Trojaner-Board - Falsche Internetseiten werden aufgerufen!

Ok, danke!

Hier die 3 Logs...Allerdings sind die infizierten Einträge bei Maleware nicht von mir entfernt worden, da ich sonst nicht mehr ins Internet kann.

Code:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org
 

Datenbank Version: 5006
 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385
 

31.10.2010 16:54:15

mbam-log-2010-10-31 (16-54-15).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 139314

Laufzeit: 3 Minute(n), 21 Sekunde(n)
 

Infizierte Speicherprozesse: 2

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 3

Infizierte Dateiobjekte der Registrierung: 1

Infizierte Verzeichnisse: 0

Infizierte Dateien: 3
 

Infizierte Speicherprozesse:

C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe (Trojan.Agent) -> No action taken.

C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe (Trojan.Shell) -> No action taken.
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> No action taken.
 

Infizierte Dateiobjekte der Registrierung:

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> No action taken.
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe (Trojan.Agent) -> No action taken.

C:\$Recycle.Bin\S-1-5-21-4066490547-1557199109-2218371550-1000\$R17HK2R.exe (Trojan.Agent) -> No action taken.

C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe (Trojan.Shell) -> No action taken.

Code:

OTL logfile created on: 31.10.2010 16:56:54 - Run 3

OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\Public\Desktop\MFtools

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 197,38 Gb Total Space | 17,04 Gb Free Space | 8,63% Space Free | Partition Type: NTFS

Drive D: | 35,51 Gb Total Space | 17,82 Gb Free Space | 50,19% Space Free | Partition Type: NTFS

Drive E: | 698,63 Gb Total Space | 25,43 Gb Free Space | 3,64% Space Free | Partition Type: NTFS

 

Computer Name: WENNTO-PC | User Name: Wennto | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe ()

PRC - C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe ()

PRC - C:\Users\Wennto\AppData\Local\Temp\dwm.exe ()

PRC - C:\Users\Public\Desktop\MFtools\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - C:\Windows\System32\atieclxx.exe (AMD)

PRC - C:\Windows\System32\atiesrxx.exe (AMD)

PRC - C:\PROGRA~2\Bandoo\Bandoo.exe (Discordia Limited)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Fraps\fraps.exe (Beepa P/L)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

PRC - C:\Program Files\Verbindungsassistent\WTGService.exe ()

PRC - C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.)

PRC - C:\Program Files\RocketDock\RocketDock.exe ()

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\Public\Desktop\MFtools\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\Fraps\FRAPS32.DLL (Beepa P/L)

MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)

MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)

MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)

SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)

SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)

SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)

SRV - (Bandoo Coordinator) -- C:\PROGRA~2\Bandoo\Bandoo.exe (Discordia Limited)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (O&O Defrag) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)

SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)

SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)

SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)

SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)

SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)

SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)

SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)

SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)

SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)

SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)

SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)

SRV - (WTGService) -- C:\Program Files\Verbindungsassistent\WTGService.exe ()

SRV - (ASTSRV) -- C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (UIUSys) -- C:\Windows\System32\DRIVERS\UIUSYS.SYS File not found

DRV - (cpuz130) -- C:\Users\Wennto\AppData\Local\Temp\cpuz130\cpuz_x32.sys File not found

DRV - (amdiox86) -- C:\Windows\System32\DRIVERS\amdiox86.sys File not found

DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)

DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()

DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()

DRV - (ctgame) -- C:\Windows\System32\drivers\ctgame.sys (Creative Technology Ltd.)

DRV - (msgame) -- C:\Windows\System32\drivers\msgame.sys (Microsoft Corporation)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (ATI Technologies, Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys ()

DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()

DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)

DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)

DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)

DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)

DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)

DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)

DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)

DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)

DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)

DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)

DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)

DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)

DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)

DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)

DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)

DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)

DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)

DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)

DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)

DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)

DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)

DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)

DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)

DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)

DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)

DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)

DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)

DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)

DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)

DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)

DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)

DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)

DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)

DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)

DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)

DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)

DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)

DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)

DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)

DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)

DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)

DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)

DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)

DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)

DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)

DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)

DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)

DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)

DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)

DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)

DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)

DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (NXP Semiconductors)

DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)

DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)

DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)

DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)

DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)

DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)

DRV - (cdrblock) -- C:\Windows\System32\drivers\cdrblock.sys (Canopus Co,. Ltd.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/

IE - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q="

FF - prefs.js..browser.search.order.1: "foxsearch"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"

FF - prefs.js..extensions.enabledItems: firefox@bandoo.com:5.0

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.4

FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {7FF99715-3016-4381-84CE-E4E4C9673020}:1.0

FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91

FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "SweetIM Search"

FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q="

FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "SweetIM Search"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"

 

FF - user.js..browser.search.selectedEngine: "foxsearch"

FF - user.js..browser.search.order.1: "foxsearch"

FF - user.js..browser.search.defaultenginename: "foxsearch"

FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.29 00:37:40 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.29 00:37:40 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.10.22 16:07:59 | 000,000,000 | ---D | M]

 

[2010.07.31 15:40:05 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\mozilla\Extensions

[2010.07.31 15:40:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wennto\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010.10.31 00:04:26 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\al3cmo4r.default\extensions

[2010.09.24 14:51:46 | 000,000,000 | ---D | M] (Modern Modoki) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\al3cmo4r.default\extensions\{7a94a9a7-be7f-4d51-afe9-06063380ca94}

[2010.07.30 21:32:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\al3cmo4r.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.10.14 14:26:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\al3cmo4r.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010.09.24 14:02:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\al3cmo4r.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010.09.19 16:44:20 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\al3cmo4r.default\extensions\vshare@toolbar

[2010.08.03 16:47:27 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions

[2010.07.30 18:43:50 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}

[2010.07.30 18:43:53 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010.07.30 18:43:56 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}

[2010.07.30 21:32:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.07.30 18:43:56 | 000,000,000 | ---D | M] (Past Modern) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\{81514210-E22A-4e69-93D5-E1EFD45B4620}

[2010.07.30 18:43:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010.07.30 18:43:57 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}

[2010.08.03 16:47:27 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\finder@meingutscheincode.de

[2010.07.30 18:43:50 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\firefox@bandoo.com

[2010.07.30 18:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions

[2010.05.12 17:40:06 | 000,001,042 | ---- | M] () -- C:\Users\Wennto\AppData\Roaming\Mozilla\FireFox\Profiles\q3koc7fq.default\searchplugins\icqplugin.xml

[2010.04.12 13:01:50 | 000,005,495 | ---- | M] () -- C:\Users\Wennto\AppData\Roaming\Mozilla\FireFox\Profiles\q3koc7fq.default\searchplugins\SearchquWebSearch.xml

[2010.05.31 16:30:31 | 000,003,915 | ---- | M] () -- C:\Users\Wennto\AppData\Roaming\Mozilla\FireFox\Profiles\q3koc7fq.default\searchplugins\sweetim.xml

[2010.09.24 14:02:38 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2010.07.31 13:33:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.07.31 13:32:56 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2006.03.22 03:27:56 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll

[2010.10.12 11:42:01 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.10.12 11:42:01 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2010.10.12 11:42:01 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.07.22 10:00:18 | 000,000,832 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearch.xml

[2010.10.12 11:42:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.10.12 11:42:01 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Discordia Limited)

O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [svchost] C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe ()

O4 - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000..\Run: [RegistryBooster] C:\Program Files\RegistryBooster\launcher.exe File not found

O4 - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()

O4 - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000..\Run: [svchost] C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe ()

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

F3 - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000 WinNT: Load - (C:\Users\Wennto\AppData\Local\Temp\dwm.exe) - C:\Users\Wennto\AppData\Local\Temp\dwm.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (c:\progra~2\wia6eb~1\datamngr\datamngr.dll) - c:\progra~2\wia6eb~1\datamngr\datamngr.dll (iMesh, Inc)

O20 - AppInit_DLLs: (c:\progra~2\bandoo\bndhook.dll) - c:\progra~2\bandoo\bndhook.dll (Discordia Limited)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000 Winlogon: Shell - (C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe) - C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe ()

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 0

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{0b08f887-a14e-11df-9b96-e316ecdbdb53}\Shell - "" = AutoRun

