Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Keylogger, WoW - Account gehackt :X (https://www.trojaner-board.de/80353-keylogger-wow-account-gehackt-x.html)

Averen 14.12.2009 00:12
Keylogger, WoW - Account gehackt :X
 
Hallo erstmal! Ich hab heute schon ganz viel gemacht, da ich schon 2 mal! in einer Woche gehackt wurde. Antivir, AVG, Norton Security Scan (Hat was ausgespuckt, aber nur eine IluPak.exe, die ich entfernt hab (Log post ich aber noch). A-squared hat auch nix gefunden.

Die Datei, die Norton gefunden hat, war unter: C:\Windows\MRLH\IluPak.exe


Hier erstmal der Log von Malwarebytes:

Code:
Malwarebytes' Anti-Malware 1.42
Datenbank Version: 3355
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

14.12.2009 00:05:00
mbam-log-2009-12-14 (00-05-00).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|I:\|)
Durchsuchte Objekte: 267837
Laufzeit: 1 hour(s), 48 minute(s), 50 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Danach RSIT:

Code:
info.txt logfile of random's system information tool 1.06 2009-12-13 23:16:27

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.8 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A70800000002}
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
a-squared Anti-Malware 4.5-->"C:\Program Files\a-squared Anti-Malware\unins000.exe"
Avira AntiVir Premium-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Batch Renamer 2.1.1 (uninstall)-->C:\Program Files\Batch Renamer\remove_batchRenamer.exe
Benutzerhandbuch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Management Programs-->MsiExec.exe /X{D6771E19-1BB6-43B1-811E-ECC5A4613579}
Call of Duty: Modern Warfare 2 - Multiplayer-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10190
Call of Duty: Modern Warfare 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10180
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0007 -removeonly
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Glitchys MES-->"C:\Program Files\Glitchy's Model Editing Suite\unins000.exe"
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
I8kfanGUI V3.1-->"C:\Program Files\I8kfanGUI\uninstall.exe"
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
JDownloader-->C:\Program Files\JDownloader\uninstall.exe
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
KeyScrambler-->C:\Program Files\KeyScrambler\uninstall.exe
Left 4 Dead 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/550
Left 4 Dead-->"C:\Program Files\Steam\steam.exe" steam://uninstall/500
Livestream Procaster-->MsiExec.exe /I{0E323ECF-FA5B-454A-B79C-508419AC2538}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaDirect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe" -l0x7  -cluninstall
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft AppLocale-->MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Windows Application Compatibility Database-->C:\Windows\system32\sdbinst.exe -u "C:\Windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
NCsoft Launcher-->"C:\Program Files\InstallShield Installation Information\{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}\setup.exe" -runfromtemp -l0x0009 -removeonly
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0007 -removeonly
Norton Security Scan-->C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\InstStub.exe /X
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Online Armor 4.0-->"C:\Program Files\Tall Emu\Online Armor\unins000.exe"
OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
RunAlyzer-->"C:\Program Files\Safer Networking\RunAlyzer\unins000.exe"
Safari-->MsiExec.exe /I{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}
SAMSUNG Android USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\Shrewsbury\SSADUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
Samsung Mobile Modem Device Software-->C:\Windows\system32\Samsung_USB_Drivers\7\SSECUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Download Driver Software-->C:\Windows\system32\Samsung_USB_Drivers\NXP_Driver\SSDUUninstall.exe
SAMSUNG Mobile USB Driver-->MsiExec.exe /I{7184F382-8A6C-4B85-A3AC-B63734B1E241}
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
Samsung Mobile USB Modem Device Software-->C:\Windows\system32\Samsung_USB_Drivers\7_681B\SECUUninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
SAMSUNG USB Mobile Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe
SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
Security Task Manager 1.7h-->C:\Program Files\Security Task Manager\Uninstal.exe "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x7 -remove -removeonly
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Sun Java (TM) Wireless Toolkit 2.5.2_01 for CLDC-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8CB1BFD3-82B0-4C3E-A586-0A5472158E9E}\setup.exe" -l0x9  -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Trillian-->C:\Program Files\Trillian\Trillian.exe /uninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Outlook 2007 Junk Email Filter (kb976884)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {FB60F280-C70F-4174-BADB-471412AA42F0}
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {F6828576-6F79-470D-AB50-69D1BBADBD30}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VirtualCom driver-->MsiExec.exe /I{1943A043-5C85-4A16-A0D0-D687B2C1A40F}
VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WIDCOMM Bluetooth Software 6.0.1.3100-->MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Fotogalerie-->MsiExec.exe /X{2BA722D1-48D1-406E-9123-8AE5431D63EF}
Windows Live Mail-->MsiExec.exe /I{C4D738F7-996A-4C81-B8FA-C4E26D767E41}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live Movie Maker-->MsiExec.exe /X{3EFEF049-23D4-4B46-8903-4592FEA51018}
Windows Live Sync-->MsiExec.exe /X{76618402-179D-4699-A66B-D351C59436BC}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft Public Test-PTR\Uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"

======Hosts File======

127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com

======Security center information======

AS: Spybot - Search and Destroy (disabled)
AS: Windows-Defender (disabled)

======System event log======

Computer Name: ***-PC
Event Code: 10029
Message: DCOM hat den Dienst swprv mit den Argumenten "" gestartet, um den Server auszuführen:
{65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}
Record Number: 47926
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090625082111.000000-000
Event Type: Informationen
User:

Computer Name: ***-PC
Event Code: 10029
Message: DCOM hat den Dienst VSS mit den Argumenten "" gestartet, um den Server auszuführen:
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Record Number: 47925
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090625082111.000000-000
Event Type: Informationen
User:

Computer Name: ***-PC
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Beendet".
Record Number: 47924
Source Name: Service Control Manager
Time Written: 20090625075039.000000-000
Event Type: Informationen
User:

Computer Name: ***-PC
Event Code: 7036
Message: Dienst "Windows Update" befindet sich jetzt im Status "Ausgeführt".
Record Number: 47923
Source Name: Service Control Manager
Time Written: 20090625073614.000000-000
Event Type: Informationen
User:

Computer Name: ***-PC
Event Code: 7036
Message: Dienst "Startprogramm für Windows Media Center" befindet sich jetzt im Status "Beendet".
Record Number: 47922
Source Name: Service Control Manager
Time Written: 20090625073613.000000-000
Event Type: Informationen
User:

=====Application event log=====

Computer Name: D95R2T2J
Event Code: 6001
Message: Der Winlogon-Benachrichtigungsabonnent <GPClient> ist bei einem Benachrichtigungsereignis fehlgeschlagen.
Record Number: 350
Source Name: Microsoft-Windows-Winlogon
Time Written: 20070310105506.000000-000
Event Type: Warnung
User:

Computer Name: D95R2T2J
Event Code: 6000
Message: Der Winlogon-Benachrichtigungsabonnent <SessionEnv> war nicht verfügbar, um das Benachrichtigungsereignis zu verarbeiten.
Record Number: 349
Source Name: Microsoft-Windows-Winlogon
Time Written: 20070310105506.000000-000
Event Type: Informationen
User:

Computer Name: D95R2T2J
Event Code: 9009
Message: Der Desktopfenster-Manager wurde mit dem Code (0x40010004) abgebrochen.
Record Number: 348
Source Name: Desktop Window Manager
Time Written: 20070310105506.000000-000
Event Type: Informationen
User:

Computer Name: D95R2T2J
Event Code: 1013
Message: Der Windows-Suchdienst wurde normal beendet.

Record Number: 347
Source Name: Microsoft-Windows-Search
Time Written: 20070310105450.000000-000
Event Type: Informationen
User:

Computer Name: D95R2T2J
Event Code: 1
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 346
Source Name: SecurityCenter
Time Written: 20070310105448.000000-000
Event Type: Informationen
User:

=====Security event log=====

Computer Name: ***-PC
Event Code: 1101
Message: Überwachungsereignisse wurden vom Transport gelöscht. Die Echtzeit-Sicherungsdatei war beschädigt, da das System nicht ordnungsgemäß heruntergefahren wurde.
Record Number: 298
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090603153521.960910-000
Event Type: Überwachung erfolgreich
User:

Computer Name: D95R2T2J
Event Code: 4616
Message: Die Systemzeit wurde geändert.

Antragsteller:
        Sicherheits-ID:                S-1-5-19
        Kontoname:                LOKALER DIENST
        Kontodomäne:                NT-AUTORITÄT
        Anmelde-ID:                0x3e5

Prozessinformationen:
        Prozess-ID:        0x4ec
        Name:                C:\Windows\System32\svchost.exe

Vorherige Zeit:                10:55:20 10.03.2007
Neue Zeit:                10:55:20 10.03.2007

Dieses Ereignis wird generiert, wenn die Systemzeit geändert wird. Es ist normal, dass der mit Systemberechtigung ausgeführte Windows-Zeitdienst die Systemzeit regelmäßig ändert. Andere Änderungen der Systemzeit können darauf hinweisen, dass der Computer manipuliert wird.
Record Number: 297
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20070310105520.712400-000
Event Type: Überwachung erfolgreich
User:

Computer Name: D95R2T2J
Event Code: 1100
Message: Der Ereignisprotokollierungsdienst wurde heruntergefahren.
Record Number: 296
Source Name: Microsoft-Windows-Eventlog
Time Written: 20070310105520.790400-000
Event Type: Überwachung erfolgreich
User:

Computer Name: D95R2T2J
Event Code: 4647
Message: Benutzerinitiierte Abmeldung:

Antragsteller:
        Sicherheits-ID:                S-1-5-21-2754731202-3281619189-719602998-500
        Kontoname:                Administrator
        Kontodomäne:                D95R2T2J
        Anmelde-ID:                0x50a95

Dieses Ereignis wird generiert, wenn eine Abmeldung initiiert wird, aber die Anzahl der Tokenreferenzen nicht Null ist und die Anmeldesitzung nicht zerstört werden kann. Es kann keiner Benutzerinitiierte Aktion erfolgen. Dieses Ereignis kann als Abmeldeereignis interpretiert werden.
Record Number: 295
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20070310105506.282891-000
Event Type: Überwachung erfolgreich
User:

