Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Falsche Internetseiten werden aufgerufen!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 31.10.2010, 16:42   #1
Wennto
 
Falsche Internetseiten werden aufgerufen! - Standard

Falsche Internetseiten werden aufgerufen!



Hallo zusammen,
ich hoffe mal das mir hier jemand helfen kann.
Es kommt immer öfter vor, dass mein Browser eine kompklett andere Interentseite aufruft wie angefordert.
Ich will z.b. auf mobile.de und es kommt beispieltsweise die Seite Ask.com

Wenn ich die infizierten daten shell.exe und svchost.exe bei AntiMaleware lösche, komme ich nicht mehr ins Internet!
Also musste ich sie wieder aus der Quarantäte herstellen.

Vielen Dank im Vorraus für Ihre Hilfe!
Hier ist meine Hijackthis-log

Dirk


Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:35:15, on 31.10.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe
C:\Windows\system32\taskeng.exe
C:\Users\Wennto\AppData\Local\Temp\dwm.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Fraps\fraps.exe
C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
D:\DOWNLOADS\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
F3 - REG:win.ini: load=C:\Users\Wennto\AppData\Local\Temp\dwm.exe
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [svchost] C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\RegistryBooster\launcher.exe" delay 20000 
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [svchost] C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O20 - AppInit_DLLs: c:\progra~2\wia6eb~1\datamngr\datamngr.dll c:\progra~2\bandoo\bndhook.dll 
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~2\Bandoo\Bandoo.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: WTGService - Unknown owner - C:\Program Files\Verbindungsassistent\WTGService.exe

--
End of file - 5980 bytes
         

Alt 31.10.2010, 16:45   #2
markusg
/// Malware-holic
 
Falsche Internetseiten werden aufgerufen! - Standard

Falsche Internetseiten werden aufgerufen!



ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten.
+ das Malwarebytes logfile
__________________


Alt 31.10.2010, 16:47   #3
Leonixx
/// Helfer-Team
 
Falsche Internetseiten werden aufgerufen! - Standard

Falsche Internetseiten werden aufgerufen!



*Edit* MarkusG war schneller, klinke mich wieder aus.*
__________________

Alt 31.10.2010, 18:06   #4
Wennto
 
Falsche Internetseiten werden aufgerufen! - Standard

Falsche Internetseiten werden aufgerufen!



Ok, danke!

Hier die 3 Logs...Allerdings sind die infizierten Einträge bei Maleware nicht von mir entfernt worden, da ich sonst nicht mehr ins Internet kann.

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5006

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

31.10.2010 16:54:15
mbam-log-2010-10-31 (16-54-15).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 139314
Laufzeit: 3 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe (Trojan.Agent) -> No action taken.
C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe (Trojan.Shell) -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe (Trojan.Agent) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-4066490547-1557199109-2218371550-1000\$R17HK2R.exe (Trojan.Agent) -> No action taken.
C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe (Trojan.Shell) -> No action taken.
         

Code:
ATTFilter
OTL logfile created on: 31.10.2010 16:56:54 - Run 3
OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\Public\Desktop\MFtools
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 197,38 Gb Total Space | 17,04 Gb Free Space | 8,63% Space Free | Partition Type: NTFS
Drive D: | 35,51 Gb Total Space | 17,82 Gb Free Space | 50,19% Space Free | Partition Type: NTFS
Drive E: | 698,63 Gb Total Space | 25,43 Gb Free Space | 3,64% Space Free | Partition Type: NTFS
 
Computer Name: WENNTO-PC | User Name: Wennto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe ()
PRC - C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe ()
PRC - C:\Users\Wennto\AppData\Local\Temp\dwm.exe ()
PRC - C:\Users\Public\Desktop\MFtools\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\PROGRA~2\Bandoo\Bandoo.exe (Discordia Limited)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Fraps\fraps.exe (Beepa P/L)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Program Files\Verbindungsassistent\WTGService.exe ()
PRC - C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Public\Desktop\MFtools\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Fraps\FRAPS32.DLL (Beepa P/L)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (Bandoo Coordinator) -- C:\PROGRA~2\Bandoo\Bandoo.exe (Discordia Limited)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (O&O Defrag) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (WTGService) -- C:\Program Files\Verbindungsassistent\WTGService.exe ()
SRV - (ASTSRV) -- C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (UIUSys) -- C:\Windows\System32\DRIVERS\UIUSYS.SYS File not found
DRV - (cpuz130) -- C:\Users\Wennto\AppData\Local\Temp\cpuz130\cpuz_x32.sys File not found
DRV - (amdiox86) -- C:\Windows\System32\DRIVERS\amdiox86.sys File not found
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ctgame) -- C:\Windows\System32\drivers\ctgame.sys (Creative Technology Ltd.)
DRV - (msgame) -- C:\Windows\System32\drivers\msgame.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (ATI Technologies, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (NXP Semiconductors)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (cdrblock) -- C:\Windows\System32\drivers\cdrblock.sys (Canopus Co,. Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: firefox@bandoo.com:5.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.4
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {7FF99715-3016-4381-84CE-E4E4C9673020}:1.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.29 00:37:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.29 00:37:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.10.22 16:07:59 | 000,000,000 | ---D | M]
 
