Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Plötzliche Computer Abstürze (https://www.trojaner-board.de/103638-ploetzliche-computer-abstuerze.html)

Prayer 23.09.2011 20:29
Plötzliche Computer Abstürze
 
Hallo,

seit etwas über einer Woche stürzt mein PC oft unerwartet ab (Bildschirm wird schwarz, PC startet neu). Zuerst geschah es alle 2 Tage einmal, aber jetzt ca zwei mal am Tag. Es kommt vorher zu keiner Fehlermeldung oder Ähnlichem. Es passiert häufig, wenn ich Videos, z.B. Youtube, anschaue, aber es kann auch passieren, wenn ich nichts mache. Ich habe alle Temperaturen gemessen, aber die sind normal. Möglicherweise liegt das Problem an einer fehlerhaften Software, was ich aber nicht allein herausfinden kann.
Da ich diese HiJackThis Log Datei nicht in den Anhang bekomme, poste ich ihn mal so:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:59:37, on 23.09.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Enrico 3\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Enrico 3\Desktop\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\20101005145302\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
R3 - URLSearchHook: (no name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\20101005145302\ICQToolBar.dll
O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: Dropbox.lnk = C:\Users\Enrico 3\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: devolo Network Service (DevoloNetworkService) - Unknown owner - C:\Program Files\devolo\dlan\devolonetsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - Unknown owner - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (file missing)
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10525 bytes

Ein anderes Programm habe ich im Moment nicht.
Falls dieser Code nicht reicht bitte Bescheid geben, welches Programm ich ausführen soll.

Danke
Prayer

cosinus 24.09.2011 12:12
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Prayer 24.09.2011 19:57
So, ich habe nun Beide Überprüfungen durchgeführt.

Die Logdatei von Malwarebytes:

Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7789

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

24.09.2011 17:12:18
mbam-log-2011-09-24 (17-12-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 716643
Laufzeit: 2 Stunde(n), 49 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows.old\Users\Enrico\AppData\Roaming\desktopicon\ebayshortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
c:\Users\Enrico 3\AppData\Local\Temp\0.7084353136966887.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

Die Logdatei von ESET:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=1062db770283a449a543d83b9714bb70
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-24 06:49:47
# local_time=2011-09-24 08:49:47 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 437803 91774508 242163 0
# compatibility_mode=5892 16776573 100 100 685 154410672 0 0
# compatibility_mode=8192 67108863 100 0 198 198 0 0
# scanned=504952
# found=4
# cleaned=0
# scan_time=12243
C:\Program Files\Unlocker\eBay_shortcuts_1016.exe        Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Enrico 3\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\6dfa412f-2a59c9e0        multiple threats (unable to clean)        00000000000000000000000000000000        I
C:\Windows.old\Program Files\MySearch\bar\1.bin\S4BAR.DLL        Win32/Toolbar.MyWebSearch application (unable to clean)        00000000000000000000000000000000        I
C:\Windows.old\Program Files\MySearch\bar\1.bin\S4PLUGIN.DLL        a variant of Win32/Toolbar.MyWebSearch application (unable to clean)        00000000000000000000000000000000        I

cosinus 24.09.2011 20:35
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Prayer 24.09.2011 21:53
Hier der Inhalt aus OTL.txt:

OTL Logfile:
Code:
OTL logfile created on: 24.09.2011 22:28:06 - Run 1
OTL by OldTimer - Version 3.2.29.1    Folder = C:\Users\Enrico 3\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,65% Memory free
6,20 Gb Paging File | 4,83 Gb Available in Paging File | 77,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 132,89 Gb Free Space | 29,81% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 11,41 Gb Free Space | 57,08% Space Free | Partition Type: FAT32
Drive E: | 6,60 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ENRICO-PC | User Name: Enrico 3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.24 22:27:03 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Enrico 3\Desktop\OTL.exe
PRC - [2011.09.02 02:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Enrico 3\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.06.30 12:40:03 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.21 06:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.05.21 06:01:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.04.28 15:20:36 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.01 17:17:37 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.07.19 20:57:32 | 002,231,616 | ---- | M] () -- C:\Programme\devolo\dlan\devolonetsvc.exe
PRC - [2010.06.07 12:15:42 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2010.04.16 09:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.12.09 14:44:20 | 000,713,032 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009.12.09 14:42:14 | 001,044,808 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009.09.05 18:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.10.25 12:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.05.07 16:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.21 04:23:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.14 23:27:04 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4117485024b0f652b9fbb66ff5025896\System.Management.ni.dll
MOD - [2011.09.14 23:24:46 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011.09.14 23:24:39 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011.07.18 23:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll
MOD - [2010.06.07 12:15:42 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2009.12.12 16:12:03 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.05.02 06:15:37 | 000,010,240 | ---- | M] () -- C:\Programme\Unlocker\UnlockerCOM.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (StarWindServiceAE)
SRV - File not found [Auto | Stopped] --  -- (StarWindService)
SRV - [2011.09.16 19:03:42 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.06.30 12:40:03 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.04.28 15:20:36 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.10.16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.07.19 20:57:32 | 002,231,616 | ---- | M] () [Auto | Running] -- C:\Programme\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService)
SRV - [2010.04.16 09:18:34 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.12.09 23:57:13 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.12.09 14:42:14 | 001,044,808 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009.12.09 14:38:30 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.25 03:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.06.30 12:40:04 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.30 12:40:04 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.03.18 18:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2010.07.01 14:21:14 | 000,034,896 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2010.06.10 14:32:14 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2009.12.19 18:55:42 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.12.15 20:33:16 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.12.15 20:32:54 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.10.14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.09.10 09:50:11 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009.05.11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.07.24 02:17:00 | 000,437,760 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\arusb_lh.sys -- (arusb_lh)
DRV - [2008.02.06 17:13:00 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007.11.21 12:35:06 | 000,569,344 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.04.03 10:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2005.02.11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\20101005145302\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC EC AA BB A5 9A CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\20101005145302\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "XfireXO Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2431245&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.6.0.15
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.09.22 20:54:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.18 12:37:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.20 15:16:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.23 22:58:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2010.08.28 17:38:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{685D6A1A-A1FC-42C1-AA78-BB08CEB5079C}: C:\Users\Enrico 3\AppData\Local\{685D6A1A-A1FC-42C1-AA78-BB08CEB5079C} [2011.06.01 20:28:51 | 000,000,000 | ---D | M]
 
[2010.02.21 01:07:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Enrico 3\AppData\Roaming\mozilla\Extensions
[2011.01.22 17:13:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions
[2010.05.01 18:48:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.16 23:38:19 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.05.13 20:24:54 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011.01.22 17:13:26 | 000,000,000 | ---D | M] (NCH Toolbar) -- C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
[2010.04.22 15:02:38 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.01.22 17:12:41 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\ffxtlbr@Facemoods.com
[2010.04.21 12:06:36 | 000,000,917 | ---- | M] () -- C:\Users\Enrico 3\AppData\Roaming\Mozilla\Firefox\Profiles\lx33bz2r.default\searchplugins\conduit.xml
[2011.08.16 14:35:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.08.15 23:18:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.08.16 14:35:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.11.09 21:23:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.10.04 20:32:50 | 000,001,779 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\clipfish.xml
[2009.10.04 20:32:50 | 000,001,013 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\conrad.xml
[2009.10.04 20:32:51 | 000,002,487 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\discount24.xml
[2009.11.09 21:23:13 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.28 18:14:06 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
[2009.11.09 21:23:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.10.04 20:32:51 | 000,001,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\musicload.xml
[2009.10.04 20:32:51 | 000,002,120 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\myvideo.xml
[2009.10.04 20:32:51 | 000,002,023 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\otto.xml
[2009.10.04 20:32:51 | 000,000,758 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\quelle.xml
[2009.10.04 20:32:51 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\telefonbuch-de.xml
[2009.11.09 21:23:13 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.11.09 21:23:13 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
[2009.10.04 20:32:51 | 000,005,375 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yodl.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\20101005145302\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com)
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Enrico 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Enrico 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Enrico 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Enrico 3\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FB5F040-1C97-486C-8E53-280B1FD7594A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF655F1F-5413-48B4-89C3-0BB5C845C66B}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Enrico 3\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Enrico 3\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.06.12 04:27:33 | 000,000,140 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{30ff0ba7-8a82-11de-b60f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{30ff0ba7-8a82-11de-b60f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup\rsrc\AUTORUN.EXE -- [2007.03.23 01:57:09 | 000,051,336 | R--- | M] ()
O33 - MountPoints2\{30ff0ba7-8a82-11de-b60f-806e6f6e6963}\Shell\dinstall\command - "" = E:\DirectX\DXSETUP.exe -- [2007.06.01 05:23:56 | 000,503,144 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{f8ec7caf-748b-11df-b1dc-b9424135f8cf}\Shell - "" = Autorun
O33 - MountPoints2\{f8ec7caf-748b-11df-b1dc-b9424135f8cf}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-6-0-18-100007512-100013288-100025538-2270.com d:\
O33 - MountPoints2\{f8ec7caf-748b-11df-b1dc-b9424135f8cf}\Shell\Open\command - "" = RECYCLER\S-6-0-18-100007512-100013288-100025538-2270.com d:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0A96B02B-509B-83F6-D49D-2CDC405897AC} - Browser Customizations
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.IV41 - C:\Windows\System32\ir41_32.dll (Intel Corporation)
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.24 22:27:02 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Enrico 3\Desktop\OTL.exe
[2011.09.24 17:22:26 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.09.24 14:20:04 | 000,000,000 | ---D | C] -- C:\Users\Enrico 3\AppData\Roaming\Malwarebytes
[2011.09.24 14:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.24 14:19:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.24 14:19:49 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.09.24 14:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.09.24 13:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011.09.23 17:45:45 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Enrico 3\Desktop\HiJackThis204.exe
[2011.09.23 14:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.09.23 14:54:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011.09.23 14:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2011.09.22 19:28:25 | 000,000,000 | ---D | C] -- C:\Users\Enrico 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2011.09.22 19:28:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2011.09.22 19:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2011.09.20 15:51:10 | 000,000,000 | ---D | C] -- C:\Users\Enrico 3\AppData\Roaming\XMedia Recode
[2011.09.20 15:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
[2011.09.20 15:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\XMedia Recode
[2011.09.17 23:20:12 | 000,000,000 | ---D | C] -- C:\Users\Enrico 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011.09.17 17:35:50 | 000,000,000 | ---D | C] -- C:\Users\Enrico 3\Downloads\Documents\LOLReplay
[2011.09.17 17:35:50 | 000,000,000 | ---D | C] -- C:\Program Files\LOLReplay
[2011.09.15 22:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011.09.14 18:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
[2011.09.14 18:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\SamsungPrinterLiveUpdate
[2011.09.14 18:33:29 | 000,000,000 | ---D | C] -- C:\Windows\Samsung
[2011.09.14 18:32:01 | 000,151,552 | ---- | C] (SS) -- C:\Windows\System32\sst3cci.exe
[2011.09.14 18:32:01 | 000,065,536 | ---- | C] (SS) -- C:\Windows\System32\sst3cci.dll
[2011.09.14 18:31:56 | 000,081,920 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssdevm.dll
[2011.09.14 18:31:56 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssusbpn.dll
[2011.09.14 18:30:53 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2011.09.14 18:13:08 | 000,005,120 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\drivers\SSPORT.SYS
[2011.09.13 14:59:17 | 000,000,000 | ---D | C] -- C:\Users\Enrico 3\.thumbnails
[2011.09.11 14:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011.09.09 17:05:45 | 000,000,000 | ---D | C] -- C:\12c63f91399ac2689c1024
[2011.09.09 16:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NIBObee Library
[2011.09.09 16:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\NIBObeeLib
[2011.09.05 20:10:46 | 000,000,000 | R--D | C] -- C:\Users\Enrico 3\Documents
[2011.09.05 16:44:52 | 000,000,000 | R--D | C] -- C:\Users\Enrico 3\Dropbox
[2011.09.05 16:42:13 | 000,000,000 | ---D | C] -- C:\Users\Enrico 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011.09.05 16:41:44 | 000,000,000 | ---D | C] -- C:\Users\Enrico 3\AppData\Roaming\Dropbox
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.24 22:31:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{922948E4-51CB-426B-9169-4462F3F7F7B1}.job
[2011.09.24 22:27:03 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Enrico 3\Desktop\OTL.exe
[2011.09.24 22:24:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.24 21:14:19 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.24 21:14:19 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.24 17:24:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.24 17:14:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.24 17:14:16 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.24 16:26:44 | 000,044,544 | ---- | M] () -- C:\Users\Enrico 3\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.23 19:17:47 | 000,002,287 | ---- | M] () -- C:\Users\Enrico 3\Desktop\Steam.lnk
[2011.09.23 17:45:45 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Enrico 3\Desktop\HiJackThis204.exe
[2011.09.22 23:46:24 | 000,651,140 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.22 23:46:24 | 000,613,628 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.22 23:46:24 | 000,136,524 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.22 23:46:24 | 000,111,556 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.22 22:52:11 | 057,207,894 | ---- | M] () -- C:\Users\Enrico 3\Desktop\Gankvideo.wmv
[2011.09.22 19:28:25 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2011.09.22 17:00:15 | 000,001,690 | ---- | M] () -- C:\Users\Enrico 3\Desktop\LOL Recorder.lnk
[2011.09.19 22:02:07 | 000,140,496 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.09.19 22:01:58 | 000,280,736 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.09.19 22:00:45 | 000,280,768 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2011.09.17 23:20:12 | 000,000,764 | ---- | M] () -- C:\Users\Enrico 3\Desktop\Fraps.lnk
[2011.09.17 16:36:05 | 000,142,652 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011.09.16 19:02:09 | 000,000,213 | ---- | M] () -- C:\Users\Enrico 3\Desktop\Portal.url
[2011.09.09 17:05:45 | 000,000,000 | -H-- | M] () -- C:\Windows\wusa.lock
[2011.09.09 16:57:50 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2011.09.09 16:53:35 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011.09.05 16:44:52 | 000,000,948 | ---- | M] () -- C:\Users\Enrico 3\Desktop\Dropbox.lnk
[2011.09.05 16:42:29 | 000,000,928 | ---- | M] () -- C:\Users\Enrico 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.24 13:32:09 | 000,000,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011.09.24 13:00:43 | 000,000,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 5.lnk
[2011.09.22 22:50:33 | 057,207,894 | ---- | C] () -- C:\Users\Enrico 3\Desktop\Gankvideo.wmv
[2011.09.22 19:27:50 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2011.09.17 23:20:12 | 000,000,764 | ---- | C] () -- C:\Users\Enrico 3\Desktop\Fraps.lnk
[2011.09.17 17:35:51 | 000,001,702 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk
[2011.09.17 17:35:51 | 000,001,690 | ---- | C] () -- C:\Users\Enrico 3\Desktop\LOL Recorder.lnk
[2011.09.17 16:36:05 | 000,142,652 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.09.16 19:02:09 | 000,000,213 | ---- | C] () -- C:\Users\Enrico 3\Desktop\Portal.url
[2011.09.14 18:33:36 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.09.14 18:32:16 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll
[2011.09.14 18:32:16 | 000,000,361 | ---- | C] () -- C:\Windows\System32\sst3cl3.smt
[2011.09.14 18:31:20 | 001,884,837 | ---- | C] () -- C:\Windows\sst3cLTR.prn
[2011.09.14 18:31:20 | 001,884,837 | ---- | C] () -- C:\Windows\sst3cA4.prn
[2011.09.09 17:03:49 | 000,000,000 | -H-- | C] () -- C:\Windows\wusa.lock
[2011.09.09 16:57:50 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2011.09.09 16:53:35 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011.09.09 16:53:13 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2011.09.05 16:44:52 | 000,000,948 | ---- | C] () -- C:\Users\Enrico 3\Desktop\Dropbox.lnk
[2011.09.05 16:42:29 | 000,000,928 | ---- | C] () -- C:\Users\Enrico 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.06.01 20:28:53 | 000,000,000 | ---- | C] () -- C:\Users\Enrico 3\AppData\Local\Ypakoboxagijoba.bin
[2011.06.01 20:28:52 | 000,000,120 | ---- | C] () -- C:\Users\Enrico 3\AppData\Local\Hjihu.dat
[2010.09.20 17:16:37 | 000,860,211 | --S- | C] () -- C:\Windows\System32\XSIFtk-3.6.2.1.dll
[2010.09.03 20:56:04 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010.08.12 14:38:28 | 000,000,000 | ---- | C] () -- C:\Users\Enrico 3\AppData\Roaming\wklnhst.dat
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010.03.20 19:24:26 | 000,138,056 | ---- | C] () -- C:\Users\Enrico 3\AppData\Roaming\PnkBstrK.sys
[2010.03.20 19:24:05 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.02.11 21:34:21 | 000,000,680 | ---- | C] () -- C:\Users\Enrico 3\AppData\Local\d3d9caps.dat
[2010.01.28 15:28:23 | 000,000,188 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.12.28 16:00:31 | 000,044,544 | ---- | C] () -- C:\Users\Enrico 3\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.23 23:26:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.15 20:33:16 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.12.15 20:32:54 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.12.15 19:27:05 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.12.15 19:27:05 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2009.10.23 19:55:49 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009.10.05 14:04:13 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2009.10.03 17:45:21 | 000,001,015 | ---- | C] () -- C:\Windows\eReg.dat
[2009.10.01 16:47:21 | 000,000,414 | ---- | C] () -- C:\Windows\p40768.ini
[2009.09.24 13:16:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.24 13:16:53 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.18 22:41:39 | 000,103,024 | ---- | C] () -- C:\Windows\Unwise.exe
[2009.08.29 01:27:38 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.08.28 23:56:42 | 000,140,496 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.08.28 23:56:23 | 000,280,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.08.28 23:56:21 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009.08.28 23:56:20 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009.08.28 22:37:46 | 000,000,028 | R--- | C] () -- C:\Windows\System32\drivers\VERSION.DAT
[2008.08.18 19:16:08 | 001,634,304 | ---- | C] () -- C:\Windows\System32\myodbc5S.dll
[2008.08.18 19:16:08 | 001,495,040 | ---- | C] () -- C:\Windows\System32\myodbc-installer.exe
[2008.01.21 09:15:58 | 000,651,140 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,136,524 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,409,128 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,613,628 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,111,556 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2010.02.02 16:40:40 | 000,000,000 | -HSD | M] -- C:\Users\Enrico 3\AppData\Roaming\.#
[2010.01.04 11:52:47 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Atari
[2010.10.04 20:59:36 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Ceofb
[2011.09.24 17:16:05 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Dropbox
[2010.10.20 13:57:43 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Dupiw
[2011.04.27 20:15:24 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\ICQ
[2010.10.05 17:55:17 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\LolClient
[2011.01.30 18:02:07 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Need for Speed World
[2011.08.17 17:55:31 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Notepad++
[2009.12.29 15:23:21 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\OpenOffice.org
[2010.07.18 23:54:24 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Opera
[2010.08.28 17:41:36 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Screaming Bee
[2011.01.06 23:40:20 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Sony
[2011.09.24 13:32:30 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\TeamViewer
[2010.08.05 00:58:52 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Teeworlds
[2010.08.12 14:38:29 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Template
[2011.08.08 13:06:33 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Thunderbird
[2011.08.05 00:40:21 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\TS3Client
[2009.12.28 15:58:19 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\TuneUp Software
[2011.01.08 18:48:00 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Ulvup
[2011.09.20 15:51:10 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\XMedia Recode
[2011.09.24 17:13:14 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.09.24 22:31:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{922948E4-51CB-426B-9169-4462F3F7F7B1}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.02.02 16:40:40 | 000,000,000 | -HSD | M] -- C:\Users\Enrico 3\AppData\Roaming\.#
[2011.08.19 17:44:09 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Adobe
[2010.01.04 11:52:47 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Atari
[2010.11.30 16:02:38 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Avira
[2010.10.04 20:59:36 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Ceofb
[2011.09.24 17:16:05 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Dropbox
[2010.10.20 13:57:43 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Dupiw
[2010.05.18 14:44:09 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Google
[2011.04.27 20:15:24 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\ICQ
[2009.12.28 15:56:39 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Identities
[2010.10.05 17:55:17 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\LolClient
[2009.09.28 15:42:59 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Macromedia
[2011.09.24 14:20:04 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Media Center Programs
[2011.08.26 17:43:42 | 000,000,000 | --SD | M] -- C:\Users\Enrico 3\AppData\Roaming\Microsoft
[2010.02.21 01:07:59 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Mozilla
[2011.01.22 17:12:31 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\NCH Software
[2011.01.30 18:02:07 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Need for Speed World
[2011.08.17 17:55:31 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Notepad++
[2009.12.29 15:23:21 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\OpenOffice.org
[2010.07.18 23:54:24 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Opera
[2010.08.28 17:41:36 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Screaming Bee
[2010.04.18 13:01:17 | 000,000,000 | RH-D | M] -- C:\Users\Enrico 3\AppData\Roaming\SecuROM
[2011.09.24 22:28:04 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Skype
[2011.06.19 14:20:50 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\skypePM
[2011.01.06 23:40:20 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Sony
[2010.04.17 18:18:24 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\teamspeak2
[2011.09.24 13:32:30 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\TeamViewer
[2010.08.05 00:58:52 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Teeworlds
[2010.08.12 14:38:29 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Template
[2011.08.08 13:06:33 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Thunderbird
[2011.08.05 00:40:21 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\TS3Client
[2009.12.28 15:58:19 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\TuneUp Software
[2011.01.08 18:48:00 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Ulvup
[2011.08.20 00:02:34 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\vlc
[2010.12.31 20:38:56 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Winamp
[2010.01.04 14:26:46 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\WinRAR
[2011.02.04 22:30:35 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\Xfire
[2011.09.20 15:51:10 | 000,000,000 | ---D | M] -- C:\Users\Enrico 3\AppData\Roaming\XMedia Recode
 