Computer Name: D95R2T2J
Event Code: 1102
Message: Das Überwachungsprotokoll wurde gelöscht.
Subjekt:
        Sicherheits- ID:        S-1-5-21-2754731202-3281619189-719602998-500
        Kontoname:        Administrator
        Domänenname:        D95R2T2J
        Logon-ID:        0x50a95
Record Number: 294
Source Name: Microsoft-Windows-Eventlog
Time Written: 20070310105439.872091-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------
Teil 2:
Code:
Logfile of random's system information tool 1.06 (written by random/random)
Run by ***at 2009-12-13 23:15:56
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 28 GB (28%) free of 102 GB
Total RAM: 3326 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:16:22, on 13.12.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Trillian\trillian.exe
C:\Users\***\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Xfire\Xfire.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\***\Desktop\Aklog\aklog.exe
C:\Users\***\Desktop\RSIT.exe
C:\Users\***\Desktop\***.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=2070310
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=2070310
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=2070310
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Livestream Procaster] "C:\Program Files\Livestream Procaster\Procaster.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8739 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2754731202-3281619189-719602998-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2754731202-3281619189-719602998-1000UA.job
C:\Windows\tasks\Norton Security Scan for ***.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-20 815104]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-09-13 405504]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"NPSStartup"= []
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-01-30 13605408]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-01-30 92704]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2009-01-30 96800]
"Livestream Procaster"=C:\Program Files\Livestream Procaster\Procaster.exe [2009-10-12 6415648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2009-12-05 6622920]
"a-squared"=C:\Program Files\a-squared Anti-Malware\a2guard.exe [2009-11-05 3279192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-03 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=c:\program files\steam\steam.exe [2009-10-24 1217808]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"i8kfangui"=C:\Program Files\I8kfanGUI\I8kfanGUI.exe [2007-02-16 856064]
"PlayNC Launcher"= []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Google Update"=C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-09 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-09 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6.5\ICQ.exe silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Dell\MediaDirect\PCMService.exe [2006-10-13 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
c:\program files\uniblue\registrybooster\StartRegistryBooster.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2006-11-03 703280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe [2006-11-03 50688]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Reader - Schnellstart.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Trillian.lnk - C:\Program Files\Trillian\trillian.exe
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2009-12-05 923336]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"EnableShellExecuteHooks"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd4fbe28-59c3-11de-aaac-d5d5b33bf892}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-12-13 23:15:56 ----D---- C:\rsit
2009-12-13 22:15:12 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes
2009-12-13 22:15:06 ----D---- C:\ProgramData\Malwarebytes
2009-12-13 22:15:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-13 22:11:56 ----D---- C:\Program Files\CCleaner
2009-12-13 17:08:01 ----D---- C:\Program Files\a-squared Anti-Malware
2009-12-13 16:42:11 ----D---- C:\Windows\Internet Logs
2009-12-13 16:07:43 ----D---- C:\Users\***\AppData\Roaming\OnlineArmor
2009-12-13 16:07:43 ----D---- C:\ProgramData\OnlineArmor
2009-12-13 16:04:47 ----D---- C:\Program Files\Tall Emu
2009-12-13 16:00:49 ----D---- C:\ProgramData\Application Data
2009-12-13 15:54:32 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-12-13 15:48:08 ----D---- C:\ProgramData\Symantec
2009-12-13 15:48:08 ----D---- C:\ProgramData\Norton
2009-12-13 15:48:08 ----D---- C:\Program Files\Norton Security Scan
2009-12-13 15:48:04 ----D---- C:\ProgramData\NortonInstaller
2009-12-13 15:48:04 ----D---- C:\Program Files\NortonInstaller
2009-12-13 14:17:45 ----D---- C:\Program Files\KeyScrambler
2009-12-13 13:46:47 ----D---- C:\Users\***\AppData\Roaming\CheckPoint
2009-12-13 13:46:34 ----D---- C:\Program Files\CheckPoint
2009-12-13 13:44:18 ----D---- C:\ProgramData\CheckPoint
2009-12-13 13:29:33 ----D---- C:\Users\***\AppData\Roaming\Avira
2009-12-13 13:19:06 ----D---- C:\ProgramData\Avira
2009-12-13 13:19:06 ----D---- C:\Program Files\Avira
2009-12-13 12:48:35 ----D---- C:\Users\***\AppData\Roaming\QuickScan
2009-12-13 12:30:53 ----D---- C:\ProgramData\SecTaskMan
2009-12-13 12:30:48 ----D---- C:\Program Files\Security Task Manager
2009-12-10 23:51:08 ----D---- C:\cygwin
2009-12-10 23:13:25 ----D---- C:\Program Files\QuickTime
2009-12-10 23:05:17 ----D---- C:\ProgramData\Apple Computer
2009-12-10 23:05:17 ----D---- C:\Program Files\Safari
2009-12-10 23:03:21 ----D---- C:\ProgramData\Apple
2009-12-10 23:03:21 ----D---- C:\Program Files\Common Files\Apple
2009-12-09 15:37:15 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-09 15:37:14 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 15:22:48 ----A---- C:\Windows\system32\wininet.dll
2009-12-09 15:22:47 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 15:22:47 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 15:22:46 ----A---- C:\Windows\system32\ieframe.dll
2009-12-09 15:22:44 ----A---- C:\Windows\system32\ieui.dll
2009-12-09 15:22:43 ----A---- C:\Windows\system32\ieencode.dll
2009-12-09 15:22:42 ----A---- C:\Windows\system32\ieapfltr.dll
2009-12-09 15:22:39 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 15:20:55 ----A---- C:\Windows\system32\rastls.dll
2009-12-08 14:18:06 ----D---- C:\Program Files\AVG
2009-11-30 20:33:46 ----A---- C:\Windows\system32\xfcodec.dll
2009-11-29 19:24:35 ----D---- C:\Program Files\Haali
2009-11-28 01:34:29 ----A---- C:\tracert.txt
2009-11-28 00:27:42 ----D---- C:\Users\***\AppData\Roaming\Trillian
2009-11-28 00:27:10 ----D---- C:\Program Files\Trillian
2009-11-27 17:16:16 ----D---- C:\Users\***\AppData\Roaming\Safer Networking
2009-11-27 17:12:40 ----D---- C:\Program Files\Safer Networking
2009-11-27 17:11:24 ----D---- C:\Program Files\Trend Micro
2009-11-27 00:33:16 ----A---- C:\Windows\system32\msxml6.dll
2009-11-27 00:33:15 ----A---- C:\Windows\system32\msxml3.dll
2009-11-27 00:29:40 ----A---- C:\Windows\system32\tzres.dll
2009-11-27 00:29:12 ----D---- C:\Program Files\MSXML 4.0
2009-11-23 16:36:45 ----A---- C:\Windows\system32\devil.dll
2009-11-23 16:36:45 ----A---- C:\Windows\system32\avisynth.dll
2009-11-23 16:36:44 ----A---- C:\Windows\system32\yv12vfw.dll
2009-11-23 16:36:44 ----A---- C:\Windows\system32\i420vfw.dll
2009-11-23 16:36:44 ----A---- C:\Windows\system32\AVSredirect.dll
2009-11-23 16:36:43 ----D---- C:\Program Files\AviSynth 2.5
2009-11-22 14:01:44 ----A---- C:\Windows\system32\XAudio2_5.dll
2009-11-22 14:01:44 ----A---- C:\Windows\system32\xactengine3_5.dll
2009-11-22 14:01:44 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2009-11-22 14:01:43 ----A---- C:\Windows\system32\D3DX9_42.dll
2009-11-22 14:01:43 ----A---- C:\Windows\system32\d3dx11_42.dll
2009-11-22 14:01:43 ----A---- C:\Windows\system32\d3dx10_42.dll
2009-11-22 14:01:43 ----A---- C:\Windows\system32\d3dcsx_42.dll
2009-11-22 14:01:41 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2009-11-22 14:01:37 ----A---- C:\Windows\system32\XAudio2_2.dll
2009-11-22 14:01:37 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2009-11-22 14:01:37 ----A---- C:\Windows\system32\xactengine3_2.dll
2009-11-21 19:26:44 ----D---- C:\Users\***\AppData\Roaming\dvdcss
2009-11-21 19:23:07 ----D---- C:\Program Files\Alcohol Soft
2009-11-21 18:46:40 ----D---- C:\Users\***\AppData\Roaming\Any Video Converter
2009-11-20 21:23:59 ----D---- C:\Program Files\JDownloader
2009-11-20 14:38:50 ----A---- C:\Windows\system32\javaws.exe
2009-11-20 14:38:50 ----A---- C:\Windows\system32\javaw.exe
2009-11-20 14:38:50 ----A---- C:\Windows\system32\java.exe
2009-11-17 19:59:22 ----D---- C:\Program Files\World of Warcraft

======List of files/folders modified in the last 1 months======

2009-12-13 23:16:05 ----D---- C:\Windows\Temp
2009-12-13 23:14:59 ----D---- C:\Users\***\AppData\Roaming\Skype
2009-12-13 22:56:58 ----D---- C:\Users\***\AppData\Roaming\Xfire
2009-12-13 22:40:24 ----D---- C:\Windows\MRLH
2009-12-13 22:26:23 ----D---- C:\Windows
2009-12-13 22:25:26 ----SHD---- C:\System Volume Information
2009-12-13 22:15:08 ----D---- C:\Windows\system32\drivers
2009-12-13 22:15:06 ----D---- C:\ProgramData
2009-12-13 22:15:05 ----D---- C:\Program Files
2009-12-13 22:14:07 ----D---- C:\Program Files\Mozilla Firefox
2009-12-13 22:13:59 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-12-13 22:13:28 ----D---- C:\Windows\Debug
2009-12-13 19:41:34 ----D---- C:\Program Files\Steam
2009-12-13 19:35:57 ----D---- C:\Windows\Logs
2009-12-13 16:40:20 ----D---- C:\Windows\System32
2009-12-13 16:06:57 ----D---- C:\Windows\inf
2009-12-13 16:05:35 ----D---- C:\Windows\system32\catroot2
2009-12-13 16:01:00 ----D---- C:\Windows\system32\catroot
2009-12-13 16:00:56 ----D---- C:\Users\***\AppData\Roaming\skypePM
2009-12-13 15:54:32 ----D---- C:\Program Files\Common Files
2009-12-13 15:48:11 ----D---- C:\Windows\Tasks
2009-12-13 15:48:11 ----D---- C:\Windows\system32\Tasks
2009-12-13 13:18:12 ----SHD---- C:\Windows\Installer
2009-12-13 12:35:45 ----D---- C:\Program Files\BAE
2009-12-12 16:32:24 ----DC---- C:\Windows\system32\DRVSTORE
2009-12-12 16:29:02 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-10 23:54:02 ----D---- C:\Users\***\AppData\Roaming\uTorrent
2009-12-10 23:15:31 ----D---- C:\Program Files\Bonjour
2009-12-10 23:07:57 ----D---- C:\Users\***\AppData\Roaming\Apple Computer
2009-12-10 14:29:07 ----D---- C:\ProgramData\Xfire
2009-12-09 16:13:16 ----D---- C:\Windows\rescache
2009-12-09 16:08:19 ----D---- C:\Windows\winsxs
2009-12-09 15:55:04 ----D---- C:\Windows\system32\de-DE
2009-12-09 15:55:04 ----D---- C:\Program Files\Windows Mail
2009-12-09 15:40:32 ----D---- C:\ProgramData\Microsoft Help
2009-12-09 15:37:04 ----RSD---- C:\Windows\assembly
2009-12-07 03:32:34 ----D---- C:\Users\***\AppData\Roaming\vlc
2009-12-02 17:14:39 ----D---- C:\Users\***\AppData\Roaming\teamspeak2
2009-12-02 14:57:18 ----D---- C:\Program Files\Xfire
2009-12-01 21:06:19 ----A---- C:\Windows\system32\mrt.exe
2009-11-27 23:33:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-23 16:36:41 ----RSD---- C:\Windows\Fonts
2009-11-22 11:28:45 ----D---- C:\Users\***\AppData\Roaming\DivX
2009-11-21 19:27:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-20 14:38:49 ----D---- C:\Program Files\Java
2009-11-18 00:15:17 ----SD---- C:\Users\***\AppData\Roaming\Microsoft
2009-11-16 00:10:12 ----A---- C:\Users\***\AppData\Roaming\MPQEditor.ini
2009-11-15 14:31:45 ----D---- C:\Windows\AppPatch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 fanio;FanIO driver; \??\C:\Windows\system32\drivers\fanio.sys [2007-02-16 14464]
R1 OADevice;OADriver; \??\C:\Windows\system32\drivers\OADriver.sys [2009-12-05 223312]
R1 OAmon;OAmon; \??\C:\Windows\system32\drivers\OAmon.sys [2009-12-05 24656]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-07-30 281760]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-13 56816]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-07-30 25888]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-11-12 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-20 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-20 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-20 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-12 8192]
R3 b57nd60x;%SvcDispName%; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-19 179712]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 KeyScrambler;KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [2008-03-22 113896]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-12-03 38224]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2009-05-29 4233728]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-01-30 7544832]
R3 OAnet;OnlineArmor Service; C:\Windows\system32\DRIVERS\oanet.sys [2009-12-05 30800]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-09-13 330240]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-20 179256]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 a0zmv1re;a0zmv1re; C:\Windows\system32\drivers\a0zmv1re.sys []
S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth-Audiogerät; C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 78128]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 80176]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 16560]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express-Netzwerkverbindungstreiber; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-09-21 36608]
S3 guardian2;guardian2; C:\Windows\System32\Drivers\oz776.sys [2007-01-29 61312]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-12 986624]
S3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-12 206848]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 1786880]
S3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\Windows\system32\NSNDIS5.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-12 659968]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2AntiMalware;a-squared Anti-Malware Service; C:\Program Files\a-squared Anti-Malware\a2service.exe [2009-10-01 1858144]
R2 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [2009-05-11 194817]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2009-05-12 434945]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-01-30 203296]
R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\OAcat.exe [2009-12-05 1282248]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-09-13 102400]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-12 386560]
S2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2009-12-05 3291336]
S3 BthServ;Bluetooth-Unterstützungsdienst; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-11-01 320760]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe []

-----------------EOF-----------------

Ich wäre euch verdammt dankbar, falls ihr mir irgendwie helfen könnt :)

Averen 14.12.2009 00:58
Hier noch Gmer:

Code:
GMER 1.0.15.15279 - http://www.gmer.net
Rootkit scan 2009-12-14 00:55:19
Windows 6.0.6002 Service Pack 2
Running: r53mct73.exe; Driver: C:\Users\Vincenzo\AppData\Local\Temp\uxdyqkog.sys


---- System - GMER 1.0.15 ----

SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwAllocateVirtualMemory [0x9031F420]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwAlpcConnectPort [0x9031E270]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwAlpcCreatePort [0x9031D8E0]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwAssignProcessToJobObject [0x9031FC60]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwConnectPort [0x9031DA90]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwCreateFile [0x9032CCB0]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwCreatePort [0x9031D740]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwCreateSection [0x90319DE0]
SSDT            8BE4674C                                                                                                                        ZwCreateThread
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwDebugActiveProcess [0x9031C900]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwDuplicateObject [0x9031D410]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwLoadDriver [0x9031EB40]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwOpenFile [0x9032D420]
SSDT            8BE46738                                                                                                                        ZwOpenProcess
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwOpenSection [0x9031A080]
SSDT            8BE4673D                                                                                                                        ZwOpenThread
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwProtectVirtualMemory [0x9031F8A0]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwQueryDirectoryFile [0x9031EFB0]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwQueueApcThread [0x9031FE00]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwRequestWaitReplyPort [0x9031E690]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwResumeThread [0x9031D060]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwSecureConnectPort [0x9031DE80]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwSetContextThread [0x9031C6E0]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwSetSystemInformation [0x9031CAA0]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwShutdownSystem [0x9031EA10]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwSuspendProcess [0x9031D240]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwSuspendThread [0x9031CE60]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwSystemDebugControl [0x9031CC90]
SSDT            8BE46747                                                                                                                        ZwTerminateProcess
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwTerminateThread [0x9031C4B0]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwUnloadDriver [0x9031ED70]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwWriteVirtualMemory [0x9031FA70]
SSDT            \??\C:\Windows\system32\drivers\OADriver.sys                                                                                    ZwCreateThreadEx [0x9031BF10]

INT 0x52        ?                                                                                                                              86159BF8
INT 0x72        ?                                                                                                                              8452CBF8
INT 0x82        ?                                                                                                                              8452CBF8
INT 0xA3        ?                                                                                                                              86159BF8
INT 0xB3        ?                                                                                                                              86159BF8

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!KeSetEvent + 131                                                                                                  81EE8874 4 Bytes  [20, F4, 31, 90]
.text          ntkrnlpa.exe!KeSetEvent + 13D                                                                                                  81EE8880 8 Bytes  [70, E2, 31, 90, E0, D8, 31, ...] {JO 0xffffffffffffffe4; XOR [EAX-0x6fce2720], EDX}
.text          ntkrnlpa.exe!KeSetEvent + 191                                                                                                  81EE88D4 4 Bytes  [60, FC, 31, 90]
.text          ntkrnlpa.exe!KeSetEvent + 1C1                                                                                                  81EE8904 4 Bytes  [90, DA, 31, 90] {NOP ; FIDIV DWORD [ECX]; NOP }
.text          ntkrnlpa.exe!KeSetEvent + 1D9                                                                                                  81EE891C 4 Bytes  [B0, CC, 32, 90]
.text          ...                                                                                                                           
?              System32\Drivers\spbg.sys                                                                                                      Das System kann den angegebenen Pfad nicht finden. !
.text          C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                                        section is writeable [0x8EE04340, 0x3EE1D7, 0xE8000020]
.text          USBPORT.SYS!DllUnload                                                                                                          8FA8341B 5 Bytes  JMP 861591D8
.text          anw80ghx.SYS                                                                                                                    8AFA8000 22 Bytes  [82, 03, E1, 81, 6C, 02, E1, ...]
.text          anw80ghx.SYS                                                                                                                    8AFA8017 45 Bytes  [00, 32, 27, 9A, 8A, 3D, 25, ...]
.text          anw80ghx.SYS                                                                                                                    8AFA8045 135 Bytes  [2A, EE, 81, FD, A9, E7, 81, ...]
.text          anw80ghx.SYS                                                                                                                    8AFA80CE 10 Bytes  [00, 00, 00, 00, 00, 00, 02, ...]
.text          anw80ghx.SYS                                                                                                                    8AFA80DA 12 Bytes  [00, 00, 02, 00, 00, 00, 24, ...]
.text          ...                                                                                                                           
.text          C:\Windows\system32\DRIVERS\atksgt.sys                                                                                          section is writeable [0xA42E3300, 0x3B6D8, 0xE8000020]
.text          C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                          section is writeable [0xA4326300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text          C:\Windows\system32\taskeng.exe[608] kernel32.dll!CreateProcessW                                                                77591BF3 6 Bytes  JMP 5F0A0F5A
.text          C:\Windows\system32\taskeng.exe[608] kernel32.dll!CreateProcessA                                                                77591C28 6 Bytes  JMP 5F040F5A
.text          C:\Windows\system32\taskeng.exe[608] kernel32.dll!LoadLibraryExW                                                                775B9109 6 Bytes  JMP 5F070F5A
.text          C:\Windows\system32\taskeng.exe[608] USER32.dll!ExitWindowsEx                                                                  767AB7C3 6 Bytes  JMP 5F0D0F5A
.text          C:\Program Files\a-squared Anti-Malware\a2service.exe[1100] kernel32.dll!CreateThread + 1A                                      775DC928 4 Bytes  CALL 0045495D C:\Program Files\a-squared Anti-Malware\a2service.exe (a-squared Service/Emsi Software GmbH)
.text          C:\Windows\system32\Dwm.exe[1692] kernel32.dll!CreateProcessW                                                                  77591BF3 6 Bytes  JMP 5F0A0F5A
.text          C:\Windows\system32\Dwm.exe[1692] kernel32.dll!CreateProcessA                                                                  77591C28 6 Bytes  JMP 5F040F5A
.text          C:\Windows\system32\Dwm.exe[1692] kernel32.dll!LoadLibraryExW                                                                  775B9109 6 Bytes  JMP 5F070F5A
.text          C:\Windows\system32\Dwm.exe[1692] USER32.dll!ExitWindowsEx                                                                      767AB7C3 6 Bytes  JMP 5F0D0F5A
.text          C:\Windows\Explorer.EXE[1724] kernel32.dll!CreateProcessW                                                                      77591BF3 6 Bytes  JMP 5F0A0F5A
.text          C:\Windows\Explorer.EXE[1724] kernel32.dll!CreateProcessA                                                                      77591C28 6 Bytes  JMP 5F040F5A
.text          C:\Windows\Explorer.EXE[1724] kernel32.dll!LoadLibraryExW                                                                      775B9109 6 Bytes  JMP 5F070F5A
.text          C:\Windows\Explorer.EXE[1724] USER32.dll!ExitWindowsEx                                                                          767AB7C3 6 Bytes  JMP 5F0D0F5A
.text          C:\Windows\Explorer.EXE[1724] IPHLPAPI.DLL!IcmpSendEcho2Ex                                                                      757696D8 6 Bytes  JMP 5F130F5A
.text          C:\Windows\Explorer.EXE[1724] IPHLPAPI.DLL!IcmpSendEcho2                                                                        75769C2D 6 Bytes  JMP 5F100F5A
.text          C:\Windows\ehome\ehtray.exe[2208] kernel32.dll!CreateProcessW                                                                  77591BF3 6 Bytes  JMP 5F0A0F5A
.text          C:\Windows\ehome\ehtray.exe[2208] kernel32.dll!CreateProcessA                                                                  77591C28 6 Bytes  JMP 5F040F5A
.text          C:\Windows\ehome\ehtray.exe[2208] kernel32.dll!LoadLibraryExW                                                                  775B9109 6 Bytes  JMP 5F070F5A
.text          C:\Windows\ehome\ehtray.exe[2208] USER32.dll!ExitWindowsEx                                                                      767AB7C3 6 Bytes  JMP 5F0D0F5A
.text          C:\Program Files\I8kfanGUI\I8kfanGUI.exe[2232] kernel32.dll!CreateProcessW                                                      77591BF3 6 Bytes  JMP 5F0A0F5A
.text          C:\Program Files\I8kfanGUI\I8kfanGUI.exe[2232] kernel32.dll!CreateProcessA                                                      77591C28 6 Bytes  JMP 5F040F5A
.text          C:\Program Files\I8kfanGUI\I8kfanGUI.exe[2232] kernel32.dll!LoadLibraryExW                                                      775B9109 6 Bytes  JMP 5F070F5A
.text          C:\Program Files\I8kfanGUI\I8kfanGUI.exe[2232] USER32.dll!ExitWindowsEx                                                        767AB7C3 6 Bytes  JMP 5F0D0F5A
.text          C:\Program Files\I8kfanGUI\I8kfanGUI.exe[2232] ole32.dll!CoCreateInstance                                                      76149EA6 6 Bytes  JMP 5F100F5A
.text          C:\Program Files\I8kfanGUI\I8kfanGUI.exe[2232] ole32.dll!CoCreateInstanceEx                                                    76149EE9 6 Bytes  JMP 5F130F5A
.text          C:\Windows\ehome\ehmsas.exe[2316] kernel32.dll!CreateProcessW                                                                  77591BF3 6 Bytes  JMP 5F0A0F5A
.text          C:\Windows\ehome\ehmsas.exe[2316] kernel32.dll!CreateProcessA                                                                  77591C28 6 Bytes  JMP 5F040F5A
.text          C:\Windows\ehome\ehmsas.exe[2316] kernel32.dll!LoadLibraryExW                                                                  775B9109 6 Bytes  JMP 5F070F5A
.text          C:\Windows\ehome\ehmsas.exe[2316] USER32.dll!ExitWindowsEx                                                                      767AB7C3 6 Bytes  JMP 5F0D0F5A
.text          C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2788] kernel32.dll!CreateProcessW                                      77591BF3 6 Bytes  JMP 5F0A0F5A
.text          C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2788] kernel32.dll!CreateProcessA                                      77591C28 6 Bytes  JMP 5F040F5A
.text          C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2788] kernel32.dll!LoadLibraryExW                                      775B9109 6 Bytes  JMP 5F070F5A
.text          C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2788] USER32.dll!ExitWindowsEx                                          767AB7C3 6 Bytes  JMP 5F0D0F5A
.text          C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2788] ole32.dll!CoCreateInstance                                        76149EA6 6 Bytes  JMP 5F100F5A
.text          C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2788] ole32.dll!CoCreateInstanceEx                                      76149EE9 6 Bytes  JMP 5F130F5A
.text          C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3544] kernel32.dll!CreateProcessW                                                77591BF3 6 Bytes  JMP 5F0A0F5A
.text          C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3544] kernel32.dll!CreateProcessA                                                77591C28 6 Bytes  JMP 5F040F5A
.text          C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3544] kernel32.dll!LoadLibraryExW                                                775B9109 6 Bytes  JMP 5F070F5A
.text          C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3544] USER32.dll!ExitWindowsEx                                                    767AB7C3 6 Bytes  JMP 5F0D0F5A
.text          C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[3592] kernel32.dll!CreateProcessW                                        77591BF3 6 Bytes  JMP 5F0A0F5A
.text          C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[3592] kernel32.dll!CreateProcessA                                        77591C28 6 Bytes  JMP 5F040F5A
.text          C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[3592] kernel32.dll!LoadLibraryExW                                        775B9109 6 Bytes  JMP 5F070F5A
.text          C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[3592] USER32.dll!ExitWindowsEx                                          767AB7C3 6 Bytes  JMP 5F0D0F5A
.text          C:\Windows\System32\rundll32.exe[3668] kernel32.dll!CreateProcessW                                                              77591BF3 6 Bytes  JMP 5F0A0F5A
.text          C:\Windows\System32\rundll32.exe[3668] kernel32.dll!CreateProcessA                                                              77591C28 6 Bytes  JMP 5F040F5A
.text          C:\Windows\System32\rundll32.exe[3668] kernel32.dll!LoadLibraryExW                                                              775B9109 6 Bytes  JMP 5F070F5A
.text          C:\Windows\System32\rundll32.exe[3668] USER32.dll!ExitWindowsEx                                                                767AB7C3 6 Bytes  JMP 5F0D0F5A
.text          C:\Windows\System32\rundll32.exe[3752] kernel32.dll!CreateProcessW                                                              77591BF3 6 Bytes  JMP 5F0A0F5A
.text          C:\Windows\System32\rundll32.exe[3752] kernel32.dll!CreateProcessA                                                              77591C28 6 Bytes  JMP 5F040F5A
.text          C:\Windows\System32\rundll32.exe[3752] kernel32.dll!LoadLibraryExW                                                              775B9109 6 Bytes  JMP 5F070F5A
.text          C:\Windows\System32\rundll32.exe[3752] USER32.dll!ExitWindowsEx                                                                767AB7C3 6 Bytes  JMP 5F0D0F5A
.text          C:\Program Files\Java\jre6\bin\jusched.exe[3836] kernel32.dll!CreateProcessW                                                    77591BF3 6 Bytes  JMP 5F0A0F5A
.text          C:\Program Files\Java\jre6\bin\jusched.exe[3836] kernel32.dll!CreateProcessA                                                    77591C28 6 Bytes  JMP 5F040F5A
.text          C:\Program Files\Java\jre6\bin\jusched.exe[3836] kernel32.dll!LoadLibraryExW                                                    775B9109 6 Bytes  JMP 5F070F5A
.text          C:\Program Files\Java\jre6\bin\jusched.exe[3836] USER32.dll!ExitWindowsEx                                                      767AB7C3 6 Bytes  JMP 5F0D0F5A
.text          C:\Users\Vincenzo\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe[3916] kernel32.dll!CreateProcessW              77591BF3 6 Bytes  JMP 5F0A0F5A
.text          C:\Users\Vincenzo\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe[3916] kernel32.dll!CreateProcessA              77591C28 6 Bytes  JMP 5F040F5A
.text          C:\Users\Vincenzo\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe[3916] kernel32.dll!LoadLibraryExW              775B9109 6 Bytes  JMP 5F070F5A
.text          C:\Users\Vincenzo\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe[3916] USER32.dll!ExitWindowsEx                  767AB7C3 6 Bytes  JMP 5F0D0F5A
.text          C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3964] kernel32.dll!CreateProcessW                                              77591BF3 6 Bytes  JMP 5F0A0F5A
.text          C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3964] kernel32.dll!CreateProcessA                                              77591C28 6 Bytes  JMP 5F040F5A
.text          C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3964] kernel32.dll!LoadLibraryExW                                              775B9109 6 Bytes  JMP 5F070F5A
.text          C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3964] USER32.dll!ExitWindowsEx                                                767AB7C3 6 Bytes  JMP 5F0D0F5A
.text          C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3964] ole32.dll!CoCreateInstance                                              76149EA6 6 Bytes  JMP 5F100F5A
.text          C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3964] ole32.dll!CoCreateInstanceEx                                            76149EE9 6 Bytes  JMP 5F130F5A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                                      [8A8986D6] \SystemRoot\System32\Drivers\spbg.sys
IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                                        [8A898042] \SystemRoot\System32\Drivers\spbg.sys
IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                                [8A898800] \SystemRoot\System32\Drivers\spbg.sys
IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                                                      [8A8980C0] \SystemRoot\System32\Drivers\spbg.sys
IAT            \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                                [8A89813E] \SystemRoot\System32\Drivers\spbg.sys
IAT            \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                              [8A8A7E9C] \SystemRoot\System32\Drivers\spbg.sys
IAT            \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortNotification]                                                      CC358B04
IAT            \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortWritePortUchar]                                                    838AFCDF
IAT            \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortWritePortUlong]                                                    458B38C6
IAT            \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                                A5A5A514
IAT            \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                                    100D8BA5
IAT            \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                              5F8AFCB0
IAT            \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortReadPortUchar]                                                    30810889
IAT            \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortStallExecution]                                                    54771129
IAT            \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortGetParentBusType]                                                  10C25D5E
IAT            \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortRequestCallback]                                                  8B55CC00
IAT            \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                            084D8BEC
IAT            \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                              0CF0918B
IAT            \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortCompleteRequest]                                                  458B0000
IAT            \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortMoveMemory]                                                        [8B108910] \SystemRoot\System32\Drivers\Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)
IAT            \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                                        000CF491
IAT            \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                            04508900
IAT            \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                              053C7980
IAT            \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortReadPortUshort]                                                    560C558B
IAT            \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                              C6127557
IAT            \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortInitialize]                                                        B18D0502
IAT            \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortGetDeviceBase]                                                    00000CF8
IAT            \SystemRoot\System32\Drivers\anw80ghx.SYS[ataport.SYS!AtaPortDeviceStateChange]                                                A508788D