[2010.07.31 15:40:05 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\mozilla\Extensions
[2010.07.31 15:40:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wennto\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.10.31 00:04:26 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\al3cmo4r.default\extensions
[2010.09.24 14:51:46 | 000,000,000 | ---D | M] (Modern Modoki) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\al3cmo4r.default\extensions\{7a94a9a7-be7f-4d51-afe9-06063380ca94}
[2010.07.30 21:32:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\al3cmo4r.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.10.14 14:26:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\al3cmo4r.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.09.24 14:02:34 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\al3cmo4r.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.09.19 16:44:20 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\al3cmo4r.default\extensions\vshare@toolbar
[2010.08.03 16:47:27 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions
[2010.07.30 18:43:50 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2010.07.30 18:43:53 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.07.30 18:43:56 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\{7FF99715-3016-4381-84CE-E4E4C9673020}
[2010.07.30 21:32:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.07.30 18:43:56 | 000,000,000 | ---D | M] (Past Modern) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\{81514210-E22A-4e69-93D5-E1EFD45B4620}
[2010.07.30 18:43:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.07.30 18:43:57 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.08.03 16:47:27 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\finder@meingutscheincode.de
[2010.07.30 18:43:50 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\firefox@bandoo.com
[2010.07.30 18:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wennto\AppData\Roaming\mozilla\Firefox\Profiles\q3koc7fq.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2010.05.12 17:40:06 | 000,001,042 | ---- | M] () -- C:\Users\Wennto\AppData\Roaming\Mozilla\FireFox\Profiles\q3koc7fq.default\searchplugins\icqplugin.xml
[2010.04.12 13:01:50 | 000,005,495 | ---- | M] () -- C:\Users\Wennto\AppData\Roaming\Mozilla\FireFox\Profiles\q3koc7fq.default\searchplugins\SearchquWebSearch.xml
[2010.05.31 16:30:31 | 000,003,915 | ---- | M] () -- C:\Users\Wennto\AppData\Roaming\Mozilla\FireFox\Profiles\q3koc7fq.default\searchplugins\sweetim.xml
[2010.09.24 14:02:38 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.07.31 13:33:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.31 13:32:56 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006.03.22 03:27:56 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010.10.12 11:42:01 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.12 11:42:01 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.12 11:42:01 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.22 10:00:18 | 000,000,832 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearch.xml
[2010.10.12 11:42:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.12 11:42:01 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Discordia Limited)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [svchost] C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe ()
O4 - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000..\Run: [RegistryBooster] C:\Program Files\RegistryBooster\launcher.exe File not found
O4 - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000..\Run: [svchost] C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
F3 - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000 WinNT: Load - (C:\Users\Wennto\AppData\Local\Temp\dwm.exe) - C:\Users\Wennto\AppData\Local\Temp\dwm.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\wia6eb~1\datamngr\datamngr.dll) - c:\progra~2\wia6eb~1\datamngr\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (c:\progra~2\bandoo\bndhook.dll) - c:\progra~2\bandoo\bndhook.dll (Discordia Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000 Winlogon: Shell - (C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe) - C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0b08f887-a14e-11df-9b96-e316ecdbdb53}\Shell - "" = AutoRun
O33 - MountPoints2\{0b08f887-a14e-11df-9b96-e316ecdbdb53}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{0b08f88a-a14e-11df-9b96-e316ecdbdb53}\Shell - "" = AutoRun
O33 - MountPoints2\{0b08f88a-a14e-11df-9b96-e316ecdbdb53}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{3ea36db0-9bee-11df-955b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3ea36db0-9bee-11df-955b-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{41dc6280-9bf7-11df-a89f-c14e2485bbfc}\Shell - "" = AutoRun
O33 - MountPoints2\{41dc6280-9bf7-11df-a89f-c14e2485bbfc}\Shell\AutoRun\command - "" = I:\OblivionLauncher.exe -- File not found
O33 - MountPoints2\{49051d15-a14c-11df-b4aa-d58dac5aad6d}\Shell - "" = AutoRun
O33 - MountPoints2\{49051d15-a14c-11df-b4aa-d58dac5aad6d}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{8aa1df00-a296-11df-800f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8aa1df00-a296-11df-800f-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{fffe9a21-a146-11df-b6e4-f23e4b93c27f}\Shell - "" = AutoRun
O33 - MountPoints2\{fffe9a21-a146-11df-b6e4-f23e4b93c27f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader - Schnellstart.lnk - C:\PROGRA~2\Adobe\READER~1.0\Reader\READER~1.EXE - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk - C:\PROGRA~2\Adobe\READER~1.0\Reader\ADOBEC~1.EXE - ()
MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe File not found
MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Programme\Yahoo!\Messenger\YahooMessenger.exe File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RGSC - hkey= - key= - E:\spiele\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe File not found
MsConfig - StartUpReg: Standby - hkey= - key= - c:\Program Files\Common Files\Corel\Standby\Standby.exe File not found
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4F12F805-9B17-EB21-4517-868CB5E01A17} - Internet Explorer
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {96F0458E-6676-4F8C-4C89-5178C72DC3E7} - Java (Sun)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.YVU9 - C:\Windows\System32\Iyvu9_32.dll ()