O33 - MountPoints2\{0b08f887-a14e-11df-9b96-e316ecdbdb53}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found

O33 - MountPoints2\{0b08f88a-a14e-11df-9b96-e316ecdbdb53}\Shell - "" = AutoRun

O33 - MountPoints2\{0b08f88a-a14e-11df-9b96-e316ecdbdb53}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found

O33 - MountPoints2\{3ea36db0-9bee-11df-955b-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{3ea36db0-9bee-11df-955b-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found

O33 - MountPoints2\{41dc6280-9bf7-11df-a89f-c14e2485bbfc}\Shell - "" = AutoRun

O33 - MountPoints2\{41dc6280-9bf7-11df-a89f-c14e2485bbfc}\Shell\AutoRun\command - "" = I:\OblivionLauncher.exe -- File not found

O33 - MountPoints2\{49051d15-a14c-11df-b4aa-d58dac5aad6d}\Shell - "" = AutoRun

O33 - MountPoints2\{49051d15-a14c-11df-b4aa-d58dac5aad6d}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found

O33 - MountPoints2\{8aa1df00-a296-11df-800f-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{8aa1df00-a296-11df-800f-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found

O33 - MountPoints2\{fffe9a21-a146-11df-b6e4-f23e4b93c27f}\Shell - "" = AutoRun

O33 - MountPoints2\{fffe9a21-a146-11df-b6e4-f23e4b93c27f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)

NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

 

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader - Schnellstart.lnk - C:\PROGRA~2\Adobe\READER~1.0\Reader\READER~1.EXE - (Adobe Systems Incorporated)

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk - C:\PROGRA~2\Adobe\READER~1.0\Reader\ADOBEC~1.EXE - ()

MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe File not found

MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)

MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe File not found

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

MsConfig - StartUpReg: RGSC - hkey= - key= - E:\spiele\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe File not found

MsConfig - StartUpReg: Standby - hkey= - key= - c:\Program Files\Common Files\Corel\Standby\Standby.exe File not found

MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe File not found

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

MsConfig - State: "startup" - 2

MsConfig - State: "bootini" - 2

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)

SafeBootMin: Primary disk - Driver Group

SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4F12F805-9B17-EB21-4517-868CB5E01A17} - Internet Explorer

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {96F0458E-6676-4F8C-4C89-5178C72DC3E7} - Java (Sun)

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.DIVX - C:\Windows\System32\divx.dll (DivX, Inc.)

Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()

Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)

Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)

Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)

Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()

Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

Drivers32: VIDC.YVU9 - C:\Windows\System32\Iyvu9_32.dll ()
 

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.10.31 15:00:57 | 000,000,000 | ---D | C] -- C:\31.10.2010

[2010.10.31 15:00:26 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2010.10.31 14:51:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools

[2010.10.31 14:36:40 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\Uniblue

[2010.10.31 00:01:46 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\Malwarebytes

[2010.10.31 00:01:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010.10.31 00:01:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010.10.31 00:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010.10.31 00:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010.10.30 14:32:46 | 000,000,000 | ---D | C] -- C:\OBLIVION CLEAN

[2010.10.30 12:40:13 | 000,000,000 | ---D | C] -- C:\Users\Wennto\Documents\FXpansion

[2010.10.30 01:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\FXpansion

[2010.10.28 16:32:16 | 000,097,248 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\snapman.sys

[2010.10.27 09:14:59 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll

[2010.10.27 09:14:59 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll

[2010.10.27 09:14:59 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax

[2010.10.27 09:14:59 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax

[2010.10.27 09:14:58 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys

[2010.10.26 12:02:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\iwin

[2010.10.26 12:01:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\JewelQuestHeritage

[2010.10.22 21:31:34 | 000,000,000 | -HSD | C] -- C:\found.000

[2010.10.21 17:08:25 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Local\oblivion

[2010.10.21 14:24:58 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Local\FalloutNV

[2010.10.20 14:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2010.10.20 14:42:27 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\ERS G-Studio

[2010.10.20 00:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\ABC Amber Audio Converter

[2010.10.20 00:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mp3 File Editor