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Program Files\a-squared Anti-Malware\a2service.exe[1100] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem]  [00454AB4] C:\Program Files\a-squared Anti-Malware\a2service.exe (a-squared Service/Emsi Software GmbH)
IAT            C:\Program Files\a-squared Anti-Malware\a2service.exe[1100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem]  [00454AB4] C:\Program Files\a-squared Anti-Malware\a2service.exe (a-squared Service/Emsi Software GmbH)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                          852E91F8
Device          \FileSystem\fastfat \FatCdrom                                                                                                  87E9F1F8

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                        Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                        Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device          \Driver\volmgr \Device\VolMgrControl                                                                                            8452E1F8
Device          \Driver\sptd \Device\2333607626                                                                                                spbg.sys
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                                8614E1F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                                8614E1F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                                8614E1F8
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                                8614E1F8
Device          \Driver\netbt \Device\NetBT_Tcpip_{69748DA3-BD9A-469F-A3F1-7E368ABE5EE7}                                                        87CA31F8
Device          \Driver\usbehci \Device\USBPDO-4                                                                                                862D01F8
Device          \Driver\tdx \Device\Tcp                                                                                                        OAmon.sys
Device          \Driver\netbt \Device\NetBT_Tcpip_{2F064EB1-89FB-4B01-9381-B33527BB5F22}                                                        87CA31F8
Device          \Driver\PCI_PNP1610 \Device\00000057                                                                                            spbg.sys
Device          \Driver\USBSTOR \Device\00000071                                                                                                87B751F8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                                          8452E1F8
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                                          8452E1F8
Device          \Driver\cdrom \Device\CdRom0                                                                                                    863021F8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                                          8452E1F8
Device          \Driver\cdrom \Device\CdRom1                                                                                                    863021F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                                    852E81F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                              852E81F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                              852E81F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2                                                                                    852E81F8
Device          \Driver\tdx \Device\RawIp6                                                                                                      OAmon.sys
Device          \Driver\cdrom \Device\CdRom2                                                                                                    863021F8
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                                          8452E1F8
Device          \Driver\volmgr \Device\HarddiskVolume5                                                                                          8452E1F8
Device          \Driver\cdrom \Device\CdRom3                                                                                                    863021F8
Device          \Driver\tdx \Device\Tcp6                                                                                                        OAmon.sys
Device          \Driver\netbt \Device\NetBt_Wins_Export                                                                                        87CA31F8
Device          \Driver\Smb \Device\NetbiosSmb                                                                                                  87B791F8
Device          \Driver\tdx \Device\Tdx                                                                                                        OAmon.sys
Device          \Driver\iScsiPrt \Device\RaidPort0                                                                                              863091F8
Device          \Driver\tdx \Device\Udp                                                                                                        OAmon.sys
Device          \FileSystem\fastfat \Fat                                                                                                        87E9F1F8

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                        fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device          \FileSystem\cdfs \Cdfs                                                                                                          8612F1F8

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cfd19acc                                                   
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                              771343423
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                              285507792
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                              2
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                               
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                            1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                          0xB8 0xE8 0x67 0x4A ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                               
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                            C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                            0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                          0x2C 0x01 0xF9 0xB3 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                    0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                0x17 0x7F 0xFD 0xF8 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                 
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                            0xD6 0x5A 0xA6 0xC4 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                                 
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                            0x12 0x00 0x1F 0x0C ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2                                 
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                            0x14 0xD7 0xD2 0x10 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016cfd19acc (not active ControlSet)                               
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                           
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                1
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                              0xB8 0xE8 0x67 0x4A ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                           
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                0
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                              0x2C 0x01 0xF9 0xB3 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                 
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                        0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                    0x17 0x7F 0xFD 0xF8 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)             
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                0xD6 0x5A 0xA6 0xC4 ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)             
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                0x12 0x00 0x1F 0x0C ...
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)             
Reg            HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12                                0x14 0xD7 0xD2 0x10 ...

---- EOF - GMER 1.0.15 ----

Averen 15.12.2009 09:58
Hier noch CC-Cleaner, sorry, hat ich vergessen :)