 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.31 15:00:57 | 000,000,000 | ---D | C] -- C:\31.10.2010
[2010.10.31 15:00:26 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010.10.31 14:51:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools
[2010.10.31 14:36:40 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\Uniblue
[2010.10.31 00:01:46 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\Malwarebytes
[2010.10.31 00:01:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.31 00:01:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.31 00:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.10.31 00:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.30 14:32:46 | 000,000,000 | ---D | C] -- C:\OBLIVION CLEAN
[2010.10.30 12:40:13 | 000,000,000 | ---D | C] -- C:\Users\Wennto\Documents\FXpansion
[2010.10.30 01:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\FXpansion
[2010.10.28 16:32:16 | 000,097,248 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2010.10.27 09:14:59 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010.10.27 09:14:59 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010.10.27 09:14:59 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.10.27 09:14:59 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.10.27 09:14:58 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010.10.26 12:02:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\iwin
[2010.10.26 12:01:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\JewelQuestHeritage
[2010.10.22 21:31:34 | 000,000,000 | -HSD | C] -- C:\found.000
[2010.10.21 17:08:25 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Local\oblivion
[2010.10.21 14:24:58 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Local\FalloutNV
[2010.10.20 14:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.10.20 14:42:27 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\ERS G-Studio
[2010.10.20 00:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\ABC Amber Audio Converter
[2010.10.20 00:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mp3 File Editor
[2010.10.18 13:47:06 | 000,000,000 | ---D | C] -- C:\Users\Wennto\Documents\ArcaniA - Gothic 4
[2010.10.18 00:21:34 | 000,000,000 | ---D | C] -- C:\Users\Wennto\dwhelper
[2010.10.16 22:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010.10.16 15:06:04 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Local\Google
[2010.10.16 15:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010.10.16 12:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Playrix Entertainment
[2010.10.16 12:41:47 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\URSE Games
[2010.10.16 12:39:26 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\SecretsOfOlympus
[2010.10.15 15:44:37 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\GAMEON
[2010.10.15 15:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Zylom
[2010.10.13 15:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\MumboJumbo
[2010.10.13 11:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2010.10.13 11:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010.10.13 11:30:51 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010.10.13 10:08:17 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.13 10:08:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.13 10:08:13 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.10.13 10:08:13 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.10.13 10:08:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.10.13 10:08:13 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.10.13 10:08:13 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.10.13 10:08:13 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.10.13 10:08:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.10.13 10:08:13 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.10.13 10:08:13 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.10.13 10:08:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.10.13 10:08:13 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.10.13 10:08:10 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.10.13 10:08:04 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.13 10:08:04 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.10.13 10:08:03 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.10.13 10:07:11 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
[2010.10.12 14:13:23 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Local\STARGAZE_IMAGE_CACHE
[2010.10.12 14:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Alawar Stargaze
[2010.10.12 14:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Alawar
[2010.10.12 11:13:21 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010.10.12 00:41:57 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\The Creative Assembly
[2010.10.11 21:32:58 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Local\Zylom Games
[2010.10.11 21:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2010.10.11 21:25:16 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\Zylom
[2010.10.10 10:30:23 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Local\Risen
[2010.10.07 15:08:11 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Local\EA Games
[2010.10.07 15:05:48 | 000,000,000 | ---D | C] -- C:\Users\Wennto\Documents\EA Games
[2010.10.07 14:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010.10.05 16:15:14 | 000,000,000 | ---D | C] -- C:\Users\Wennto\Documents\gothic3