< %APPDATA%\*.exe /s >
[2011.09.02 02:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Enrico 3\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.09.02 02:42:12 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\Enrico 3\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2010.12.10 15:39:46 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Enrico 3\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Windows.old\Program Files\HomeCinema\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2007.09.29 23:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Windows.old\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows.old\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows.old\Windows\System32\drivers\iaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\System32\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\System32\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows.old\Windows\System32\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.12.19 18:55:42 | 000,722,416 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 04:24:47 | 000,403,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<          >

< End of report >
--- --- ---

Prayer 24.09.2011 21:57
Hier der Inhalt aus Extras.txt:

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 24.09.2011 22:28:07 - Run 1
OTL by OldTimer - Version 3.2.29.1    Folder = C:\Users\Enrico 3\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,65% Memory free
6,20 Gb Paging File | 4,83 Gb Available in Paging File | 77,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 132,89 Gb Free Space | 29,81% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 11,41 Gb Free Space | 57,08% Space Free | Partition Type: FAT32
Drive E: | 6,60 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ENRICO-PC | User Name: Enrico 3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AFC282-CC79-49C7-87F6-3E8D7FB47EA2}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0995260B-1EEF-40CE-8816-2AB54ED62708}" = lport=6923 | protocol=6 | dir=in | name=league of legends launcher |
"{0CAA5E06-D81C-47A1-8E93-C6B74BD9EA5B}" = lport=6895 | protocol=17 | dir=in | name=league of legends launcher |
"{0E6A523B-8488-4FB6-B0AC-65D29BAA223D}" = lport=6898 | protocol=6 | dir=in | name=league of legends launcher |
"{13478A58-88EA-4F24-A1A5-5275ECE9A768}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1A40B464-0998-4AF3-A7B6-A7A12E0D4BE1}" = lport=6898 | protocol=17 | dir=in | name=league of legends launcher |
"{2128E556-EF1E-40D9-82E7-314FD50F04EF}" = lport=6957 | protocol=17 | dir=in | name=league of legends launcher |
"{24D3A1E3-0EE4-4EF6-AE77-2D544A3AA4AE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{270C8916-E51D-4684-AD00-C3C01A480961}" = lport=6982 | protocol=6 | dir=in | name=league of legends launcher |
"{27DE7F43-D78B-484D-9FD5-6347C63CD10F}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{2DC9B7C7-B632-4D77-AEFD-E676A3770F24}" = lport=6986 | protocol=17 | dir=in | name=league of legends launcher |
"{2F499335-CDEA-434E-BC03-EC6626103A1A}" = lport=6955 | protocol=17 | dir=in | name=league of legends launcher |
"{2FEE7515-A2F7-4E63-8A69-5B44B105B884}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{31E50C42-F452-49C3-96AB-D4F4EF8A2DF8}" = lport=6924 | protocol=17 | dir=in | name=league of legends launcher |
"{382E8A54-F000-4BBC-AD75-9FADFCA15771}" = lport=6946 | protocol=17 | dir=in | name=league of legends launcher |
"{3A2EB1DD-E952-47AA-89EE-AAB241EB384A}" = lport=6918 | protocol=17 | dir=in | name=league of legends launcher |
"{3D6F6240-1430-4573-899C-B4768B63BFDB}" = lport=6946 | protocol=6 | dir=in | name=league of legends launcher |
"{4C866D57-48B8-49E7-AE7A-88048EAE152E}" = lport=6924 | protocol=6 | dir=in | name=league of legends launcher |
"{538BB1CE-0433-43C2-BBF5-F9077A283F0C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{539679A7-5E3D-4F8B-B653-43DF3969E29B}" = lport=6895 | protocol=6 | dir=in | name=league of legends launcher |
"{561AC0E9-6ECB-4A7C-A299-8E96F7A449AE}" = lport=6907 | protocol=17 | dir=in | name=league of legends launcher |
"{56FAEAA0-75B1-4397-B5EF-EA47CDEAC9A9}" = lport=6949 | protocol=6 | dir=in | name=league of legends launcher |
"{5A728434-8836-4AF2-9550-9CF121CA3041}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5B74CF8D-A1CC-49A1-A714-3B487D4D574D}" = rport=2869 | protocol=6 | dir=out | app=system |
"{5E05C68B-7698-4BC6-B012-9C834A7D13FB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6255C6FD-B1AC-4C7F-96B7-06A075241728}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{69FD6A94-8861-4641-83B9-972E7FFA5AB9}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{6C55EF6C-FA80-4EBC-9F2F-19A1B7F79130}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{6DEEA5FF-4CFA-457E-9157-748050CEBD0F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{7120014E-73B3-46A4-AD2D-11C868CF5E5E}" = lport=6923 | protocol=17 | dir=in | name=league of legends launcher |
"{723253A2-CAF1-4F9D-83A6-9CC57F2AB439}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{7C5F3864-A9E8-4651-9323-21D1AEAC13AE}" = lport=6910 | protocol=6 | dir=in | name=league of legends launcher |
"{80C66E5A-9E56-452A-83FB-598026D096BB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{88007140-534D-460F-912F-6980DC20521D}" = lport=6955 | protocol=6 | dir=in | name=league of legends launcher |
"{899C0DB0-680A-4793-9DFF-EE00AE85272A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8A2908F4-2F8C-4DEB-9284-ED957570EB13}" = lport=6953 | protocol=17 | dir=in | name=league of legends launcher |
"{91D49212-4826-439C-9C9D-A3AC02628CCC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{97668B86-DF1D-4235-8D6A-121E99474152}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\dlan\devolonetsvc.exe |
"{97B2DB2E-6E08-4B9B-97E0-43FDBF7305AF}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher |
"{9884607F-848A-49CA-8ADA-18BD6F1F1802}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9FC4B1B2-DC3D-4DA2-AD58-3FBA8219282E}" = lport=6953 | protocol=6 | dir=in | name=league of legends launcher |
"{A2BCEA80-EE38-4C1A-AC5F-EC6CCC53C43F}" = lport=6918 | protocol=6 | dir=in | name=league of legends launcher |
"{A4C520EE-EEEE-43D5-B72B-94C4CBC42515}" = lport=6907 | protocol=6 | dir=in | name=league of legends launcher |
"{AE536DD6-634B-47D0-B4B6-8A5C701C4130}" = lport=6949 | protocol=17 | dir=in | name=league of legends launcher |
"{AEA887FD-AE74-453B-9978-ED9C843D3185}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AF92440A-4C68-4CF3-95A4-097E57D45688}" = lport=6937 | protocol=17 | dir=in | name=league of legends launcher |
"{C1832F6B-4ED9-44AB-93D2-67B25396C636}" = lport=6957 | protocol=6 | dir=in | name=league of legends launcher |
"{C3803751-CF71-4E43-BB4F-6B73B2D14676}" = lport=6927 | protocol=17 | dir=in | name=league of legends launcher |
"{CFE53466-0F4C-4444-83D2-E34EAE048833}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D3836D8D-BD36-406E-AA61-D7FAB6310B04}" = lport=6927 | protocol=6 | dir=in | name=league of legends launcher |
"{D3B782A7-7C9F-4B36-BEAB-35F657C25B42}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DA092DBD-BC33-4055-A044-AC2454AD6EA1}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\dlan\devolonetsvc.exe |
"{DE046D34-3E4E-4E8F-9A0B-90C392B671EA}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{E2987020-5229-44B3-8AD8-4B4D597A5313}" = lport=6986 | protocol=6 | dir=in | name=league of legends launcher |
"{F0971191-305C-4F4C-A87E-7FFB83F2EA2F}" = lport=6910 | protocol=17 | dir=in | name=league of legends launcher |
"{F2B30F81-C29A-4BB8-A861-CA85B563F779}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher |
"{F3D3F725-D5FF-4D0F-B34C-34B295C46AEF}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FC363F07-97C8-45A9-95A0-A40AC6AE41CA}" = lport=6937 | protocol=6 | dir=in | name=league of legends launcher |
"{FE43BB52-9A84-4671-B7BD-239733620528}" = lport=6982 | protocol=17 | dir=in | name=league of legends launcher |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01635996-2FC8-4BAF-BF5E-21DB975A0818}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{03914905-5739-4AEC-91E9-1139D5EB9173}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{08CC7351-592D-4549-8F30-40C184B1F769}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\r.u.s.e. beta\ruse.exe |
"{091E962A-D7B1-4F70-81DE-F90BB4A83FED}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{0A71D6C3-1E6C-4EC5-A9F7-895305F76450}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0C9BEFC5-95A6-4A68-8A02-415716773295}" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"{0DA33FA2-4327-4A0D-B51F-4588F09CF331}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft-ptr\world of warcraft public test\launcher.patch.exe |
"{0DCB0642-D9B9-40EF-A358-6E2110C5BB3B}" = protocol=6 | dir=in | app=i:\world of warcraft\launcher.exe |
"{16F4D309-6C5E-4DD5-9491-6365BCDC6BAB}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{1E941F6C-9737-485A-82A1-4E91CCA6834D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1F994CF5-ACE7-482F-B547-0FDF69E43340}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{26BAB76E-06ED-4346-A125-0F0FC9839DB1}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{3226DBA9-020F-40DE-BA28-33B86E11018F}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{37098539-BC06-43E3-AD46-73660B9C6A91}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{3A4E606B-52E8-4549-87A4-DF3AB68131DE}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{3C2A6A34-BAF9-4665-A328-41AAFAC7887F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3EC37BE5-1063-4337-8769-2CDC839D16D8}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{40121B74-4F00-43BF-A9B9-C6DB66C3A94A}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft-ptr\world of warcraft public test\launcher.exe |
"{40BED1FF-2EBB-4874-9DF8-9F5D3CE98BF0}" = protocol=17 | dir=in | app=c:\users\enrico 3\appdata\roaming\dropbox\bin\dropbox.exe |
"{40E86903-3764-411D-ACAF-FD526B75DBB2}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{415AB648-C11B-4E44-B89D-E0841DA00B0C}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{468B875E-B001-425C-96B0-C056B134495F}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{47090170-F885-423F-80AC-971425ED79C2}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4C3066E5-84AE-440F-9122-4C75F57CB3FC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{4C4D048E-50DA-45E5-936C-24C81F010856}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{58EB2127-A1EB-4913-B5AA-215F8F43E837}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{59AFE3A0-C329-4B4E-BEBD-53121593AE05}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{66C1A9A5-D964-47D8-96A0-F3393C664215}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{677F1421-282B-40AB-A333-01A23CFC0EAD}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{67D6DCE5-A7B7-4F6D-B474-AE8F901BAAF2}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{7E2010F0-1ECB-4F69-BA5C-E3C70C9C2DF3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7E2A15FE-F281-4E29-8D12-47C2F77BFF62}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{826BB7E8-0374-4ECD-BE03-E83B72A6DEAE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88607D01-5550-41F6-AC8A-6CB8577744B4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{8B7620E2-1C5F-4492-9BF9-A911CF09F1C1}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{8BA77058-221B-47FA-AAB6-8CB3EF9D29A1}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{8CA4EBB8-2150-4FB3-A0E1-243C038473A3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{8E5EFCEF-8DBF-4620-B559-DA1A2979ACFE}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{8E716751-C9B6-4E22-9ED0-63BFB2BB8809}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{97897B9A-FE26-4168-BFFB-DB1D9AA96329}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{9792F139-FE80-49F7-B440-A96AA73E6A43}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{9D7044B4-51E5-48F2-B03C-5B8880DF2F7A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\r.u.s.e. beta\ruse.exe |
"{9F75F9BA-D6A9-44D1-A366-C5E6AC43BF23}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{A5483852-CF2B-4A69-AD0D-B0C4F9696D62}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{A7DDE616-6532-42FF-BF1F-5C9B7227308F}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{AD9833F7-DAB5-49F8-B45E-F9F0EFCAE44B}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{AE7A9363-27CF-4AF5-A8EB-0AFFD516C0EE}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{AEE09AFF-5006-4FA1-93CF-3000D5CBCFC9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B2687D7E-EB9E-4713-917B-4C3AC95D642A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{B2824631-C6B9-40AB-8428-3ECC1C26928B}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{B3F8A234-DD06-4432-A855-2BFA3E52A495}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{B4A494D1-AD8F-4EA6-BFE0-6A5BAE5A8DC7}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B4EB7964-3952-4EE9-BA88-484A20C36C39}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{B8AF47B5-C4EA-4559-A951-AB8F55933F52}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft cataclysm\world of warcraft\launcher.patch.exe |
"{B8DAEA01-7886-47A0-9B82-B486E5E16029}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C63D294C-0614-475D-AC42-CAEF4E39D584}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{C6AD3E47-B919-4AE8-9E76-882BD4D1EC38}" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"{CB8EB55B-14C9-44F8-B778-5CA37CC01B78}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{CE75656E-4FA0-4764-9048-5951B78025DF}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft-ptr\world of warcraft public test\launcher.exe |
"{DAA658EB-99EF-42CB-926F-7CC1D6D8030A}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{DB27831B-E771-4146-8D30-030E4B0ED5D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DF8E86D7-64DD-494F-9DF9-ECA4E1AC98CF}" = protocol=6 | dir=in | app=c:\users\enrico 3\appdata\roaming\dropbox\bin\dropbox.exe |
"{E0A04A93-547B-4254-90C9-EB946D479E16}" = protocol=17 | dir=in | app=i:\world of warcraft\launcher.exe |
"{E1BC25B0-061E-4B3E-A3E0-141B69E8578E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{E28B5207-B334-4915-9BBA-8D2368FF56A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E3F02603-DF58-43D6-8041-112B88E9943E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{E76FB006-C775-4701-ADBF-493BA07F4676}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft cataclysm\world of warcraft\launcher.patch.exe |
"{E859A683-B10A-40A5-BED5-63F1D020B6E5}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{E8744373-E7EA-42DF-9767-3E94E65B87C3}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{EB1BFB39-3525-4B38-A7D2-6514B1F85A2D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe |
"{EBB5ECF4-2803-4ED0-AA20-1D3AA7338F58}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{ECEADC68-292C-44A9-85AC-FBDD88B2DAF4}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{EE4474EB-492E-4613-81A4-13F5F38CDF0A}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{EFFEE0FA-686B-447C-B23E-2E15BA3DC923}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft-ptr\world of warcraft public test\launcher.patch.exe |
"{F555D62E-D033-47FB-B235-35235E3BDE08}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F73C2B10-63E3-4B4F-943A-15975C18C968}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{F779F079-7B48-4E26-B584-5BB50F1EDCA2}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{042F2D76-86BD-4085-A0C8-96720335E0FB}C:\windows.old\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\windows.old\program files\tmnationsforever\tmforever.exe |
"TCP Query User{0C02593F-A276-4628-B15F-4DD328BA85B1}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe |
"TCP Query User{0E99F862-BB6E-4694-94A0-D35C8EC69EF6}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{1C239DEC-A3E5-44E7-8685-0744C6E50C8E}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{203638CA-BCF2-49EA-BF4B-D2C2009DC6FF}C:\program files\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"TCP Query User{23E79A9D-56C5-445B-AD8E-3BFD04C9925B}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{2567443C-6F40-4711-B4E5-CC250968B9C7}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"TCP Query User{2991FDBA-9A78-4E8B-A181-8FBA4FCC15E2}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"TCP Query User{31FCA75B-CF8D-4048-820F-7E8AACEE30D5}C:\program files\steam\steamapps\common\r.u.s.e. beta\ruse.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\r.u.s.e. beta\ruse.exe |
"TCP Query User{36927B97-45F5-43A9-8CA3-E7CB68FC12ED}C:\program files\ea games\command & conquer generäle stunde null\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer generäle stunde null\game.dat |
"TCP Query User{3B78E397-37BC-4802-A110-8D09075D2B8B}C:\users\public\games\world of warcraft-ptr\world of warcraft public test\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft-ptr\world of warcraft public test\backgrounddownloader.exe |