Code:
Adobe AIR        Adobe Systems Inc.        18.10.2009        30.7MB        1.5.2.8900
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        30.07.2009                10.0.32.18
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        02.08.2009                10.0.32.18
Adobe Flash Player 9 ActiveX        Adobe Systems Incorporated        09.03.2007                9
Adobe Reader 7.0.8 - Deutsch        Adobe Systems Incorporated        09.03.2007                7.0.8
Apple Application Support        Apple Inc.        10.12.2009                1.1.0
Apple Mobile Device Support        Apple Inc.        09.12.2009        40.4MB        2.6.0.32
Apple Software Update        Apple Inc.        01.11.2009                2.1.1.116
Batch Renamer 2.1.1 (uninstall)                07.11.2009        12.3MB       
Benutzerhandbuch                09.03.2007        0.82MB       
Bonjour        Apple Inc.        09.12.2009        0.49MB        1.0.106
Broadcom Management Programs        Broadcom Corporation        09.03.2007                10.03.01
Call of Duty: Modern Warfare 2        Infinity Ward        21.11.2009        11'380.2MB       
Call of Duty: Modern Warfare 2 - Multiplayer        Infinity Ward        21.11.2009        11'380.2MB       
CCleaner        Piriform        12.12.2009        2.80MB       
Dell Driver Download Manager        Dell Inc.        30.06.2009                1.0.0.0
Dell Driver Download Manager - 1        Dell Inc.                        2.0.0.0
Digital Line Detect        BVRP Software, Inc        09.03.2007        0.27MB        1.21
DivX Codec        DivX, Inc.        02.06.2009        1.31MB        6.8.5
DivX Converter        DivX, Inc.        02.06.2009        45.3MB        7.1.0
DivX Player        DivX, Inc.        02.06.2009        8.43MB        7.2.0
DivX Plus DirectShow Filters        DivX, Inc.        02.06.2009        1.58MB       
DivX Web Player        DivX,Inc.        02.06.2009        2.83MB        1.5.0
Fraps (remove only)                18.10.2009        2.25MB       
G Data InternetSecurity        G Data Software AG        14.12.2009                20.1.1.0
Glitchys MES        GeeTards        10.11.2009        115.2MB       
Google Chrome        Google Inc.        08.12.2009        67.4MB        3.0.195.33
Haali Media Splitter                28.11.2009        2.46MB       
HijackThis 2.0.2        TrendMicro        08.06.2009        0.39MB        2.0.2
I8kfanGUI V3.1        Christian Diefer        29.06.2009        2.61MB        3.1
Intel(R) PROSet/Wireless Software        Intel Corporation        13.12.2009                11.5.0000
Java(TM) 6 Update 17        Sun Microsystems, Inc.        03.06.2009        94.5MB        6.0.170
Java(TM) SE Runtime Environment 6        Sun Microsystems, Inc.        09.03.2007                1.6.0.0
JDownloader        AppWork UG (haftungsbeschränkt)        19.11.2009        52.1MB        0.89
Left 4 Dead        Valve        02.06.2009        5'277.0MB       
Left 4 Dead 2        Valve        17.11.2009        6'343.8MB       
Livestream Procaster        Procaster        09.11.2009                1.0.93
Malwarebytes' Anti-Malware        Malwarebytes Corporation        12.12.2009        4.11MB       
MediaDirect        Dell        09.03.2007        119.1MB        4.7
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        03.06.2009        37.0MB       
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        18.09.2009        37.0MB       
Microsoft AppLocale        MS        14.11.2009        3.61MB        1.0.0
Microsoft Office Enterprise 2007        Microsoft Corporation        25.10.2009        631.8MB        12.0.6425.1000
Microsoft Silverlight        Microsoft Corporation        13.09.2009        29.0MB        3.0.40818.0
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        02.10.2009        1.74MB        3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        01.08.2009        0.25MB        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        07.12.2009        0.33MB        8.0.59193
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        02.08.2009                9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        02.06.2009        0.58MB        9.0.30729
Microsoft Windows Application Compatibility Database                14.11.2009               
Mozilla Firefox (3.5.5)        Mozilla        06.11.2009        31.9MB        3.5.5 (de)
MSXML 4.0 SP2 (KB927978)        Microsoft Corporation        09.03.2007        1.25MB        4.20.9841.0
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        02.06.2009        1.28MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        26.11.2009        1.34MB        4.20.9876.0
MSXML4 Parser        Microsoft Game Studios        30.07.2009        64.00KB        1.0.0
NCsoft Launcher        NCsoft        25.09.2009        6.82MB        1.5.7.0
NetWaiting        BVRP Software, Inc        09.03.2007        4.91MB        2.5.41
NVIDIA Drivers        NVIDIA Corporation        27.10.2009        3'312.1MB        1.3
NVIDIA PhysX        NVIDIA Corporation        29.06.2009        120.0MB        9.09.0428
Octoshape Streaming Services                03.11.2009        1.48MB       
OutlookAddinSetup        CyberLink        09.03.2007        0.96MB        1.0.0
PC Connectivity Solution        Nokia        08.10.2009        9.25MB        8.15.0.0
QuickSet        Dell Inc.        13.12.2009        6.53MB        8.0.13
QuickTime        Apple Inc.        09.12.2009        77.3MB        7.65.17.80
RapidShare Manager        RapidShare AG        25.10.2009                0.1.0.257
RunAlyzer        Safer Networking Limited        26.11.2009        10.6MB        1.6.1.24
SAMSUNG Android USB Modem Software                08.10.2009               
SAMSUNG Mobile Composite Device Software                08.10.2009               
Samsung Mobile Modem Device Software                08.10.2009               
SAMSUNG Mobile Modem Driver Set                08.10.2009        0.12MB       
Samsung Mobile phone USB driver Software                08.10.2009        0.12MB       
SAMSUNG Mobile USB Download Driver Software                08.10.2009        0.12MB       
SAMSUNG Mobile USB Driver        SAMSUNG        08.10.2009        0.11MB        1.00.0000
SAMSUNG Mobile USB Modem 1.0 Software                08.10.2009        0.12MB       
Samsung Mobile USB Modem Device Software                08.10.2009        0.12MB       
SAMSUNG Mobile USB Modem Software                08.10.2009        0.12MB       
SAMSUNG USB Mobile Device Software                08.10.2009        0.12MB       
SamsungConnectivityCableDriver        Samsung        08.10.2009        0.62MB        6.83.6.2.1
Security Task Manager 1.7h        Neuber GmbH        12.12.2009        2.45MB        1.7h
SigmaTel Audio        SigmaTel        30.06.2009        22.1MB        5.10.5210.0
Skype™ 4.1        Skype Technologies S.A.        31.10.2009        31.1MB        4.1.179
Steam        Valve        02.06.2009        1.47MB        1.0.0.0
Sun Java (TM) Wireless Toolkit 2.5.2_01 for CLDC        Sun Microsystems, Inc.        11.12.2009        80.4MB        2.5.2_01
Synaptics Pointing Device Driver        Synaptics        09.03.2007        12.9MB        9.0.1.3
TeamSpeak 2 RC2        Dominating Bytes Design        28.09.2009                2.0.32.60
Trillian        Cerulean Studios, LLC        27.11.2009        32.7MB       
Ventrilo Client        Flagship Industries, Inc.        03.06.2009        4.43MB        3.0.5
VirtualCom driver        AIT        08.10.2009        0.71MB        1.0.0
VLC media player 1.0.1        VideoLAN Team        31.08.2009        63.1MB        1.0.1
Windows Live Anmelde-Assistent        Microsoft Corporation        02.06.2009        1.93MB        5.000.818.5
Windows Live Essentials        Microsoft Corporation        02.10.2009        44.0MB        14.0.8089.0726
Windows Live Sync        Microsoft Corporation        02.10.2009        2.79MB        14.0.8089.726
Windows Live-Uploadtool        Microsoft Corporation        02.06.2009        0.22MB        14.0.8014.1029
Windows Media Player Firefox Plugin        Microsoft Corp        31.07.2009        0.29MB        1.0.0.8
WinRAR                04.06.2009        3.73MB       
World of Warcraft        Blizzard Entertainment        08.12.2009                3.3.0.10958
Xfire (remove only)                31.07.2009        23.9MB       
µTorrent                31.07.2009        0.28MB        1.8.3

Averen 15.12.2009 14:25
Code:
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Das hat Hjiackthis gefunden, laut der automatischen Auswertung und google ist es schädlich, habs gefixt.

Hab nun Internet Explorer auf 8 geupdated!

cosinus 16.12.2009 12:25
Hallo,

Stell sicher, daß Dir auch alle Dateien angezeigt werden, danach folgende Dateien (sofern diese noch existieren) bei Virustotal.com auswerten lassen und alle Ergebnisse posten, und zwar so, daß man die der einzelnen Virenscanner sehen kann. Bitte mit Dateigrößen und Prüfsummen. Du kannst auch einfach den Ergebnislink posten:

Code:
c:\windows\System32\Drivers\spbg.sys
C:\Windows\MRLH\IluPak.exe

Danach: Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Averen 16.12.2009 17:06
Ilupak.exe hat Kapersky entfernt und spbg.sys ist nicht mehr da? Kann mich nicht erinnern, dass irgendeine Meldung über spbg.sys aufgetaucht ist..

Hier OTL.txt:

Code:
OTL logfile created on: 16.12.2009 17:00:34 - Run 1
OTL by OldTimer - Version 3.1.17.0    Folder = C:\Users\Vincenzo\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 89.35% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.70 Gb Total Space | 27.58 Gb Free Space | 27.66% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.72 Gb Free Space | 57.25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 931.51 Gb Total Space | 836.88 Gb Free Space | 89.84% Space Free | Partition Type: NTFS
 
Computer Name: VINCENZO-PC
Current User Name: Vincenzo
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Vincenzo\Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Users\Public\Games\World of Warcraft\WoW.exe (Blizzard Entertainment)
PRC - C:\Users\Vincenzo\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\Vincenzo\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\Program Files\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\Program Files\I8kfanGUI\I8kfanGUI.exe (Christian Diefer)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Vincenzo\Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Xfire\xfire_toucan_40405.dll (Xfire Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wsock32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msvcr71.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (stllssvr) --  File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (nicconfigsvc) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (XAudioService) -- C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (GearAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (fanio) -- C:\Windows\System32\drivers\fanio.sys (Christian Diefer)
DRV - (guardian2) -- C:\Windows\System32\drivers\oz776.sys (O2Micro)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk) -- C:\Windows\System32\drivers\mdmxsdk.sys (Conexant)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=2070310
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=2070310
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=2070310
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
 
[2009.12.15 12:13:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.12.14 23:00:34 | 00,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
 