[2010.10.04 16:09:33 | 000,016,400 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2010.10.04 16:08:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2010.10.04 16:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2010.10.04 16:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2010.10.04 16:08:22 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\Logitech
[2010.10.04 16:08:22 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Roaming\Logishrd
[2010.10.02 19:14:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\oodag
[2010.10.02 19:09:16 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Local\O&O
[2010.10.02 19:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software
[2010.10.02 10:57:03 | 000,000,000 | ---D | C] -- C:\Users\Wennto\Documents\My Drivers
[2010.10.02 10:57:03 | 000,000,000 | ---D | C] -- C:\Users\Wennto\AppData\Local\Innovative Solutions
[2010.10.02 10:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2010.10.02 10:47:41 | 000,000,000 | ---D | C] -- C:\Users\Wennto\Documents\DriverGenius
[2010.10.02 09:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SEGA Corporation
[1 C:\Users\Wennto\AppData\Local\*.tmp files -> C:\Users\Wennto\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.31 16:33:35 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.31 16:33:35 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.31 16:33:35 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.31 16:33:35 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.31 16:32:21 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.31 16:32:21 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.31 16:27:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.31 16:27:14 | 000,065,352 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2010.10.31 01:08:12 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini
[2010.10.31 00:01:38 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.28 16:32:16 | 000,097,248 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2010.10.21 03:32:32 | 000,000,666 | ---- | M] () -- C:\Users\Wennto\Desktop\DOWNLOADS - Verknüpfung.lnk
[2010.10.20 00:08:28 | 000,001,044 | ---- | M] () -- C:\Users\Wennto\Desktop\ABC Amber Audio Converter.lnk
[2010.10.19 22:28:52 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2010.10.19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.10.17 00:42:14 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2010.10.15 22:00:15 | 000,007,604 | ---- | M] () -- C:\Users\Wennto\AppData\Local\Resmon.ResmonCfg
[2010.10.13 11:29:00 | 002,567,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.04 16:09:33 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2010.10.02 17:33:58 | 000,000,109 | ---- | M] () -- C:\Windows\disney.ini
[1 C:\Users\Wennto\AppData\Local\*.tmp files -> C:\Users\Wennto\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.31 00:01:38 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.29 12:20:49 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.10.21 03:32:32 | 000,000,666 | ---- | C] () -- C:\Users\Wennto\Desktop\DOWNLOADS - Verknüpfung.lnk
[2010.10.20 00:08:28 | 000,001,044 | ---- | C] () -- C:\Users\Wennto\Desktop\ABC Amber Audio Converter.lnk
[2010.10.17 00:42:14 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.10.06 15:57:51 | 000,040,960 | R--- | C] () -- C:\Windows\System32\psfind.dll
[2010.10.03 11:43:02 | 000,065,352 | ---- | C] () -- C:\Windows\System32\oodbs.lor
[2010.10.01 19:27:32 | 000,000,109 | ---- | C] () -- C:\Windows\disney.ini
[2010.09.29 08:10:59 | 000,000,000 | ---- | C] () -- C:\Users\Wennto\AppData\Roaming\chrtmp
[2010.09.24 11:09:06 | 000,000,004 | ---- | C] () -- C:\ProgramData\sysid100.dat
[2010.09.12 14:49:43 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.09.12 14:49:42 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.08.06 16:08:56 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.08.06 16:08:55 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.08.06 16:08:54 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010.08.06 16:08:54 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.08.06 16:08:54 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.08.06 16:08:53 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.08.04 14:21:52 | 000,000,088 | RHS- | C] () -- C:\ProgramData\1D916D85EC.sys
[2010.08.04 14:21:51 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.08.03 16:34:23 | 000,000,103 | ---- | C] () -- C:\Windows\canopus.ini
[2010.08.03 15:21:15 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2010.08.03 15:12:19 | 000,000,022 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2010.08.03 15:12:19 | 000,000,014 | ---- | C] () -- C:\Windows\dswplug.ini
[2010.08.02 15:51:30 | 000,007,604 | ---- | C] () -- C:\Users\Wennto\AppData\Local\Resmon.ResmonCfg
[2010.08.02 13:49:44 | 000,002,961 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2010.08.02 13:49:42 | 000,890,953 | ---- | C] () -- C:\Windows\HSC_sq4.ini
[2010.08.01 12:45:49 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2010.08.01 12:45:49 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2010.07.31 16:59:54 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys
[2010.07.30 17:26:00 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.06.20 16:00:00 | 002,761,119 | ---- | C] () -- C:\Windows\System32\Melodyne editor.dll
[2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
 
