-A78E-46AF-BADA-F21DDD7390BA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{AB728438-A2F5-41DE-B93F-83D20E1F484A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\magix shared\upnpservice\upnpservice.exe |
"{B148F639-ED48-4AAE-8DD6-2DBB0AA7296F}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{B5A90F9C-AC46-4550-9801-28EC109FFBB6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe |
"{B72C18F2-48CF-4DD2-902B-CD94DF8CE288}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
"{BA9B105A-6C43-4781-8969-9EFAD10ECF0E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe |
"{BC262260-DB18-4E6C-82A5-213BF675CB0A}" = protocol=6 | dir=in | app=d:\bfbc2\bfbc2updater.exe |
"{BCB8FA8C-C148-4DBE-896F-BE1B9C9AED6F}" = protocol=6 | dir=in | app=d:\torrent\bittorrent.exe |
"{C1D3C9A4-276D-42F6-A72F-AD8A173443DD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rainbow six vegas 2\binaries\r6vegas2_game.exe |
"{C94AD695-A2E9-4D66-B0D5-EE5151F52E04}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D566B7E5-B2F5-4F21-9D4E-F6A9FEC7C479}" = protocol=6 | dir=in | app=d:\bf2\bf2.exe |
"{D791E327-B318-4CB5-A312-22A690354A53}" = protocol=17 | dir=in | app=d:\runes of magic\runes of magic.exe |
"{D7CE760A-167E-4AC1-A305-C165468E1B8F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DAE9CE5A-423C-4B0B-804F-44E9B4B25D0A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aliens vs predator demo\avp.exe |
"{DCD1BBDB-5593-47D1-A7C3-17D9642627DB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{E97ACDCF-4A12-4B3A-AA54-6922D82E14A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{E9E77BA0-4EF2-4F3C-A3DB-B0116BC33713}" = protocol=17 | dir=in | app=d:\bf2\bf2.exe |
"{EB9A0D25-EF1D-40CC-B55A-A7CB0100493F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{EC1624A8-59EC-4A7D-B479-77D6F547142E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aliens vs predator demo\avp.exe |
"{ED217C9E-7116-45C9-B44E-6D464D238A31}" = protocol=17 | dir=in | app=d:\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{ED31015D-6C32-4CFA-9D30-22D98D5E04C0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{ED602387-BC15-4DB5-96F2-28C397734644}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{EFEE77E5-2E01-42AA-AF62-33B62FFA0456}" = protocol=17 | dir=in | app=c:\program files (x86)\kuma games\kuma.exe |
"{F1DABFDA-156E-4920-B2AB-25B0A296C463}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{F200C484-B03E-4EF0-8EBD-4902D68A122F}" = protocol=6 | dir=in | app=c:\windows\temp\inode_config.exe |
"{F3177E61-886E-4840-AF0A-A30B6DAAD705}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe |
"{F4B2583B-A440-4ACA-ACB5-917B2DF3D9CB}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F4E3009C-9ED1-4B44-B464-C2E77F7C2206}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\toolbar\dtuser.exe |
"{F5AABC6C-E039-4279-9897-41801E71D9E7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{F5F0B872-D305-4ED2-9F0D-562858E2838B}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{FAEE944B-15D9-425D-80BB-FC59A787C924}" = protocol=6 | dir=in | app=d:\runes of magic\runes of magic.exe |
"{FE6D3738-0E55-4623-BBE0-FE5606E4C6B9}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe |
"{FF71266C-14D6-4577-B944-115CBED889EB}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\magix shared\upnpservice\upnpservice.exe |
"TCP Query User{021E3BE7-6B56-4D4B-BFAD-46EDCAE29543}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"TCP Query User{0C40D5F0-802F-4104-8DE3-6FD09AED9E25}C:\program files\elba5\db\sybase\dbeng9.exe" = protocol=6 | dir=in | app=c:\program files\elba5\db\sybase\dbeng9.exe |
"TCP Query User{0C740723-7BA9-439D-A857-93FF9B57114F}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{1BF1948B-A10F-4078-983C-DA30B2DEF449}D:\lodro\lotroclient.exe" = protocol=6 | dir=in | app=d:\lodro\lotroclient.exe |
"TCP Query User{2A66C4B6-EA7D-4416-B3E5-1CAC8A9C3923}D:\anno1701\anno1701.exe" = protocol=6 | dir=in | app=d:\anno1701\anno1701.exe |
"TCP Query User{41B4320B-A272-4896-ADF8-6A732C51BEA0}D:\runes of magic\launcher.exe" = protocol=6 | dir=in | app=d:\runes of magic\launcher.exe |
"TCP Query User{49D26C21-4F61-46B6-9777-3036507636F1}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{50497538-BDE2-4FC7-A5E7-D0C17D4736E5}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{5BEB99B1-2AAF-4566-B0DD-D34ACA3C0914}C:\program files\elba5\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\elba5\jre\bin\javaw.exe |
"TCP Query User{5F84F074-E32C-4C42-B88C-8E5B31213D98}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{5FFE4FFD-F4CE-4029-87AE-7CF13C218DA5}C:\users\michl\downloads\crysis2(5620)_r\crysis2(5620)_01_13\bin64\crysis2.exe" = protocol=6 | dir=in | app=c:\users\michl\downloads\crysis2(5620)_r\crysis2(5620)_01_13\bin64\crysis2.exe |
"TCP Query User{7082BD35-2E36-4D1D-B295-1E46E3C112F3}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{7096C0C2-F500-4753-B908-D55B69671429}C:\program files (x86)\xfire\ua_lsp_inst.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\ua_lsp_inst.exe |
"TCP Query User{7ABF9005-A1BF-4426-B04D-7D6D25E6806D}D:\anno1701\anno1701.exe" = protocol=6 | dir=in | app=d:\anno1701\anno1701.exe |
"TCP Query User{86727DC0-0993-4FD3-A9B6-92349E3A2B12}D:\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=d:\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{8A936DB5-A57D-4E8E-B5AE-4CBD490DA07C}C:\users\michl\downloads\tinyumbrella-4.21.01.exe" = protocol=6 | dir=in | app=c:\users\michl\downloads\tinyumbrella-4.21.01.exe |
"TCP Query User{91DA99A3-0BEF-4938-AAAD-207030F7E8C8}C:\program files\elba5\db\sybase\dbeng9.exe" = protocol=6 | dir=in | app=c:\program files\elba5\db\sybase\dbeng9.exe |
"TCP Query User{9D1F056F-7E56-45EC-91E9-F679E98A9486}C:\program files\elba5\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\elba5\jre\bin\javaw.exe |
"TCP Query User{ABACBD8C-9A07-4F4C-A8C0-F6BB5BD31BBD}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"TCP Query User{AFD4C2DC-890D-4F8A-9CFD-9CE4E32D5FE0}C:\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\metin2\metin2.bin |
"TCP Query User{B1D9698D-152C-4F6A-B3C7-E0332D761295}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{B24A9DB1-4564-41DA-8CCC-8631DCDFCF84}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{BCAD3ABD-2946-4345-960A-8F676FC10371}C:\users\michl\downloads\crysis2(5620)_r\crysis2(5620)_01_13\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\users\michl\downloads\crysis2(5620)_r\crysis2(5620)_01_13\bin32\crysis2.exe |
"TCP Query User{BDB3226E-4053-475A-BDE3-E052E97A4DFC}C:\program files\magictune premium\magictune.exe" = protocol=6 | dir=in | app=c:\program files\magictune premium\magictune.exe |
"TCP Query User{C634798B-DFFD-44ED-8092-AB55FBB0E27B}D:\runes of magic\client.exe" = protocol=6 | dir=in | app=d:\runes of magic\client.exe |
"TCP Query User{D07767BB-58C1-43E0-8AC5-53FC7BFEBCC3}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{D3CE51E8-5374-412F-9CE4-2066292178B3}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{DABAC4C3-E4E0-4DF6-9867-DC8E8F438D3C}C:\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\metin2\metin2client.bin |
"TCP Query User{DE41E37F-1070-418C-879C-0FB0012C12F2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{E3C91F8F-B69D-417E-880C-370C878D5C08}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{E778D341-CCBF-4C19-83C0-1DF77ED8B2A6}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{EC83F4D3-3ADC-42C7-9786-411F9B51ECA0}D:\mtx\mtx.exe" = protocol=6 | dir=in | app=d:\mtx\mtx.exe |
"TCP Query User{F13C48F7-1A7A-4E85-94A8-2980067850E9}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{13448797-7B33-446F-A7BF-A8BCCB06BCFF}C:\users\michl\downloads\tinyumbrella-4.21.01.exe" = protocol=17 | dir=in | app=c:\users\michl\downloads\tinyumbrella-4.21.01.exe |
"UDP Query User{15832E9D-8487-4B6C-9273-74EAD637BE8F}C:\users\michl\downloads\crysis2(5620)_r\crysis2(5620)_01_13\bin64\crysis2.exe" = protocol=17 | dir=in | app=c:\users\michl\downloads\crysis2(5620)_r\crysis2(5620)_01_13\bin64\crysis2.exe |
"UDP Query User{15CA0134-A06E-4C39-95B0-ECD1C9C2A5F1}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"UDP Query User{1F50BCD9-66D1-46AA-9FAB-9741B0AF2AE9}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{24BB21BD-633C-48EE-9C13-6C9642291A8E}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"UDP Query User{2FC0B339-6B6D-44B8-918B-D1BC88F6CDE7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5879DAE3-EFC8-495E-8957-CC47CEB082B4}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{5A15C4C7-02B2-4A41-9926-EE73FE7B8EF3}C:\program files (x86)\xfire\ua_lsp_inst.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\ua_lsp_inst.exe |
"UDP Query User{5B157CEF-8F17-4E5C-B34B-25648DD6E3A7}D:\lodro\lotroclient.exe" = protocol=17 | dir=in | app=d:\lodro\lotroclient.exe |
"UDP Query User{69E3469B-E2EC-49B6-9C2E-555FB1DD2915}D:\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=d:\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{7635285A-8AB1-477E-B1B6-8B6C2AB7B1AE}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{78179CBF-F8D6-4EDC-BBF3-03FAD133E378}C:\program files\elba5\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\elba5\jre\bin\javaw.exe |
"UDP Query User{7E6F4557-712F-44F1-BC87-1F49958E4890}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{8190F411-C2F7-45CC-B001-D77D1E290056}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{83CE00A1-D487-46C4-8D3D-EE72B14238FF}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{851AAD07-02F9-4B35-9878-58B320D589A9}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{8B90CA4C-1E3B-416E-9A99-74BEE55C8B4F}D:\runes of magic\client.exe" = protocol=17 | dir=in | app=d:\runes of magic\client.exe |
"UDP Query User{942FBA21-B758-4E3E-82EA-DF601A414F8E}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{A7A6C223-C7BD-4545-8EEB-0A7B10012AE7}C:\program files\magictune premium\magictune.exe" = protocol=17 | dir=in | app=c:\program files\magictune premium\magictune.exe |