[2010.10.18 13:47:06 | 000,000,000 | ---D | C] -- C:\Users\Wennto\Documents\ArcaniA - Gothic 4

[2010.10.18 00:21:34 | 000,000,000 | ---D | C] -- C:\Users\Wennto\dwhelper

[2010.10.16 22:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Google

[2010.10.16 15:06:04 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Local\Google

[2010.10.16 15:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2010.10.16 12:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Playrix Entertainment

[2010.10.16 12:41:47 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\URSE Games

[2010.10.16 12:39:26 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\SecretsOfOlympus

[2010.10.15 15:44:37 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\GAMEON

[2010.10.15 15:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Zylom

[2010.10.13 15:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\MumboJumbo

[2010.10.13 11:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies

[2010.10.13 11:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies

[2010.10.13 11:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\ATI

[2010.10.13 10:08:17 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010.10.13 10:08:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll

[2010.10.13 10:08:13 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2010.10.13 10:08:13 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2010.10.13 10:08:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2010.10.13 10:08:13 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2010.10.13 10:08:13 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010.10.13 10:08:13 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010.10.13 10:08:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010.10.13 10:08:13 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2010.10.13 10:08:13 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010.10.13 10:08:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2010.10.13 10:08:13 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2010.10.13 10:08:10 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL

[2010.10.13 10:08:04 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll

[2010.10.13 10:08:04 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll

[2010.10.13 10:08:03 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll

[2010.10.13 10:07:11 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll

[2010.10.12 14:13:23 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Local\STARGAZE_IMAGE_CACHE

[2010.10.12 14:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Alawar Stargaze

[2010.10.12 14:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Alawar

[2010.10.12 11:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab

[2010.10.12 00:41:57 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\The Creative Assembly

[2010.10.11 21:32:58 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Local\Zylom Games

[2010.10.11 21:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games

[2010.10.11 21:25:16 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\Zylom

[2010.10.10 10:30:23 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Local\Risen

[2010.10.07 15:08:11 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Local\EA Games

[2010.10.07 15:05:48 | 000,000,000 | ---D | C] -- C:\Users\Wennto\Documents\EA Games

[2010.10.07 14:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation

[2010.10.05 16:15:14 | 000,000,000 | ---D | C] -- C:\Users\Wennto\Documents\gothic3

[2010.10.04 16:09:33 | 000,016,400 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys

[2010.10.04 16:08:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd

[2010.10.04 16:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd

[2010.10.04 16:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd

[2010.10.04 16:08:22 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\Logitech

[2010.10.04 16:08:22 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\Logishrd

[2010.10.02 19:14:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\oodag

[2010.10.02 19:09:16 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Local\O&O

[2010.10.02 19:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software

[2010.10.02 10:57:03 | 000,000,000 | ---D | C] -- C:\Users\Wennto\Documents\My Drivers

[2010.10.02 10:57:03 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Local\Innovative Solutions

[2010.10.02 10:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions

[2010.10.02 10:47:41 | 000,000,000 | ---D | C] -- C:\Users\Wennto\Documents\DriverGenius

[2010.10.02 09:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SEGA Corporation

[1 C:\Users\Wennto\AppData\Local\*.tmp files -> C:\Users\Wennto\AppData\Local\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.10.31 16:33:35 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2010.10.31 16:33:35 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010.10.31 16:33:35 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2010.10.31 16:33:35 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010.10.31 16:32:21 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010.10.31 16:32:21 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010.10.31 16:27:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010.10.31 16:27:14 | 000,065,352 | ---- | M] () -- C:\Windows\System32\oodbs.lor

[2010.10.31 01:08:12 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini

[2010.10.31 00:01:38 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.10.28 16:32:16 | 000,097,248 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\snapman.sys

[2010.10.21 03:32:32 | 000,000,666 | ---- | M] () -- C:\Users\Wennto\Desktop\DOWNLOADS - Verknüpfung.lnk

[2010.10.20 00:08:28 | 000,001,044 | ---- | M] () -- C:\Users\Wennto\Desktop\ABC Amber Audio Converter.lnk

[2010.10.19 22:28:52 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll

[2010.10.19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2010.10.17 00:42:14 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat

[2010.10.15 22:00:15 | 000,007,604 | ---- | M] () -- C:\Users\Wennto\AppData\Local\Resmon.ResmonCfg

[2010.10.13 11:29:00 | 002,567,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010.10.04 16:09:33 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys

[2010.10.02 17:33:58 | 000,000,109 | ---- | M] () -- C:\Windows\disney.ini

[1 C:\Users\Wennto\AppData\Local\*.tmp files -> C:\Users\Wennto\AppData\Local\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.10.31 00:01:38 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.10.29 12:20:49 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini

[2010.10.21 03:32:32 | 000,000,666 | ---- | C] () -- C:\Users\Wennto\Desktop\DOWNLOADS - Verknüpfung.lnk

[2010.10.20 00:08:28 | 000,001,044 | ---- | C] () -- C:\Users\Wennto\Desktop\ABC Amber Audio Converter.lnk

[2010.10.17 00:42:14 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2010.10.06 15:57:51 | 000,040,960 | R--- | C] () -- C:\Windows\System32\psfind.dll

[2010.10.03 11:43:02 | 000,065,352 | ---- | C] () -- C:\Windows\System32\oodbs.lor

[2010.10.01 19:27:32 | 000,000,109 | ---- | C] () -- C:\Windows\disney.ini

[2010.09.29 08:10:59 | 000,000,000 | ---- | C] () -- C:\Users\Wennto\AppData\Roaming\chrtmp

[2010.09.24 11:09:06 | 000,000,004 | ---- | C] () -- C:\ProgramData\sysid100.dat

[2010.09.12 14:49:43 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys

[2010.09.12 14:49:42 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys

[2010.08.06 16:08:56 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2010.08.06 16:08:55 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2010.08.06 16:08:54 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2010.08.06 16:08:54 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010.08.06 16:08:54 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2010.08.06 16:08:53 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2010.08.04 14:21:52 | 000,000,088 | RHS- | C] () -- C:\ProgramData\1D916D85EC.sys

[2010.08.04 14:21:51 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2010.08.03 16:34:23 | 000,000,103 | ---- | C] () -- C:\Windows\canopus.ini

[2010.08.03 15:21:15 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll

[2010.08.03 15:12:19 | 000,000,022 | ---- | C] () -- C:\Windows\ULEAD32.INI

[2010.08.03 15:12:19 | 000,000,014 | ---- | C] () -- C:\Windows\dswplug.ini

[2010.08.02 15:51:30 | 000,007,604 | ---- | C] () -- C:\Users\Wennto\AppData\Local\Resmon.ResmonCfg

[2010.08.02 13:49:44 | 000,002,961 | ---- | C] () -- C:\Program Files\INSTALL.LOG

[2010.08.02 13:49:42 | 000,890,953 | ---- | C] () -- C:\Windows\HSC_sq4.ini

[2010.08.01 12:45:49 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys

[2010.08.01 12:45:49 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys

[2010.07.31 16:59:54 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys

[2010.07.30 17:26:00 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys

[2010.06.20 16:00:00 | 002,761,119 | ---- | C] () -- C:\Windows\System32\Melodyne editor.dll

[2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

 
 ========== LOP Check ==========

 

[2010.08.02 21:15:02 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Alien Skin

[2010.07.30 23:26:28 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\ASK Video

[2010.07.30 23:33:47 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Bandoo

[2010.10.20 00:48:43 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Celemony Software GmbH

[2010.07.30 17:29:10 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\DAEMON Tools Lite

[2010.07.30 17:25:18 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\DAEMON Tools Pro

[2010.10.20 14:42:27 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\ERS G-Studio

[2010.08.01 15:12:59 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\FXpansion

[2010.10.15 15:44:37 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\GAMEON

[2010.09.13 17:54:14 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\GHISLER

[2010.10.27 16:30:31 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\ICQ

[2010.08.02 03:19:21 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Imagenomic

[2010.09.23 11:13:03 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\iZotope

[2010.09.12 14:03:47 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Leadertech

[2010.09.12 17:35:21 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\MCMPEGEnc

[2010.09.25 12:35:07 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\MP3Find

[2010.07.31 12:30:12 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Mp3tag

[2010.08.02 21:12:55 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Nik Software