========== LOP Check ==========
 
[2010.08.02 21:15:02 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Alien Skin
[2010.07.30 23:26:28 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\ASK Video
[2010.07.30 23:33:47 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Bandoo
[2010.10.20 00:48:43 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Celemony Software GmbH
[2010.07.30 17:29:10 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\DAEMON Tools Lite
[2010.07.30 17:25:18 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\DAEMON Tools Pro
[2010.10.20 14:42:27 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\ERS G-Studio
[2010.08.01 15:12:59 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\FXpansion
[2010.10.15 15:44:37 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\GAMEON
[2010.09.13 17:54:14 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\GHISLER
[2010.10.27 16:30:31 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\ICQ
[2010.08.02 03:19:21 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Imagenomic
[2010.09.23 11:13:03 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\iZotope
[2010.09.12 14:03:47 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Leadertech
[2010.09.12 17:35:21 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\MCMPEGEnc
[2010.09.25 12:35:07 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\MP3Find
[2010.07.31 12:30:12 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Mp3tag
[2010.08.02 21:12:55 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Nik Software
[2010.08.02 13:34:09 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\onOne Software
[2010.09.17 13:54:56 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\runic games
[2010.10.16 12:39:43 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\SecretsOfOlympus
[2010.07.31 16:56:15 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Steinberg
[2010.10.12 00:41:57 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\The Creative Assembly
[2010.07.31 15:40:04 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Thunderbird
[2010.08.02 20:11:20 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Tropico 3
[2010.09.07 21:01:47 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\TuneUp Software
[2010.10.30 12:28:01 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\TV-Browser
[2010.09.13 09:29:56 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Ubisoft
[2010.09.24 23:29:31 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Ulead Systems
[2010.10.31 14:36:40 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Uniblue
[2010.10.16 12:41:47 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\URSE Games
[2010.08.06 12:35:11 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Verbindungsassistent
[2010.07.31 17:00:55 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Waldorf
[2010.08.01 13:59:08 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Waves Audio
[2010.08.01 14:04:59 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Waves Preferences
[2010.08.06 13:03:24 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\XWindows Dock
[2010.10.15 15:48:34 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Zylom
[2010.10.31 14:53:25 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.09.09 14:44:28 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Adobe
[2010.08.02 21:15:02 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Alien Skin
[2010.07.30 23:26:28 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\ASK Video
[2010.09.12 18:15:44 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\ATI
[2010.08.06 11:34:42 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Avira
[2010.07.30 23:33:47 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Bandoo
[2010.10.20 00:48:43 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Celemony Software GmbH
[2010.09.24 23:29:16 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Corel
[2010.07.30 17:29:10 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\DAEMON Tools Lite
[2010.07.30 17:25:18 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\DAEMON Tools Pro
[2010.10.27 17:01:01 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\dvdcss
[2010.10.20 14:42:27 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\ERS G-Studio
[2010.08.01 15:12:59 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\FXpansion
[2010.10.15 15:44:37 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\GAMEON
[2010.09.13 17:54:14 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\GHISLER
[2010.10.27 16:30:31 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\ICQ
[2010.10.15 15:48:34 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Identities
[2010.08.02 03:19:21 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Imagenomic
[2010.08.01 15:05:04 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\InstallShield
[2010.09.21 09:48:17 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\InstallShield Installation Information
[2010.09.23 11:13:03 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\iZotope
[2010.09.12 14:03:47 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Leadertech
[2010.10.04 16:08:30 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Logishrd
[2010.10.04 16:09:54 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Logitech
[2010.07.30 17:05:37 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Macromedia
[2010.10.31 00:01:46 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Malwarebytes
[2010.09.12 17:35:21 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\MCMPEGEnc
[2009.07.14 09:56:41 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Media Center Programs
[2010.10.31 15:39:20 | 000,000,000 | --SD | M] -- C:\Users\Wennto\AppData\Roaming\Microsoft
[2010.07.30 23:34:21 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Mozilla
[2010.09.25 12:35:07 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\MP3Find
[2010.07.31 12:30:12 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Mp3tag
[2010.08.02 21:12:55 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Nik Software
[2010.08.02 13:34:09 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\onOne Software
[2010.09.17 13:54:56 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\runic games
[2010.10.16 12:39:43 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\SecretsOfOlympus
[2010.09.07 19:11:54 | 000,000,000 | R--D | M] -- C:\Users\Wennto\AppData\Roaming\SecuROM
[2010.07.31 16:56:15 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Steinberg
[2010.10.12 00:41:57 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\The Creative Assembly
[2010.07.31 15:40:04 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Thunderbird
[2010.08.02 20:11:20 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Tropico 3
[2010.09.07 21:01:47 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\TuneUp Software
[2010.10.30 12:28:01 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\TV-Browser
[2010.09.13 09:29:56 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Ubisoft
[2010.09.24 23:29:31 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Ulead Systems
[2010.10.31 14:36:40 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Uniblue
[2010.10.16 12:41:47 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\URSE Games
[2010.08.06 12:35:11 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Verbindungsassistent
[2010.10.30 16:42:03 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\vlc
[2010.07.31 17:00:55 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Waldorf
[2010.08.01 13:59:08 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Waves Audio
[2010.08.01 14:04:59 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Waves Preferences
[2010.07.30 19:36:50 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\WinRAR
[2010.08.06 13:03:24 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\XWindows Dock
[2010.07.30 22:05:52 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Yahoo!
[2010.10.15 15:48:34 | 000,000,000 | ---D | M] -- C:\Users\Wennto\AppData\Roaming\Zylom
 
< %APPDATA%\*.exe /s >
[2010.09.21 09:44:05 | 000,331,776 | ---- | M] (Epic Games             ) -- C:\Users\Wennto\AppData\Roaming\InstallShield Installation Information\{6530FDAA-5B1F-4830-95BB-650E9804D239}\setup.exe
[2010.10.31 15:39:20 | 000,093,696 | ---- | M] () -- C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe
[2010.10.04 16:09:48 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Wennto\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2010.07.30 17:36:28 | 000,010,134 | R--- | M] () -- C:\Users\Wennto\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
[2010.10.31 16:25:46 | 000,118,272 | ---- | M] () -- C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.07.30 17:26:00 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:4EE323A4

< End of report >
         

Code:
ATTFilter
OTL Extras logfile created on: 31.10.2010 16:56:54 - Run 3
OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\Public\Desktop\MFtools
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 197,38 Gb Total Space | 17,04 Gb Free Space | 8,63% Space Free | Partition Type: NTFS
Drive D: | 35,51 Gb Total Space | 17,82 Gb Free Space | 50,19% Space Free | Partition Type: NTFS
Drive E: | 698,63 Gb Total Space | 25,43 Gb Free Space | 3,64% Space Free | Partition Type: NTFS
 