"UDP Query User{BD2B0FFA-6E7E-4C1D-BA31-4043A54D59AF}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"UDP Query User{C02B110E-44AC-431C-B124-991281F16FA5}D:\anno1701\anno1701.exe" = protocol=17 | dir=in | app=d:\anno1701\anno1701.exe |
"UDP Query User{CAC66159-34FC-4DDB-8AF2-F21D7F5A6A0B}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{D0228FC4-8247-4982-9162-A6D29976F06C}C:\program files\elba5\db\sybase\dbeng9.exe" = protocol=17 | dir=in | app=c:\program files\elba5\db\sybase\dbeng9.exe |
"UDP Query User{DCC7FB2F-5078-4F22-A913-AF040DC62C8C}D:\runes of magic\launcher.exe" = protocol=17 | dir=in | app=d:\runes of magic\launcher.exe |
"UDP Query User{E12D20A7-30ED-4BB6-BD71-DDD906689870}C:\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\metin2\metin2.bin |
"UDP Query User{E4D574BA-92BC-4E52-8258-9517F453130D}D:\mtx\mtx.exe" = protocol=17 | dir=in | app=d:\mtx\mtx.exe |
"UDP Query User{E8AE60B6-E454-427B-9E90-1D994921677E}C:\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\metin2\metin2client.bin |
"UDP Query User{E9A29FA6-883E-4A9C-AA70-3F25BF625E89}D:\anno1701\anno1701.exe" = protocol=17 | dir=in | app=d:\anno1701\anno1701.exe |
"UDP Query User{EA288B6F-4B4F-48B9-8016-877DCB46FBBA}C:\users\michl\downloads\crysis2(5620)_r\crysis2(5620)_01_13\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\users\michl\downloads\crysis2(5620)_r\crysis2(5620)_01_13\bin32\crysis2.exe |
"UDP Query User{EC62F14D-DFB5-4270-BA25-E0A8395E8DE1}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{EDAE0C52-D923-4A86-A0FB-F171568FA674}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{F3C838D5-B07E-48F1-80A3-B2D29C2C4506}C:\program files\elba5\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\elba5\jre\bin\javaw.exe |
"UDP Query User{F851E7C2-8540-400D-AD43-841951FECE51}C:\program files\elba5\db\sybase\dbeng9.exe" = protocol=17 | dir=in | app=c:\program files\elba5\db\sybase\dbeng9.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{18155797-EF2E-4699-9A16-FE787C4C10DB}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java(TM) 6 Update 15 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{53480360-C6AA-4E73-A4E3-1C4C915E049F}" = O&O Defrag Professional Edition
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID-Anmelde-Assistent
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP3c
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MosChip Semiconductor Technology Ltd" = ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;; File : PciPorts.inf
;; This inf file configures Pci multi I/O (COM & LPT ) ports
;; (c) Copyright MosChip Semiconductor Technology Limited
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[version]
CatalogFile=Pciports.cat
signature=$Chicago$
Class=Ports
ClassGuid={4D36E978-E325-11CE-BFC1-08002BE10318}
Provider=%ProviderName%
DriverVer=05/22/2008, 1.0.0.6
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[SourceDisksNames]
0=%DiskName%,,
[SourceDisksNames.ia64]
0=%DiskName%,,
[SourceDisksNames.amd64]
0=%DiskName%,,
[SourceDisksFiles]
PciSPorts.sys=0,X86,
PciPPorts.sys=0,X86,
PciPorts.dll=0,X86,
PciIsaSerial.sys=0,X86,
[SourceDisksFiles.ia64]
PciSPorts.sys=0,IA64,
PciPPorts.sys=0,IA64,
PciPorts.dll=0,IA64,
PciIsaSerial.sys=0,IA64,
[SourceDisksFiles.amd64]
PciSPorts.sys=0,AMD64,
PciPPorts.sys=0,AMD64,
PciPorts.dll=0,AMD64,
PciIsaSerial.sys=0,AMD64,
[DestinationDirs]
Common.Files.x86_11 = 11
Sys.Files.x86_12 = 12
Common.Files.x64_11 = 11
Sys.Files.x64_12 = 12
Common.Files.Amd64_11 = 11
Sys.Files.Amd64_12 = 12
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Driver Installation
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[Manufacturer]
%ProviderName%=PCIPorts, NTamd64, NTia64
[PCIPorts]
%PCI.SerialPort%=ComCard,PCI\VEN_9710&DEV_9865&SUBSYS_1000A000&REV_00
%PCI.ParallelPort%=LptCard,PCI\VEN_9710&DEV_9865&SUBSYS_2000A000&REV_00
%PCI.ComPort%=ISAComPort, MCS9000MF\PCI_COM
%PCI.EcpPort%=ISAEcpPort, MCS9000MF\PCI_LPT
[PCIPorts.NTamd64]
%PCI.SerialPort%=ComCard,PCI\VEN_9710&DEV_9865&SUBSYS_1000A000&REV_00
%PCI.ParallelPort%=LptCard,PCI\VEN_9710&DEV_9865&SUBSYS_2000A000&REV_00
%PCI.ComPort%=ISAComPort, MCS9000MF\PCI_COM
%PCI.EcpPort%=ISAEcpPort, MCS9000MF\PCI_LPT
[PCIPorts.NTia64]
%PCI.SerialPort%=ComCard,PCI\VEN_9710&DEV_9865&SUBSYS_1000A000&REV_00
%PCI.ParallelPort%=LptCard,PCI\VEN_9710&DEV_9865&SUBSYS_2000A000&REV_00
%PCI.ComPort%=ISAComPort, MCS9000MF\PCI_COM
%PCI.EcpPort%=ISAEcpPort, MCS9000MF\PCI_LPT
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; COM Port Install
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;; X86 ;;;;
[ISAComPort.NT]
CopyFiles=Common.Files.x86_11, Sys.Files.x86_12
AddReg=ComPort.AddReg, ComPort.NT.AddReg, Uninstall.AddReg
Include=msports.inf
Needs=ComPort.NT.Copy
[ISAComPort.NT.HW]
AddReg=ComPort.NT.HW.AddReg
[ISAComPort.NT.Services]
AddService = PciIsaSerial, 0x00000002, PCI_ISASerial_Service_Inst,PCI_ISASerial_EventLog_Inst
AddService = Serenum,,Serenum_Service_Inst
;;;; AMD64 ;;;;
[ISAComPort.NTamd64]
CopyFiles=Common.Files.Amd64_11, Sys.Files.Amd64_12
AddReg=ComPort.AddReg, ComPort.NT.AddReg, Uninstall.AddReg
Include=msports.inf
Needs=ComPort.NT.Copy
[ISAComPort.NTamd64.HW]
AddReg=ComPort.NT.HW.AddReg
[ISAComPort.NTamd64.Services]
AddService = PciIsaSerial, 0x00000002, PCI_ISASerial_Service_Inst,PCI_ISASerial_EventLog_Inst
AddService = Serenum,,Serenum_Service_Inst
;;;; IA64 ;;;;
[ISAComPort.NTia64]
CopyFiles=Common.Files.x64_11, Sys.Files.x64_12
AddReg=ComPort.AddReg, ComPort.NT.AddReg, Uninstall.AddReg
Include=msports.inf
Needs=ComPort.NT.Copy
[ISAComPort.NTia64.HW]
AddReg=ComPort.NT.HW.AddReg
[ISAComPort.NTia64.Services]
AddService = PciIsaSerial, 0x00000002, PCI_ISASerial_Service_Inst,PCI_ISASerial_EventLog_Inst
AddService = Serenum,,Serenum_Service_Inst
; -------------- ISASerial Port Driver install sections
[PCI_ISASerial_Service_Inst]
DisplayName = %PCI.ComPort%
ServiceType = 1 ; SERVICE_KERNEL_DRIVER
StartType = 3 ; SERVICE_DEMAND_START (1-SERVICE_SYSTEM_START)
ErrorControl = 0 ; SERVICE_ERROR_IGNORE
ServiceBinary = %12%\PciIsaSerial.sys
LoadOrderGroup = Extended base
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; EcpPort Install
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[ISAEcpPort.NT]
CopyFiles=Common.Files.x86_11
AddReg=EcpPort.AddReg,EcpPort.NT.AddReg
[ISAEcpPort.NT.Services]
Include=msports.inf
Needs=EcpPort.NT.Services
[ISAEcpPort.NTamd64]
CopyFiles=Common.Files.x86_11
AddReg=EcpPort.AddReg,EcpPort.NT.AddReg
[ISAEcpPort.NTamd64.Services]
Include=msports.inf
Needs=EcpPort.NT.Services
[ISAEcpPort.NTia64]
CopyFiles=Common.Files.x86_11
AddReg=EcpPort.AddReg,EcpPort.NT.AddReg
[ISAEcpPort.NTia64.Services]
Include=msports.inf
Needs=EcpPort.NT.Services
[PCI_ISASerial_EventLog_Inst]
AddReg=ISAComPort.DriverParams
[ISAComPort.DriverParams]
HKLM,System\CurrentControlSet\Services\PciIsaSerial, SetRtsOnWake, 0x10001, 1
HKLM,System\CurrentControlSet\Services\PciIsaSerial, RetainPowerOnClose, 0x10001, 1
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; PCI COM Card Install
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;; X86 ;;;;
[ComCard.NT]
CopyFiles=Common.Files.x86_11, Sys.Files.x86_12
AddReg=ComPort.AddReg, ComCard.NT.AddReg, Uninstall.AddReg
[ComCard.NT.HW]
AddReg=ComCard.NT.HW.AddReg
[ComCard.NT.Services]
AddService = PciSPorts, 0x00000002, PCISPorts_Service_Inst,PCISPorts_EventLog_Inst
AddService = Serenum,,Serenum_Service_Inst
;;;; AMD64 ;;;;
[ComCard.NTamd64]
CopyFiles=Common.Files.Amd64_11, Sys.Files.Amd64_12
AddReg=ComPort.AddReg, ComCard.NT.AddReg, Uninstall.AddReg
[ComCard.NTamd64.HW]
AddReg=ComCard.NT.HW.AddReg
[ComCard.NTamd64.Services]
AddService = PciSPorts, 0x00000002, PCISPorts_Service_Inst,PCISPorts_EventLog_Inst
AddService = Serenum,,Serenum_Service_Inst
;;;; IA64 ;;;;
[ComCard.NTia64]
CopyFiles=Common.Files.x64_11, Sys.Files.x64_12
AddReg=ComPort.AddReg, ComCard.NT.AddReg, Uninstall.AddReg
[ComCard.NTia64.HW]
AddReg=ComCard.NT.HW.AddReg
[ComCard.NTia64.Services]
AddService = PciSPorts, 0x00000002, PCISPorts_Service_Inst,PCISPorts_EventLog_Inst
AddService = Serenum,,Serenum_Service_Inst
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; General Sections for all Installations
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
[ComPort.AddReg]
HKR,,PortSubClass,1,01
[ComPort.NT.AddReg]
HKR,,EnumPropPages32,,MsPorts.dll,SerialPortPropPageProvider
[ComPort.NT.HW.AddReg]
HKR,,UpperFilters,0x00010000,serenum
HKR,,CUSTNAME,0x00010000,%CustomerName%
[EcpPort.AddReg]
HKR,,PortSubClass,1,00
HKR,,ECPDevice,1,01
[EcpPort.NT.AddReg]
HKR,,EnumPropPages32,,MsPorts.dll,ParallelPortPropPageProvider
[PCISPorts_EventLog_Inst]
AddReg=ComCard.DriverParams
[ComCard.NT.HW.AddReg]
HKR,,UpperFilters,0x00010000,serenum
HKR,,MaskLowBaudToHigh, 0x10001, 0
HKR,,UARTMode, 0x10001, 9
HKR,,RxFIFO, 0x10001, 64
HKR,,TxFIFO, 0x10001, 64
HKR,,RxHighWaterMark, 0x10001, 240
HKR,,RxLowWaterMark, 0x10001, 16
HKR,,EnableHwFlowControl, 0x10001, 0
HKR,,HwFlowControl, 0x10001, 0
HKR,,UseClockPrescalar, 0x10001, 0
HKR,,CPRRegValue, 0x10001, 1
HKR,,UseBaudMultiplier, 0x10001, 0
HKR,,TCRRegValue, 0x10001, 16
HKR,,XOnChar, 0x10001, 17
HKR,,XOffChar, 0x10001, 19
HKR,,TranceiverMode, 0x10001, 0
HKR,,RS485Mode, 0x10001, 1
HKR,,SampleStartBit, 0x10001, 0
HKR,,StartBitLength, 0x10001, 4
HKR,,SampleDataBit, 0x10001, 0
HKR,,DataBitLength, 0x10001, 4
HKR,,TxFifoAmount, 0x10001, 64
HKR,,TxDmaEnable, 0x10001, 0
HKR,,TxDmaLength, 0x10001, 4096
HKR,,RxDmaEnable, 0x10001, 0
HKR,,RxDmaLength, 0x10001, 4096
HKR,,Limit4k, 0x10001, 1
HKR,,SerialDebugLevel, 0x10001, 0
HKR,,PowerUpTime, 0x10001, 1000
HKR,,EnableICG, 0x10001, 0
HKR,,InterCharGap, 0x10001, 0
HKR,,UseCustomBaudrate, 0x10001, 0
HKR,,DLLValue, 0x10001, 0
HKR,,DLMValue, 0x10001, 0
HKR,,InputClock, 0x10001, 0
HKR,,UseExternalClock, 0x10001, 0
HKR,,ExternalClock, 0x10001, 14745600
HKR,,UseExtPCIeClockSource, 0x10001, 0
HKR,,RemoteWakeOn, 0x10001, 0x09000000
HKR,,CUSTNAME,0x00010000,%CustomerName%
[ComCard.DriverParams]
HKLM,System\CurrentControlSet\Services\PciSPorts, EnableTranceiverShutdown, 0x10001, 0