O1 HOSTS File: (358602 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 12311 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Google Update] C:\Users\Vincenzo\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe (Christian Diefer)
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
O4 - Startup: C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.08.19 10:03:12 | 00,000,000 | RH-D | M] - I:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002.10.17 03:56:50 | 00,000,036 | RH-- | M] () - I:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{bd4fbe28-59c3-11de-aaac-d5d5b33bf892}\Shell - "" = AutoRun
O33 - MountPoints2\{bd4fbe28-59c3-11de-aaac-d5d5b33bf892}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2009.12.16 16:38:59 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009.12.16 16:38:59 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009.12.16 16:38:59 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009.12.16 16:38:59 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009.12.16 16:38:59 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009.12.16 16:38:44 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009.12.16 16:38:44 | 00,053,328 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009.12.16 16:38:43 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009.12.16 13:51:49 | 00,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
[2009.12.16 13:41:36 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009.12.16 11:10:39 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009.12.15 23:11:01 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009.12.15 23:11:01 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009.12.15 23:11:01 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009.12.15 22:58:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009.12.15 22:58:44 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009.12.15 19:29:06 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2009.12.15 09:42:40 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009.12.15 09:42:40 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009.12.15 09:42:40 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009.12.15 09:42:40 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009.12.15 09:42:40 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009.12.15 09:42:40 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009.12.15 09:42:39 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009.12.15 09:42:39 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009.12.15 09:42:39 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009.12.15 09:42:39 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009.12.15 09:42:38 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009.12.15 09:42:38 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009.12.15 09:42:38 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009.12.15 09:42:38 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009.12.15 09:40:14 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009.12.15 09:40:14 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009.12.15 09:40:14 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009.12.15 09:40:14 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009.12.15 09:40:13 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009.12.15 09:40:13 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009.12.15 09:40:13 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009.12.15 09:40:13 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009.12.15 09:40:13 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009.12.15 09:40:13 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009.12.15 09:40:13 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009.12.15 09:40:13 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009.12.15 09:40:12 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009.12.15 09:40:12 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009.12.15 09:40:12 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009.12.15 09:40:12 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009.12.15 09:40:11 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009.12.15 09:40:11 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009.12.15 09:40:11 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009.12.15 09:40:11 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009.12.15 09:40:11 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009.12.15 09:40:10 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009.12.15 09:40:10 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009.12.15 09:40:10 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009.12.15 09:40:10 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009.12.15 09:40:10 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009.12.15 09:40:10 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009.12.15 09:40:10 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009.12.14 23:04:09 | 00,029,992 | ---- | C] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2009.12.14 22:47:19 | 00,055,624 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2009.12.14 22:47:16 | 00,047,560 | ---- | C] (G DATA Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2009.12.14 22:46:54 | 00,027,848 | ---- | C] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2009.12.14 22:46:53 | 00,040,904 | ---- | C] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2009.12.14 22:46:31 | 00,000,000 | ---D | C] -- C:\ProgramData\G DATA
[2009.12.14 22:46:31 | 00,000,000 | ---D | C] -- C:\Program Files\G Data
[2009.12.14 22:46:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\G DATA
[2009.12.14 22:41:40 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Local\Downloaded Installations
[2009.12.14 20:30:46 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\Intel
[2009.12.14 20:30:45 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\Roaming
[2009.12.14 20:30:44 | 00,000,000 | ---D | C] -- C:\ProgramData\Roaming
[2009.12.14 20:30:22 | 00,000,000 | ---D | C] -- C:\ProgramData\Intel
[2009.12.14 20:30:16 | 00,000,000 | ---D | C] -- C:\Program Files\Cisco
[2009.12.14 20:29:56 | 00,000,000 | ---D | C] -- C:\Program Files\Intel
[2009.12.14 19:57:52 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\Dell
[2009.12.14 00:18:50 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009.12.13 23:53:13 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\Desktop\Autostartscan
[2009.12.13 23:15:56 | 00,000,000 | ---D | C] -- C:\rsit
[2009.12.13 22:15:12 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\Malwarebytes
[2009.12.13 22:15:08 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009.12.13 22:15:06 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.12.13 22:15:05 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009.12.13 22:15:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009.12.13 22:11:56 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009.12.13 19:31:26 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\.microemulator
[2009.12.13 17:08:01 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Anti-Malware
[2009.12.13 16:42:11 | 00,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2009.12.13 16:00:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Application Data
[2009.12.13 15:54:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009.12.13 15:48:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2009.12.13 15:48:08 | 00,000,000 | ---D | C] -- C:\ProgramData\Norton
[2009.12.13 15:48:04 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2009.12.13 14:13:40 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\Desktop\mok
[2009.12.13 13:46:50 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\Documents\ForceField Shared Files
[2009.12.13 13:46:47 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\CheckPoint
[2009.12.13 13:46:34 | 00,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2009.12.13 13:44:18 | 00,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2009.12.13 13:19:07 | 00,056,816 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009.12.13 13:19:06 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
[2009.12.13 12:48:35 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\QuickScan
[2009.12.13 12:30:53 | 00,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2009.12.13 12:30:48 | 00,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2009.12.11 16:06:14 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\Desktop\Aklog
[2009.12.10 23:51:08 | 00,000,000 | ---D | C] -- C:\cygwin
[2009.12.10 23:37:58 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\.mobione
[2009.12.10 23:36:51 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Local\Genuitec
[2009.12.10 23:13:25 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009.12.10 23:05:17 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009.12.10 23:03:21 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple
[2009.12.10 23:03:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009.12.09 18:34:11 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\Documents\Downloads
[2009.12.09 15:37:15 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009.12.09 15:37:14 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2009.12.09 15:20:55 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009.12.08 14:18:06 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009.11.29 19:24:35 | 00,000,000 | ---D | C] -- C:\Program Files\Haali
[2009.11.28 00:27:46 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\Desktop\TCPVIEW
[2009.11.28 00:27:42 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\Trillian
[2009.11.28 00:27:10 | 00,000,000 | ---D | C] -- C:\Program Files\Trillian
[2009.11.28 00:10:56 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\Desktop\Leatrix Latency Fix 1.15
[2009.11.27 17:16:16 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\Safer Networking
[2009.11.27 17:12:40 | 00,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2009.11.27 17:11:24 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009.11.27 00:33:12 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009.11.27 00:29:40 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009.11.27 00:29:12 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009.11.23 16:36:45 | 00,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll
[2009.11.23 16:36:45 | 00,318,976 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll
[2009.11.23 16:36:44 | 00,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2009.11.23 16:36:44 | 00,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll
[2009.11.23 16:36:43 | 00,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2009.11.22 14:01:44 | 01,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2009.11.22 14:01:44 | 00,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2009.11.22 14:01:44 | 00,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2009.11.22 14:01:43 | 05,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2009.11.22 14:01:43 | 01,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2009.11.22 14:01:43 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2009.11.22 14:01:43 | 00,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2009.11.22 14:01:41 | 00,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2009.11.22 14:01:37 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2009.11.22 14:01:37 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2009.11.22 14:01:37 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2009.11.21 19:26:44 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\dvdcss
[2009.11.21 19:23:07 | 00,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2009.11.21 18:46:40 | 00,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\Any Video Converter
[2009.11.20 21:23:59 | 00,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2009.11.17 19:59:22 | 00,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2009.12.16 17:02:56 | 08,912,896 | -HS- | M] () -- C:\Users\Vincenzo\NTUSER.DAT
[2009.12.16 16:44:58 | 00,182,340 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009.12.16 16:44:58 | 00,182,340 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009.12.16 16:44:16 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.12.16 16:44:13 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.12.16 16:44:13 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.12.16 16:44:03 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.12.16 16:42:54 | 00,524,288 | -HS- | M] () -- C:\Users\Vincenzo\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009.12.16 16:42:54 | 00,065,536 | -HS- | M] () -- C:\Users\Vincenzo\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009.12.16 16:42:48 | 03,888,995 | -H-- | M] () -- C:\Users\Vincenzo\AppData\Local\IconCache.db
[2009.12.16 16:38:59 | 00,001,811 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009.12.16 16:38:58 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009.12.16 16:36:09 | 00,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2754731202-3281619189-719602998-1000UA.job
[2009.12.16 11:01:55 | 00,000,113 | ---- | M] () -- C:\Windows\(null)toolkit.ini
[2009.12.15 23:10:19 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009.12.15 23:10:19 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009.12.15 23:10:19 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009.12.15 23:10:16 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009.12.15 22:58:58 | 00,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009.12.15 19:27:34 | 00,000,418 | ---- | M] () -- C:\Windows\tasks\At5.job
[2009.12.15 19:27:34 | 00,000,418 | ---- | M] () -- C:\Windows\tasks\At4.job
[2009.12.15 19:20:01 | 00,000,398 | ---- | M] () -- C:\Windows\tasks\At3.job
[2009.12.15 19:15:52 | 00,000,418 | ---- | M] () -- C:\Windows\tasks\At2.job
[2009.12.15 19:15:51 | 00,000,418 | ---- | M] () -- C:\Windows\tasks\At1.job
[2009.12.15 19:03:44 | 00,006,992 | ---- | M] () -- C:\Users\Vincenzo\Documents\cc_20091215_190341.reg
[2009.12.15 18:35:00 | 00,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2754731202-3281619189-719602998-1000Core.job
[2009.12.15 09:57:30 | 00,020,556 | ---- | M] () -- C:\Users\Vincenzo\Documents\cc_20091215_095721.reg
[2009.12.14 23:04:12 | 00,000,680 | ---- | M] () -- C:\Users\Vincenzo\AppData\Local\d3d9caps.dat
[2009.12.14 23:04:12 | 00,000,552 | ---- | M] () -- C:\Users\Vincenzo\AppData\Local\d3d8caps.dat
[2009.12.14 23:04:09 | 00,029,992 | ---- | M] (G Data Software) -- C:\Windows\System32\drivers\GRD.sys
[2009.12.14 22:58:46 | 00,040,904 | ---- | M] (G DATA Software AG) -- C:\Windows\System32\drivers\gdwfpcd32.sys
[2009.12.14 22:47:19 | 00,055,624 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\MiniIcpt.sys
[2009.12.14 22:47:16 | 00,047,560 | ---- | M] (G DATA Software AG) -- C:\Windows\System32\drivers\PktIcpt.sys
[2009.12.14 22:46:54 | 00,027,848 | ---- | M] (G Data Software AG) -- C:\Windows\System32\drivers\GDBehave.sys
[2009.12.14 20:32:56 | 01,427,212 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009.12.14 20:32:56 | 00,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2009.12.14 20:32:56 | 00,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009.12.14 20:32:56 | 00,123,658 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2009.12.14 20:32:56 | 00,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009.12.14 20:30:19 | 00,002,654 | ---- | M] () -- C:\Users\Vincenzo\Desktop\Dell Driver Download Manager.lnk
[2009.12.13 22:15:11 | 00,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.12.13 22:11:56 | 00,001,632 | ---- | M] () -- C:\Users\Vincenzo\Desktop\CCleaner.lnk
[2009.12.13 19:26:42 | 01,092,608 | ---- | M] () -- C:\Users\Vincenzo\Desktop\DAuth.exe
[2009.12.13 17:31:06 | 00,358,602 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009.12.13 13:28:48 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009.12.08 16:22:23 | 00,001,836 | ---- | M] () -- C:\Users\Vincenzo\Desktop\HijackThis.lnk
[2009.12.04 02:23:11 | 00,044,032 | ---- | M] () -- C:\Users\Vincenzo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.03 17:50:01 | 00,000,804 | ---- | M] () -- C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
[2009.12.03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009.12.03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009.11.30 20:33:46 | 00,041,872 | ---- | M] () -- C:\Windows\System32\xfcodec.dll
[2009.11.27 18:05:14 | 00,358,602 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20091213-171744.backup
[2009.11.25 00:54:29 | 01,280,480 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009.11.25 00:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009.11.25 00:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009.11.25 00:49:48 | 00,053,328 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009.11.25 00:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009.11.25 00:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009.11.25 00:47:28 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009.11.21 07:35:38 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009.11.21 07:35:38 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009.11.21 07:34:58 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009.11.21 07:34:52 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009.11.21 07:34:39 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009.11.21 07:34:39 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009.11.21 07:34:39 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009.11.21 07:34:38 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009.11.21 07:34:38 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009.11.21 07:34:33 | 00,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009.11.21 05:59:58 | 00,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009.11.21 05:59:52 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009.11.21 05:59:14 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009.11.21 05:58:54 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009.11.21 04:21:16 | 00,057,667 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2009.11.20 21:24:14 | 00,000,988 | ---- | M] () -- C:\Users\Vincenzo\Desktop\JDownloader.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2009.12.16 16:38:59 | 00,001,811 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009.12.16 16:38:44 | 00,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx
[2009.12.15 22:58:58 | 00,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009.12.15 19:20:45 | 00,000,418 | ---- | C] () -- C:\Windows\tasks\At5.job
[2009.12.15 19:20:23 | 00,000,418 | ---- | C] () -- C:\Windows\tasks\At4.job
[2009.12.15 19:19:00 | 00,000,398 | ---- | C] () -- C:\Windows\tasks\At3.job
[2009.12.15 19:14:09 | 00,000,418 | ---- | C] () -- C:\Windows\tasks\At2.job
[2009.12.15 19:13:37 | 00,000,418 | ---- | C] () -- C:\Windows\tasks\At1.job
[2009.12.15 19:03:43 | 00,006,992 | ---- | C] () -- C:\Users\Vincenzo\Documents\cc_20091215_190341.reg
[2009.12.15 09:57:23 | 00,020,556 | ---- | C] () -- C:\Users\Vincenzo\Documents\cc_20091215_095721.reg
[2009.12.15 09:42:39 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009.12.15 09:33:18 | 00,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini
[2009.12.14 23:04:12 | 00,000,680 | ---- | C] () -- C:\Users\Vincenzo\AppData\Local\d3d9caps.dat
[2009.12.14 23:04:12 | 00,000,552 | ---- | C] () -- C:\Users\Vincenzo\AppData\Local\d3d8caps.dat
[2009.12.14 20:30:19 | 00,002,654 | ---- | C] () -- C:\Users\Vincenzo\Desktop\Dell Driver Download Manager.lnk
[2009.12.13 22:15:11 | 00,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.12.13 22:11:56 | 00,001,632 | ---- | C] () -- C:\Users\Vincenzo\Desktop\CCleaner.lnk
[2009.12.13 19:26:23 | 01,092,608 | ---- | C] () -- C:\Users\Vincenzo\Desktop\DAuth.exe
[2009.12.09 18:30:33 | 00,001,130 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2754731202-3281619189-719602998-1000UA.job
[2009.12.09 18:30:32 | 00,001,078 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2754731202-3281619189-719602998-1000Core.job
[2009.12.03 17:50:00 | 00,000,804 | ---- | C] () -- C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
[2009.11.30 20:33:46 | 00,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009.11.27 17:11:24 | 00,001,836 | ---- | C] () -- C:\Users\Vincenzo\Desktop\HijackThis.lnk
[2009.11.23 16:36:44 | 00,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.11.20 21:24:14 | 00,000,988 | ---- | C] () -- C:\Users\Vincenzo\Desktop\JDownloader.lnk
[2009.11.08 23:24:17 | 00,000,947 | ---- | C] () -- C:\Users\Vincenzo\AppData\Roaming\MPQEditor.ini
[2009.10.09 20:20:56 | 00,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009.10.09 20:20:56 | 00,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.08.15 15:41:41 | 00,139,152 | ---- | C] () -- C:\Users\Vincenzo\AppData\Roaming\PnkBstrK.sys
[2009.08.03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.30 12:10:49 | 00,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.07.30 12:10:48 | 00,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.06.30 13:05:50 | 00,182,340 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.06.30 13:05:50 | 00,182,340 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.06.25 19:30:01 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.06.24 15:00:43 | 00,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009.06.24 11:08:08 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.03 11:54:40 | 00,013,166 | ---- | C] () -- C:\Users\Vincenzo\AppData\Roaming\nvModes.001
[2009.06.03 11:54:39 | 00,013,166 | ---- | C] () -- C:\Users\Vincenzo\AppData\Roaming\nvModes.dat
[2009.06.03 11:42:18 | 00,044,032 | ---- | C] () -- C:\Users\Vincenzo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.07 08:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.05.04 16:39:34 | 00,002,560 | ---- | C] () -- C:\Windows\System32\ViaClassCoInstaller.dll
[2007.10.25 16:26:10 | 00,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.10.08 14:21:46 | 00,958,464 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007.03.10 19:08:01 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.03.10 19:07:52 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.03.10 11:40:30 | 00,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2006.11.02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Vincenzo\Documents\My Games:Roxio EMC Stream
< End of report >

Averen 16.12.2009 17:07
Hier extras. txt:

Code:
OTL Extras logfile created on: 16.12.2009 17:00:34 - Run 1
OTL by OldTimer - Version 3.1.17.0    Folder = C:\Users\Vincenzo\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 89.35% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.70 Gb Total Space | 27.58 Gb Free Space | 27.66% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.72 Gb Free Space | 57.25% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 931.51 Gb Total Space | 836.88 Gb Free Space | 89.84% Space Free | Partition Type: NTFS
 
Computer Name: VINCENZO-PC
Current User Name: Vincenzo
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2754731202-3281619189-719602998-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{038384F3-884F-4EB5-B762-FF73BD685720}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{1B0A5B37-0398-4013-82D7-29FAE7D95358}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4403F987-9463-4C96-BDAA-79BBC3D7944A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59D6E6FD-BA64-418A-A3E1-B6641F41EBF9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6A381F6C-1EF7-4852-A720-F1E76E4C7AFF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6BF8036A-2497-4ED2-B1B1-98908893A77D}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{759E4A03-867C-42EC-A197-CCE9728ED182}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8CCC55AD-D2AC-4DD3-B133-63B26C3FB116}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AA0250D3-255D-496A-B36C-1A54870FF95F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{ABE767B4-A542-4D8C-B604-519B1875E187}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF669D02-FC9C-4BBE-B360-8FF13E42A3B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D53F3873-05E5-48AC-BDD1-6ECF8F81EF8D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0038573F-5773-4DDA-ACE8-94E651D1972A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{022D63B6-887E-4399-A82F-163007B0458F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe |
"{02624111-DC3A-4243-A7B4-53B9089FED10}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{039BD43F-A7B0-4769-AA77-5ED649F910E8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{03B91280-4582-4443-B82A-577088E00540}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{04BAEF0D-8D66-4FB7-A062-9F9F4962AA05}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{051CC45B-0C1F-4AE1-BAC8-12C6FDE88F40}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{0973A984-4C47-43F1-9001-91F2A297C5E3}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{0A5FCD53-DFEC-4212-A408-9C9AD7979A43}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0AA5EBBB-2579-40F9-B27F-4FE42F86353A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0D961434-B36C-45F8-A9A1-60329E662425}" = protocol=17 | dir=in | app=c:\users\vincenzo\appdata\locallow\dyyno receiver\dppm.exe |
"{0DC658E8-CE82-47D3-A214-028D4A32CF32}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0E411BAE-B524-4720-A53F-0EC8ED39CCFF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E75CFC1-3221-4021-BD18-C3391DAFEEC3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{10CB53AE-9025-4CA6-808C-826F00B70658}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{123D1333-AF6C-455D-9DBD-A4386DC079E6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1252583C-25FE-47B6-834F-71852A58CBD0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{15523A64-1AF2-4E27-B2CE-3D49F485D86E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{195997BF-E48A-4ABA-85AE-65D233F65904}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1AF6784C-F70F-4277-ADE9-35CD518E32B6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{1BFA5E41-4DA9-4320-9881-653FEE378C01}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1C2BEC68-155C-4C3C-9511-B823EFEBE66B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{1D777288-4546-4653-BC2B-3F92225EDC03}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1EBAA268-9E26-480D-992B-AB1CD9CAE4E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20B109F1-BAB6-4DEE-B0D2-1C78C886A86C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2334CC7C-8E68-46BA-817E-53D7DE508197}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{2339BF5C-3059-464F-8F41-85A2EE5D3ACF}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{26C98D5B-3657-4586-B3D4-D1F5552BA079}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{27C4D5AD-2F59-4246-AA3B-CCA8E9E4837B}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{27CD8B49-4C17-47B0-868A-7FF47A3C63BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{30838499-D4C8-47C0-8F6A-36D73D1DED2B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{30DA99E7-6F0E-4DB7-A7BB-7A792F14BEF7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{31D0021E-0E9C-4551-AD55-2C700282BC98}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{341EC60B-2E17-4865-ACB0-8256BFDD1807}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{372CC4D6-2702-4670-863E-D47387063CF3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{37A41778-4C36-42F3-9B5B-CD8FD2BDBEFF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{37F6538A-2533-468B-9275-7610883BE47E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3827278B-A88C-4D6E-8CB6-DC973C7085C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{39FD66ED-5F5F-4542-AAA7-FA666290D7AF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3AAD92C7-DAA2-4F84-B655-A921B79A5AC3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3AE9D5C6-B6FA-4D02-8F34-794A97143509}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C68580E-4CB9-4F2C-BDAD-8D9D1928091C}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{3D13A6EA-F799-4A17-8D47-6892A31A58FA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{3EE01864-5623-49FA-A163-ADCB63E55D33}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3FC285FB-570B-4259-8694-8D75F329390E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4085D281-B24D-4EB1-B91A-00CEBCD667CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{42D5ADC3-F45C-472D-AC06-B2B766EC6F08}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{43BCA886-D504-446C-B035-1A933E502146}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{445224A6-5E3C-4E73-86D5-AABDF2615074}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{44D2D0AE-200F-4DD3-B8F7-964CB9990E4B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{45F1077A-2F63-4E41-887C-2F2CE5DFD18C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4839123F-956E-460A-8B5A-5B0D78E8ADC2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{489DE033-885E-4E7D-A83D-4C5314F1F7AA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{4A00E09A-F1A0-4AA3-ADAE-135C87297EAA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{4B6CC3AD-AAE3-40C0-A1C9-3CD443BBB54E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4FA06D3B-E669-4C27-BB52-311A0023CF77}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5327DDB1-439F-4BC0-997C-250249D1F5AA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{538216BE-984A-48F0-BCE4-21F9BF550396}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{546A399B-90BB-41E8-B31A-C2FA3ADB6F0E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{560D827C-0CEF-490D-8E7B-4B5E9A1ABE29}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{568595C7-EC86-4AD2-A0E2-D38F6FDBA0EA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{573B5B0F-291A-48F5-A4B6-C0901D0B6990}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5AC2B734-85CD-450B-AADA-EF2399C95A5B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{5B9472FF-5609-4D8B-A9AC-889AAA16667F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C6A01D7-483C-4BEB-83D5-4E452B6DDABA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{5C9DBCDE-B50F-4BBC-959C-9061925F7EED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5EAD0787-9BAA-4102-A8FD-E94312591E6A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6005A155-8FA8-4ADD-A739-6E75AA7BE114}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{630AE891-D375-430E-A712-7910AF831B7D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{63EDF660-89F6-49D9-922F-FED5E0C2D852}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{64655074-D177-4444-B98E-77329A9BCB0D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{65B49493-99EC-4F24-90C1-0D4B924C2C89}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{65D12B7D-0998-4D86-8FE0-D63A391CEF18}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6685042B-3F19-4E17-96D9-81BDF67D3539}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{67AF56EB-5466-4F28-A751-C4A71F5289EE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6876097A-461A-42EE-96B4-0B2F2B4064B6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6960C67A-4591-45F7-8BA8-A0409D483F93}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6B670171-E1DE-464D-ADD1-0988E905643C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6D1D754B-01F5-4859-96B2-C8EDB66F47B8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6EED5A32-C8BC-4DE4-8403-CAFE906ACD55}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{719DAB0A-9E68-482F-8818-9D9575B142AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{72F62C7F-15A5-4FCC-8C3F-F6E31D211EF5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{737F2FEF-58E2-48C2-90DA-B5DE560D9CA3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{73E5876E-CCDB-4361-B283-6EDF94E8A4FC}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{7437C312-C901-48EA-8421-8E1262FD9303}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7883CF31-22F5-4C3E-A76F-A38D4A35115B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{79747C5F-BF1C-4B53-A79D-641071BAA433}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7B3FBC19-368F-4831-AADE-C16AAC4172EE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7BA14617-4E8B-48E0-A7ED-92D19275CE80}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{7D7CF9B0-816E-4B61-8DA3-D61D60FFFFAD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7D9F4A1D-210F-4422-913C-F1E056034873}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{7E07BC99-B566-4F11-8E07-556DE07C4F84}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7ECE8A1E-3F39-43E2-A3A4-C03E0FA7FD0C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7EDE4963-06A5-4CE4-8FA0-241F58B6FE00}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{7EF9D233-2FBF-4CFD-A681-768607C7AF72}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7FB5B4C1-2F3A-4282-9E4C-A9270D3B9A84}" = protocol=6 | dir=in | app=c:\users\vincenzo\appdata\locallow\dyyno receiver\dppm.exe |
"{83073A7A-F78D-4241-BFE5-0C2911A5DFA1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{830EE769-271F-412A-B440-498459DDA330}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{842AD2D3-D7ED-492E-B8EC-EF1F6A6F6DB3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{852652E8-3008-4128-9D39-53BAD96BCC0E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{85BD7352-5A79-41DE-88C9-7E6187F0EB3F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{8648B3A8-CE02-44A1-86E7-050094C2A1DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8713956A-A918-4355-A078-5F5FD25959A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{884111CE-0226-4036-8A7C-0B059AA7A8EF}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{8AD28BA1-47DB-49E2-B630-4D890494AB6E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{8BF9656A-CF0A-4D38-82C8-8080BE19B334}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{8C20EAE4-7AC2-438E-9336-9AF764FE33B2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{8CC218DF-56DF-45DD-B045-C2429387411D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8CCB2A1A-BA5F-4D1F-9547-A482419CC63F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8DB3532A-3577-4705-88BC-B895BFD8CD28}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8DE99B54-779D-439D-BD17-51B6B47F2029}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{924D699C-92D5-42FF-848D-B043E24520A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{93C0FCCA-35DF-4804-BFA4-D87EB1FBE918}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{943BFE9D-7E93-45B9-BBD4-840C38562212}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{94571C91-3C4C-449B-9794-57F687C3D715}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9545D10E-D444-4975-B253-9DC671A137F4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{96AE5CE2-3E69-43B2-A7EF-481A490D18D8}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-engb-downloader.exe |
"{96EAE1F5-38C7-4696-93AB-2B86A8716F80}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{975B1D30-6221-4336-8704-B32677104FCF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{977C3669-111D-4E99-B1F5-2AF3860FAC18}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9793B05F-39A6-469E-9796-47750707662B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{983898B6-122B-4C9D-AEFF-02FCDFA3A8DC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{98FBDCA3-F097-4970-ACD3-830D51F70F73}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{993533CE-220F-4CA4-9915-1CCAF9B42931}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-engb-downloader.exe |
"{9AFD115A-9873-475A-BA2C-09E36955CC87}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B7ECC0E-403A-43D0-8C45-C683EB8CB111}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9D770CBA-884D-4EBC-8D7C-877F0166C5BD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9E1E0003-43AA-424D-B594-A8FAED64A9EC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A09DD221-67DF-4B19-AF27-A7CE994BA826}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-engb-downloader.exe |
"{A116950A-9FB2-4156-AF3A-A5ABD85ADE5B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A33CE113-D6ED-4963-B70F-1F85C98C4D68}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A381CAA6-666D-436E-A691-654DADB23679}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A38AF5EC-4DC2-430B-986C-CDDAD730D7A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A5E27DEC-F196-4736-8365-385223B60CC5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A642B72F-84F2-4F91-B4A9-9D1771F462E2}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{A673891D-BB3C-4782-AE81-5B0C40A14238}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A71E8A10-F50B-481C-BB67-DAC19731E349}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A9876FC2-EA43-4F23-9979-7C71C1D18CD3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A9CD87B3-5639-4AD1-99E9-0DBB64C89C60}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AAEF54AF-457B-402F-86C1-5B85034009A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AB38619C-DB20-4909-BBDA-F4EE1422018F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{AC80A7D4-5FF9-4A60-8238-F5CAEC4324DA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ACFD7B63-E4A7-4F17-9669-6B4A4797B0C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B0E96051-2CAF-497E-98EF-B8113B674072}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B2AE8B84-19D6-4CD3-BEC9-19E784F0C020}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5C6CA76-3C59-4648-BFD7-39E6B1DCF735}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BA76DA09-FE55-4D7D-9ADE-026A79EBB71C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BBA0D18E-01DE-4A21-99B0-8400931C260A}" = protocol=6 | dir=in | app=c:\program files\broadcom\bacs\bacs.exe |
"{BE1B46FB-8B57-4B9E-A3E1-B4957D650153}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BF8D4B65-8A3F-4DEF-AC2F-6545233C5F22}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C077BD5D-F2A6-4F11-8038-5F47F0C1B85D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C114965B-83E6-4AED-AF59-9A6817884D12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C293C1BD-0010-4A7C-8618-BE2D51A49A36}" = protocol=6 | dir=in | app=c:\users\vincenzo\appdata\locallow\dyyno receiver\dppm.exe |
"{C821F6FC-430E-4F8F-9814-F17CD5322351}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C952A90B-B3B6-4F1A-B476-2FE313099CF2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CA095824-2562-4D98-8B2C-60FD56060485}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe |
"{CA4AF358-ACA2-4FE0-B89F-8FCBF412084F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CB0358A7-4B33-47AF-8546-E3C31081B313}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{CB27AB2C-4ADC-481F-A820-78974021973D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CBA08CDC-0284-4FFA-BB3A-117282EAF940}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CDC4327C-4172-4B6D-A4EA-5D345427AD44}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CEC322F1-E397-4200-993A-5D4F4ACF3D60}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CF0C7BF0-EB27-4AD0-BD58-A411588A8A92}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CFA510DF-5119-47F5-AB41-8F19FE4E417F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D113C468-4046-45E7-AA37-0752DAD24D5D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D1F77A3F-ACA0-47AF-A6AE-432D5CB69CE3}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{D64887AD-67E8-4CD0-964C-942D4E5B5DAD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D6DA839E-4A88-4F50-8E00-205BECA98B8F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe |
"{D8D42037-4387-4622-A8C3-8A064197790C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DAEF6D29-C7D3-4E0F-96DD-37D1866B9E23}" = protocol=17 | dir=in | app=c:\program files\broadcom\bacs\bacs.exe |
"{DBB4A795-B8EE-4EB7-8D75-759760DFA947}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{DBCF4DF7-1BB2-4A87-A092-F53ACA9B5DC1}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{DCAB9747-C1AA-4610-9762-7F2B4887A718}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E01FD454-3E77-4BF0-9CAC-519118C4CF72}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E0CD3705-709C-4F55-919A-32312E88B440}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E33550FF-9B7E-41E9-8CF9-2ADE7C5D8838}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E35F2A8A-9DF8-419A-94FE-BD7EB768AC77}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E391A72C-0763-491B-BFE7-89FA3EE82E81}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E539B68D-CB76-4451-92DE-59A4F281973F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E622673A-A8F3-45F2-A963-20EBD8F7D266}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{E6B7C564-C9A9-4190-9D8F-0581C720212A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{EA48B94F-6359-407B-AAE4-B43B8DC38338}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EB677613-5F8D-4487-8575-5C6A2BCA3A84}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EC01C0CD-07B2-4545-B953-42CA97ABA0E8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ECF531D7-85C9-4E32-9B25-6CAC950FC850}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{ED8C6196-7E5D-48D8-A31B-7FEDA0AF7D1C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EEFF2FB3-4332-4326-A06F-1108E9867B07}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{EFC5F6AE-B0DB-489A-B0C6-956BFF2ABCC5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F04CEE67-9A14-4FF5-8620-D27478516037}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{F078261B-24AE-4777-ACAC-6D9A86153F18}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F10BFC00-912C-45E4-A7A9-DD89A9E0DEC5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F319BB7D-DD2F-49A2-99BA-DFAD09131C12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F31FFBF5-3A5B-4652-9B14-4833403EC025}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F4BDEE5B-28D4-49FE-9CEF-CF1563B98B10}" = protocol=17 | dir=in | app=c:\users\vincenzo\appdata\locallow\dyyno receiver\dppm.exe |
"{F4EECC96-65EA-4243-A8D4-91278EC9383A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F7EB7944-D560-4C46-BFDB-93BC5ED0FDAF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F9282978-9C91-4AD3-91E6-73CDC6841B21}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-engb-downloader.exe |
"{FD0E829C-BFE3-4D84-8C2F-521AFE5F28BF}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-engb-downloader.exe |
"{FF006D46-6B6A-4DDA-B53D-DB8468306011}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FF03F9F4-B71B-4C81-B9DE-E1EAF82C9205}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{107C204E-32A7-4928-9875-B1E81BD4A962}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{156E0EBE-666E-4581-9ECC-17CAE4C8DB83}C:\program files\darkfall\lobby.exe" = protocol=6 | dir=in | app=c:\program files\darkfall\lobby.exe |
"TCP Query User{1726EC80-F47A-4AEE-B1B3-8934D95A7BC6}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{1B6834E3-0F54-402E-8ED4-F1FB12219017}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe |
"TCP Query User{4C9B8B5E-37EB-463A-B3EA-E7900FDF520B}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{4D56A8FA-56A3-4CCB-9055-15A5B283184A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{507478A9-9FEE-4D82-8418-768007198DA9}C:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"TCP Query User{5C1E66C3-91F0-417B-89CB-A799BDB9FD77}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe |
"TCP Query User{709664DD-A358-49D1-A5B2-31062DAA5F6A}C:\program files\icqlite\icq.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icq.exe |
"TCP Query User{7A6CC43B-54BA-49DF-A8E5-7F7A2A779D97}C:\program files\xfire\dppm_source.exe" = protocol=6 | dir=in | app=c:\program files\xfire\dppm_source.exe |
"TCP Query User{8AC00333-10B8-4A3A-8797-2078030C9FB8}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{93658077-6190-494D-B30E-0BCF88FB5774}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{A14D1F0C-1FB9-41E3-A84C-996F335DFB33}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{A7C71B1E-3E47-4CEA-99B6-C3DC086C4388}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{AD969AD1-3C40-4EB9-9597-E51321C6615C}C:\program files\icqlite\icq.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icq.exe |
"TCP Query User{BA43394C-8062-4407-AE19-17BA0418C9BA}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{CB603192-1687-43F6-B98D-A0FBC9346745}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{D3C2287D-E198-40B0-ACF0-229CE34D98D1}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{E646F0DA-39F6-4733-95C8-BF3D81F120D8}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{FF7FF774-880A-4A96-9B08-5F482F5D11E2}C:\program files\darkfall\data\sfbrowser.exe" = protocol=6 | dir=in | app=c:\program files\darkfall\data\sfbrowser.exe |
"UDP Query User{05E828C9-827A-4BC6-9037-1BF5CA8F8A47}C:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"UDP Query User{0669F47F-0992-48D0-808B-A6668C269424}C:\program files\darkfall\lobby.exe" = protocol=17 | dir=in | app=c:\program files\darkfall\lobby.exe |
"UDP Query User{133FF0D8-F9E2-46F4-8059-4F9E72BA5511}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{20708FDC-81C7-443E-9E14-66AACD28EF2C}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe |
"UDP Query User{28E9BE02-C02D-435C-8E43-697F70C6BC26}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{2F831123-1553-4399-AD89-41C8C0F1B55B}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{3295876F-85A4-4B80-945F-5FABC0E8342E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{80D45623-27B1-42DA-AAB4-D24BB60C1DDC}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{8464E879-8DA9-456A-A53D-B4A5268FDF25}C:\program files\darkfall\data\sfbrowser.exe" = protocol=17 | dir=in | app=c:\program files\darkfall\data\sfbrowser.exe |
"UDP Query User{9B4DCBE1-6C5A-4816-BA5F-EF7C27E7B5B1}C:\program files\icqlite\icq.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icq.exe |
"UDP Query User{B0C706F3-0567-4679-9301-FEEF5BB19664}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{BD0FF8E1-CE28-46EB-B531-76B04DEA8A90}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{C1D2D327-6772-4C5B-93B5-06A75C070F4B}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{CA6F13DC-5D00-4D51-AAFB-CD210BB9996C}C:\program files\xfire\dppm_source.exe" = protocol=17 | dir=in | app=c:\program files\xfire\dppm_source.exe |
"UDP Query User{CF0FB5B9-90E9-45BF-90B8-071052871555}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{E4C80630-D909-49EA-B7F5-EF08B3E9C80D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{E60BBEF9-655F-4D91-8A4B-08BA0CFC04FA}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{E6601A14-0B0E-4D19-B973-2492C449467A}C:\program files\icqlite\icq.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icq.exe |
"UDP Query User{E68CAF78-2C24-4B6C-AE6A-E49B48C1AF99}C:\program files\java\jre1.6.0\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\java.exe |
"UDP Query User{F6E7F387-BF78-4EEC-9F17-CDB145C7A530}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0E323ECF-FA5B-454A-B79C-508419AC2538}" = Livestream Procaster
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1943A043-5C85-4A16-A0D0-D687B2C1A40F}" = VirtualCom driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Driver
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8CB1BFD3-82B0-4C3E-A586-0A5472158E9E}" = Sun Java (TM) Wireless Toolkit 2.5.2_01 for CLDC
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A945BD16-4774-4A1F-96A7-118BEC004881}" = mCorev32.ism_new
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6771E19-1BB6-43B1-811E-ECC5A4613579}" = Broadcom Management Programs
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F32ED8B1-2442-4B0E-8DEC-3F3BFC1C2B7F}" = mCPlug
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"BatchRenamer" = Batch Renamer 2.1.1 (uninstall)
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Fraps" = Fraps (remove only)
"Glitchy's Model Editing Suite_is1" = Glitchys MES
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"I8kfanGUI" = I8kfanGUI V3.1
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel(R) PROSet/Wireless Software
"SAMSUNG Android USB Modem" = SAMSUNG Android USB Modem Software
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Security Task Manager" = Security Task Manager 1.7h
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Trillian" = Trillian
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"5f48e2ab41c5d005" = RapidShare Manager
"f031ef6ac137efc5" = Dell Driver Download Manager - 1
"Google Chrome" = Google Chrome
"Octoshape Streaming Services" = Octoshape Streaming Services
"uTorrent" = µTorrent
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.12.2009 13:46:16 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description =
 