[2010.08.02 13:34:09 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\onOne Software

[2010.09.17 13:54:56 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\runic games

[2010.10.16 12:39:43 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\SecretsOfOlympus

[2010.07.31 16:56:15 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Steinberg

[2010.10.12 00:41:57 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\The Creative Assembly

[2010.07.31 15:40:04 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Thunderbird

[2010.08.02 20:11:20 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Tropico 3

[2010.09.07 21:01:47 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\TuneUp Software

[2010.10.30 12:28:01 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\TV-Browser

[2010.09.13 09:29:56 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Ubisoft

[2010.09.24 23:29:31 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Ulead Systems

[2010.10.31 14:36:40 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Uniblue

[2010.10.16 12:41:47 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\URSE Games

[2010.08.06 12:35:11 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Verbindungsassistent

[2010.07.31 17:00:55 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Waldorf

[2010.08.01 13:59:08 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Waves Audio

[2010.08.01 14:04:59 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Waves Preferences

[2010.08.06 13:03:24 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\XWindows Dock

[2010.10.15 15:48:34 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Zylom

[2010.10.31 14:53:25 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.09.09 14:44:28 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Adobe

[2010.08.02 21:15:02 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Alien Skin

[2010.07.30 23:26:28 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\ASK Video

[2010.09.12 18:15:44 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\ATI

[2010.08.06 11:34:42 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Avira

[2010.07.30 23:33:47 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Bandoo

[2010.10.20 00:48:43 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Celemony Software GmbH

[2010.09.24 23:29:16 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Corel

[2010.07.30 17:29:10 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\DAEMON Tools Lite

[2010.07.30 17:25:18 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\DAEMON Tools Pro

[2010.10.27 17:01:01 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\dvdcss

[2010.10.20 14:42:27 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\ERS G-Studio

[2010.08.01 15:12:59 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\FXpansion

[2010.10.15 15:44:37 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\GAMEON

[2010.09.13 17:54:14 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\GHISLER

[2010.10.27 16:30:31 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\ICQ

[2010.10.15 15:48:34 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Identities

[2010.08.02 03:19:21 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Imagenomic

[2010.08.01 15:05:04 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\InstallShield

[2010.09.21 09:48:17 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\InstallShield Installation Information

[2010.09.23 11:13:03 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\iZotope

[2010.09.12 14:03:47 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Leadertech

[2010.10.04 16:08:30 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Logishrd

[2010.10.04 16:09:54 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Logitech

[2010.07.30 17:05:37 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Macromedia

[2010.10.31 00:01:46 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Malwarebytes

[2010.09.12 17:35:21 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\MCMPEGEnc

[2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Media Center Programs

[2010.10.31 15:39:20 | 000,000,000 | --SD | M] -- C:\Users\Wennto\AppData\Roaming\Microsoft

[2010.07.30 23:34:21 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Mozilla

[2010.09.25 12:35:07 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\MP3Find

[2010.07.31 12:30:12 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Mp3tag

[2010.08.02 21:12:55 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Nik Software

[2010.08.02 13:34:09 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\onOne Software

[2010.09.17 13:54:56 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\runic games

[2010.10.16 12:39:43 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\SecretsOfOlympus

[2010.09.07 19:11:54 | 000,000,000 | R--D | M] -- C:\Users\Wennto\AppData\Roaming\SecuROM

[2010.07.31 16:56:15 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Steinberg

[2010.10.12 00:41:57 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\The Creative Assembly

[2010.07.31 15:40:04 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Thunderbird

[2010.08.02 20:11:20 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Tropico 3

[2010.09.07 21:01:47 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\TuneUp Software

[2010.10.30 12:28:01 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\TV-Browser

[2010.09.13 09:29:56 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Ubisoft

[2010.09.24 23:29:31 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Ulead Systems

[2010.10.31 14:36:40 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Uniblue

[2010.10.16 12:41:47 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\URSE Games

[2010.08.06 12:35:11 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Verbindungsassistent

[2010.10.30 16:42:03 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\vlc

[2010.07.31 17:00:55 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Waldorf

[2010.08.01 13:59:08 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Waves Audio

[2010.08.01 14:04:59 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Waves Preferences

[2010.07.30 19:36:50 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\WinRAR

[2010.08.06 13:03:24 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\XWindows Dock

[2010.07.30 22:05:52 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Yahoo!