HKLM,System\CurrentControlSet\Services\PciSPorts, UseExtPCIeClockSource, 0x10001, 0
HKLM,System\CurrentControlSet\Services\PciSPorts, RetainPowerOnClose, 0x10001, 1
[ComCard.NT.AddReg]
HKR,,EnumPropPages32,,PciPorts.dll,SerialPortPropPageProvider
[PCISPorts_Service_Inst]
DisplayName = %PCI.SerialPort%
ServiceType = 1 ; SERVICE_KERNEL_DRIVER
StartType = 3 ; SERVICE_DEMAND_START (1-SERVICE_SYSTEM_START)
ErrorControl = 0 ; SERVICE_ERROR_IGNORE
ServiceBinary = %12%\PciSPorts.sys
LoadOrderGroup = Extended base
; -------------- Serenum Driver install section
[Serenum_Service_Inst]
DisplayName = %Serenum.SVCDESC%
ServiceType = 1 ; SERVICE_KERNEL_DRIVER
StartType = 3 ; SERVICE_DEMAND_START
ErrorControl = 1 ; SERVICE_ERROR_NORMAL
ServiceBinary = %12%\serenum.sys
LoadOrderGroup = PNP Filter
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; PCI LPT Card Install
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;; X86 ;;;;
[LptCard.NT]
CopyFiles=Common.Files.x86_11, Sys.Files.x86_12
AddReg=LptCard.AddReg,LptCard.NT.AddReg,Uninstall.AddReg
[LptCard.NT.HW]
AddReg = LptCard.NT.HW.AddReg
[LptCard.NT.Services]
AddService = PciPPorts, 0x00000002, PCIPPorts_Service_Inst, PCIPPorts_EventLog_Inst
;;;; AMD64 ;;;;
[LptCard.NTamd64]
CopyFiles=Common.Files.Amd64_11, Sys.Files.Amd64_12
AddReg=LptCard.AddReg,LptCard.NT.AddReg,Uninstall.AddReg
[LptCard.NT.HW]
AddReg = LptCard.NT.HW.AddReg
[LptCard.NTamd64.Services]
AddService = PciPPorts, 0x00000002, PCIPPorts_Service_Inst, PCIPPorts_EventLog_Inst
;;;; IA64 ;;;;
[LptCard.NTia64]
CopyFiles=Common.Files.x64_11, Sys.Files.x64_12
AddReg=LptCard.AddReg,LptCard.NT.AddReg,Uninstall.AddReg
[LptCard.NT.HW]
AddReg = LptCard.NT.HW.AddReg
[LptCard.NTia64.Services]
AddService = PciPPorts, 0x00000002, PCIPPorts_Service_Inst, PCIPPorts_EventLog_Inst
;;; Other sections
[LptCard.NT.HW.AddReg]
HKR,,CUSTNAME,0x00010000,%CustomerName%
[LptCard.AddReg]
HKR,,PortSubClass,1,00
HKR,,ECPDevice,1,01
[LptCard.NT.AddReg]
HKR,,EnumPropPages32,,PciPorts.dll,ParallelPortPropPageProvider
; -------------- Parallel Port Driver install sections
[PCIPPorts_Service_Inst]
DisplayName = %PCI.ParallelPort%
ServiceType = 1 ; SERVICE_KERNEL_DRIVER
StartType = 3 ; SERVICE_DEMAND_START (1-SERVICE_SYSTEM_START)
ErrorControl = 0 ; SERVICE_ERROR_IGNORE ;; Check
ServiceBinary = %12%\PciPPorts.sys
LoadOrderGroup = Parallel arbitrator
[PCIPPorts_EventLog_Inst]
AddReg = PCIPPorts_EventLog_AddReg
[PCIPPorts_EventLog_AddReg]
HKR,,EventMessageFile,0x00020000,%%SystemRoot%%\System32\IoLogMsg.dll;%%SystemRoot%%\System32\drivers\PciPPorts.sys
HKR,,TypesSupported,0x00010001,7
[Uninstall.AddReg]
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\PCI Multi-Io Controller\%CustomerName%,VID_PID_NAME1,0,VEN_9710&DEV_9865
[Common.Files.x86_11]
PciPorts.dll
[Sys.Files.x86_12]
PciSPorts.sys
PciPPorts.sys
PciIsaSerial.sys
[Common.Files.x64_11]
PciPorts.dll
[Sys.Files.x64_12]
PciSPorts.sys
PciPPorts.sys
PciIsaSerial.sys
[Common.Files.AMD64_11]
PciPorts.dll
[Sys.Files.AMD64_12]
PciSPorts.sys
PciPPorts.sys
PciIsaSerial.sys
; User readable strings
;----------------------------------------------------------
[Strings]
CustomerName=MOSCHIP
ProviderName=MosChip Semiconductor Technology Ltd
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UltSounds" = Windows-Soundschemas
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{11B5E957-FCF2-469D-AB66-963C38134231}" = Bluesoleil2.6.0.1 Release 070402
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{19666E73-D9E5-44D4-8F33-037ED151ECBC}" = Firebird SQL Server - MAGIX Edition
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22E4AC9C-9E05-47D5-B7EB-A9FC1D762A7B}" = Quake Live Internet Explorer Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 24
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3CD5832D-13D9-4751-8B22-3A7D3F4ACA42}" = Quake Live Mozilla Plugin
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCB2148-4793-4D7B-8269-84C0F0022422}" = HEROLD Marketing CD business 3/2006 - EINZELPLATZ-CD
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 SP1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C9A37B5-717B-4519-8CB3-0F9E01CA9E8D}" = HEROLD Marketing CD Komponenten
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}" = MagicTunePremium
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8133D88C-C6F0-4D1A-962E-C3F57D0AB117}" = ODF Add-in for Microsoft Office
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95140000-004E-0407-0000-0000000FF1CE}" = Microsoft Outlook Connector für soziale Netzerker 32-Bit
"{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA12FD6C-169A-11D7-A6A9-00C026281E5A}" = Speed-Link SL-6534 Dual Vibration Pad
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BEF696DB-9214-46FA-A71B-C2E7BF81D2A7}" = StaticTrainer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online v03.02.04.8010
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"ALchemy" = Creative ALchemy
"AnyDVD" = AnyDVD
"AudioCS" = Creative Audio-Systemsteuerung
"avast" = avast! Free Antivirus
"Bandoo" = Bandoo
"BitTorrent" = BitTorrent
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Fraps" = Fraps (remove only)
"Free Studio_is1" = Free Studio version 4.3
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 2.2
"iLivid" = iLivid
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.0 (Full)
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8 6.0.1.457 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX MP3 Maker 15 D" = MAGIX MP3 Maker 15 10.0.0.257 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"MAXCRM V7.11 Testversion_is1" = MAXCRM Trial 7.11
"MediaCoder" = MediaCoder 0.7.2.4535
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"SFBM" = SoundFont-Bank-Manager
"Smart Recorder" = Creative Smart Recorder
"SMPlayer" = SMPlayer 0.6.9
"sm-un1.u32" = TextMaker 2006 (Trial) (C:\Program Files (x86)\SoftMaker Office 2006 (Trial))
"Steam App 15120" = Tom Clancy's Rainbow Six: Vegas 2
"Steam App 20920" = The Witcher 2
"Steam App 20930" = The Witcher 2: Bonus Content
"SystemRequirementsLab" = System Requirements Lab
"Tomb Raider: Anniversary" = Tomb Raider: Anniversary 1.0
"Two Worlds II" = Two Worlds II
"UltraISO_is1" = UltraISO Premium V9.36
"Uninstall_is1" = Uninstall 1.0.0.1
"WaveStudio 7" = Creative WaveStudio 7
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.03.2011 06:59:57 | Computer Name = Michl-PC | Source = System Restore | ID = 8193
Description =
Error - 22.03.2011 07:01:24 | Computer Name = Michl-PC | Source = Windows Search Service | ID = 3083
Description =
Error - 22.03.2011 07:01:24 | Computer Name = Michl-PC | Source = Windows Search Service | ID = 3083
Description =
Error - 22.03.2011 11:33:44 | Computer Name = Michl-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 22.03.2011 11:33:44 | Computer Name = Michl-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 22.03.2011 12:07:18 | Computer Name = Michl-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 22.03.2011 12:07:18 | Computer Name = Michl-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 22.03.2011 12:07:18 | Computer Name = Michl-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 22.03.2011 12:07:18 | Computer Name = Michl-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 23.03.2011 10:39:24 | Computer Name = Michl-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
(Fehler=0x80010108).
[ OSession Events ]
Error - 05.08.2009 10:42:08 | Computer Name = Michl-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 588
seconds with 420 seconds of active time. This session ended with a crash.
Error - 27.03.2011 11:37:21 | Computer Name = Michl-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 52
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 03.06.2011 04:19:17 | Computer Name = Michl-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 03.06.2011 04:21:48 | Computer Name = Michl-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 03.06.2011 04:25:18 | Computer Name = Michl-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\System32\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 03.06.2011 04:26:12 | Computer Name = Michl-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 03.06.2011 04:26:12 | Computer Name = Michl-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 03.06.2011 04:26:12 | Computer Name = Michl-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 03.06.2011 10:55:35 | Computer Name = Michl-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 03.06.2011 10:56:25 | Computer Name = Michl-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 03.06.2011 11:03:59 | Computer Name = Michl-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 03.06.2011 11:06:46 | Computer Name = Michl-PC | Source = Service Control Manager | ID = 7030
Description =
< End of report >
|
|
04.06.2011, 16:09
| #15 |