"TCP Query User{3CB9AA84-D112-456D-8137-BC78E7C13BA6}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{3D186A1E-BF37-4C1B-BEBF-2BA9F9888ECD}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{465DDC41-92AE-4488-A8E0-1379D1476C32}C:\program files\novo's easy wow server\0.3.9\worldserver.exe" = protocol=6 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\worldserver.exe |
"TCP Query User{590DF1FC-246B-4D9E-8530-1BB326618A78}C:\program files\atv mudracer\atv.exe" = protocol=6 | dir=in | app=c:\program files\atv mudracer\atv.exe |
"TCP Query User{6254DC93-D24A-4C4F-AAEB-2D64A8DE5672}C:\users\public\games\world of warcraft-ptr\ptr-installer-de_de.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft-ptr\ptr-installer-de_de.exe |
"TCP Query User{6B9DBAD1-4685-44F4-B54A-6C76B3CD3926}C:\program files\novo's easy wow server\0.3.9\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"TCP Query User{6E7C3054-5595-458A-8EAF-99D80EF8A6D6}C:\program files\microsoft games\fs2002\fs2002.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\fs2002\fs2002.exe |
"TCP Query User{76DBEECD-40AE-43E4-9722-7FC0FE3EF525}C:\program files\steam\steamapps\slipknot555_666\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\slipknot555_666\team fortress 2\hl2.exe |
"TCP Query User{7932AC92-D53B-437E-9021-D487E070BB01}C:\users\public\games\world of warcraft cataclysm\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft cataclysm\world of warcraft\backgrounddownloader.exe |
"TCP Query User{7968E7DB-DE01-4B5C-8050-28AC13B12A74}C:\program files\novo's easy wow server\0.3.9\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=6 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\udrive\usr\local\apache2\bin\apache_16.exe |
"TCP Query User{7CCF1F44-4A2A-498C-92C2-581F47BF1C83}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{803603E6-A229-4A83-996A-0137F44C26B8}C:\users\enrico 3\downloads\spiele\teeworlds-0.5.1-win32\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\enrico 3\downloads\spiele\teeworlds-0.5.1-win32\teeworlds_srv.exe |
"TCP Query User{8930F97E-A2DA-4128-9F45-F50965D5A11E}C:\program files\novo's easy wow server\0.3.9\logonserver.exe" = protocol=6 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\logonserver.exe |
"TCP Query User{90FD593F-32DE-4688-8518-FA2E9FF0FF12}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{91D799E0-5C12-4F9B-9FE8-99A405C0D439}C:\users\enrico 3\downloads\spiele\age of empires 2\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\enrico 3\downloads\spiele\age of empires 2\age of empires ii\empires2.exe |
"TCP Query User{931FC0FC-99CA-4B1F-93A6-5678D4EC139C}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{9DCFF2A2-1DD3-4611-A149-CC2FDC5D2A25}C:\program files\novo's easy wow server\0.3.9\worldserver.exe" = protocol=6 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\worldserver.exe |
"TCP Query User{AAE5A97D-B31B-4088-AA66-FFF9D43DA315}C:\users\public\games\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe |
"TCP Query User{B2721BD7-B17B-41DC-BFB1-5408950700CB}C:\program files\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files\lolreplay\lolreplay.exe |
"TCP Query User{B7308EA9-CED2-426D-9B9E-BFE2896EFF5E}C:\users\enrico 3\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\enrico 3\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{BBB4031A-1F64-4D7B-AB60-2FF9AC53D2D4}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{BD0D9072-2425-4C2C-A7A8-1BE89DE6FD9F}C:\users\public\games\world of warcraft cataclysm\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft cataclysm\world of warcraft\launcher.exe |
"TCP Query User{BD63224E-EABF-4087-8BF3-1E9363786327}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{C103BB82-EBAE-4DED-B430-ECDCF876585D}C:\users\enrico 3\downloads\spiele\age of empires 2\age of empires ii\aoe20a_crk.exe" = protocol=6 | dir=in | app=c:\users\enrico 3\downloads\spiele\age of empires 2\age of empires ii\aoe20a_crk.exe |
"TCP Query User{C10B3F2B-5E3B-45A2-A493-A32B63BD1F81}C:\program files\novo's easy wow server\0.3.9\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"TCP Query User{C9787E1B-C7CC-4306-B72E-0498D984D279}C:\users\enrico\appdata\local\virtualstore\program files\ea games\command & conquer generäle stunde null\game.dat" = protocol=6 | dir=in | app=c:\users\enrico\appdata\local\virtualstore\program files\ea games\command & conquer generäle stunde null\game.dat |
"TCP Query User{C9B6415F-271B-4173-B086-3F0F664D3920}C:\windows.old\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\windows.old\program files\tmnationsforever\tmforever.exe |
"TCP Query User{D281CCEE-4FDF-44FF-9C11-CFEBDC6F2B05}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{D813B877-E2FB-4950-BBFD-58F82AA7D90F}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe |
"TCP Query User{DEAC7F97-F70C-48C0-9BE2-913B41783DE8}C:\program files\novo's easy wow server\0.3.9\logonserver.exe" = protocol=6 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\logonserver.exe |
"TCP Query User{E425CE35-2D71-489D-A09B-5BC8545AB347}C:\users\public\games\world of warcraft cataclysm\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft cataclysm\world of warcraft\launcher.exe |
"TCP Query User{E445DD59-3003-4F03-9673-DC233FF06230}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{E8FC376B-1A33-40FE-9272-981E892B47A5}C:\users\public\games\world of warcraft cataclysm\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft cataclysm\world of warcraft\backgrounddownloader.exe |
"TCP Query User{E92D6543-7223-405A-BA8A-768721B9D11F}C:\program files\ea games\command & conquer generäle stunde null\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer generäle stunde null\game.dat |
"TCP Query User{F6420B07-5DE9-479D-82A1-3F423FA7EA2E}C:\program files\novo's easy wow server\0.3.9\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=6 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\udrive\usr\local\apache2\bin\apache_16.exe |
"UDP Query User{133294DE-33A2-4764-BA0B-C256217D68F7}C:\program files\novo's easy wow server\0.3.9\logonserver.exe" = protocol=17 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\logonserver.exe |
"UDP Query User{2B47E073-B6DB-495F-946A-729591BBD8CB}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{2D6D322A-1841-4BD6-BC06-BEA6878AC36A}C:\users\public\games\world of warcraft cataclysm\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft cataclysm\world of warcraft\launcher.exe |
"UDP Query User{33B28A3F-A94F-4B98-A2D0-7C98FB8BEDBE}C:\users\public\games\world of warcraft-ptr\ptr-installer-de_de.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft-ptr\ptr-installer-de_de.exe |
"UDP Query User{3AAC4E83-0328-4E5E-9811-69D14396B6F7}C:\users\enrico 3\downloads\spiele\age of empires 2\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\enrico 3\downloads\spiele\age of empires 2\age of empires ii\empires2.exe |
"UDP Query User{3CEF77FA-C1F4-4D5C-84AF-05F30BFB73C9}C:\program files\novo's easy wow server\0.3.9\worldserver.exe" = protocol=17 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\worldserver.exe |
"UDP Query User{478AA833-001D-4273-B5E4-15B1859C93BA}C:\users\enrico 3\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\enrico 3\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{48867DE7-6119-46C9-9037-34A8AA0070A9}C:\program files\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files\lolreplay\lolreplay.exe |
"UDP Query User{48B851C8-6D66-4E80-88D9-98EEAB5B013C}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{4EB1F9E6-339F-4F1E-B50A-2FAD2E4044EF}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{4EC26F5E-37C8-45B7-93DD-69665A2348BC}C:\program files\ea games\command & conquer generäle stunde null\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer generäle stunde null\game.dat |
"UDP Query User{5A0821ED-D550-413C-818B-836A636F6BDF}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe |
"UDP Query User{5C321EC7-B4AA-4630-AFF0-BACC20DB5316}C:\program files\microsoft games\fs2002\fs2002.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\fs2002\fs2002.exe |
"UDP Query User{646B5C41-7A2B-419C-BE3B-291113C8A8F4}C:\program files\novo's easy wow server\0.3.9\logonserver.exe" = protocol=17 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\logonserver.exe |
"UDP Query User{72187953-0B45-457F-92A9-B3E2E4765994}C:\program files\atv mudracer\atv.exe" = protocol=17 | dir=in | app=c:\program files\atv mudracer\atv.exe |
"UDP Query User{79FC75AF-9A2A-479A-83EE-2A3BD9277716}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"UDP Query User{7AA31B6F-D286-4309-B500-7E06B784FE86}C:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe |
"UDP Query User{7EAD8CC3-FFFE-4EAC-9FAD-DDA3FFB0BBED}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{7ED2B1AB-B3D3-4D9C-AFBC-E377238B97B1}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{83617943-0475-42D0-BC5A-AB9F79AAE431}C:\program files\novo's easy wow server\0.3.9\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"UDP Query User{8E5B2813-A332-4081-8CBC-F8737D555090}C:\program files\steam\steamapps\slipknot555_666\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\slipknot555_666\team fortress 2\hl2.exe |
"UDP Query User{937C3882-DDC2-4632-B169-B90D3CC3C4FC}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{94FCBBC1-7F42-4E5E-86EA-F09E4F15B6FD}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{97932A0E-9BD6-4775-8C3A-875FAE6D09B5}C:\users\public\games\world of warcraft-ptr\world of warcraft public test\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft-ptr\world of warcraft public test\backgrounddownloader.exe |
"UDP Query User{9A37676C-9DD8-49C5-A543-3F230665F03D}C:\users\public\games\world of warcraft cataclysm\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft cataclysm\world of warcraft\launcher.exe |
"UDP Query User{A1416C37-CFD8-4F55-9141-05A5764E4BB7}C:\windows.old\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\windows.old\program files\tmnationsforever\tmforever.exe |
"UDP Query User{A6EF2C06-05CE-449B-94B8-C8B35D63FCD9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{A777D189-A009-4201-9800-C153F468F233}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{B9E6F16D-8C95-4A06-BCF7-801D562F7459}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{BB82F3DC-29F1-474C-BD6A-18546C56D728}C:\program files\novo's easy wow server\0.3.9\worldserver.exe" = protocol=17 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\worldserver.exe |
"UDP Query User{BC68B32E-AC27-4BD9-ADEB-DC3961679398}C:\users\public\games\world of warcraft cataclysm\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft cataclysm\world of warcraft\backgrounddownloader.exe |
"UDP Query User{BDCD144C-D0F7-49B0-A826-9DEEC0A75104}C:\program files\novo's easy wow server\0.3.9\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=17 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\udrive\usr\local\apache2\bin\apache_16.exe |
"UDP Query User{CB915346-53D6-410E-855C-211B0B94BB0B}C:\users\enrico 3\downloads\spiele\teeworlds-0.5.1-win32\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\enrico 3\downloads\spiele\teeworlds-0.5.1-win32\teeworlds_srv.exe |
"UDP Query User{D2976CCE-A16B-42B0-8220-26A1DE0F3AB8}C:\users\enrico\appdata\local\virtualstore\program files\ea games\command & conquer generäle stunde null\game.dat" = protocol=17 | dir=in | app=c:\users\enrico\appdata\local\virtualstore\program files\ea games\command & conquer generäle stunde null\game.dat |
"UDP Query User{DA3DC77D-7155-4209-9406-A5DE3234556D}C:\program files\steam\steamapps\common\r.u.s.e. beta\ruse.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\r.u.s.e. beta\ruse.exe |
"UDP Query User{DA43637A-5E4A-4887-AD50-06B7DDA992BD}C:\program files\novo's easy wow server\0.3.9\udrive\usr\local\apache2\bin\apache_16.exe" = protocol=17 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\udrive\usr\local\apache2\bin\apache_16.exe |
"UDP Query User{DB9CF187-6C08-4CA3-9484-8C60E31683C0}C:\windows.old\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\windows.old\program files\tmnationsforever\tmforever.exe |
"UDP Query User{DD64A615-1ADB-4675-AFC1-03A15D414841}C:\program files\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"UDP Query User{EA8410B2-F68A-4B7F-8236-93861950B0D4}C:\program files\ea games\command & conquer generäle stunde null\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer generäle stunde null\game.dat |
"UDP Query User{EAD352F0-D289-4AF6-B65F-3D4D984CEEF4}C:\program files\novo's easy wow server\0.3.9\udrive\usr\local\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=c:\program files\novo's easy wow server\0.3.9\udrive\usr\local\mysql\bin\mysqld-opt.exe |
"UDP Query User{EBA9E3E3-38F4-43EB-950E-8C9E9FA59301}C:\users\enrico 3\downloads\spiele\age of empires 2\age of empires ii\aoe20a_crk.exe" = protocol=17 | dir=in | app=c:\users\enrico 3\downloads\spiele\age of empires 2\age of empires ii\aoe20a_crk.exe |
"UDP Query User{EC45B306-9F22-44F0-99EE-1DF0AA072CDD}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe |
"UDP Query User{F12B719C-BD59-4AE6-931E-3E9380DD34A4}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{F162B1E3-45A3-49FE-84FE-1DF71C3FF69C}C:\users\public\games\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe |
"UDP Query User{F7F11C46-1618-45CB-B8F4-1D37A8B99395}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{FA8205AF-B41B-43BE-84E6-39C05C9F75A5}C:\users\public\games\world of warcraft cataclysm\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft cataclysm\world of warcraft\backgrounddownloader.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"!? Minitracks - TmNations Add-On" = !? Minitracks - TmNations Add-On
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 26
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink Wireless LAN
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{32A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java(TM) SE Development Kit 6 Update 21
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53480880-18E0-4097-A460-F22DD3AC6D70}" = O&O DiskRecovery
"{5BEBBA7E-9856-45C0-982C-CD5221C202EA}" = Fahrschule 2008
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62175CAB-909A-44B5-AA9F-98F111A87F6A}" = Eisenbahn.exe professionell
"{6AF3D486-C45C-472F-A5C1-99C7A4C18127}" = BROCKHAUS DIE ENZYKLOPÄDIE
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{704DCF9E-07D3-4C6C-BBD6-E19DA700A37B}" = NIBObee Library 1.4
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BD0D8F8-A13C-48D2-B201-4AD29A48AF34}" = Google SketchUp 7
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7FD8D3A3-6625-4092-AF79-D216090DB960}_is1" = TechForce
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{990036E7-D647-45A4-8F7F-1CB277EF0ABD}" = RollerCoaster Tycoon 3 Demo
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7172F1-66F1-603F-7E54-35EBB9F6E2EC}" = dLAN Cockpit
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"ATV Mudracer" = ATV Mudracer
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Comanche 4" = Comanche 4
"conduitEngine" = Conduit Engine
"dlancockpit" = devolo dLAN Cockpit
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"facemoods" = facemoods
"FarmingSimulator2009DE_is1" = Landwirtschafts-Simulator 2009
"Flight Simulator 8.0" = Microsoft Flight Simulator 2002
"Fraps" = Fraps (remove only)
"FreePDF_XP" = FreePDF (Remove only)
"giants_editor_4.1.2_is1" = GIANTS Editor 4.1.2
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"HyperCam 2" = HyperCam 2
"ICQToolbar" = ICQ Toolbar
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"IPIX ActiveX Viewer" = IPIX ActiveX Viewer
"IPIX Netscape Plugin Viewer" = IPIX Netscape Plugin Viewer
"IPIX Viewer" = IPIX Viewer
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"Mozilla Thunderbird (6.0.2)" = Mozilla Thunderbird (6.0.2)
"NaturalMotion endorphin_is1" = NaturalMotion endorphin 2.7.1
"Notepad++" = Notepad++
"Novo's Easy WoW Server 0.3.9" = Novo's Easy WoW Server 0.3.9
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Opera 11.51.1087" = Opera 11.51
"PhotoFiltre" = PhotoFiltre
"PriceGong" = PriceGong 2.1.0
"PunkBusterSvc" = PunkBuster Services
"Quest3D Viewers 3.0e_is1" = Quest3D Viewers 3.0e
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Samsung CLP-320 Series" = Wartung Samsung CLP-320 Series
"Sauerbraten" = Sauerbraten
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SpeedFan" = SpeedFan (remove only)
"Steam App 12910" = Audiosurf Demo
"Steam App 400" = Portal
"Steam App 630" = Alien Swarm
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"TeamViewer 6" = TeamViewer 6
"TuneUp Utilities" = TuneUp Utilities
"Unlocker" = Unlocker 1.8.7
"VLC media player" = VLC media player 1.1.11
"WildTangent wildgames Master Uninstall" = WildGames
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"X10Hardware" = X10 Hardware(TM)
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
"XMedia Recode" = XMedia Recode 3.0.2.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.09.2011 16:41:02 | Computer Name = Enrico-PC | Source = Application Hang | ID = 1002
Description = Programm speed2.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 5ac  Anfangszeit: 01cc7a30fcf62370  Zeitpunkt der Beendigung:
 48
 