Computer Name: WENNTO-PC | User Name: Wennto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4066490547-1557199109-2218371550-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19910E33-E495-42F9-84FF-7569931CC021}_is1" = Mafia 2
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = Hama Black Force Pad
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{5AEF871D-FBAB-4AEF-8AEB-6A8E668A7D3C}" = MP3Find pro v4.87
"{5F073685-ADDB-4D5A-98E9-0F795989A57F}" = PhotoFrame Pro 3.1
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{648C1BFD-6A70-46D8-B855-F84D95C2DC34}" = CSR
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{86EDEF11-EFE4-46CB-8B08-9CBD4A936B1F}" = Stranglehold
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}" = Der Pate® II
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6834535-4E7D-C07A-2CAA-E2B73C82EC60}" = AMD Drag and Drop Transcoding
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 5.0
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{B01DD5B7-9862-43D7-BCA3-7882A17E4328}" = PhotoTools 1.0 Professional Edition
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3D87264-EAC9-4DE8-8D0E-E758CA1413A0}_is1" = Disciples III
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}" = AmpliTube2
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D75814C1-5AA5-4198-BFF6-093A226D9F0D}" = O&O Defrag Professional
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{E1071C00-B001-4633-B9C3-164C856D5730}" = Bionic Commando
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E426CEC1-35C5-42BF-913E-6EF8F1211D01}" = Overlord II
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{EE91E474-9298-47B8-817F-8E0042408998}" = Risen Hotfix 1.01
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F34D6DAE-7777-5C40-E143-8A0D6A048F75}" = ATI Catalyst Install Manager
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"7-Zip" = 7-Zip 4.65
"ABC Amber Audio Converter" = ABC Amber Audio Converter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"Alcatech BPM Studio Professional v4.9.1" = Alcatech BPM Studio Professional v4.9.1
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bandoo" = Bandoo
"Blow Up" = Alien Skin Blow Up
"Bokeh" = Alien Skin Bokeh
"Borderlands Gold_is1" = Borderlands Gold
"broomstickbass-1.0.0" = Broomstick Bass 1.0.0
"Brothers in Arms - Hell's Highway" = Brothers in Arms: Hell's Highway
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Color Efex Pro 3.0 Complete" = Color Efex Pro 3.0 Complete
"Dfine 2.0" = Dfine 2.0
"discoDSP Discovery VSTi_is1" = discoDSP Discovery VSTi v2.9
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"Dragon Age Origins GotYE_is1" = Dragon Age Origins GotYE
"eLicenser Control" = eLicenser Control
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Exposure" = Alien Skin Exposure
"EyeCandy5Impact" = Alien Skin Eye Candy 5 Impact
"EyeCandy5Nature" = Alien Skin Eye Candy 5 Nature
"EyeCandy5Textures" = Alien Skin Eye Candy 5 Textures
"Fallout New Vegas_is1" = Fallout New Vegas
"Fraps" = Fraps (remove only)
"GFORCE_SOFTWARE_MINIMONSTA_RTAS_VSTi_v1.06-PLZ" = GFORCE_SOFTWARE_MINIMONSTA_RTAS_VSTi_v1.06-PLZ
"ImagenomicPortraiturePlugin" = Imagenomic Portraiture 2.3 Plug-in (build 2308)
"Indeo® software" = Indeo® software
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"iZotope iDrum Factory Content_is1" = iZotope iDrum Factory Content
"iZotope iDrum_is1" = iZotope iDrum
"iZotope Ozone 4_is1" = iZotope Ozone 4
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.1.0
"Lara Croft and the Guardian of Light_is1" = Lara Croft and the Guardian of Light
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1.5)" = Mozilla Thunderbird (3.1.5)
"Mp3tag" = Mp3tag v2.46a
"Native Instruments Battery 3" = Native Instruments Battery 3
"Nehrim - Am Rande des Schicksals_is1" = NehrimUninstaller
"OpenAL" = OpenAL
"OpenLibraries" = OpenLibraries
"PixPlant2_is1" = PixPlant for Photoshop 2.0.43
"Power Retouche Pro" = Power Retouche Pro
"rgcAudio z3ta Plus v1.40" = rgcAudio z3ta Plus v1.40
"RocketDock_is1" = RocketDock 1.3.5
"Runic Games Torchlight" = Torchlight
"Sharpener Pro 3.0" = Sharpener Pro 3.0
"Silver Efex Pro" = Silver Efex Pro
"StarCraft II" = StarCraft II
"The Last Remnant_is1" = The Last Remnant
"Totalcmd" = Total Commander (Remove or Repair)
"TruePianos: Amber Module_is1" = TruePianos: Amber Module 1.4.0
"TruePianos: Diamond Module_is1" = TruePianos: Diamond Module 1.4.0
"TruePianos: Emerald Module_is1" = TruePianos: Emerald Module 1.4.0
"TruePianos: Sapphire Module (Pedal sounds included)_is1" = TruePianos: Sapphire Module 1.4.0
"TruePianos: Sapphire Module_is1" = TruePianos: Sapphire Module 1.4.0
"TruePianos_is1" = TruePianos 1.4.1
"TuneUp Utilities" = TuneUp Utilities
"tvbrowser" = TV-Browser 3.0-beta2
"Two Worlds" = Two Worlds
"Veetle TV" = Veetle TV 0.9.18
"Verbindungsassistent" = Verbindungsassistent
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"VLC media player" = VLC media player 1.0.3
"Waldorf Largo" = Waldorf Largo
"Waves Mercury Bundle" = Waves Mercury Bundle
"WinAVIVideoConverter_is1" = WinAVIVideoConverter
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4066490547-1557199109-2218371550-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         

Alt 31.10.2010, 18:18   #5
markusg
/// Malware-holic
 
Falsche Internetseiten werden aufgerufen! - Standard

Falsche Internetseiten werden aufgerufen!



• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
PRC - C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe ()
PRC - C:\Users\Wennto\AppData\Local\Temp\dwm.exe ()
O4 - HKLM..\Run: [svchost] C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe ()
O4 - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000..\Run: [svchost] C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe ()
F3 - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000 WinNT: Load - (C:\Users\Wennto\AppData\Local\Temp\dwm.exe) - C:\Users\Wennto\AppData\Local\Temp\dwm.exe
()
O20 - HKU\S-1-5-21-4066490547-1557199109-2218371550-1000 Winlogon: Shell - (C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe) - C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe
()
[2010.10.31 16:25:46 | 000,118,272 | ---- | M] () -- C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe
:FILES
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument dieses posten
wenn es irgendwelche probleme geben sollte, nutze die systemwiederherstellung, aber sag mir bescheid :-)


Alt 31.10.2010, 18:52   #6
Wennto
 
Falsche Internetseiten werden aufgerufen! - Standard

Falsche Internetseiten werden aufgerufen!



Oh Mann...

Also hab es so gemacht.OTL wollte neustarten.Nach dem neustart stand ein TXT auf dem Dektop.Welchen ich wegklickte.Ich dachte sie wäre im OTL Ordner.ist er aber nicht.Wo finde ich die?Irgendwo muss sie ja gespeichert sein, da keine Meldung von wegen "speichern" kam als ich sie weg X-te
Nach dem Fixen kann ich nun keine Interntseite mehr aufrufen. Ist der gleiche Effekt, als wenn ich die Infizierten Daten in die Maleware Quarantäne schiebe.Nur da kann ich sie zurückholen.Jetzt nicht mehr. Wiederherrstellungspunke können auch nicht mehr wiederhergestellt werden.Immer Fehlermeldungen nach dem neubooten!Keiner! Musste nun auf den Rechner meiner Frau ausweichen!

Alt 31.10.2010, 18:56   #7
markusg
/// Malware-holic
 
Falsche Internetseiten werden aufgerufen! - Standard

Falsche Internetseiten werden aufgerufen!



öffne mal den internet explorer. dort auf extras internetoptionen, verbindungen, laneinstellungen, haken bei proxy server raus nehmen.
dann übernehmen, ok und versuchen obs klappt.

Alt 31.10.2010, 19:01   #8
Wennto
 
Falsche Internetseiten werden aufgerufen! - Standard

Falsche Internetseiten werden aufgerufen!



Ja...das ging mit dem Proxy-Tip komm wieder Online...Und die TXT von OTL nach dem fixen hab ich auch gefunden.Hier ist sie!

Code:
ATTFilter
All processes killed
========== OTL ==========
Process svchost.exe killed successfully!
No active process named dwm.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\svchost deleted successfully.
C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-4066490547-1557199109-2218371550-1000\Software\Microsoft\Windows\CurrentVersion\Run\\svchost deleted successfully.
File C:\Users\Wennto\AppData\Roaming\Microsoft\svchost.exe not found.
C:\Users\Wennto\AppData\Local\Temp\dwm.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-4066490547-1557199109-2218371550-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Wennto\AppData\Local\Temp\dwm.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4066490547-1557199109-2218371550-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe deleted successfully.
C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe moved successfully.
File C:\Users\Wennto\AppData\Roaming\Microsoft\Windows\shell.exe not found.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Wennto
->Flash cache emptied: 456 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Wennto
->Temp folder emptied: 293925 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 73581786 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 70,00 mb
 
 
OTL by OldTimer - Version 3.2.17.1 log created on 10312010_182535

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 31.10.2010, 19:07   #9
markusg
/// Malware-holic
 
Falsche Internetseiten werden aufgerufen! - Standard

Falsche Internetseiten werden aufgerufen!



öffne arbeitzplatz, dann c: rechtsklick auf _OTL und zu _OTL.rar oder zip hinzufügen.
archiv zu uns hochladen.
http://www.trojaner-board.de/54791-a...ner-board.html

Alt 31.10.2010, 19:20   #10
Wennto
 
Falsche Internetseiten werden aufgerufen! - Standard

Falsche Internetseiten werden aufgerufen!



Das habe ich nun gemacht! Schonmal herzlichen Dank für das schnelle Annhemen und "am Ball bleiben" meiner Probleme! Hätt ich nicht mit gerechent! Ist mein PC schlimm "befallen" ?