| | Möglicherweise Trojaner? http://www.searchqu.com/406 OTL Normal Log:OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.06.2011 18:43:44 - Run 2 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Michl\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 48,80% Memory free 12,47 Gb Paging File | 10,45 Gb Available in Paging File | 83,78% Paging File free Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 178,79 Gb Total Space | 38,61 Gb Free Space | 21,59% Space Free | Partition Type: NTFS Drive D: | 119,30 Gb Total Space | 34,63 Gb Free Space | 29,03% Space Free | Partition Type: NTFS Drive E: | 340,65 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ****** | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\PROGRA~2\Bandoo\Bandoo.exe (Bandoo Media Inc.) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Common Files\MAGIX Shared\Database2\bin\FABS.exe (MAGIX AG) ========== Modules (SafeList) ========== MOD - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV:64bit: - (O&O Defrag) -- C:\Windows\SysNative\oodag.exe (O&O Software GmbH) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Bandoo Coordinator) -- C:\PROGRA~2\Bandoo\Bandoo.exe (Bandoo Media Inc.) SRV - (Akamai) -- c:\program files (x86)\common files\akamai\netsession_win_8832f4b.dll () SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe () SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe (SiSoftware) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Shared\Database2\bin\FABS.exe (MAGIX AG) SRV - (UPnPService) -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Shared\Database2\bin\fbserver.exe (MAGIX®) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\Drivers\AnyDVD.sys (SlySoft, Inc.) DRV:64bit: - (btnetBUs) -- C:\Windows\SysNative\Drivers\btnetBus.sys () DRV:64bit: - (IvtBtBUs) -- C:\Windows\SysNative\Drivers\IvtBtBus.sys (IVT Corporation.) DRV:64bit: - (BtHidBus) -- C:\Windows\SysNative\Drivers\BtHidBus.sys (IVT Corporation.) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys () DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.SYS (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.SYS (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.SYS (Creative Technology Ltd.) DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.SYS (Creative Technology Ltd.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (MagicTune) -- C:\Windows\SysNative\drivers\MTiCtwl.sys (Samsung Electronics, Inc. ) DRV:64bit: - (PciPPorts) -- C:\Windows\SysNative\DRIVERS\PciPPorts.sys () DRV:64bit: - (PciSPorts) -- C:\Windows\SysNative\DRIVERS\PciSPorts.sys () DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys (Microsoft Corporation) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (Btcsrusb) -- C:\Windows\SysNative\Drivers\btcusb.sys (IVT Corporation.) DRV:64bit: - (BlueletSCOAudio) -- C:\Windows\SysNative\DRIVERS\BlueletSCOAudio.sys (IVT Corporation.) DRV:64bit: - (BT) -- C:\Windows\SysNative\DRIVERS\btnetdrv.sys (IVT Corporation.) DRV:64bit: - (VcommMgr) -- C:\Windows\SysNative\Drivers\VcommMgr.sys (IVT Corporation.) DRV:64bit: - (VComm) -- C:\Windows\SysNative\DRIVERS\VComm.sys (IVT Corporation.) DRV:64bit: - (BlueletAudio) -- C:\Windows\SysNative\DRIVERS\blueletaudio.sys (IVT Corporation.) DRV:64bit: - (CTEDSPSY.DLL) -- C:\Windows\SysNative\CTEDSPSY.DLL (Creative Technology Ltd) DRV:64bit: - (CTEDSPIO.DLL) -- C:\Windows\SysNative\CTEDSPIO.DLL (Creative Technology Ltd) DRV:64bit: - (CTERFXFX.DLL) -- C:\Windows\SysNative\CTERFXFX.DLL (Creative Technology Ltd) DRV:64bit: - (CTEDSPFX.DLL) -- C:\Windows\SysNative\CTEDSPFX.DLL (Creative Technology Ltd) DRV:64bit: - (CTEAPSFX.DLL) -- C:\Windows\SysNative\CTEAPSFX.DLL (Creative Technology Ltd) DRV:64bit: - (CTSBLFX.DLL) -- C:\Windows\SysNative\CTSBLFX.DLL (Creative Technology Ltd) DRV:64bit: - (CTAUDFX.DLL) -- C:\Windows\SysNative\CTAUDFX.DLL (Creative Technology Ltd) DRV:64bit: - (COMMONFX.DLL) -- C:\Windows\SysNative\COMMONFX.DLL (Creative Technology Ltd) DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\Drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys (NVIDIA Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys () DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x64\sandra.sys (SiSoftware) DRV - (Btcsrusb) -- C:\Windows\SysWOW64\drivers\btcusb.sys (IVT Corporation.) DRV - (BlueletSCOAudio) -- C:\Windows\SysWOW64\drivers\BlueletSCOAudio.sys (IVT Corporation.) DRV - (BT) -- C:\Windows\SysWOW64\drivers\btnetdrv.sys (IVT Corporation.) DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys (IVT Corporation.) DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys (IVT Corporation.) DRV - (VcommMgr) -- C:\Windows\SysWOW64\drivers\VCommMgr.sys (IVT Corporation.) DRV - (VComm) -- C:\Windows\SysWOW64\drivers\VComm.sys (IVT Corporation.) DRV - (BlueletAudio) -- C:\Windows\SysWOW64\drivers\blueletaudio.sys (IVT Corporation.) DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\drivers\ElbyCDIO.sys (Elaborate Bytes AG) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011.05.31 10:45:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.09 07:20:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.16 15:28:13 | 000,000,000 | ---D | M] [2011.05.30 08:31:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michl\AppData\Roaming\mozilla\Extensions [2009.11.15 12:31:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michl\AppData\Roaming\mozilla\Extensions\MediaCoder [2010.02.04 12:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michl\AppData\Roaming\mozilla\Extensions\MediaCoder-MCEX [2009.11.15 12:35:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michl\AppData\Roaming\mozilla\Extensions\MediaCoder-Setup-Wizard [2011.05.30 21:37:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michl\AppData\Roaming\mozilla\Firefox\Profiles\wdxuh5yd.default\extensions [2010.04.27 14:56:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michl\AppData\Roaming\mozilla\Firefox\Profiles\wdxuh5yd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.05.21 18:31:59 | 000,000,000 | ---D | M] (XfireXO) -- C:\Users\Michl\AppData\Roaming\mozilla\Firefox\Profiles\wdxuh5yd.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2011.05.30 08:30:49 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Michl\AppData\Roaming\mozilla\Firefox\Profiles\wdxuh5yd.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2011.01.20 22:33:01 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Michl\AppData\Roaming\mozilla\Firefox\Profiles\wdxuh5yd.default\extensions\battlefieldheroespatcher@ea.com [2011.05.30 08:31:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.05.16 15:28:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.05.17 12:31:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.05.09 07:20:40 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.05.09 07:20:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.09 07:20:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.05.09 07:20:41 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.05.09 07:20:41 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.09 07:20:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.09 07:20:41 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.05.30 22:56:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab (Creative Software AutoUpdate Support Package 1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.58.160.194 195.58.161.122 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - File not found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll (Discordia, LTD) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll (Discordia, LTD) O20 - AppInit_DLLs: (c:\PROGRA~2\WI371A~1\Datamngr\datamngr.dll) - c:\PROGRA~2\WI371A~1\Datamngr\datamngr.dll (Discordia, LTD) O20 - AppInit_DLLs: (c:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll) - c:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll (Discordia, LTD) O20 - AppInit_DLLs: (c:\PROGRA~2\Bandoo\BndHook.dll) - c:\PROGRA~2\Bandoo\BndHook.dll (Discordia Limited) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Michl\Desktop\76341_TheWitcher2-KeyArt-02.jpg O24 - Desktop BackupWallPaper: C:\Users\Michl\Desktop\76341_TheWitcher2-KeyArt-02.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.07.23 08:13:31 | 000,000,000 | ---D | M] - E:\AutoPlay -- [ CDFS ] O32 - AutoRun File - [2010.07.19 01:50:37 | 002,834,432 | R--- | M] () - E:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2009.04.10 18:32:30 | 000,000,046 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GammaTray.exe.lnk - C:\Programme\MagicTune Premium\GammaTray.exe - () MsConfig:64bit - StartUpFolder: C:^Users^Michl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Kuma_Tray.lnk - C:\PROGRA~2\KUMAGA~1\KGSYST~1\KUMA_T~1.EXE - () MsConfig:64bit - StartUpFolder: C:^Users^Michl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^Users^Michl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk - C:\PROGRA~2\Xfire\Xfire.exe - (Xfire Inc.) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AnyDVD - hkey= - key= - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) MsConfig:64bit - StartUpReg: AudioDrvEmulator - hkey= - key= - C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.) MsConfig:64bit - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - File not found MsConfig:64bit - StartUpReg: CloneCDTray - hkey= - key= - C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) MsConfig:64bit - StartUpReg: Creative MediaSource Go - hkey= - key= - C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe (Creative Technology Ltd) MsConfig:64bit - StartUpReg: CTHelper - hkey= - key= - C:\Windows\SysWow64\CTHELPER.EXE (Creative Technology Ltd) MsConfig:64bit - StartUpReg: CTxfiHlp - hkey= - key= - C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) MsConfig:64bit - StartUpReg: DATAMNGR - hkey= - key= - C:\PROGRA~2\WI371A~1\Datamngr\DATAMN~1.EXE (Discordia, LTD) MsConfig:64bit - StartUpReg: EA Core - hkey= - key= - File not found MsConfig:64bit - StartUpReg: EPSON Stylus DX4400 Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATICAE.EXE (SEIKO EPSON CORPORATION) MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - File not found MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: MagicTuneEngine - hkey= - key= - C:\Programme\MagicTune Premium\MagicTuneLauncher.exe () MsConfig:64bit - StartUpReg: NeroFilterCheck - hkey= - key= - File not found MsConfig:64bit - StartUpReg: NVIDIA nTune - hkey= - key= - File not found MsConfig:64bit - StartUpReg: OODefragTray - hkey= - key= - C:\Windows\SysNative\oodtray.exe (O&O Software GmbH) MsConfig:64bit - StartUpReg: Pando Media Booster - hkey= - key= - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () MsConfig:64bit - StartUpReg: PC SpeedScan Pro - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Performance Center - hkey= - key= - File not found MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: RCSystem - hkey= - key= - C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.) MsConfig:64bit - StartUpReg: RGSC - hkey= - key= - C:\Program Files (x86)\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe (Take-Two Interactive Software, Inc.) MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - StartUpReg: Software Informer - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Steam - hkey= - key= - c:\program files (x86)\steam\steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) MsConfig:64bit - StartUpReg: UpdReg - hkey= - key= - C:\Windows\Updreg.EXE (Creative Technology Ltd.) MsConfig:64bit - StartUpReg: VolPanel - hkey= - key= - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) MsConfig:64bit - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.06.03 18:40:16 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Michl\Desktop\OTL.exe [2011.06.03 18:38:02 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Michl\Desktop\aswMBR.exe [2011.06.03 18:31:00 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Roaming\Malwarebytes [2011.06.03 18:30:53 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.06.03 18:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.06.03 18:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.06.03 18:30:49 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.06.03 18:30:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.06.03 18:29:30 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Michl\Desktop\mbam-setup-1.51.0.1200.exe [2011.06.03 17:09:04 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.06.03 16:56:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.06.03 16:52:33 | 004,112,250 | R--- | C] (Swearware) -- C:\Users\Michl\Desktop\ComboFix.exe [2011.05.30 23:04:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2011.05.30 23:04:21 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011.05.30 22:40:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.05.30 22:40:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.05.30 22:40:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.05.30 22:40:14 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.05.30 20:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MonitorDriver [2011.05.30 20:49:05 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Roaming\InstallShield [2011.05.30 20:12:21 | 000,023,096 | ---- | C] (Samsung Electronics, Inc. ) -- C:\Windows\SysNative\drivers\MTiCtwl.sys [2011.05.30 20:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Electronics Ltd [2011.05.30 20:11:45 | 000,000,000 | ---D | C] -- C:\Programme\MagicTune Premium [2011.05.30 20:06:43 | 000,000,000 | ---D | C] -- C:\Samsung [2011.05.30 11:54:24 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps [2011.05.30 11:45:11 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Roaming\Bandoo [2011.05.30 09:29:13 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Local\Ilivid Player [2011.05.30 08:34:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandoo [2011.05.30 08:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Bandoo [2011.05.30 08:33:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bandoo [2011.05.30 08:32:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\{EF2D8223-8F3C-423E-BFA7-5E8BEEA8A6C2} [2011.05.30 08:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid [2011.05.30 08:31:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iLivid [2011.05.30 08:30:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows iLivid Toolbar [2011.05.30 08:28:01 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Local\PackageAware [2011.05.28 07:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2011.05.28 07:14:43 | 003,040,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2011.05.28 07:14:43 | 000,061,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2011.05.28 07:14:38 | 006,289,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2011.05.28 07:14:38 | 002,560,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2011.05.28 07:14:38 | 000,794,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll [2011.05.28 07:14:38 | 000,117,864 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2011.05.28 07:14:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2011.05.28 07:07:12 | 022,286,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2011.05.28 07:07:12 | 016,456,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2011.05.28 07:07:12 | 008,865,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2011.05.28 07:07:12 | 006,555,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2011.05.28 07:07:12 | 001,427,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642090.dll [2011.05.28 07:07:12 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2011.05.28 07:07:12 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2011.05.28 07:07:11 | 018,583,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2011.05.28 07:07:11 | 015,223,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2011.05.28 07:07:11 | 013,011,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2011.05.28 07:07:11 | 011,992,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2011.05.28 07:07:11 | 007,123,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2011.05.28 07:07:11 | 005,301,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2011.05.28 07:07:11 | 002,943,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2011.05.28 07:07:11 | 002,804,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2011.05.28 07:07:11 | 002,644,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2011.05.28 07:07:11 | 002,335,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2011.05.28 07:07:11 | 002,212,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2011.05.28 07:07:11 | 002,082,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2011.05.28 07:07:11 | 001,496,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420150.dll [2011.05.28 07:07:11 | 000,012,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd [2011.05.26 17:19:05 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Local\PDF24 [2011.05.26 17:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pdf24 [2011.05.21 18:32:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XfireXO [2011.05.21 18:32:00 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Local\Conduit [2011.05.21 18:31:30 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Roaming\Xfire [2011.05.21 18:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire [2011.05.21 18:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire [2011.05.21 18:31:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xfire [2011.05.21 07:32:37 | 000,000,000 | ---D | C] -- C:\Users\Michl\Documents\3DMark 11 [2011.05.21 07:32:14 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Local\IsolatedStorage [2011.05.21 07:32:06 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Local\Futuremark_Corporation [2011.05.21 07:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark [2011.05.21 07:25:51 | 000,000,000 | ---D | C] -- C:\Programme\Futuremark [2011.05.18 21:35:16 | 000,000,000 | ---D | C] -- C:\Users\Michl\Documents\Witcher 2 [2011.05.18 21:35:16 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Local\The Witcher 2 [2011.05.17 12:33:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.05.17 12:31:24 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.05.17 12:31:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.05.17 12:31:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.05.16 15:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.05.16 15:28:13 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2011.05.15 18:28:00 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.05.15 14:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.05.15 14:41:26 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.05.15 14:41:22 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2011.05.15 14:41:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2011.05.15 14:39:45 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2011.05.15 14:39:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2011.05.11 23:47:38 | 000,071,680 | ---- | C] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll [2011.05.11 23:47:36 | 000,065,536 | ---- | C] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll [2011.05.11 11:59:16 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kuma Games [2011.05.11 11:58:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai [2011.05.11 11:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kuma Games [2009.06.04 00:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [2009.06.04 00:32:54 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.06.03 18:45:49 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6242D63D-81AE-4DB4-A58D-CF609B1522E2}.job [2011.06.03 18:40:17 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Michl\Desktop\OTL.exe [2011.06.03 18:39:22 | 000,000,512 | ---- | M] () -- C:\Users\Michl\Desktop\MBR.dat [2011.06.03 18:38:05 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Michl\Desktop\aswMBR.exe [2011.06.03 18:36:41 | 000,098,565 | ---- | M] () -- C:\Users\Michl\Desktop\Malwarebyts.jpg [2011.06.03 18:30:53 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.06.03 18:30:07 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Michl\Desktop\mbam-setup-1.51.0.1200.exe [2011.06.03 18:25:39 | 000,005,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.06.03 18:25:39 | 000,005,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.06.03 17:56:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.06.03 16:56:14 | 004,112,250 | R--- | M] (Swearware) -- C:\Users\Michl\Desktop\ComboFix.exe [2011.06.03 10:39:00 | 000,395,109 | ---- | M] () -- C:\Users\Michl\Desktop\76341_TheWitcher2-KeyArt-02.jpg [2011.06.03 10:25:52 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2011.06.03 10:25:42 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.06.03 10:25:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.06.03 10:25:27 | 4293,451,776 | -HS- | M] () -- C:\hiberfil.sys [2011.06.03 10:25:19 | 001,763,665 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2011.06.03 10:24:30 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000007-00000000-00000007-00001102-00000005-00291102}.rfx [2011.06.03 10:24:30 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000007-00000000-00000007-00001102-00000005-00291102}.rfx [2011.06.03 10:24:30 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000007-00000000-00000007-00001102-00000005-00291102}.rfx [2011.06.03 10:23:01 | 000,018,453 | ---- | M] () -- C:\Users\Michl\Desktop\Combo Fix Fehler.jpg [2011.06.02 14:27:35 | 000,104,674 | ---- | M] () -- C:\Users\Michl\Desktop\HD Auslastung.jpg [2011.06.01 13:20:40 | 000,057,344 | ---- | M] () -- C:\Users\Michl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.01 07:30:31 | 000,073,116 | ---- | M] () -- C:\Users\Michl\Desktop\AVAST Container.jpg [2011.06.01 07:20:14 | 000,000,816 | ---- | M] () -- C:\Users\Michl\Desktop\PW Logis.lnk [2011.05.31 10:45:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2011.05.30 23:26:35 | 000,054,981 | ---- | M] () -- C:\Users\Michl\Desktop\www.searchqu,com.jpg [2011.05.30 22:56:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.05.30 21:36:30 | 000,038,630 | ---- | M] () -- C:\Users\Michl\Desktop\Firefox.jpg [2011.05.30 20:49:17 | 000,001,477 | ---- | M] () -- C:\Users\Public\Desktop\Launch Monitor Driver Installer.lnk [2011.05.30 20:11:45 | 000,001,431 | ---- | M] () -- C:\Users\Public\Desktop\MagicTunePremium.lnk [2011.05.30 11:54:24 | 000,000,524 | ---- | M] () -- C:\Users\Michl\Desktop\Fraps.lnk [2011.05.30 08:31:59 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\iLivid Download Manager.lnk [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.05.29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.05.28 07:12:33 | 000,001,460 | ---- | M] () -- C:\Users\Michl\AppData\Local\d3d9caps64.dat [2011.05.28 07:12:13 | 000,001,356 | ---- | M] () -- C:\Users\Michl\AppData\Local\d3d9caps.dat [2011.05.28 07:02:53 | 000,001,100 | ---- | M] () -- C:\Users\Michl\AppData\Local\d3d8caps.dat [2011.05.27 20:48:32 | 000,051,480 | ---- | M] () -- C:\Users\Michl\Desktop\Zwischenablage02.jpg [2011.05.26 17:19:52 | 000,580,689 | ---- | M] () -- C:\Users\Michl\Desktop\Typenschein Peugeot 206.pdf [2011.05.26 17:17:52 | 000,001,707 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2011.05.26 09:42:01 | 001,598,440 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.05.26 09:42:01 | 000,685,890 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.05.26 09:42:01 | 000,643,978 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.05.26 09:42:01 | 000,150,290 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.05.26 09:42:01 | 000,123,802 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.05.25 16:55:28 | 001,524,112 | ---- | M] () -- C:\Windows\SysWow64\bandoolmx.dll [2011.05.23 18:02:19 | 000,001,788 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2011.05.23 10:55:00 | 000,408,698 | ---- | M] () -- C:\Users\Michl\Documents\UPC.pdf [2011.05.23 10:55:00 | 000,389,945 | ---- | M] () -- C:\Users\Michl\Documents\UPC3.pdf [2011.05.23 10:55:00 | 000,380,536 | ---- | M] () -- C:\Users\Michl\Documents\UPC 2.pdf [2011.05.23 09:42:40 | 000,032,613 | ---- | M] () -- C:\Users\Michl\Desktop\Tastaturbelegung Witcher 2.jpg [2011.05.23 08:25:53 | 000,000,980 | ---- | M] () -- C:\Users\Michl\Desktop\Scheidung.lnk [2011.05.21 18:31:29 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk [2011.05.21 07:25:57 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\3DMark 11.lnk [2011.05.19 20:41:18 | 000,000,221 | ---- | M] () -- C:\Users\Michl\Desktop\The Witcher 2.url [2011.05.19 19:43:25 | 004,710,557 | ---- | M] () -- C:\Users\Michl\Desktop\The Witcher 2 Manual - German.pdf [2011.05.16 15:53:04 | 000,000,129 | ---- | M] () -- C:\Users\Michl\jagex_runescape_preferences2.dat [2011.05.16 15:50:00 | 000,000,046 | ---- | M] () -- C:\Users\Michl\jagex_runescape_preferences.dat [2011.05.16 15:21:19 | 000,304,828 | ---- | M] () -- C:\Users\Michl\Desktop\Nirolift.pdf [2011.05.16 11:10:06 | 000,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.05.15 18:28:00 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.05.15 14:41:51 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.05.14 06:27:00 | 022,286,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2011.05.14 06:27:00 | 018,583,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2011.05.14 06:27:00 | 016,456,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2011.05.14 06:27:00 | 015,223,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2011.05.14 06:27:00 | 013,011,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2011.05.14 06:27:00 | 011,992,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2011.05.14 06:27:00 | 008,865,896 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2011.05.14 06:27:00 | 007,123,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2011.05.14 06:27:00 | 006,555,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2011.05.14 06:27:00 | 006,289,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2011.05.14 06:27:00 | 005,301,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2011.05.14 06:27:00 | 003,040,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2011.05.14 06:27:00 | 002,943,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2011.05.14 06:27:00 | 002,804,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2011.05.14 06:27:00 | 002,644,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2011.05.14 06:27:00 | 002,560,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2011.05.14 06:27:00 | 002,335,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2011.05.14 06:27:00 | 002,212,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2011.05.14 06:27:00 | 002,082,408 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2011.05.14 06:27:00 | 001,496,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420150.dll [2011.05.14 06:27:00 | 001,427,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642090.dll [2011.05.14 06:27:00 | 000,794,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll [2011.05.14 06:27:00 | 000,117,864 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2011.05.14 06:27:00 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2011.05.14 06:27:00 | 000,061,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2011.05.14 06:27:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2011.05.14 06:27:00 | 000,012,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd [2011.05.14 06:27:00 | 000,007,384 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2011.05.11 23:47:38 | 000,071,680 | ---- | M] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll [2011.05.11 23:47:36 | 000,065,536 | ---- | M] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll [2011.05.11 11:59:16 | 000,001,718 | ---- | M] () -- C:\Users\Michl\Desktop\Kuma Games.lnk [2011.05.10 14:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2011.05.10 14:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2011.05.10 14:10:44 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2011.05.10 14:04:08 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2011.05.10 14:04:07 | 000,287,576 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2011.05.10 14:02:41 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2011.05.10 13:59:59 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys [2011.05.10 13:59:48 | 000,064,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2011.05.10 13:59:37 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.06.03 18:39:22 | 000,000,512 | ---- | C] () -- C:\Users\Michl\Desktop\MBR.dat [2011.06.03 18:36:41 | 000,098,565 | ---- | C] () -- C:\Users\Michl\Desktop\Malwarebyts.jpg [2011.06.03 18:30:53 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.06.03 10:38:11 | 000,395,109 | ---- | C] () -- C:\Users\Michl\Desktop\76341_TheWitcher2-KeyArt-02.jpg [2011.06.03 10:23:01 | 000,018,453 | ---- | C] () -- C:\Users\Michl\Desktop\Combo Fix Fehler.jpg [2011.06.02 14:27:34 | 000,104,674 | ---- | C] () -- C:\Users\Michl\Desktop\HD Auslastung.jpg [2011.06.01 07:30:31 | 000,073,116 | ---- | C] () -- C:\Users\Michl\Desktop\AVAST Container.jpg [2011.05.30 23:26:35 | 000,054,981 | ---- | C] () -- C:\Users\Michl\Desktop\www.searchqu,com.jpg [2011.05.30 22:40:27 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.05.30 22:40:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011.05.30 22:40:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.05.30 22:40:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.05.30 22:40:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.05.30 21:36:30 | 000,038,630 | ---- | C] () -- C:\Users\Michl\Desktop\Firefox.jpg [2011.05.30 20:49:17 | 000,001,477 | ---- | C] () -- C:\Users\Public\Desktop\Launch Monitor Driver Installer.lnk [2011.05.30 20:11:45 | 000,001,431 | ---- | C] () -- C:\Users\Public\Desktop\MagicTunePremium.lnk [2011.05.30 11:54:24 | 000,000,524 | ---- | C] () -- C:\Users\Michl\Desktop\Fraps.lnk [2011.05.30 08:33:57 | 001,524,112 | ---- | C] () -- C:\Windows\SysWow64\bandoolmx.dll [2011.05.30 08:31:59 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\iLivid Download Manager.lnk [2011.05.28 07:21:35 | 4293,451,776 | -HS- | C] () -- C:\hiberfil.sys [2011.05.28 07:07:11 | 000,007,384 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2011.05.27 20:48:32 | 000,051,480 | ---- | C] () -- C:\Users\Michl\Desktop\Zwischenablage02.jpg [2011.05.26 17:19:51 | 000,580,689 | ---- | C] () -- C:\Users\Michl\Desktop\Typenschein Peugeot 206.pdf [2011.05.26 17:17:52 | 000,001,707 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2011.05.23 10:55:00 | 000,408,698 | ---- | C] () -- C:\Users\Michl\Documents\UPC.pdf [2011.05.23 10:55:00 | 000,389,945 | ---- | C] () -- C:\Users\Michl\Documents\UPC3.pdf [2011.05.23 10:55:00 | 000,380,536 | ---- | C] () -- C:\Users\Michl\Documents\UPC 2.pdf [2011.05.23 09:42:40 | 000,032,613 | ---- | C] () -- C:\Users\Michl\Desktop\Tastaturbelegung Witcher 2.jpg [2011.05.21 18:31:29 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk [2011.05.21 07:25:57 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\3DMark 11.lnk [2011.05.19 20:41:18 | 000,000,221 | ---- | C] () -- C:\Users\Michl\Desktop\The Witcher 2.url [2011.05.19 19:43:25 | 004,710,557 | ---- | C] () -- C:\Users\Michl\Desktop\The Witcher 2 Manual - German.pdf [2011.05.16 15:21:18 | 000,304,828 | ---- | C] () -- C:\Users\Michl\Desktop\Nirolift.pdf [2011.05.15 14:41:51 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.05.11 11:59:16 | 000,001,718 | ---- | C] () -- C:\Users\Michl\Desktop\Kuma Games.lnk [2011.05.09 07:20:43 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.04.17 21:57:54 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2011.01.24 13:32:41 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI [2010.12.02 18:32:06 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010.09.08 15:39:07 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2010.09.04 15:58:30 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2010.09.04 15:58:30 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2010.09.04 15:58:24 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini [2010.06.28 14:31:28 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2010.06.28 11:49:09 | 000,000,091 | ---- | C] () -- C:\Windows\BsMobileModel.ini [2010.06.28 11:32:23 | 000,002,114 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI [2010.06.28 11:31:11 | 000,000,128 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI [2010.06.28 11:28:16 | 000,006,532 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI [2010.06.28 11:28:16 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI [2010.06.27 21:11:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI [2010.04.20 18:22:44 | 000,000,047 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.02.18 14:27:38 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2010.01.07 19:09:25 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\StrStorage.dll [2009.12.14 13:30:17 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.10.25 11:44:56 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2009.10.25 11:40:31 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini [2009.10.03 19:40:42 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys [2009.10.01 11:19:32 | 000,000,093 | ---- | C] () -- C:\Users\Michl\AppData\Local\fusioncache.dat [2009.09.21 22:03:47 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.09.16 15:59:37 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.09.07 17:01:45 | 001,562,452 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.08.25 16:04:29 | 000,001,086 | ---- | C] () -- C:\Users\Michl\AppData\Local\F1C3C386.il [2009.08.25 16:04:29 | 000,000,280 | ---- | C] () -- C:\Users\Michl\AppData\Local\IndexIE_F1C3C386.il [2009.08.22 10:44:18 | 000,038,423 | ---- | C] () -- C:\Users\Michl\AppData\Roaming\Kommagetrennte Werte (DOS).ADR [2009.08.13 09:27:24 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2009.08.13 09:26:18 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.08.11 17:19:36 | 010,452,992 | ---- | C] () -- C:\ProgramData\sandra.mda [2009.08.10 21:26:41 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2009.08.10 21:26:20 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2009.08.10 21:26:19 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2009.08.07 13:36:18 | 000,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI [2009.08.01 11:24:06 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.08.01 11:23:59 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.08.01 11:23:48 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009.08.01 11:23:48 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2009.07.31 23:41:11 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2009.07.31 23:41:11 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2009.07.31 23:41:11 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009.07.31 23:41:11 | 000,168,448 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2009.07.31 23:41:11 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2009.07.31 23:41:10 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2009.07.31 23:23:24 | 000,313,207 | ---- | C] () -- C:\Windows\SysWow64\ctstatic.dat [2009.07.31 23:23:24 | 000,053,932 | ---- | C] () -- C:\Windows\SysWow64\ctdaught.dat [2009.07.31 23:23:24 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBURST.DLL [2009.07.31 23:22:09 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL [2009.07.31 23:20:53 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2009.07.31 23:20:53 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2009.07.31 19:45:20 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2009.07.31 18:55:58 | 000,001,100 | ---- | C] () -- C:\Users\Michl\AppData\Local\d3d8caps.dat [2009.07.31 18:55:52 | 000,001,356 | ---- | C] () -- C:\Users\Michl\AppData\Local\d3d9caps.dat [2009.07.31 18:51:34 | 000,057,344 | ---- | C] () -- C:\Users\Michl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.07.31 18:50:10 | 000,001,460 | ---- | C] () -- C:\Users\Michl\AppData\Local\d3d9caps64.dat [2009.06.04 02:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2009.06.04 01:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2009.06.04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2009.06.04 00:40:44 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat [2009.06.04 00:40:44 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat [2009.06.04 00:33:04 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe [2009.05.27 09:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini [2007.03.05 09:09:04 | 000,037,888 | ---- | C] () -- C:\Windows\SysWow64\PSCONV.EXE [2006.11.02 17:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.10.09 15:29:22 | 000,032,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\BTNetFilter.sys [2005.10.04 17:28:12 | 000,071,680 | ---- | C] () -- C:\Windows\SysWow64\CTMMACTL.DLL ========== LOP Check ========== [2011.03.19 18:07:28 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\.minecraft [2011.05.30 11:45:11 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\Bandoo [2011.03.03 11:17:34 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\BitTorrent [2009.11.15 12:13:27 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\Broad Intelligence [2011.01.11 18:36:36 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\Canneverbe Limited [2009.08.20 08:41:47 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\EPSON [2009.08.05 18:42:30 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\GrabPro [2010.12.30 17:13:27 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\gtk-2.0 [2009.10.01 11:19:34 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\HEROLD Business Data [2009.09.14 16:20:19 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\IrfanView [2011.02.23 20:32:19 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\Kalypso Media [2010.08.15 17:41:13 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\MAGIX [2010.09.26 11:59:53 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\Need for Speed World [2009.11.15 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\OpenCandy [2009.08.07 11:08:34 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\Orbit [2009.12.12 18:46:35 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\ProtectDisc [2011.02.16 11:19:38 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\RIFT [2010.11.15 20:51:56 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\runic games [2011.02.13 11:42:08 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\SAMSUNG [2009.09.09 22:13:16 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\SecondLife [2009.11.06 12:07:51 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\SoftMaker [2010.04.23 18:41:13 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\TS3Client [2011.03.07 13:06:16 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\Ubisoft [2011.06.03 10:24:09 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.06.03 18:45:49 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6242D63D-81AE-4DB4-A58D-CF609B1522E2}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.02.12 19:51:31 | 000,000,000 | ---D | M] -- C:\.jagex_cache_32 [2009.07.31 19:55:55 | 000,000,000 | ---D | M] -- C:\557cdd409ec7b42b452f72cc3bfa [2009.08.01 11:36:50 | 000,000,000 | ---D | M] -- C:\Boot [2009.11.01 09:43:31 | 000,000,000 | ---D | M] -- C:\CloneDVDTemp [2010.03.05 14:15:10 | 000,000,000 | ---D | M] -- C:\CoreTemp [2009.08.06 18:33:27 | 000,000,000 | ---D | M] -- C:\CrashReport [2006.11.02 17:41:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.07.31 18:48:22 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.03.02 15:48:27 | 000,000,000 | ---D | M] -- C:\dosprogs [2011.02.25 19:00:28 | 000,000,000 | ---D | M] -- C:\downloads [2010.07.25 22:19:28 | 000,000,000 | ---D | M] -- C:\DS2Temp [2011.06.01 13:22:05 | 000,000,000 | ---D | M] -- C:\Fraps [2011.05.16 11:19:55 | 000,000,000 | ---D | M] -- C:\Install [2009.08.01 11:51:47 | 000,000,000 | R--D | M] -- C:\MSOCache [2011.02.27 20:11:26 | 000,000,000 | ---D | M] -- C:\My Music [2009.08.10 13:49:06 | 000,000,000 | ---D | M] -- C:\NV5003056.TMP [2010.09.04 16:31:16 | 000,000,000 | ---D | M] -- C:\NVIDIA [2011.05.16 11:18:45 | 000,000,000 | ---D | M] -- C:\Patches [2009.08.01 17:38:07 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.05.16 11:21:14 | 000,000,000 | ---D | M] -- C:\Pics [2011.05.30 20:11:45 | 000,000,000 | R--D | M] -- C:\Programme [2011.06.03 18:30:49 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.06.03 18:30:52 | 000,000,000 | ---D | M] -- C:\ProgramData [2009.07.31 18:48:22 | 000,000,000 | -HSD | M] -- C:\Programme [2011.03.10 21:22:42 | 000,000,000 | ---D | M] -- C:\PWRD [2011.06.03 17:09:05 | 000,000,000 | ---D | M] -- C:\Qoobox [2011.05.30 20:08:14 | 000,000,000 | ---D | M] -- C:\Samsung [2011.06.03 18:44:51 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.05.28 07:15:31 | 000,000,000 | R--D | M] -- C:\Users [2011.05.16 11:21:12 | 000,000,000 | ---D | M] -- C:\Vids [2011.05.16 11:21:13 | 000,000,000 | ---D | M] -- C:\VISTA Buch [2009.12.23 18:20:43 | 000,000,000 | ---D | M] -- C:\VivoxLogs [2011.06.03 17:09:04 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %PROGRAMFILES%\*. > [2011.03.08 