Error - 23.09.2011 16:59:24 | Computer Name = Enrico-PC | Source = Application Hang | ID = 1002
Description = Programm speed2.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1288  Anfangszeit: 01cc7a311c5fd350  Zeitpunkt der Beendigung:
 48
 
Error - 23.09.2011 16:59:55 | Computer Name = Enrico-PC | Source = Application Hang | ID = 1002
Description = Programm speed2.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 12a4  Anfangszeit: 01cc7a33acb510d0  Zeitpunkt der Beendigung:
 54
 
Error - 23.09.2011 19:28:56 | Computer Name = Enrico-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 24.09.2011 06:57:03 | Computer Name = Enrico-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.09.2011 08:07:53 | Computer Name = Enrico-PC | Source = Application Hang | ID = 1002
Description = Programm speed2.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 12c4  Anfangszeit: 01cc7aae4602f128  Zeitpunkt der Beendigung:
 47
 
Error - 24.09.2011 08:14:38 | Computer Name = Enrico-PC | Source = Application Hang | ID = 1002
Description = Programm speed2.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 16f8  Anfangszeit: 01cc7ab298a816e8  Zeitpunkt der Beendigung:
 58
 
Error - 24.09.2011 10:18:23 | Computer Name = Enrico-PC | Source = Application Hang | ID = 1002
Description = Programm speed2.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 108c  Anfangszeit: 01cc7ac44ace59e8  Zeitpunkt der Beendigung:
 49
 
Error - 24.09.2011 11:14:31 | Computer Name = Enrico-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.09.2011 16:30:27 | Computer Name = Enrico-PC | Source = VSS | ID = 8193
Description =
 
[ Media Center Events ]
Error - 13.12.2009 16:08:40 | Computer Name = Enrico-PC | Source = ehRecvr | ID = 4
Description =
 
Error - 13.12.2009 16:08:45 | Computer Name = Enrico-PC | Source = ehRecvr | ID = 4
Description =
 
Error - 29.08.2011 12:02:52 | Computer Name = Enrico-PC | Source = ehRecvr | ID = 4
Description =
 
Error - 29.08.2011 12:02:56 | Computer Name = Enrico-PC | Source = ehRecvr | ID = 4
Description =
 
[ System Events ]
Error - 23.09.2011 14:30:39 | Computer Name = Enrico-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 23.09.2011 14:30:39 | Computer Name = Enrico-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 24.09.2011 06:57:03 | Computer Name = Enrico-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 24.09.2011 06:57:03 | Computer Name = Enrico-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 24.09.2011 06:57:03 | Computer Name = Enrico-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 24.09.2011 06:57:03 | Computer Name = Enrico-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 24.09.2011 07:32:07 | Computer Name = Enrico-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 24.09.2011 11:14:32 | Computer Name = Enrico-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 24.09.2011 11:14:32 | Computer Name = Enrico-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 24.09.2011 11:14:32 | Computer Name = Enrico-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---

cosinus 26.09.2011 10:07
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\20101005145302\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC EC AA BB A5 9A CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\20101005145302\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "XfireXO Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2431245&SearchSource=13"
[2010.05.13 20:24:54 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011.01.22 17:13:26 | 000,000,000 | ---D | M] (NCH Toolbar) -- C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
[2010.04.22 15:02:38 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.01.22 17:12:41 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\ffxtlbr@Facemoods.com
[2010.04.21 12:06:36 | 000,000,917 | ---- | M] () -- C:\Users\Enrico 3\AppData\Roaming\Mozilla\Firefox\Profiles\lx33bz2r.default\searchplugins\conduit.xml
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\20101005145302\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com)
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.06.12 04:27:33 | 000,000,140 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{30ff0ba7-8a82-11de-b60f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{30ff0ba7-8a82-11de-b60f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup\rsrc\AUTORUN.EXE -- [2007.03.23 01:57:09 | 000,051,336 | R--- | M] ()
O33 - MountPoints2\{30ff0ba7-8a82-11de-b60f-806e6f6e6963}\Shell\dinstall\command - "" = E:\DirectX\DXSETUP.exe -- [2007.06.01 05:23:56 | 000,503,144 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{f8ec7caf-748b-11df-b1dc-b9424135f8cf}\Shell - "" = Autorun
O33 - MountPoints2\{f8ec7caf-748b-11df-b1dc-b9424135f8cf}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-6-0-18-100007512-100013288-100025538-2270.com d:\
O33 - MountPoints2\{f8ec7caf-748b-11df-b1dc-b9424135f8cf}\Shell\Open\command - "" = RECYCLER\S-6-0-18-100007512-100013288-100025538-2270.com d:\
[2010.02.02 16:40:40 | 000,000,000 | -HSD | M] -- C:\Users\Enrico 3\AppData\Roaming\.#
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Prayer 26.09.2011 12:39
Welche Dateien beinhaltet das? Das ganze System oder nur einzelne Programme? Damit ich sie z.B. vorher auf eine externe Festplatte speichere.

cosinus 26.09.2011 13:01
Ich fix damit schädliche und müllige Einträge.
Selber sichern brauchst du nichts denn:
Zitat:
Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Prayer 26.09.2011 16:33
Ok, fix wurde durchgeführt.

Ergebnis:

Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ deleted successfully.
C:\Programme\XfireXO\tbXfir.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\20101005145302\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
C:\Programme\softonic-de3\tbsoft.dll moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
File C:\Programme\XfireXO\tbXfir.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\20101005145302\ICQToolBar.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c2db4fe6-8409-45ce-8010-189a7b5cce86} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\tbsoft.dll not found.
Prefs.js: "Google" removed from browser.search.defaultenginename
Prefs.js: "XfireXO Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "XfireXO Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.conduit.com/?ctid=CT2431245&SearchSource=13" removed from browser.startup.homepage
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\searchplugin folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\META-INF folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\lib folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\defaults folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\chrome folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\searchplugin folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\META-INF folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\lib folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\defaults folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\chrome folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86} folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\searchplugin folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\META-INF folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\lib folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\defaults folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\chrome folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\ffxtlbr@Facemoods.com\defaults folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\ffxtlbr@Facemoods.com\content\preferences folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\ffxtlbr@Facemoods.com\content\images folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\ffxtlbr@Facemoods.com\content folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\ffxtlbr@Facemoods.com\components folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\ffxtlbr@Facemoods.com\chrome folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\mozilla\Firefox\Profiles\lx33bz2r.default\extensions\ffxtlbr@Facemoods.com folder moved successfully.
C:\Users\Enrico 3\AppData\Roaming\Mozilla\Firefox\Profiles\lx33bz2r.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}\ deleted successfully.
C:\Programme\PriceGong\2.1.0\PriceGongIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Programme\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
File C:\Programme\XfireXO\tbXfir.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
C:\Programme\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Programme\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
File C:\Programme\XfireXO\tbXfir.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\20101005145302\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ deleted successfully.
C:\Programme\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}\ not found.
File C:\Programme\XfireXO\tbXfir.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\facemoods not found.
C:\Programme\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30ff0ba7-8a82-11de-b60f-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30ff0ba7-8a82-11de-b60f-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30ff0ba7-8a82-11de-b60f-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30ff0ba7-8a82-11de-b60f-806e6f6e6963}\ not found.
File move failed. E:\Setup\rsrc\AUTORUN.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30ff0ba7-8a82-11de-b60f-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30ff0ba7-8a82-11de-b60f-806e6f6e6963}\ not found.
File move failed. E:\DirectX\DXSETUP.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8ec7caf-748b-11df-b1dc-b9424135f8cf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8ec7caf-748b-11df-b1dc-b9424135f8cf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8ec7caf-748b-11df-b1dc-b9424135f8cf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8ec7caf-748b-11df-b1dc-b9424135f8cf}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-6-0-18-100007512-100013288-100025538-2270.com d:\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8ec7caf-748b-11df-b1dc-b9424135f8cf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8ec7caf-748b-11df-b1dc-b9424135f8cf}\ not found.
File C:\RECYCLER\S-6-0-18-100007512-100013288-100025538-2270.com d:\ not found.
C:\Users\Enrico 3\AppData\Roaming\.# folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Enrico
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 205137419 bytes
->Java cache emptied: 37562594 bytes
->FireFox cache emptied: 101230927 bytes
->Opera cache emptied: 17405092 bytes
->Flash cache emptied: 74489 bytes
 
User: Enrico 3
->Temp folder emptied: 427352802 bytes
->Temporary Internet Files folder emptied: 472070605 bytes
->Java cache emptied: 125539 bytes
->FireFox cache emptied: 31484610 bytes
->Opera cache emptied: 14270405 bytes
->Flash cache emptied: 154900 bytes
 
User: Gast
->Temp folder emptied: 163032 bytes
->Temporary Internet Files folder emptied: 3698869 bytes
->Opera cache emptied: 19865868 bytes
->Flash cache emptied: 42524 bytes
 
User: Public
 
User: TEMP
->Temp folder emptied: 130442 bytes
->Temporary Internet Files folder emptied: 66340 bytes
->Flash cache emptied: 41044 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3221600 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 74010227 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.343,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.29.1 log created on 09262011_172336

Files\Folders moved on Reboot...
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\Setup\rsrc\AUTORUN.EXE scheduled to be moved on reboot.
File move failed. E:\DirectX\DXSETUP.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Kommt danach noch etwas?

Aber bis hierhin schonmal DANKE! :-)

cosinus 26.09.2011 16:36
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Prayer 26.09.2011 17:26
Kaspersky TDSSKiller:

Code:
18:22:11.0916 3704        TDSS rootkit removing tool 2.6.1.0 Sep 26 2011 09:21:32
18:22:12.0191 3704        ============================================================
18:22:12.0191 3704        Current date / time: 2011/09/26 18:22:12.0191
18:22:12.0191 3704        SystemInfo:
18:22:12.0191 3704       
18:22:12.0191 3704        OS Version: 6.0.6002 ServicePack: 2.0
18:22:12.0191 3704        Product type: Workstation
18:22:12.0191 3704        ComputerName: ENRICO-PC
18:22:12.0191 3704        UserName: Enrico 3
18:22:12.0191 3704        Windows directory: C:\Windows
18:22:12.0191 3704        System windows directory: C:\Windows
18:22:12.0191 3704        Processor architecture: Intel x86
18:22:12.0191 3704        Number of processors: 4
18:22:12.0191 3704        Page size: 0x1000
18:22:12.0191 3704        Boot type: Normal boot
18:22:12.0191 3704        ============================================================
18:22:13.0486 3704        Initialize success
18:23:52.0368 5564        ============================================================
18:23:52.0368 5564        Scan started
18:23:52.0368 5564        Mode: Manual;
18:23:52.0368 5564        ============================================================
18:23:54.0323 5564        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:23:54.0328 5564        ACPI - ok
18:23:54.0393 5564        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:23:54.0423 5564        adp94xx - ok
18:23:54.0458 5564        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:23:54.0468 5564        adpahci - ok
18:23:54.0498 5564        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:23:54.0503 5564        adpu160m - ok
18:23:54.0533 5564        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:23:54.0538 5564        adpu320 - ok
18:23:54.0628 5564        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:23:54.0633 5564        AFD - ok
18:23:54.0663 5564        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:23:54.0668 5564        agp440 - ok
18:23:54.0693 5564        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:23:54.0698 5564        aic78xx - ok
18:23:54.0723 5564        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:23:54.0723 5564        aliide - ok
18:23:54.0748 5564        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:23:54.0758 5564        amdagp - ok
18:23:54.0773 5564        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:23:54.0798 5564        amdide - ok
18:23:54.0828 5564        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:23:54.0828 5564        AmdK7 - ok
18:23:54.0843 5564        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:23:54.0843 5564        AmdK8 - ok
18:23:54.0873 5564        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:23:54.0873 5564        arc - ok
18:23:54.0893 5564        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:23:54.0893 5564        arcsas - ok
18:23:54.0938 5564        arusb_lh        (71c88479c98a5cfbf5ddbb9de64fbb0f) C:\Windows\system32\DRIVERS\arusb_lh.sys
18:23:54.0943 5564        arusb_lh - ok
18:23:54.0953 5564        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:23:54.0973 5564        AsyncMac - ok
18:23:55.0020 5564        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:23:55.0020 5564        atapi - ok
18:23:55.0082 5564        atksgt          (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys
18:23:55.0082 5564        atksgt - ok
18:23:55.0129 5564        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
18:23:55.0129 5564        avgio - ok
18:23:55.0176 5564        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
18:23:55.0191 5564        avgntflt - ok
18:23:55.0207 5564        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
18:23:55.0222 5564        avipbb - ok
18:23:55.0238 5564        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:23:55.0238 5564        Beep - ok
18:23:55.0285 5564        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:23:55.0285 5564        blbdrive - ok
18:23:55.0316 5564        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:23:55.0316 5564        bowser - ok
18:23:55.0332 5564        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:23:55.0332 5564        BrFiltLo - ok
18:23:55.0347 5564        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:23:55.0363 5564        BrFiltUp - ok
18:23:55.0378 5564        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:23:55.0378 5564        Brserid - ok
18:23:55.0410 5564        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:23:55.0410 5564        BrSerWdm - ok
18:23:55.0441 5564        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:23:55.0441 5564        BrUsbMdm - ok
18:23:55.0456 5564        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:23:55.0456 5564        BrUsbSer - ok
18:23:55.0472 5564        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:23:55.0472 5564        BTHMODEM - ok
18:23:55.0488 5564        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:23:55.0508 5564        cdfs - ok
18:23:55.0543 5564        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:23:55.0543 5564        cdrom - ok
18:23:55.0558 5564        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:23:55.0558 5564        circlass - ok
18:23:55.0608 5564        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:23:55.0613 5564        CLFS - ok
18:23:55.0648 5564        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:23:55.0648 5564        cmdide - ok
18:23:55.0658 5564        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
18:23:55.0658 5564        Compbatt - ok
18:23:55.0693 5564        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:23:55.0698 5564        crcdisk - ok
18:23:55.0723 5564        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:23:55.0733 5564        Crusoe - ok
18:23:55.0758 5564        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:23:55.0778 5564        DfsC - ok
18:23:55.0813 5564        DgiVecp - ok
18:23:55.0823 5564        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:23:55.0833 5564        disk - ok
18:23:55.0858 5564        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:23:55.0863 5564        drmkaud - ok
18:23:55.0913 5564        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:23:55.0958 5564        DXGKrnl - ok
18:23:55.0998 5564        e1express      (2db565612e74e0c01780670270a6fd7f) C:\Windows\system32\DRIVERS\e1e6032.sys
18:23:55.0998 5564        e1express - ok
18:23:56.0033 5564        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:23:56.0033 5564        E1G60 - ok
18:23:56.0068 5564        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:23:56.0068 5564        Ecache - ok
18:23:56.0113 5564        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:23:56.0118 5564        elxstor - ok
18:23:56.0143 5564        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:23:56.0143 5564        ErrDev - ok
18:23:56.0208 5564        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:23:56.0208 5564        exfat - ok
18:23:56.0253 5564        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:23:56.0268 5564        fastfat - ok
18:23:56.0288 5564        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:23:56.0293 5564        fdc - ok
18:23:56.0308 5564        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:23:56.0308 5564        FileInfo - ok
18:23:56.0323 5564        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:23:56.0328 5564        Filetrace - ok
18:23:56.0343 5564        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:23:56.0348 5564        flpydisk - ok
18:23:56.0388 5564        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:23:56.0393 5564        FltMgr - ok
18:23:56.0418 5564        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:23:56.0418 5564        Fs_Rec - ok
18:23:56.0463 5564        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:23:56.0468 5564        gagp30kx - ok
18:23:56.0503 5564        GEARAspiWDM    (4ac51459805264affd5f6fdfb9d9235f) C:\Windows\system32\Drivers\GEARAspiWDM.sys
18:23:56.0503 5564        GEARAspiWDM - ok
18:23:56.0553 5564        giveio          (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
18:23:56.0553 5564        giveio - ok
18:23:56.0623 5564        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:23:56.0628 5564        HdAudAddService - ok
18:23:56.0696 5564        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:23:56.0727 5564        HDAudBus - ok
18:23:56.0758 5564        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:23:56.0774 5564        HidBth - ok
18:23:56.0774 5564        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:23:56.0774 5564        HidIr - ok
18:23:56.0820 5564        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:23:56.0820 5564        HidUsb - ok
18:23:56.0852 5564        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:23:56.0852 5564        HpCISSs - ok
18:23:56.0914 5564        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:23:56.0930 5564        HTTP - ok
18:23:56.0961 5564        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:23:56.0961 5564        i2omp - ok
18:23:56.0976 5564        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:23:56.0976 5564        i8042prt - ok
18:23:57.0008 5564        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:23:57.0008 5564        iaStorV - ok
18:23:57.0039 5564        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:23:57.0054 5564        iirsp - ok
18:23:57.0148 5564        IntcAzAudAddService (219ca9a36d6de2ec04f958c907673436) C:\Windows\system32\drivers\RTKVHDA.sys
18:23:57.0169 5564        IntcAzAudAddService - ok
18:23:57.0179 5564        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:23:57.0184 5564        intelide - ok
18:23:57.0204 5564        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:23:57.0204 5564        intelppm - ok
18:23:57.0239 5564        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:23:57.0239 5564        IpFilterDriver - ok
18:23:57.0249 5564        IpInIp - ok
18:23:57.0274 5564        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:23:57.0274 5564        IPMIDRV - ok
18:23:57.0294 5564        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:23:57.0299 5564        IPNAT - ok
18:23:57.0334 5564        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:23:57.0334 5564        IRENUM - ok
18:23:57.0374 5564        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:23:57.0374 5564        isapnp - ok
18:23:57.0414 5564        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:23:57.0419 5564        iScsiPrt - ok
18:23:57.0439 5564        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:23:57.0444 5564        iteatapi - ok
18:23:57.0454 5564        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:23:57.0454 5564        iteraid - ok
18:23:57.0499 5564        k750bus        (fe8300320281d658a7854d5cfc02a63f) C:\Windows\system32\DRIVERS\k750bus.sys
18:23:57.0499 5564        k750bus - ok
18:23:57.0529 5564        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:23:57.0529 5564        kbdclass - ok
18:23:57.0569 5564        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:23:57.0584 5564        kbdhid - ok
18:23:57.0631 5564        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
18:23:57.0693 5564        KSecDD - ok
18:23:57.0725 5564        Lavasoft Kernexplorer - ok
18:23:57.0756 5564        lirsgt          (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
18:23:57.0756 5564        lirsgt - ok
18:23:57.0803 5564        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:23:57.0818 5564        lltdio - ok
18:23:57.0849 5564        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:23:57.0849 5564        LSI_FC - ok
18:23:57.0865 5564        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:23:57.0865 5564        LSI_SAS - ok
18:23:57.0881 5564        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:23:57.0896 5564        LSI_SCSI - ok
18:23:57.0896 5564        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:23:57.0896 5564        luafv - ok
18:23:57.0912 5564        MBAMSwissArmy - ok
18:23:57.0927 5564        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:23:57.0927 5564        megasas - ok
18:23:57.0959 5564        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:23:57.0974 5564        MegaSR - ok
18:23:57.0979 5564        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:23:57.0984 5564        Modem - ok
18:23:57.0999 5564        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:23:57.0999 5564        monitor - ok
18:23:58.0024 5564        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:23:58.0024 5564        mouclass - ok
18:23:58.0054 5564        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:23:58.0054 5564        mouhid - ok
18:23:58.0069 5564        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:23:58.0069 5564        MountMgr - ok
18:23:58.0094 5564        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:23:58.0104 5564        mpio - ok
18:23:58.0129 5564        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:23:58.0129 5564        mpsdrv - ok
18:23:58.0154 5564        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:23:58.0154 5564        Mraid35x - ok
18:23:58.0209 5564        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:23:58.0234 5564        MRxDAV - ok
18:23:58.0264 5564        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:23:58.0269 5564        mrxsmb - ok
18:23:58.0304 5564        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:23:58.0304 5564        mrxsmb10 - ok
18:23:58.0319 5564        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:23:58.0319 5564        mrxsmb20 - ok
18:23:58.0339 5564        msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
18:23:58.0339 5564        msahci - ok
18:23:58.0364 5564        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:23:58.0364 5564        msdsm - ok
18:23:58.0384 5564        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:23:58.0399 5564        Msfs - ok
18:23:58.0409 5564        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:23:58.0419 5564        msisadrv - ok
18:23:58.0444 5564        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:23:58.0444 5564        MSKSSRV - ok
18:23:58.0464 5564        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:23:58.0489 5564        MSPCLOCK - ok
18:23:58.0509 5564        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:23:58.0514 5564        MSPQM - ok
18:23:58.0544 5564        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:23:58.0549 5564        MsRPC - ok
18:23:58.0569 5564        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:23:58.0569 5564        mssmbios - ok
18:23:58.0594 5564        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:23:58.0599 5564        MSTEE - ok
18:23:58.0614 5564        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:23:58.0614 5564        Mup - ok
18:23:58.0649 5564        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:23:58.0654 5564        NativeWifiP - ok
18:23:58.0709 5564        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:23:58.0719 5564        NDIS - ok
18:23:58.0754 5564        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:23:58.0754 5564        NdisTapi - ok
18:23:58.0789 5564        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:23:58.0789 5564        Ndisuio - ok
18:23:58.0814 5564        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:23:58.0814 5564        NdisWan - ok
18:23:58.0839 5564        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:23:58.0839 5564        NDProxy - ok
18:23:58.0849 5564        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:23:58.0874 5564        NetBIOS - ok
18:23:58.0899 5564        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:23:58.0899 5564        netbt - ok
18:23:58.0939 5564        netr28u        (df938648626332e830a9bd153110aa75) C:\Windows\system32\DRIVERS\netr28u.sys
18:23:58.0944 5564        netr28u - ok
18:23:58.0969 5564        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:23:58.0989 5564        nfrd960 - ok
18:23:59.0009 5564        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:23:59.0009 5564        Npfs - ok
18:23:59.0054 5564        NPF_devolo      (75ac610a7481cb1f343dc971249bcb19) C:\Windows\system32\drivers\npf_devolo.sys
18:23:59.0074 5564        NPF_devolo - ok
18:23:59.0094 5564        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:23:59.0094 5564        nsiproxy - ok
18:23:59.0159 5564        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:23:59.0200 5564        Ntfs - ok
18:23:59.0231 5564        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:23:59.0231 5564        ntrigdigi - ok
18:23:59.0262 5564        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:23:59.0262 5564        Null - ok
18:23:59.0574 5564        nvlddmkm        (4152708c0c24e30dae7fa87d5afe1d7b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:23:59.0833 5564        nvlddmkm - ok
18:23:59.0865 5564        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:23:59.0880 5564        nvraid - ok
18:23:59.0896 5564        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:23:59.0896 5564        nvstor - ok
18:23:59.0943 5564        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:23:59.0974 5564        nv_agp - ok
18:23:59.0974 5564        NwlnkFlt - ok
18:24:00.0005 5564        NwlnkFwd - ok
18:24:00.0021 5564        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
18:24:00.0036 5564        ohci1394 - ok
18:24:00.0177 5564        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:24:00.0177 5564        Parport - ok
18:24:00.0270 5564        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:24:00.0286 5564        partmgr - ok
18:24:00.0301 5564        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:24:00.0301 5564        Parvdm - ok
18:24:00.0348 5564        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:24:00.0348 5564        pci - ok
18:24:00.0379 5564        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
18:24:00.0379 5564        pciide - ok
18:24:00.0414 5564        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:24:00.0419 5564        pcmcia - ok
18:24:00.0514 5564        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:24:00.0534 5564        PEAUTH - ok
18:24:00.0594 5564        Ph3xIB32        (9f2f541c52cd7a452e235e885f7d95de) C:\Windows\system32\DRIVERS\Ph3xIB32.sys
18:24:00.0629 5564        Ph3xIB32 - ok
18:24:00.0694 5564        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:24:00.0694 5564        PptpMiniport - ok
18:24:00.0724 5564        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:24:00.0724 5564        Processor - ok
18:24:00.0769 5564        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:24:00.0769 5564        PSched - ok
18:24:00.0844 5564        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:24:00.0879 5564        ql2300 - ok
18:24:00.0899 5564        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:24:00.0899 5564        ql40xx - ok
18:24:00.0929 5564        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:24:00.0929 5564        QWAVEdrv - ok
18:24:00.0964 5564        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:24:00.0964 5564        RasAcd - ok
18:24:00.0989 5564        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:24:00.0989 5564        Rasl2tp - ok
18:24:01.0029 5564        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:24:01.0029 5564        RasPppoe - ok
18:24:01.0054 5564        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:24:01.0059 5564        RasSstp - ok
18:24:01.0116 5564        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:24:01.0132 5564        rdbss - ok
18:24:01.0163 5564        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:24:01.0163 5564        RDPCDD - ok
18:24:01.0210 5564        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:24:01.0210 5564        rdpdr - ok
18:24:01.0241 5564        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:24:01.0241 5564        RDPENCDD - ok
18:24:01.0257 5564        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
18:24:01.0272 5564        RDPWD - ok
18:24:01.0303 5564        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:24:01.0303 5564        rspndr - ok
18:24:01.0335 5564        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:24:01.0335 5564        sbp2port - ok
18:24:01.0413 5564        SCREAMINGBDRIVER (a689d522eedf89401e1da2fe883aa7ec) C:\Windows\system32\drivers\ScreamingBAudio.sys
18:24:01.0413 5564        SCREAMINGBDRIVER - ok
18:24:01.0459 5564        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:24:01.0459 5564        secdrv - ok
18:24:01.0491 5564        Serenum        (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
18:24:01.0491 5564        Serenum - ok
18:24:01.0522 5564        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
18:24:01.0537 5564        Serial - ok
18:24:01.0553 5564        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:24:01.0569 5564        sermouse - ok
18:24:01.0600 5564        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:24:01.0600 5564        sffdisk - ok
18:24:01.0605 5564        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:24:01.0605 5564        sffp_mmc - ok
18:24:01.0630 5564        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:24:01.0630 5564        sffp_sd - ok
18:24:01.0675 5564        sfloppy        (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
18:24:01.0680 5564        sfloppy - ok
18:24:01.0742 5564        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:24:01.0742 5564        sisagp - ok
18:24:01.0773 5564        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:24:01.0773 5564        SiSRaid2 - ok
18:24:01.0789 5564        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:24:01.0805 5564        SiSRaid4 - ok
18:24:01.0851 5564        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:24:01.0851 5564        Smb - ok
18:24:01.0898 5564        speedfan        (3fa2e254bfbce52b3c6f1bf23aab6911) C:\Windows\system32\speedfan.sys
18:24:01.0898 5564        speedfan - ok
18:24:01.0914 5564        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:24:01.0929 5564        spldr - ok
18:24:01.0961 5564        sptd            (a80cd850d69d996c832bea37e3a6aa1e) C:\Windows\system32\Drivers\sptd.sys
18:24:01.0961 5564        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e
18:24:01.0976 5564        sptd ( LockedFile.Multi.Generic ) - warning
18:24:01.0976 5564        sptd - detected LockedFile.Multi.Generic (1)
18:24:02.0012 5564        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:24:02.0012 5564        srv - ok
18:24:02.0032 5564        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:24:02.0032 5564        srv2 - ok
18:24:02.0042 5564        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:24:02.0047 5564        srvnet - ok
18:24:02.0087 5564        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:24:02.0087 5564        ssmdrv - ok
18:24:02.0172 5564        SSPORT          (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
18:24:02.0172 5564        SSPORT - ok
18:24:02.0222 5564        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:24:02.0227 5564        swenum - ok
18:24:02.0252 5564        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:24:02.0252 5564        Symc8xx - ok
18:24:02.0262 5564        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:24:02.0267 5564        Sym_hi - ok
18:24:02.0292 5564        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:24:02.0292 5564        Sym_u3 - ok
18:24:02.0402 5564        Tcpip          (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
18:24:02.0427 5564        Tcpip - ok
18:24:02.0472 5564        Tcpip6          (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
18:24:02.0477 5564        Tcpip6 - ok
18:24:02.0522 5564        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:24:02.0522 5564        tcpipreg - ok
18:24:02.0537 5564        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:24:02.0537 5564        TDPIPE - ok
18:24:02.0572 5564        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:24:02.0572 5564        TDTCP - ok
18:24:02.0617 5564        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:24:02.0652 5564        tdx - ok
18:24:02.0707 5564        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:24:02.0707 5564        TermDD - ok
18:24:02.0757 5564        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:24:02.0757 5564        tssecsrv - ok
18:24:02.0842 5564        TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
18:24:02.0842 5564        TuneUpUtilitiesDrv - ok
18:24:02.0862 5564        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:24:02.0867 5564        tunmp - ok
18:24:02.0962 5564        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:24:02.0962 5564        tunnel - ok
18:24:02.0992 5564        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:24:02.0992 5564        uagp35 - ok
18:24:03.0052 5564        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:24:03.0057 5564        udfs - ok
18:24:03.0087 5564        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:24:03.0087 5564        uliagpkx - ok
18:24:03.0132 5564        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:24:03.0137 5564        uliahci - ok
18:24:03.0152 5564        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:24:03.0157 5564        UlSata - ok
18:24:03.0177 5564        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:24:03.0177 5564        ulsata2 - ok
18:24:03.0207 5564        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:24:03.0207 5564        umbus - ok
18:24:03.0227 5564        UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys
18:24:03.0227 5564        UnlockerDriver5 - ok
18:24:03.0272 5564        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:24:03.0277 5564        usbccgp - ok
18:24:03.0297 5564        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:24:03.0297 5564        usbcir - ok
18:24:03.0337 5564        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:24:03.0342 5564        usbehci - ok
18:24:03.0397 5564        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:24:03.0397 5564        usbhub - ok
18:24:03.0427 5564        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:24:03.0432 5564        usbohci - ok
18:24:03.0462 5564        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:24:03.0462 5564        usbprint - ok
18:24:03.0477 5564        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:24:03.0482 5564        USBSTOR - ok
18:24:03.0527 5564        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:24:03.0527 5564        usbuhci - ok
18:24:03.0577 5564        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:24:03.0577 5564        vga - ok
18:24:03.0602 5564        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:24:03.0602 5564        VgaSave - ok
18:24:03.0627 5564        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:24:03.0632 5564        viaagp - ok
18:24:03.0652 5564        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:24:03.0667 5564        ViaC7 - ok
18:24:03.0687 5564        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:24:03.0692 5564        viaide - ok
18:24:03.0739 5564        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:24:03.0754 5564        volmgr - ok
18:24:03.0801 5564        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:24:03.0801 5564        volmgrx - ok
18:24:03.0832 5564        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:24:03.0832 5564        volsnap - ok
18:24:03.0863 5564        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:24:03.0863 5564        vsmraid - ok
18:24:03.0895 5564        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:24:03.0895 5564        WacomPen - ok
18:24:03.0926 5564        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:24:03.0926 5564        Wanarp - ok
18:24:03.0926 5564        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:24:03.0926 5564        Wanarpv6 - ok
18:24:03.0973 5564        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:24:03.0988 5564        Wd - ok
18:24:04.0019 5564        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:24:04.0019 5564        Wdf01000 - ok
18:24:04.0175 5564        WinUSB          (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
18:24:04.0175 5564        WinUSB - ok
18:24:04.0207 5564        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
18:24:04.0207 5564        WmiAcpi - ok
18:24:04.0238 5564        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:24:04.0238 5564        ws2ifsl - ok
18:24:04.0258 5564        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:24:04.0258 5564        WUDFRd - ok
18:24:04.0368 5564        X10Hid          (ab2d77bf7222b007717abb61b15f9ae2) C:\Windows\system32\Drivers\x10hid.sys
18:24:04.0368 5564        X10Hid - ok
18:24:04.0403 5564        XUIF            (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys
18:24:04.0408 5564        XUIF - ok
18:24:04.0423 5564        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:24:04.0433 5564        \Device\Harddisk0\DR0 - ok
18:24:04.0438 5564        Boot (0x1200)  (33f095329e029fd2bc432b27d55a0158) \Device\Harddisk0\DR0\Partition0
18:24:04.0438 5564        \Device\Harddisk0\DR0\Partition0 - ok
18:24:04.0468 5564        Boot (0x1200)  (5a2bde9dbfaad79631b0ac850acf7003) \Device\Harddisk0\DR0\Partition1
18:24:04.0468 5564        \Device\Harddisk0\DR0\Partition1 - ok
18:24:04.0468 5564        ============================================================
18:24:04.0468 5564        Scan finished
18:24:04.0468 5564        ============================================================
18:24:04.0478 4648        Detected object count: 1
18:24:04.0478 4648        Actual detected object count: 1
18:24:37.0146 4648        sptd ( LockedFile.Multi.Generic ) - skipped by user
18:24:37.0146 4648        sptd ( LockedFile.Multi.Generic ) - User select action: Skip

cosinus 26.09.2011 19:38
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Prayer 26.09.2011 20:05
ComboFix Log:


Combofix Logfile:
Code:
ComboFix 11-09-26.02 - Enrico 3 26.09.2011  20:54:48.1.4 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3069.1717 [GMT 2:00]
ausgeführt von:: c:\users\Enrico 3\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.3\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.3\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.3\uninstall.exe
c:\users\Enrico 3\AppData\Local\{685D6A1A-A1FC-42C1-AA78-BB08CEB5079C}
c:\users\Enrico 3\AppData\Local\{685D6A1A-A1FC-42C1-AA78-BB08CEB5079C}\chrome.manifest
c:\users\Enrico 3\AppData\Local\{685D6A1A-A1FC-42C1-AA78-BB08CEB5079C}\chrome\content\_cfg.js
c:\users\Enrico 3\AppData\Local\{685D6A1A-A1FC-42C1-AA78-BB08CEB5079C}\chrome\content\overlay.xul
c:\users\Enrico 3\AppData\Local\{685D6A1A-A1FC-42C1-AA78-BB08CEB5079C}\install.rdf
c:\users\Enrico\AppData\Roaming\Desktopicon
c:\users\Enrico\AppData\Roaming\Desktopicon\config.ini
c:\users\Enrico\AppData\Roaming\Microsoft\AddIns\Macrophobia\§imulator\remove.exe
c:\windows\dasetup.log
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-08-26 bis 2011-09-26  ))))))))))))))))))))))))))))))
.
.
2011-09-26 19:02 . 2011-09-26 19:02        --------        d-----w-        c:\users\Enrico\AppData\Local\temp
2011-09-26 19:02 . 2011-09-26 19:02        --------        d-----w-        c:\users\Enrico 3\AppData\Local\temp
2011-09-26 15:28 . 2011-09-26 15:28        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{599DD650-24CF-4ECE-9F84-EF178EABE86C}\offreg.dll
2011-09-26 15:23 . 2011-09-26 15:23        --------        d-----w-        C:\_OTL
2011-09-25 13:11 . 2011-09-25 13:11        --------        d-----w-        c:\users\Enrico 3\AppData\Roaming\NVIDIA
2011-09-25 11:32 . 2011-08-03 11:50        6613096        ----a-w-        c:\windows\system32\nvwgf2um.dll
2011-09-25 11:32 . 2011-08-03 11:50        57960        ----a-w-        c:\windows\system32\OpenCL.dll
2011-09-25 11:32 . 2011-08-03 11:50        16595560        ----a-w-        c:\windows\system32\nvoglv32.dll
2011-09-25 11:32 . 2011-08-03 11:50        914024        ----a-w-        c:\windows\system32\nvdispco32.dll
2011-09-25 11:32 . 2011-08-03 11:50        875112        ----a-w-        c:\windows\system32\nvgenco32.dll
2011-09-25 11:32 . 2011-08-03 11:50        5404776        ----a-w-        c:\windows\system32\nvcuda.dll
2011-09-25 11:32 . 2011-08-03 11:50        2391656        ----a-w-        c:\windows\system32\nvcuvid.dll
2011-09-25 11:32 . 2011-08-03 11:50        2090088        ----a-w-        c:\windows\system32\nvcuvenc.dll
2011-09-25 11:32 . 2011-08-03 11:50        17193576        ----a-w-        c:\windows\system32\nvcompiler.dll
2011-09-25 11:32 . 2011-08-03 11:50        10304104        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2011-09-24 15:22 . 2011-09-24 15:22        --------        d-----w-        c:\program files\ESET
2011-09-24 12:20 . 2011-09-24 12:20        --------        d-----w-        c:\users\Enrico 3\AppData\Roaming\Malwarebytes
2011-09-24 12:19 . 2011-09-24 12:19        --------        d-----w-        c:\programdata\Malwarebytes
2011-09-24 12:19 . 2011-09-24 12:19        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-09-24 12:19 . 2011-08-31 15:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-09-24 11:00 . 2011-09-24 11:32        --------        d-----w-        c:\program files\TeamViewer
2011-09-23 12:58 . 2011-09-23 12:58        --------        d-----w-        c:\users\UpdatusUser
2011-09-23 12:57 . 2011-08-03 11:50        600680        ----a-w-        c:\windows\system32\easyupdatusapiu.dll
2011-09-23 12:54 . 2011-09-23 12:54        --------        d-----w-        c:\program files\Microsoft Silverlight
2011-09-23 12:54 . 2011-09-23 12:54        --------        d-----w-        c:\programdata\Samsung
2011-09-23 12:44 . 2011-09-12 23:14        7269712        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{599DD650-24CF-4ECE-9F84-EF178EABE86C}\mpengine.dll
2011-09-22 17:28 . 2011-09-25 15:54        --------        d-----w-        c:\program files\SpeedFan
2011-09-20 13:51 . 2011-09-20 13:51        --------        d-----w-        c:\users\Enrico 3\AppData\Roaming\XMedia Recode
2011-09-20 13:25 . 2011-09-20 13:25        --------        d-----w-        c:\program files\XMedia Recode
2011-09-17 15:35 . 2011-09-17 15:35        --------        d-----w-        c:\program files\LOLReplay
2011-09-15 20:47 . 2011-09-15 20:47        --------        d-----w-        c:\program files\MSXML 4.0
2011-09-14 16:33 . 2010-09-30 07:02        484656        ----a-w-        c:\windows\ssndii.exe
2011-09-14 16:33 . 2011-09-14 16:33        --------        d-----w-        c:\windows\Samsung
2011-09-14 16:33 . 2011-06-21 00:23        24576        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\sst3cpc.dll
2011-09-14 16:32 . 2011-06-21 05:42        24064        ----a-w-        c:\windows\system32\sst3cl3.dll
2011-09-14 16:32 . 2009-09-11 07:46        151552        ----a-w-        c:\windows\system32\sst3cci.exe
2011-09-14 16:32 . 2009-09-11 07:46        65536        ----a-w-        c:\windows\system32\sst3cci.dll
2011-09-14 16:31 . 2009-09-10 08:49        49152        ----a-w-        c:\windows\system32\ssusbpn.dll
2011-09-14 16:31 . 2009-09-10 08:49        81920        ----a-w-        c:\windows\system32\ssdevm.dll
2011-09-14 16:31 . 2009-09-10 08:49        82432        ----a-w-        c:\windows\system32\msxml4r.dll
2011-09-14 16:31 . 2009-09-10 08:49        44544        ----a-w-        c:\windows\system32\msxml4a.dll
2011-09-14 16:31 . 2009-09-10 08:49        21776        ----a-w-        c:\windows\system32\msxml2a.dll
2011-09-14 16:30 . 2011-09-14 16:30        --------        d-----w-        c:\program files\Samsung
2011-09-14 16:13 . 2009-09-10 07:50        5120        ------w-        c:\windows\system32\drivers\SSPORT.SYS
2011-09-14 14:50 . 2011-08-10 12:14        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-09-13 12:59 . 2011-09-13 12:59        --------        d-----w-        c:\users\Enrico 3\.thumbnails
2011-09-11 12:24 . 2011-09-11 12:24        --------        d-----w-        c:\programdata\WindowsSearch
2011-09-09 15:05 . 2011-09-09 15:05        --------        d-----w-        C:\12c63f91399ac2689c1024
2011-09-09 14:57 . 2009-07-14 12:12        16896        ----a-w-        c:\windows\system32\winusb.dll
2011-09-09 14:57 . 2009-07-13 23:51        34944        ----a-w-        c:\windows\system32\drivers\winusb.sys
2011-09-09 14:53 . 2009-07-14 17:45        445008        ----a-w-        c:\windows\system32\drivers\Wdf01000.sys
2011-09-09 14:53 . 2009-07-14 17:45        38480        ----a-w-        c:\windows\system32\drivers\WdfLdr.sys
2011-09-09 14:44 . 2011-09-09 14:44        --------        d-----w-        c:\program files\NIBObeeLib
2011-09-05 17:04 . 2011-09-05 17:04        183696        ----a-w-        c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 17:04 . 2011-09-05 17:04        183696        ----a-w-        c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-09-05 14:44 . 2011-09-26 15:30        --------        d-----r-        c:\users\Enrico 3\Dropbox
2011-09-05 14:41 . 2011-09-26 17:11        --------        d-----w-        c:\users\Enrico 3\AppData\Roaming\Dropbox
2011-08-30 12:21 . 2011-08-30 12:21        1138440        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-19 20:02 . 2009-08-28 21:56        140496        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys
2011-09-19 20:01 . 2009-08-29 17:32        280736        ----a-w-        c:\windows\system32\PnkBstrB.xtr
2011-09-19 20:01 . 2009-08-28 21:56        280736        ----a-w-        c:\windows\system32\PnkBstrB.exe
2011-09-19 20:00 . 2009-08-28 21:56        280768        ----a-w-        c:\windows\system32\PnkBstrB.ex0
2011-08-31 14:01 . 2011-05-15 10:47        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-03 11:50 . 2010-10-16 11:42        599144        ----a-w-        c:\windows\system32\nvvsvc.exe
2011-08-03 11:50 . 2010-10-16 11:42        2560616        ----a-w-        c:\windows\system32\nvsvcr.dll
2011-08-03 11:50 . 2010-10-16 11:42        111208        ----a-w-        c:\windows\system32\nvmctray.dll
2011-08-03 11:50 . 2010-10-16 11:42        3730024        ----a-w-        c:\windows\system32\nvcpl.dll
2011-08-03 11:50 . 2010-10-16 11:42        2558568        ----a-w-        c:\windows\system32\nvsvc.dll
2011-08-03 11:50 . 2010-04-03 16:27        66664        ----a-w-        c:\windows\system32\nvshext.dll
2011-08-03 11:50 . 2008-05-02 20:46        2412136        ----a-w-        c:\windows\system32\nvapi.dll
2011-08-03 11:50 . 2008-05-02 20:46        12636776        ----a-w-        c:\windows\system32\nvd3dum.dll
2011-08-03 01:31 . 2011-08-03 01:31        311912        ----a-w-        c:\windows\system32\nvStreaming.exe
2011-07-22 02:54 . 2011-08-11 21:23        1797632        ----a-w-        c:\windows\system32\jscript9.dll
2011-07-22 02:48 . 2011-08-11 21:23        1126912        ----a-w-        c:\windows\system32\wininet.dll
2011-07-22 02:44 . 2011-08-11 21:23        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2011-07-11 13:25 . 2011-08-24 14:13        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-07-06 15:31 . 2011-08-11 15:12        214016        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2011-06-30 10:40 . 2009-08-28 21:03        66616        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-06-30 10:40 . 2009-08-28 21:03        138192        ----a-w-        c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Enrico 3\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Enrico 3\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Enrico 3\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-01 281768]
.
c:\users\Enrico 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
CurseClientStartup.ccip [2010-3-19 0]
Dropbox.lnk - c:\users\Enrico 3\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24183152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Ekico"=rundll32.exe "c:\users\Enrico 3\AppData\Local\emiwezanonulurup.dll",Startup
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"FreePDF Assistant"=c:\program files\FreePDF_XP\fpassist.exe
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe"
"Samsung PanelMgr"=c:\windows\Samsung\PanelMgr\ssmmgr.exe /autorun
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"facemoods"="c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe" /md I
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-07-01 34896]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-19 722416]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 DevoloNetworkService;devolo Network Service;c:\program files\devolo\dlan\devolonetsvc.exe [2010-07-19 2231616]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [2010-06-10 35840]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-09-10 5120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-04-16 173352]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-12-09 1044808]
S3 arusb_lh;TP-LINK TL-WN821N 11N Wireless device driver;c:\windows\system32\DRIVERS\arusb_lh.sys [2008-07-24 437760]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-11-21 569344]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 30990823
*Deregistered* - 30990823
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 23:49]
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 23:49]
.
2011-09-26 c:\windows\Tasks\User_Feed_Synchronization-{922948E4-51CB-426B-9169-4462F3F7F7B1}.job
- c:\windows\system32\msfeedssync.exe [2011-05-04 12:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Enrico 3\AppData\Roaming\Mozilla\Firefox\Profiles\lx33bz2r.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.3\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-09-26 21:02
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-80837186-2041014162-264518140-1001\Software\SecuROM\License information*]
"datasecu"=hex:cc,10,5d,e4,49,61,74,5f,1f,5c,8c,f6,ee,26,6a,19,1e,46,ac,eb,ba,
  67,33,71,dc,64,c7,9b,81,88,c9,ce,cf,62,a6,98,21,d8,f7,f6,ac,20,e2,7e,f0,f7,\
"rkeysecu"=hex:70,47,ed,af,bb,4e,66,db,b5,2a,b0,9e,c0,49,d2,f8
.
Zeit der Fertigstellung: 2011-09-26  21:04:38
ComboFix-quarantined-files.txt  2011-09-26 19:04
.
Vor Suchlauf: 16 Verzeichnis(se), 138.696.921.088 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 156.641.816.576 Bytes frei
.
- - End Of File - - 532A9D06F62825B2ECF5E0B3572685A1
--- --- ---

cosinus 26.09.2011 20:09
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
File::
c:\windows\system32\easyupdatusapiu.dll
c:\windows\ssndii.exe
c:\users\Enrico 3\AppData\Local\emiwezanonulurup.dll

Folder::
c:\program files\facemoods.com

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Ekico"=-
"SpybotSD TeaTimer"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"facemoods"=-
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Prayer 26.09.2011 21:00
ComboFix.txt:

Code:
Combofix Logfile:

       
Code:

       
ComboFix 11-09-26.02 - Enrico 3 26.09.2011  21:41:30.2.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.1625 [GMT 2:00]
ausgeführt von:: c:\users\Enrico 3\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Enrico 3\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Enrico 3\AppData\Local\emiwezanonulurup.dll"
"c:\windows\ssndii.exe"
"c:\windows\system32\easyupdatusapiu.dll"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\ssndii.exe
c:\windows\system32\easyupdatusapiu.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-08-26 bis 2011-09-26  ))))))))))))))))))))))))))))))
.
.
2011-09-26 19:50 . 2011-09-26 19:50        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{599DD650-24CF-4ECE-9F84-EF178EABE86C}\offreg.dll
2011-09-26 19:49 . 2011-09-26 19:51        --------        d-----w-        c:\users\Enrico 3\AppData\Local\temp
2011-09-26 19:49 . 2011-09-26 19:49        --------        d-----w-        c:\users\TEMP\AppData\Local\temp
2011-09-26 19:49 . 2011-09-26 19:49        --------        d-----w-        c:\users\Gast\AppData\Local\temp
2011-09-26 15:23 . 2011-09-26 15:23        --------        d-----w-        C:\_OTL
2011-09-25 13:11 . 2011-09-25 13:11        --------        d-----w-        c:\users\Enrico 3\AppData\Roaming\NVIDIA
2011-09-25 11:32 . 2011-08-03 11:50        6613096        ----a-w-        c:\windows\system32\nvwgf2um.dll
2011-09-25 11:32 . 2011-08-03 11:50        57960        ----a-w-        c:\windows\system32\OpenCL.dll
2011-09-25 11:32 . 2011-08-03 11:50        16595560        ----a-w-        c:\windows\system32\nvoglv32.dll
2011-09-25 11:32 . 2011-08-03 11:50        914024        ----a-w-        c:\windows\system32\nvdispco32.dll
2011-09-25 11:32 . 2011-08-03 11:50        875112        ----a-w-        c:\windows\system32\nvgenco32.dll
2011-09-25 11:32 . 2011-08-03 11:50        5404776        ----a-w-        c:\windows\system32\nvcuda.dll
2011-09-25 11:32 . 2011-08-03 11:50        2391656        ----a-w-        c:\windows\system32\nvcuvid.dll
2011-09-25 11:32 . 2011-08-03 11:50        2090088        ----a-w-        c:\windows\system32\nvcuvenc.dll
2011-09-25 11:32 . 2011-08-03 11:50        17193576        ----a-w-        c:\windows\system32\nvcompiler.dll
2011-09-25 11:32 . 2011-08-03 11:50        10304104        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2011-09-24 15:22 . 2011-09-24 15:22        --------        d-----w-        c:\program files\ESET
2011-09-24 12:20 . 2011-09-24 12:20        --------        d-----w-        c:\users\Enrico 3\AppData\Roaming\Malwarebytes
2011-09-24 12:19 . 2011-09-24 12:19        --------        d-----w-        c:\programdata\Malwarebytes
2011-09-24 12:19 . 2011-09-24 12:19        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-09-24 12:19 . 2011-08-31 15:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-09-24 11:00 . 2011-09-24 11:32        --------        d-----w-        c:\program files\TeamViewer
2011-09-23 12:58 . 2011-09-23 12:58        --------        d-----w-        c:\users\UpdatusUser
2011-09-23 12:54 . 2011-09-23 12:54        --------        d-----w-        c:\program files\Microsoft Silverlight
2011-09-23 12:54 . 2011-09-23 12:54        --------        d-----w-        c:\programdata\Samsung
2011-09-23 12:44 . 2011-09-12 23:14        7269712        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{599DD650-24CF-4ECE-9F84-EF178EABE86C}\mpengine.dll
2011-09-22 17:28 . 2011-09-25 15:54        --------        d-----w-        c:\program files\SpeedFan
2011-09-20 13:51 . 2011-09-20 13:51        --------        d-----w-        c:\users\Enrico 3\AppData\Roaming\XMedia Recode
2011-09-20 13:25 . 2011-09-20 13:25        --------        d-----w-        c:\program files\XMedia Recode
2011-09-17 15:35 . 2011-09-17 15:35        --------        d-----w-        c:\program files\LOLReplay
2011-09-15 20:47 . 2011-09-15 20:47        --------        d-----w-        c:\program files\MSXML 4.0
2011-09-14 16:33 . 2011-09-14 16:33        --------        d-----w-        c:\windows\Samsung
2011-09-14 16:33 . 2011-06-21 00:23        24576        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\sst3cpc.dll
2011-09-14 16:32 . 2011-06-21 05:42        24064        ----a-w-        c:\windows\system32\sst3cl3.dll
2011-09-14 16:32 . 2009-09-11 07:46        151552        ----a-w-        c:\windows\system32\sst3cci.exe
2011-09-14 16:32 . 2009-09-11 07:46        65536        ----a-w-        c:\windows\system32\sst3cci.dll
2011-09-14 16:31 . 2009-09-10 08:49        49152        ----a-w-        c:\windows\system32\ssusbpn.dll
2011-09-14 16:31 . 2009-09-10 08:49        81920        ----a-w-        c:\windows\system32\ssdevm.dll
2011-09-14 16:31 . 2009-09-10 08:49        82432        ----a-w-        c:\windows\system32\msxml4r.dll
2011-09-14 16:31 . 2009-09-10 08:49        44544        ----a-w-        c:\windows\system32\msxml4a.dll
2011-09-14 16:31 . 2009-09-10 08:49        21776        ----a-w-        c:\windows\system32\msxml2a.dll
2011-09-14 16:30 . 2011-09-14 16:30        --------        d-----w-        c:\program files\Samsung
2011-09-14 16:13 . 2009-09-10 07:50        5120        ------w-        c:\windows\system32\drivers\SSPORT.SYS
2011-09-14 14:50 . 2011-08-10 12:14        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-09-13 12:59 . 2011-09-13 12:59        --------        d-----w-        c:\users\Enrico 3\.thumbnails
2011-09-11 12:24 . 2011-09-11 12:24        --------        d-----w-        c:\programdata\WindowsSearch
2011-09-09 15:05 . 2011-09-09 15:05        --------        d-----w-        C:\12c63f91399ac2689c1024
2011-09-09 14:57 . 2009-07-14 12:12        16896        ----a-w-        c:\windows\system32\winusb.dll
2011-09-09 14:57 . 2009-07-13 23:51        34944        ----a-w-        c:\windows\system32\drivers\winusb.sys
2011-09-09 14:53 . 2009-07-14 17:45        445008        ----a-w-        c:\windows\system32\drivers\Wdf01000.sys
2011-09-09 14:53 . 2009-07-14 17:45        38480        ----a-w-        c:\windows\system32\drivers\WdfLdr.sys
2011-09-09 14:44 . 2011-09-09 14:44        --------        d-----w-        c:\program files\NIBObeeLib
2011-09-05 17:04 . 2011-09-05 17:04        183696        ----a-w-        c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-09-05 17:04 . 2011-09-05 17:04        183696        ----a-w-        c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-09-05 14:44 . 2011-09-26 15:30        --------        d-----r-        c:\users\Enrico 3\Dropbox
2011-09-05 14:41 . 2011-09-26 17:11        --------        d-----w-        c:\users\Enrico 3\AppData\Roaming\Dropbox
2011-08-30 12:21 . 2011-08-30 12:21        1138440        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-19 20:02 . 2009-08-28 21:56        140496        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys
2011-09-19 20:01 . 2009-08-29 17:32        280736        ----a-w-        c:\windows\system32\PnkBstrB.xtr
2011-09-19 20:01 . 2009-08-28 21:56        280736        ----a-w-        c:\windows\system32\PnkBstrB.exe
2011-09-19 20:00 . 2009-08-28 21:56        280768        ----a-w-        c:\windows\system32\PnkBstrB.ex0
2011-08-31 14:01 . 2011-05-15 10:47        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-03 11:50 . 2010-10-16 11:42        599144        ----a-w-        c:\windows\system32\nvvsvc.exe
2011-08-03 11:50 . 2010-10-16 11:42        2560616        ----a-w-        c:\windows\system32\nvsvcr.dll
2011-08-03 11:50 . 2010-10-16 11:42        111208        ----a-w-        c:\windows\system32\nvmctray.dll
2011-08-03 11:50 . 2010-10-16 11:42        3730024        ----a-w-        c:\windows\system32\nvcpl.dll
2011-08-03 11:50 . 2010-10-16 11:42        2558568        ----a-w-        c:\windows\system32\nvsvc.dll
2011-08-03 11:50 . 2010-04-03 16:27        66664        ----a-w-        c:\windows\system32\nvshext.dll
2011-08-03 11:50 . 2008-05-02 20:46        2412136        ----a-w-        c:\windows\system32\nvapi.dll
2011-08-03 11:50 . 2008-05-02 20:46        12636776        ----a-w-        c:\windows\system32\nvd3dum.dll
2011-08-03 01:31 . 2011-08-03 01:31        311912        ----a-w-        c:\windows\system32\nvStreaming.exe
2011-07-22 02:54 . 2011-08-11 21:23        1797632        ----a-w-        c:\windows\system32\jscript9.dll
2011-07-22 02:48 . 2011-08-11 21:23        1126912        ----a-w-        c:\windows\system32\wininet.dll
2011-07-22 02:44 . 2011-08-11 21:23        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2011-07-11 13:25 . 2011-08-24 14:13        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-07-06 15:31 . 2011-08-11 15:12        214016        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2011-06-30 10:40 . 2009-08-28 21:03        66616        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-06-30 10:40 . 2009-08-28 21:03        138192        ----a-w-        c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Enrico 3\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Enrico 3\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Enrico 3\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-01 281768]
.
c:\users\Enrico 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
CurseClientStartup.ccip [2010-3-19 0]
Dropbox.lnk - c:\users\Enrico 3\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24183152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"ehTray.exe"=c:\windows\ehome\ehTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"FreePDF Assistant"=c:\program files\FreePDF_XP\fpassist.exe
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe"
"Samsung PanelMgr"=c:\windows\Samsung\PanelMgr\ssmmgr.exe /autorun
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-07-01 34896]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-19 722416]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 DevoloNetworkService;devolo Network Service;c:\program files\devolo\dlan\devolonetsvc.exe [2010-07-19 2231616]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [2010-06-10 35840]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-09-10 5120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-04-16 173352]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-12-09 1044808]
S3 arusb_lh;TP-LINK TL-WN821N 11N Wireless device driver;c:\windows\system32\DRIVERS\arusb_lh.sys [2008-07-24 437760]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-11-21 569344]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 23:49]
.
2011-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 23:49]
.
2011-09-26 c:\windows\Tasks\User_Feed_Synchronization-{922948E4-51CB-426B-9169-4462F3F7F7B1}.job
- c:\windows\system32\msfeedssync.exe [2011-05-04 12:21]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Enrico 3\AppData\Roaming\Mozilla\Firefox\Profiles\lx33bz2r.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="Opera.HTML"
.
[HKEY_USERS\S-1-5-21-80837186-2041014162-264518140-1001\Software\SecuROM\License information*]
"datasecu"=hex:cc,10,5d,e4,49,61,74,5f,1f,5c,8c,f6,ee,26,6a,19,1e,46,ac,eb,ba,
   67,33,71,dc,64,c7,9b,81,88,c9,ce,cf,62,a6,98,21,d8,f7,f6,ac,20,e2,7e,f0,f7,\
"rkeysecu"=hex:70,47,ed,af,bb,4e,66,db,b5,2a,b0,9e,c0,49,d2,f8
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4024)
c:\users\Enrico 3\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\system32\WUDFHost.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-09-26  21:58:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-09-26 19:56
ComboFix2.txt  2011-09-26 19:04
.
Vor Suchlauf: 19 Verzeichnis(se), 156.713.275.392 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 157.376.700.416 Bytes frei
.
- - End Of File - - FF0EB09891185B01ED99A2127C4DF1FA

--- --- ---

cosinus 27.09.2011 10:23
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Prayer 27.09.2011 14:14
So, natürlich funktionierte bei mir GMER nicht, da es während der Überprüfung ''nicht mehr funktioniert''.

Das Log von OSAM:

Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Report of OSAM: Autorun Manager v5.0.11926.0</title>
<style type="text/css">
body
{
    margin                    : 10px 10px 10px 20px;
    color                    : #000000;
    background-color          : #fffbf0;
    font                      : 10pt Tahoma, Verdana, Arial, Helvetica, sans-serif;
    scrollbar-3dlight-color  : #fffbf0;
    scrollbar-arrow-color    : #000000;
    scrollbar-darkshadow-color: #000000;
    scrollbar-face-color      : #fffbf0;
    scrollbar-highlight-color : #000000;
    scrollbar-shadow-color    : #fffbf0;
    scrollbar-track-color    : #fffbf0;
}
a:link
{
    color: #e15616;
}
a:visited
{
    color: #e15616;
}
a:hover
{
    color: #e4743f;
}
a:active
{
    color: #e4743f;
}
.header1
{
    font-size  : 115%;
    font-weight: bold;
    margin-left: 0px;
}
table
{
    border-collapse: collapse;
    border        : 1px solid #000000;
    cellpadding    : 0;
    cellspacing    : 0;
    width          : 90%;
}
td,th
{
    font-size    : 12px;
    color        : #000000;
    background    : #fffbf0;
    border        : 1px solid #000000;
    text-align    : left;
    vertical-align: top;
    padding      : 2px 4px 2px 4px;
}
.cap
{
    font-weight: bold;
    font-size  : 10pt;
    padding    : 2px 4px 2px 4px;
    border    : 1px solid #000000;
}
.group
{
    font-weight: bold;
    font-size  : 10pt;
    padding    : 2px 4px 2px 4px;
    text-align : center;
}
.reg
{
    font-weight: bold;
    font-size  : 10pt;
    border    : 0px none;
    padding    : 2px 4px 2px 4px;
}
.notfound
{
    background-color: #B3DDFF;
}
.blocked
{
    background-color: #FF96EB;
}
.nodetails
{
    background-color: #FFFF75;
}
.trusted
{
    background-color: #C8FFC8;
}
.rootkit
{
    background-color: #FF8696;
}
td.rs { text-align: center; vertical-align: center; font-family: courier; }
td.rs.rm { background: #F90424; title: "Malware"; }
td.rs.ri { background: #F90424; title: "Infected"; color: #21F411; }
td.rs.rw { background: #F90424; title: "Unwanted"; }
td.rs.rs { background: #F90424; title: "Suspicious"; }
td.rs.rt { background: #21F411; title: "Trusted"; }
td.rs.rc { background: #21F411; title: "Checked"; }
td.rs.ry { background: #21F411; title: "Up-to-You"; }
td.rs.rr { background: #F6EB13; title: "Riskware"; }
td.rs.ru { background: #D4D0C8; title: "Unknown"; }
td.rs.rn { background: #FFFFFF; title: "Not checked"; }
</style>
</head>
<body>
<p><span class="header1">Report of OSAM: Autorun Manager v5.0.11926.0</span><br>
<a href="hxxp://www.online-solutions.ru/en/" target="_blank">hxxp://www.online-solutions.ru/en/</a><br>
Saved at 14:42:39 on 27.09.2011</p>
<b>OS</b>: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit<br>
<b>Default Browser</b>: Opera Software Opera Internet Browser 11.51<br>
<br><b>Scanner Settings</b><br>
<input type="checkbox" disabled checked>Rootkits detection (hidden registry)<br>
<input type="checkbox" disabled checked>Rootkits detection (hidden files)<br>
<input type="checkbox" disabled checked>Retrieve files information<br>
<input type="checkbox" disabled checked>Check Microsoft signatures<br>
<br><b>Filters</b><br>
<input type="checkbox" disabled>Trusted entries<br>
<input type="checkbox" disabled>Empty entries<br>
<input type="checkbox" disabled checked>Hidden registry entries (rootkit activity)<br>
<input type="checkbox" disabled checked>Exclusively opened files<br>
<input type="checkbox" disabled checked>Not found files<br>
<input type="checkbox" disabled checked>Files without detailed information<br>
<input type="checkbox" disabled checked>Existing files<br>
<input type="checkbox" disabled>Non-startable services<br>
<input type="checkbox" disabled>Non-startable drivers<br>
<input type="checkbox" disabled checked>Active entries<br>
<input type="checkbox" disabled checked>Disabled entries<br>
<br>
<table border="1" cellpadding="0" cellspacing="0">
<tr>
<th class="cap" width="20">&nbsp;</th>
<th class="cap">Risk</th>
<th class="cap">Name</th>
<th class="cap">Publisher</th>
<th class="cap">Full Path</th>
<th class="cap">Status</th>
</tr>
<tr>
<td class="group" colspan="6">Common</td>
</tr>
<tr>
<td class="reg" colspan="6">%SystemRoot%\Tasks</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"GoogleUpdateTaskMachineCore.job"</td>
<td>"Google Inc."</td>
<td>C:\Program Files\Google\Update\GoogleUpdate.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"GoogleUpdateTaskMachineUA.job"</td>
<td>"Google Inc."</td>
<td>C:\Program Files\Google\Update\GoogleUpdate.exe</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Control Panel Objects</td>
</tr>
<tr>
<td class="reg" colspan="6">%SystemRoot%\system32</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"FlashPlayerCPLApp.cpl"</td>
<td>"Adobe Systems Incorporated"</td>
<td>C:\Windows\system32\FlashPlayerCPLApp.cpl</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Adobe Gamma"</td>
<td>"Adobe Systems, Inc."</td>
<td>C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma.cpl</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"mlcfg32.cpl"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\MICROS~4\Office12\MLCFG32.CPL</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Pando"</td>
<td>"Pando Networks"</td>
<td>C:\Program Files\Pando Networks\Media Booster\PMB.cpl</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"QuickTime"</td>
<td>"Apple Inc."</td>
<td>C:\Program Files\QuickTime\QTSystem\QuickTime.cpl</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Drivers</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services</td>
</tr>
<tr>
<td class="rootkit"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="rootkit">"a4h2sb7e" (a4h2sb7e)</td>
<td class="rootkit"></td>
<td class="rootkit">C:\Windows\system32\drivers\a4h2sb7e.sys</td>
<td class="rootkit">Hidden registry entry, rootkit activity | File not found</td>
</tr>
<tr>
<td class="rootkit"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="rootkit">"aswMBR" (aswMBR)</td>
<td class="rootkit"></td>
<td class="rootkit">C:\Users\ENRICO~1\AppData\Local\Temp\aswMBR.sys</td>
<td class="rootkit">Hidden registry entry, rootkit activity | File not found</td>
</tr>
<tr>
<td class="nodetails"><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td class="nodetails">"atksgt" (atksgt)</td>
<td class="nodetails"></td>
<td class="nodetails">C:\Windows\System32\DRIVERS\atksgt.sys</td>
<td class="nodetails">File found, but it contains no detailed information</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"avgio" (avgio)</td>
<td>"Avira GmbH"</td>
<td>C:\Program Files\Avira\AntiVir Desktop\avgio.sys</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"avgntflt" (avgntflt)</td>
<td>"Avira GmbH"</td>
<td>C:\Windows\System32\DRIVERS\avgntflt.sys</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"avipbb" (avipbb)</td>
<td>"Avira GmbH"</td>
<td>C:\Windows\System32\DRIVERS\avipbb.sys</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"catchme" (catchme)</td>
<td class="notfound"></td>
<td class="notfound">C:\ComboFix\catchme.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"DgiVecp" (DgiVecp)</td>
<td class="notfound"></td>
<td class="notfound">C:\Windows\system32\Drivers\DgiVecp.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"GEARAspiWDM" (GEARAspiWDM)</td>
<td>"GEAR Software Inc."</td>
<td>C:\Windows\System32\Drivers\GEARAspiWDM.sys</td>
<td>File exists</td>
</tr>
<tr>
<td class="nodetails"><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td class="nodetails">"giveio" (giveio)</td>
<td class="nodetails"></td>
<td class="nodetails">C:\Windows\System32\giveio.sys</td>
<td class="nodetails">File found, but it contains no detailed information</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"IP in IP Tunnel Driver" (IpInIp)</td>
<td class="notfound"></td>
<td class="notfound">C:\Windows\System32\DRIVERS\ipinip.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"IPX Traffic Filter Driver" (NwlnkFlt)</td>
<td class="notfound"></td>
<td class="notfound">C:\Windows\System32\DRIVERS\nwlnkflt.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"IPX Traffic Forwarder Driver" (NwlnkFwd)</td>
<td class="notfound"></td>
<td class="notfound">C:\Windows\System32\DRIVERS\nwlnkfwd.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"Lavasoft helper driver" (Lavasoft Kernexplorer)</td>
<td class="notfound"></td>
<td class="notfound">C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="nodetails"><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td class="nodetails">"lirsgt" (lirsgt)</td>
<td class="nodetails"></td>
<td class="nodetails">C:\Windows\System32\DRIVERS\lirsgt.sys</td>
<td class="nodetails">File found, but it contains no detailed information</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"MBAMSwissArmy" (MBAMSwissArmy)</td>
<td class="notfound"></td>
<td class="notfound">C:\Windows\system32\drivers\mbamswissarmy.sys</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rr">||||||</td>
<td>"NetGroup Packet Filter Driver (devolo)" (NPF_devolo)</td>
<td>"CACE Technologies"</td>
<td>C:\Windows\system32\drivers\npf_devolo.sys</td>
<td>File exists</td>
</tr>
<tr>
<td class="rootkit"><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="rootkit">"pwdiypod" (pwdiypod)</td>
<td class="rootkit">"GMER"</td>
<td class="rootkit">C:\pwdiypod.sys</td>
<td class="rootkit">Hidden registry entry, rootkit activity</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"RT2870 USB Wireless LAN Card Driver for Vista" (netr28u)</td>
<td>"Ralink Technology Corp."</td>
<td>C:\Windows\System32\DRIVERS\netr28u.sys</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"speedfan" (speedfan)</td>
<td>"Almico Software"</td>
<td>C:\Windows\System32\speedfan.sys</td>
<td>File exists</td>
</tr>
<tr>
<td class="blocked"><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td class="blocked">"sptd" (sptd)</td>
<td class="blocked">"Duplex Secure Ltd."</td>
<td class="blocked">C:\Windows\System32\Drivers\sptd.sys</td>
<td class="blocked">File is exclusively opened, access blocked</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"ssmdrv" (ssmdrv)</td>
<td>"Avira GmbH"</td>
<td>C:\Windows\System32\DRIVERS\ssmdrv.sys</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"SSPORT" (SSPORT)</td>
<td>"Samsung Electronics"</td>
<td>C:\Windows\system32\Drivers\SSPORT.sys</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rc">||&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"TP-LINK TL-WN821N 11N Wireless device driver" (arusb_lh)</td>
<td>"Atheros Communications, Inc."</td>
<td>C:\Windows\System32\DRIVERS\arusb_lh.sys</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv)</td>
<td>"TuneUp Software"</td>
<td>C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Explorer</td>
</tr>
<tr>
<td class="reg" colspan="6">HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Classes\Folder\shellex\ColumnHandlers</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension"</td>
<td>"Adobe Systems, Inc."</td>
<td>C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}"</td>
<td></td>
<td>C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Classes\Protocols\Filter</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Classes\Protocols\Handler</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{828030A1-22C1-4009-854F-8E305202313F} "livecall"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{828030A1-22C1-4009-854F-8E305202313F} "msnim"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension"</td>
<td>"Igor Pavlov"</td>
<td>C:\Program Files\7-Zip\7-zip.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class"</td>
<td>"NVIDIA Corporation"</td>
<td>C:\Program Files\NVIDIA Corporation\Display\nvui.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove GFS Explorer Bar"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Microsoft Office\OFFICE11\msohev.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\MICROS~4\Office12\ONFILTER.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\MICROS~4\Office12\MLSHEXT.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension"</td>
<td>"NVIDIA Corporation"</td>
<td>C:\Windows\system32\nvshext.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler"</td>
<td></td>
<td>C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler"</td>
<td></td>
<td>C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler"</td>
<td></td>
<td>C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer"</td>
<td></td>
<td>C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\MICROS~4\Office12\OLKFSTUB.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning"</td>
<td>"Avira GmbH"</td>
<td>C:\Program Files\Avira\AntiVir Desktop\shlext.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension"</td>
<td>"TuneUp Software"</td>
<td>C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension"</td>
<td>"TuneUp Software"</td>
<td>C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension"</td>
<td>"TuneUp Software"</td>
<td>C:\Windows\System32\uxtuneup.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="nodetails"><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td class="nodetails">{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension"</td>
<td class="nodetails"></td>
<td class="nodetails">C:\Program Files\Unlocker\UnlockerCOM.dll</td>
<td class="nodetails">File found, but it contains no detailed information</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR"</td>
<td>"Alexander Roshal"</td>
<td>C:\Program Files\WinRAR\rarext.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Internet Explorer</td>
</tr>
<tr>
<td class="reg" colspan="6">HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">ITBar7Height "ITBar7Height"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound"><binary data> "ITBar7Layout"</td>
<td class="notfound"></td>
<td class="notfound"></td>
<td class="notfound">File not found | COM-object registry key not found</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26"<br>hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab</td>
<td>"Sun Microsystems, Inc."</td>
<td>C:\Program Files\Java\jre6\bin\jp2iexp.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26"<br>hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab</td>
<td>"Sun Microsystems, Inc."</td>
<td>C:\Program Files\Java\jre6\bin\jp2iexp.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26"<br>hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab</td>
<td>"Sun Microsystems, Inc."</td>
<td>C:\Program Files\Java\jre6\bin\npjpi160_26.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object"<br>hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab</td>
<td>"Adobe Systems, Inc."</td>
<td>C:\Windows\system32\Macromed\Flash\Flash10w.ocx</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension"</td>
<td>"Safer Networking Limited"</td>
<td>C:\Program Files\Spybot - Search & Destroy\SDHelper.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"ICQ7"</td>
<td>"ICQ, LLC."</td>
<td>C:\Program Files\ICQ7.0\ICQ.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research"</td>
<td>"Microsoft Corporation"</td>
<td>C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper"</td>
<td>"Adobe Systems Incorporated"</td>
<td>C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper"</td>
<td>"Sun Microsystems, Inc."</td>
<td>C:\Program Files\Java\jre6\bin\jp2ssv.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection"</td>
<td>"Safer Networking Limited"</td>
<td>C:\Program Files\Spybot - Search & Destroy\SDHelper.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Logon</td>
</tr>
<tr>
<td class="reg" colspan="6">%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"Adobe Gamma.lnk"</td>
<td>"Adobe Systems, Inc."</td>
<td>C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe</td>
<td>Shortcut exists | File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"CurseClientStartup.ccip"</td>
<td></td>
<td>C:\Users\Enrico 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"desktop.ini"</td>
<td></td>
<td>C:\Users\Enrico 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"Dropbox.lnk"</td>
<td>"Dropbox, Inc."</td>
<td>C:\Users\Enrico 3\AppData\Roaming\Dropbox\bin\Dropbox.exe</td>
<td>Shortcut exists | File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"desktop.ini"</td>
<td></td>
<td>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini</td>
<td>File exists</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"StartupPrograms"</td>
<td class="notfound"></td>
<td class="notfound">rdpclip</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Run</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"avgnt"</td>
<td>"Avira GmbH"</td>
<td>"C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Print Monitors</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors</td>
</tr>
<tr>
<td class="nodetails"><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td class="nodetails">"Redirected Port"</td>
<td class="nodetails"></td>
<td class="nodetails">C:\Windows\system32\redmonnt.dll</td>
<td class="nodetails">File found, but it contains no detailed information</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Send To Microsoft OneNote Monitor"</td>
<td>"Microsoft Corporation"</td>
<td>C:\Windows\system32\msonpmon.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"SST3C Langmon"</td>
<td></td>
<td>C:\Windows\system32\sst3cl3.dll</td>
<td>File exists</td>
</tr>
<tr>
<td class="group" colspan="6">Services</td>
</tr>
<tr>
<td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp)</td>
<td>"TuneUp Software"</td>
<td>C:\Windows\System32\uxtuneup.dll</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag)</td>
<td>"TuneUp Software"</td>
<td>C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400)</td>
<td>"Microsoft Corporation"</td>
<td>C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rc">||&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"Adobe Acrobat Update Service" (AdobeARMservice)</td>
<td>"Adobe Systems Incorporated"</td>
<td>C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Adobe LM Service" (Adobe LM Service)</td>
<td>"Adobe Systems"</td>
<td>C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Avira AntiVir Guard" (AntiVirService)</td>
<td>"Avira GmbH"</td>
<td>C:\Program Files\Avira\AntiVir Desktop\avguard.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Avira AntiVir Planer" (AntiVirSchedulerService)</td>
<td>"Avira GmbH"</td>
<td>C:\Program Files\Avira\AntiVir Desktop\sched.exe</td>
<td>File exists</td>
</tr>
<tr>
<td class="nodetails"><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="nodetails">"devolo Network Service" (DevoloNetworkService)</td>
<td class="nodetails"></td>
<td class="nodetails">C:\Program Files\devolo\dlan\devolonetsvc.exe</td>
<td class="nodetails">File found, but it contains no detailed information</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rc">||&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"GameConsoleService" (GameConsoleService)</td>
<td>"WildTangent, Inc."</td>
<td>C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"Google Update Service (gupdate)" (gupdate)</td>
<td>"Google Inc."</td>
<td>C:\Program Files\Google\Update\GoogleUpdate.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"Google Update-Dienst (gupdatem)" (gupdatem)</td>
<td>"Google Inc."</td>
<td>C:\Program Files\Google\Update\GoogleUpdate.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rc">||&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"ICQ Service" (ICQ Service)</td>
<td></td>
<td>C:\Program Files\ICQ6Toolbar\ICQ Service.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ry">||||&nbsp;&nbsp;</td>
<td>"InstallDriver Table Manager" (IDriverT)</td>
<td>"Macrovision Corporation"</td>
<td>C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32)</td>
<td>"Microsoft Corporation"</td>
<td>C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Microsoft Office Diagnostics Service" (odserv)</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service)</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"NVIDIA Display Driver Service" (nvsvc)</td>
<td>"NVIDIA Corporation"</td>
<td>C:\Windows\system32\nvvsvc.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service)</td>
<td>"NVIDIA Corporation"</td>
<td>C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"NVIDIA Update Service Daemon" (nvUpdatusService)</td>
<td>"NVIDIA Corporation"</td>
<td>C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"Office Source Engine" (ose)</td>
<td>"Microsoft Corporation"</td>
<td>C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE</td>
<td>File exists</td>
</tr>
<tr>
<td class="nodetails"><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td class="nodetails">"PnkBstrA" (PnkBstrA)</td>
<td class="nodetails"></td>
<td class="nodetails">C:\Windows\system32\PnkBstrA.exe</td>
<td class="nodetails">File found, but it contains no detailed information</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"SBSD Security Center Service" (SBSDWSCService)</td>
<td>"Safer Networking Ltd."</td>
<td>C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe</td>
<td>File exists</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"StarWind AE Service" (StarWindServiceAE)</td>
<td class="notfound"></td>
<td class="notfound">C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td class="notfound"><input type="checkbox" disabled checked></td>
<td class="rs rn">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td class="notfound">"StarWind iSCSI Service" (StarWindService)</td>
<td class="notfound"></td>
<td class="notfound">C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe</td>
<td class="notfound">File not found</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"Steam Client Service" (Steam Client Service)</td>
<td>"Valve Corporation"</td>
<td>C:\Program Files\Common Files\Steam\SteamService.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rr">||||||</td>
<td>"TeamViewer 5" (TeamViewer5)</td>
<td>"TeamViewer GmbH"</td>
<td>C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs ru">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
<td>"TeamViewer 6" (TeamViewer6)</td>
<td>"TeamViewer GmbH"</td>
<td>C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"TuneUp Utilities Service" (TuneUp.UtilitiesSvc)</td>
<td>"TuneUp Software"</td>
<td>C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe</td>
<td>File exists</td>
</tr>
<tr>
<td><input type="checkbox" disabled checked></td>
<td class="rs rt">||||||</td>
<td>"X10 Device Network Service" (x10nets)</td>
<td>"X10"</td>
<td>C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe</td>
<td>File exists</td>
</tr>
</table>
<p>If You have questions or want to get some help, You can visit <a href="hxxp://forum.online-solutions.ru" target="_blank">hxxp://forum.online-solutions.ru</a></p>
</body></html>
Das Log von aswMBR:
Code:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-27 14:43:30
-----------------------------
14:43:30.330    OS Version: Windows 6.0.6002 Service Pack 2
14:43:30.331    Number of processors: 4 586 0xF0B
14:43:30.331    ComputerName: ENRICO-PC  UserName: Enrico 3
14:43:32.231    Initialize success
14:43:35.722    AVAST engine defs: 11092700
14:43:41.443    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:43:41.448    Disk 0 Vendor: WDC_WD5000AACS-00ZUB0 01.01B01 Size: 476940MB BusType: 3
14:43:43.514    Disk 0 MBR read successfully
14:43:43.519    Disk 0 MBR scan
14:43:43.524    Disk 0 Windows VISTA default MBR code
14:43:43.529    Disk 0 scanning sectors +976768065
14:43:43.629    Disk 0 scanning C:\Windows\system32\drivers
14:43:56.584    Service scanning
14:43:57.643    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
14:43:58.172    Modules scanning
14:44:03.218    Disk 0 trace - called modules:
14:44:03.228    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8662c1f8]<<
14:44:03.233    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8708d380]
14:44:03.238    3 CLASSPNP.SYS[8b3a58b3] -> nt!IofCallDriver -> [0x866a6838]
14:44:03.243    5 acpi.sys[807c06bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8666ab98]
14:44:03.253    \Driver\atapi[0x86679030] -> IRP_MJ_CREATE -> 0x8662c1f8
14:44:05.194    AVAST engine scan C:\Windows
14:44:10.528    AVAST engine scan C:\Windows\system32
14:46:39.288    AVAST engine scan C:\Windows\system32\drivers
14:46:54.470    AVAST engine scan C:\Users\Enrico 3
15:04:43.681    AVAST engine scan C:\ProgramData
15:09:04.380    Scan finished successfully
15:09:57.533    Disk 0 MBR has been saved successfully to "C:\Users\Enrico 3\Desktop\MBR.dat"
15:09:57.538    The log file has been saved successfully to "C:\Users\Enrico 3\Desktop\aswMBR.txt"
Kleine Frage: Wie lange wird es noch dauern, bis alles wieder funktioniert wie es sollte? Bzw. Weißt du, was das Problem für die Abstürze ist?

Mein Pc ist seit Sonntag nicht mehr abgestürzt, aber nur, weil ich keine Spiele und Videos offen hatte.

cosinus 27.09.2011 14:54
Zitat:
Das Log von OSAM:
Was hab ich zum Format des OSAM-Logs gepostet?

Prayer 27.09.2011 15:01
So jetzt aber, war etwas irritiert was mit der Online Abfrage gemeint sein sollte.

Code:
OSAM Logfile:

       
Code:

       
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 15:59:11 on 27.09.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Opera Software Opera Internet Browser 11.51

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Gamma" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\MLCFG32.CPL
"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"a4h2sb7e" (a4h2sb7e) - ? - C:\Windows\system32\drivers\a4h2sb7e.sys  (Hidden registry entry, rootkit activity | File not found)
"aswMBR" (aswMBR) - ? - C:\Users\ENRICO~1\AppData\Local\Temp\aswMBR.sys  (Hidden registry entry, rootkit activity | File not found)
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"DgiVecp" (DgiVecp) - ? - C:\Windows\system32\Drivers\DgiVecp.sys  (File not found)
"GEARAspiWDM" (GEARAspiWDM) - "GEAR Software Inc." - C:\Windows\System32\Drivers\GEARAspiWDM.sys
"giveio" (giveio) - ? - C:\Windows\System32\giveio.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\Windows\system32\drivers\mbamswissarmy.sys  (File not found)
"NetGroup Packet Filter Driver (devolo)" (NPF_devolo) - "CACE Technologies" - C:\Windows\system32\drivers\npf_devolo.sys
"pwdiypod" (pwdiypod) - "GMER" - C:\pwdiypod.sys  (Hidden registry entry, rootkit activity)
"RT2870 USB Wireless LAN Card Driver for Vista" (netr28u) - "Ralink Technology Corp." - C:\Windows\System32\DRIVERS\netr28u.sys
"speedfan" (speedfan) - "Almico Software" - C:\Windows\System32\speedfan.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"SSPORT" (SSPORT) - "Samsung Electronics" - C:\Windows\system32\Drivers\SSPORT.sys
"TP-LINK TL-WN821N 11N Wireless device driver" (arusb_lh) - "Atheros Communications, Inc." - C:\Windows\System32\DRIVERS\arusb_lh.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - ? -   (File not found | COM-object registry key not found)
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - ? -   (File not found | COM-object registry key not found)
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - ? -   (File not found | COM-object registry key not found)
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - ? -   (File not found | COM-object registry key not found)
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - ? -   (File not found | COM-object registry key not found)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - ? -   (File not found | COM-object registry key not found)
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - ? -   (File not found | COM-object registry key not found)
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove GFS Explorer Bar" - ? -   (File not found | COM-object registry key not found)
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - ? -   (File not found | COM-object registry key not found)
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - ? -   (File not found | COM-object registry key not found)
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10w.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
"ICQ7" - "ICQ, LLC." - C:\Program Files\ICQ7.0\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Adobe Gamma.lnk" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)
"CurseClientStartup.ccip" - ? - C:\Users\Enrico 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
"desktop.ini" - ? - C:\Users\Enrico 3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Enrico 3\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
"SST3C Langmon" - ? - C:\Windows\system32\sst3cl3.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"devolo Network Service" (DevoloNetworkService) - ? - C:\Program Files\devolo\dlan\devolonetsvc.exe  (File found, but it contains no detailed information)
"GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"StarWind AE Service" (StarWindServiceAE) - ? - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe  (File not found)
"StarWind iSCSI Service" (StarWindService) - ? - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe  (File not found)
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"TeamViewer 5" (TeamViewer5) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
"TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 27.09.2011 15:13
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Prayer 27.09.2011 15:56
Habe eben mal etwas gespielt, lief Reibungslos, mal schauen wie es bleibt. Die Kontroll Scans mache ich Morgen, da ich heute keine Zeit mehr dazu habe.

Danke für die Hilfe :)

Prayer 28.09.2011 19:15
Im Moment läuft alles ziemlich gut, außer dass er gestern bei einem Youtube Video wieder Abstürzte.

Malwarebytes log:

Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7817

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

28.09.2011 20:12:40
mbam-log-2011-09-28 (20-12-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 701096
Laufzeit: 3 Stunde(n), 12 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:00 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131