Alt 31.10.2010, 19:20   #11
markusg
/// Malware-holic
 
Falsche Internetseiten werden aufgerufen! - Standard

Falsche Internetseiten werden aufgerufen!



ok hat geklappt.
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Alt 31.10.2010, 20:23   #12
Wennto
 
Falsche Internetseiten werden aufgerufen! - Standard

Falsche Internetseiten werden aufgerufen!



da kann ich machen was ich will combofix läuft nicht...PC freirt ein! Kann die Maus noch bewegen, aber das wars.Muss Reseten. Habs 20 mal probiert und den Leitfaden gewissenhaft gelesen, alle Programme sind (Scanner, Firewall ect.) deaktiviert.

Alt 31.10.2010, 20:25   #13
Wennto
 
Falsche Internetseiten werden aufgerufen! - Standard

Falsche Internetseiten werden aufgerufen!



combo fix läuft nicht.hab den leitfaden gewissenhaft geslesen und alles befolgt...Mauszeiger lässt sich nach dem Start von Combofix zwar bewegen aber das wars.!!! CPU -auslastung 0 %.Dennoch kann ich nix machen und muss reseten...Habs 20 mal versucht.... Alle Antivir und Fierewalls sind aus!

Alt 31.10.2010, 20:28   #14
markusg
/// Malware-holic
 
Falsche Internetseiten werden aufgerufen! - Standard

Falsche Internetseiten werden aufgerufen!



2 versuche hättens auch getan :-)
starte den pc mal neu.
dann sofort nach pc start die f8-taste betätigen, dort wähle abgesicherter modus, nicht den mit netzwerk.
dort anmelden und combofix starten.

Alt 31.10.2010, 20:53   #15
Wennto
 
Falsche Internetseiten werden aufgerufen! - Standard

Falsche Internetseiten werden aufgerufen!



Leider lässt sich das Programm dort auch nicht starten...Genau das selbe wie im Standardmodus.

Antwort

Themen zu Falsche Internetseiten werden aufgerufen!
adobe, antivir, antivir guard, avg, avira, bandoo, bho, bonjour, browser, computer, datamngr, datamngr.dll, desktop, explorer, firefox, hijack, infizierte, internet, internet explorer, logfile, mozilla, plug-in, seiten, software, svchost.exe, system, temp, windows



Ähnliche Themen: Falsche Internetseiten werden aufgerufen!


  1. Beim surfen werden ständig Webseiten aufgerufen
    Plagegeister aller Art und deren Bekämpfung - 14.10.2015 (6)
  2. Windows Vista 32 Bit: Browserseiten/fenster werden selbständig aufgerufen
    Log-Analyse und Auswertung - 19.05.2015 (16)
  3. Falsche Internetseiten werden ständig aufgerufen
    Log-Analyse und Auswertung - 08.08.2014 (9)
  4. Hijack / Trojaner in Firefox - Werbe-Websites werden aufgerufen
    Log-Analyse und Auswertung - 24.04.2014 (9)
  5. Google kann nicht aufgerufen werden
    Diskussionsforum - 23.12.2013 (3)
  6. Falsche Seiten bei Internetexplorer und Firefox werden aufgerufen
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (30)
  7. microsoft.com & Virenscanner Seiten können nicht aufgerufen werden
    Log-Analyse und Auswertung - 02.02.2012 (13)
  8. Falsche Internetseiten werden aufgerufen
    Plagegeister aller Art und deren Bekämpfung - 11.10.2011 (1)
  9. Nach Ablauf des Symantec-Abos kann keine Antivirenseite mehr aufgerufen werden
    Plagegeister aller Art und deren Bekämpfung - 22.03.2011 (24)
  10. Falsche Seiten werden aus der Google-Suche aufgerufen
    Plagegeister aller Art und deren Bekämpfung - 11.01.2011 (16)
  11. Weiterleitung auf falsche Internetseiten (aks.com, kdirectory,...)
    Plagegeister aller Art und deren Bekämpfung - 18.10.2010 (1)
  12. falsche Internetseiten werden aufgerufen!
    Log-Analyse und Auswertung - 23.09.2010 (7)
  13. Falsche Internetseiten werden geöffnet
    Log-Analyse und Auswertung - 13.09.2009 (8)
  14. Falsche Internetseiten werden geöffnet
    Log-Analyse und Auswertung - 22.06.2009 (4)
  15. Umleitung auf falsche Internetseiten
    Log-Analyse und Auswertung - 14.02.2009 (28)
  16. Falsche Internetseiten werden geöffnet
    Log-Analyse und Auswertung - 10.09.2008 (12)
  17. firefox leitet auf falsche internetseiten
    Log-Analyse und Auswertung - 09.08.2008 (1)

Zum Thema Falsche Internetseiten werden aufgerufen! - Hallo zusammen, ich hoffe mal das mir hier jemand helfen kann. Es kommt immer öfter vor, dass mein Browser eine kompklett andere Interentseite aufruft wie angefordert. Ich will z.b. auf - Falsche Internetseiten werden aufgerufen!...
Archiv
Du betrachtest: Falsche Internetseiten werden aufgerufen! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.