10:48:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe [2009.08.08 13:19:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update [2010.09.04 15:58:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ASUS [2011.05.30 08:34:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bandoo [2011.05.15 14:39:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour [2011.05.24 06:56:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CDBurnerXP [2011.06.03 17:04:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files [2011.05.16 11:15:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative [2011.01.24 15:40:39 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Creative Installation Information [2011.03.02 16:10:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DOSBox-0.74 [2010.09.08 15:40:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DVDVideoSoft [2011.01.20 22:33:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EA Games [2010.12.10 21:04:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Elaborate Bytes [2010.04.20 09:54:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Electronic Arts [2009.08.19 18:07:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\epson [2009.08.07 15:40:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GIMP-2.0 [2011.02.22 14:58:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google [2009.10.01 11:11:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HEROLD [2009.08.02 08:22:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Huawei technologies [2011.05.30 08:33:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iLivid [2011.05.30 20:49:15 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information [2011.04.18 20:11:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer [2009.09.13 15:20:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iPhone-Konfigurationsprogramm [2009.09.14 16:20:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IrfanView [2011.05.15 14:41:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes [2010.06.27 21:09:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IVT Corporation [2011.05.17 12:31:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java [2009.07.31 23:43:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\K-Lite Codec Pack [2011.05.24 10:51:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Kuma Games [2009.08.13 09:30:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MAGIX [2011.06.03 18:30:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.05.20 08:25:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MAXCRM-Trial [2009.11.15 12:39:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MediaCoder [2009.08.29 09:23:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft [2009.08.29 09:24:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games [2010.04.24 11:09:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2010.12.12 22:22:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office [2011.04.23 11:25:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight [2009.08.01 11:54:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio [2009.10.01 11:12:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio .NET 2003 [2009.08.01 11:52:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2009.08.14 21:34:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works [2010.07.25 08:57:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET [2011.05.30 20:49:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MonitorDriver [2011.05.09 07:20:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox [2009.08.01 11:54:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild [2010.12.12 22:21:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSECache [2009.08.14 19:35:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0 [2009.10.25 11:38:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nero [2011.05.28 07:15:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation [2009.08.11 19:50:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA nTune Performance Application [2009.07.31 23:22:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenAL [2009.08.25 19:41:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenXML-ODF Translator [2010.11.05 18:53:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pando Networks [2011.05.26 17:17:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\pdf24 [2010.12.11 21:08:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime [2006.11.02 17:06:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies [2011.02.13 11:42:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Samsung [2009.08.22 09:04:39 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype [2009.09.16 15:58:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SlySoft [2010.06.26 09:56:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SMPlayer [2009.08.25 17:17:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SoftMaker Office 2006 (Trial) [2010.07.16 13:17:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Software Informer [2011.06.03 10:52:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam [2011.01.25 15:34:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\StefansFreedive [2009.09.10 16:19:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SystemRequirementsLab [2011.05.30 23:04:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Trend Micro [2011.02.15 23:27:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\UltraISO [2006.11.02 17:33:57 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information [2010.04.20 09:47:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\USB Vibration Joystick [2009.08.01 11:33:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Calendar [2009.07.31 20:08:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender [2011.05.30 08:31:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows iLivid Toolbar [2010.12.16 14:05:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail [2010.10.20 18:36:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player [2006.11.02 17:06:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT [2009.08.01 11:33:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Gallery [2009.11.01 11:49:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices [2009.08.01 11:33:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar [2009.08.01 11:42:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinRAR [2011.05.21 18:31:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Xfire [2011.05.21 18:32:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\XfireXO < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2006.11.02 13:15:52 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=5D768BEB711FF67ADC8FAD4E2F6ABB02 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_ab9c809a352ecf21\explorer.exe [2009.04.11 00:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\ERDNT\cache86\explorer.exe [2009.04.11 00:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe [2009.04.11 00:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe [2008.01.19 00:00:16 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_b5f12aec698f911c\explorer.exe [2008.01.18 23:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe < MD5 for: REGEDIT.EXE > [2006.11.02 13:16:04 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=272D4789B7BAAEDDE73E85A380A670DD -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_4e168eec974b06f9\regedit.exe [2008.01.19 00:00:32 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.18 23:33:26 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe [2008.01.18 23:33:26 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe [2008.01.19 00:00:32 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\ERDNT\cache86\regedit.exe [2008.01.19 00:00:32 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe [2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_586b393ecbabc8f4\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe [2006.11.02 13:16:15 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=46D5B6B80E4A5997F508F938F96B7628 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_3610939d8d22586d\userinit.exe [2008.01.19 00:00:42 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe [2008.01.19 00:00:42 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe [2008.01.19 00:00:42 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WININIT.EXE > [2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache86\wininit.exe [2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe [2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2008.01.19 00:00:46 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\ERDNT\cache64\wininit.exe [2008.01.19 00:00:46 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe [2008.01.19 00:00:46 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe [2006.11.02 13:16:20 | 000,122,368 | ---- | M] (Microsoft Corporation) MD5=6F92CE5B50283B0C0A7A539ED552039A -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_8ada9256bfc30704\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\ERDNT\cache64\winlogon.exe [2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe [2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008.01.19 00:00:46 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 13:16:20 | 000,397,312 | ---- | M] (Microsoft Corporation) MD5=9642EED809219A2F914DD8E40A09C48B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_c9aada9e9063dc57\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 512 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > |
|
| Themen zu Möglicherweise Trojaner? http://www.searchqu.com/406 |
| antivirus, avast, combofix, converter, defender, desktop, fehler, firefox, firfoxfehler, helper, hijack, hijackthis, http://www.searchqu.com/406, ilivid, internet, internet explorer, logfile, mozilla, nvidia update, port, problem, scan, searchplugins, software, studio, svchost.exe, system, syswow64, trojaner, trojaner?, updates, windows |
Textbox.
Linear-Darstellung