[2010.10.15 15:48:34 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Zylom

 
 < %APPDATA%\*.exe /s >

[2010.09.21 09:44:05 | 000,331,776 | ---- | M] (Epic Games             ) -- C:\Users\Wennto\AppData\Roaming\InstallShield Installation Information\{6530FDAA-5B1F-4830-95BB-650E9804D239}\setup.exe

[2010.10.31 15:39:20 | 000,093,696 | ---- | M] () -- C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe

[2010.10.04 16:09:48 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Wennto\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

[2010.07.30 17:36:28 | 000,010,134 | R--- | M] () -- C:\Users\Wennto\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe

[2010.10.31 16:25:46 | 000,118,272 | ---- | M] () -- C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys

[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys

[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: EXPLORER.EXE  >

[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe

[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe

[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe

[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe

[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

 
 < MD5 for: IASTORV.SYS  >

[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys

[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys

[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys

[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys

[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll

[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe

[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

[2010.07.30 17:26:00 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:4EE323A4
 

< End of report >

Code:

OTL Extras logfile created on: 31.10.2010 16:56:54 - Run 3

OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\Public\Desktop\MFtools

 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 197,38 Gb Total Space | 17,04 Gb Free Space | 8,63% Space Free | Partition Type: NTFS

Drive D: | 35,51 Gb Total Space | 17,82 Gb Free Space | 50,19% Space Free | Partition Type: NTFS

Drive E: | 698,63 Gb Total Space | 25,43 Gb Free Space | 3,64% Space Free | Partition Type: NTFS

 

Computer Name: WENNTO-PC | User Name: Wennto | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-4066490547-1557199109-2218371550-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)

Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)

Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2

"{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder

"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine

"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

"{19910E33-E495-42F9-84FF-7569931CC021}_is1" = Mafia 2

"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21

"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion

"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg

"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX

"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11

"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest

"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content

"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01

"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = Hama Black Force Pad

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5

"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content

"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™

"{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight

"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content

"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync

"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3

"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4

"{5AEF871D-FBAB-4AEF-8AEB-6A8E668A7D3C}" = MP3Find pro v4.87

"{5F073685-ADDB-4D5A-98E9-0F795989A57F}" = PhotoFrame Pro 3.1

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{648C1BFD-6A70-46D8-B855-F84D95C2DC34}" = CSR

"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2

"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie

"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set

"{86EDEF11-EFE4-46CB-8B08-9CBD4A936B1F}" = Stranglehold

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer

"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig

"{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}" = Der Pate® II

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A6834535-4E7D-C07A-2CAA-E2B73C82EC60}" = AMD Drag and Drop Transcoding

"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 5.0

"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI

"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch

"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set

"{B01DD5B7-9862-43D7-BCA3-7882A17E4328}" = PhotoTools 1.0 Professional Edition

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B3D87264-EAC9-4DE8-8D0E-E758CA1413A0}_is1" = Disciples III

"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne

"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup

"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime

"{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}" = AmpliTube2

"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game

"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities

"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3

"{D75814C1-5AA5-4198-BFF6-093A226D9F0D}" = O&O Defrag Professional

"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{E1071C00-B001-4633-B9C3-164C856D5730}" = Bionic Commando

"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe

"{E426CEC1-35C5-42BF-913E-6EF8F1211D01}" = Overlord II

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne

"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery

"{EE91E474-9298-47B8-817F-8E0042408998}" = Risen Hotfix 1.01

"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor

"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition

"{F34D6DAE-7777-5C40-E143-8A0D6A048F75}" = ATI Catalyst Install Manager

"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den

"7-Zip" = 7-Zip 4.65

"ABC Amber Audio Converter" = ABC Amber Audio Converter

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3

"Alcatech BPM Studio Professional v4.9.1" = Alcatech BPM Studio Professional v4.9.1