Error - 15.12.2009 13:46:16 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description =
 
Error - 15.12.2009 13:46:16 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description =
 
Error - 15.12.2009 13:46:47 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description =
 
Error - 15.12.2009 13:46:47 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description =
 
Error - 15.12.2009 13:47:07 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description =
 
Error - 15.12.2009 13:49:10 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description =
 
Error - 15.12.2009 13:49:10 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description =
 
Error - 15.12.2009 13:49:10 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description =
 
Error - 15.12.2009 13:49:10 | Computer Name = Vincenzo-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description =
 
[ System Events ]
Error - 16.12.2009 08:15:32 | Computer Name = Vincenzo-PC | Source = DCOM | ID = 10016
Description =
 
Error - 16.12.2009 08:47:24 | Computer Name = Vincenzo-PC | Source = DCOM | ID = 10016
Description =
 
Error - 16.12.2009 08:48:44 | Computer Name = Vincenzo-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.14 für die Netzwerkkarte mit der Netzwerkadresse
 0019D27C7B31 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 16.12.2009 08:59:35 | Computer Name = Vincenzo-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.14 für die Netzwerkkarte mit der Netzwerkadresse
 0019D27C7B31 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 16.12.2009 11:38:59 | Computer Name = Vincenzo-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 16.12.2009 11:38:59 | Computer Name = Vincenzo-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 16.12.2009 11:38:59 | Computer Name = Vincenzo-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 16.12.2009 11:38:59 | Computer Name = Vincenzo-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 16.12.2009 11:42:46 | Computer Name = Vincenzo-PC | Source = DCOM | ID = 10010
Description =
 
Error - 16.12.2009 11:45:29 | Computer Name = Vincenzo-PC | Source = DCOM | ID = 10016
Description =
 
 
< End of report >

cosinus 16.12.2009 18:47
Bitte mal den Avenger anwenden

Vorbereitungen:
a) Deaktiviere den Hintergrundwächter vom Virenscanner.
b) Stöpsele alle externen Datenträger vom Rechner ab.


Danach:

1.) Lade Dir von hier Avenger als gehweg.exe => File-Upload.net - gehweg.exe auf den Desktop

2.) Doppelklick die Datei "gehweg.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:

http://mitglied.lycos.de/efunction/tb123/avenger.png

3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld:
Code:
files to delete:
c:\windows\System32\Drivers\spbg.sys

folders to delete:
C:\Windows\MRLH
4.) Geh in "The Avenger" nun oben auf "Load Script", dort auf "Paste from Clipboard".

5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein.

6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso.

7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier.

Averen 16.12.2009 22:56
Code:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error:  file "c:\windows\System32\Drivers\spbg.sys" not found!
Deletion of file "c:\windows\System32\Drivers\spbg.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

Folder "C:\Windows\MRLH" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

Hat es ausgespuckt!

cosinus 17.12.2009 10:59
Wenn Du nebenbei noch AntiVir installiert hast, solltest Du nur den verwenden und Symantec/Norton AntiVir deinstallieren! Mehrere Virenscanner mit Hintergrundscanner sind nicht gerade gut für das System.

Mach danach noch einen Scan mit aggressiven Einstellungen von AntiVir.

Averen 17.12.2009 18:09
Ok, werd ich heute Nacht mal durchlaufen lassen :) Danke!


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:54 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131