"ASIO4ALL" = ASIO4ALL

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Bandoo" = Bandoo

"Blow Up" = Alien Skin Blow Up

"Bokeh" = Alien Skin Bokeh

"Borderlands Gold_is1" = Borderlands Gold

"broomstickbass-1.0.0" = Broomstick Bass 1.0.0

"Brothers in Arms - Hell's Highway" = Brothers in Arms: Hell's Highway

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"Color Efex Pro 3.0 Complete" = Color Efex Pro 3.0 Complete

"Dfine 2.0" = Dfine 2.0

"discoDSP Discovery VSTi_is1" = discoDSP Discovery VSTi v2.9

"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis

"Dragon Age Origins GotYE_is1" = Dragon Age Origins GotYE

"eLicenser Control" = eLicenser Control

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ERUNT_is1" = ERUNT 1.1j

"Exposure" = Alien Skin Exposure

"EyeCandy5Impact" = Alien Skin Eye Candy 5 Impact

"EyeCandy5Nature" = Alien Skin Eye Candy 5 Nature

"EyeCandy5Textures" = Alien Skin Eye Candy 5 Textures

"Fallout New Vegas_is1" = Fallout New Vegas

"Fraps" = Fraps (remove only)

"GFORCE_SOFTWARE_MINIMONSTA_RTAS_VSTi_v1.06-PLZ" = GFORCE_SOFTWARE_MINIMONSTA_RTAS_VSTi_v1.06-PLZ

"ImagenomicPortraiturePlugin" = Imagenomic Portraiture 2.3 Plug-in (build 2308)

"Indeo® software" = Indeo® software

"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla

"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data

"iZotope iDrum Factory Content_is1" = iZotope iDrum Factory Content

"iZotope iDrum_is1" = iZotope iDrum

"iZotope Ozone 4_is1" = iZotope Ozone 4

"JDownloader" = JDownloader

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.1.0

"Lara Croft and the Guardian of Light_is1" = Lara Croft and the Guardian of Light

"Mafia II_is1" = Mafia II

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MediaMonkey_is1" = MediaMonkey 3.1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)

"Mozilla Thunderbird (3.1.5)" = Mozilla Thunderbird (3.1.5)

"Mp3tag" = Mp3tag v2.46a

"Native Instruments Battery 3" = Native Instruments Battery 3

"Nehrim - Am Rande des Schicksals_is1" = NehrimUninstaller

"OpenAL" = OpenAL

"OpenLibraries" = OpenLibraries

"PixPlant2_is1" = PixPlant for Photoshop 2.0.43

"Power Retouche Pro" = Power Retouche Pro

"rgcAudio z3ta Plus v1.40" = rgcAudio z3ta Plus v1.40

"RocketDock_is1" = RocketDock 1.3.5

"Runic Games Torchlight" = Torchlight

"Sharpener Pro 3.0" = Sharpener Pro 3.0

"Silver Efex Pro" = Silver Efex Pro

"StarCraft II" = StarCraft II

"The Last Remnant_is1" = The Last Remnant

"Totalcmd" = Total Commander (Remove or Repair)

"TruePianos: Amber Module_is1" = TruePianos: Amber Module 1.4.0

"TruePianos: Diamond Module_is1" = TruePianos: Diamond Module 1.4.0

"TruePianos: Emerald Module_is1" = TruePianos: Emerald Module 1.4.0

"TruePianos: Sapphire Module (Pedal sounds included)_is1" = TruePianos: Sapphire Module 1.4.0

"TruePianos: Sapphire Module_is1" = TruePianos: Sapphire Module 1.4.0

"TruePianos_is1" = TruePianos 1.4.1

"TuneUp Utilities" = TuneUp Utilities

"tvbrowser" = TV-Browser 3.0-beta2

"Two Worlds" = Two Worlds

"Veetle TV" = Veetle TV 0.9.18

"Verbindungsassistent" = Verbindungsassistent

"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions

"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions

"VLC media player" = VLC media player 1.0.3

"Waldorf Largo" = Waldorf Largo

"Waves Mercury Bundle" = Waves Mercury Bundle

"WinAVIVideoConverter_is1" = WinAVIVideoConverter

"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

"Yahoo! Messenger" = Yahoo! Messenger

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-4066490547-1557199109-2218371550-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist

 
 ========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >