Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: "Festplatte beschädigt/Systemneustart/Windows Vista Recovery" Meldungen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 20.05.2011, 18:39   #1
virenhater
 
"Festplatte beschädigt/Systemneustart/Windows Vista Recovery" Meldungen - Standard

"Festplatte beschädigt/Systemneustart/Windows Vista Recovery" Meldungen



Hallo,

Habe das gleiche Problem wie in diesem Thread http://www.trojaner-board.de/99269-s...m-schwarz.html

Fehlermeldungen kommen nicht mehr aber die ganzen Ordner sind noch versteckt und und Schnellstartleiste wird nicht angezeigt und wenn ich auf das Windowslogo klicke stehen die Programme (bis auf Open Office) auch nicht da.

Habe mit Malware einen Quick Scan gemacht, weil in dem Installationsthread stand, normalerweise reicht der...

Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6628

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

20.05.2011 19:15:08
mbam-log-2011-05-20 (19-15-00) virs

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 198390
Laufzeit: 13 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 1
Infizierte Dateien: 5

Infizierte Speicherprozesse:
c:\programdata\mexfxpguvshihwb.exe (Rogue.FakeHDD) -> 3876 -> No action taken.
c:\programdata\42655480.exe (Rogue.FakeHDD) -> 3376 -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MEXFxpGUVShIHWB (Rogue.FakeHDD) -> Value: MEXFxpGUVShIHWB -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
c:\syscheckrt (Trojan.SpyEyes) -> No action taken.

Infizierte Dateien:
c:\programdata\mexfxpguvshihwb.exe (Rogue.FakeHDD) -> No action taken.
c:\programdata\42655480.exe (Rogue.FakeHDD) -> No action taken.
c:\Users\anna&arthur\downloads\setuppoker_a072a_de.exe (PUP.Casino) -> No action taken.
c:\Users\anna&arthur\local settings\temporary internet files\Content.IE5\O22740CK\about[1].exe (Rogue.FakeHDD) -> No action taken.
c:\syscheckrt\config.bin (Trojan.SpyEyes) -> No action taken.
Entfernt und neugestartet habe ich schon. Falls ich noch einen vollständigen Scan machen soll, bitte schreiben.

OTL Scan

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 20.05.2011 19:29:45 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Anna&Arthur\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 16 4394 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 93,15 Gb Total Space | 4,89 Gb Free Space | 5,25% Space Free | Partition Type: NTFS
Drive D: | 20,12 Gb Total Space | 8,08 Gb Free Space | 40,14% Space Free | Partition Type: NTFS
Drive F: | 101,41 Gb Total Space | 4,79 Gb Free Space | 4,72% Space Free | Partition Type: NTFS
Drive G: | 18,19 Gb Total Space | 1,76 Gb Free Space | 9,66% Space Free | Partition Type: FAT32
 
Computer Name: HEADQUARTER | User Name: Anna&Arthur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Selbst installierte Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Selbst installierte Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Selbst installierte Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Selbst installierte Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Selbst installierte Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Selbst installierte Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Selbst installierte Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Selbst installierte Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Selbst installierte Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Selbst installierte Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Selbst installierte Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 23 54 61 21 12 12 CA 01 [binary data]
"VistaSp2" = 99 10 42 F9 56 52 CA 01 [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A260482-1772-45DF-9BBE-EA6A84A13BBD}" = lport=138 | protocol=17 | dir=in | app=system | 
"{149A5803-EC3C-4B0C-A60F-207E1770519F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{15D485E7-5381-4C30-934C-26ABD8C5BD47}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{19B2C515-8C83-4A2F-86B0-C3743A7972A3}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1F329D14-D0BE-4363-AEAD-C20E9A950AE4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{266F9B04-0906-49C4-AF9A-2FC442343A9F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{32450EF0-7497-4B68-9B52-BC763A275956}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{45C348EF-4F9D-453B-9177-09BE99ECC770}" = lport=139 | protocol=6 | dir=in | app=system | 
"{473E9194-A90E-420E-B708-EE59D1BB5B49}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6509CFA5-72EB-4CD8-9F2D-06023AA66E19}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{655F4BD3-4677-4989-AD88-05B56A58CCD4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6A4B1AFA-6117-4F80-970D-F45C940FC67E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6ED741C1-EFE9-4002-B161-39CF2A34605F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6EFD739C-5736-4FA2-A216-B64267360C73}" = rport=138 | protocol=17 | dir=out | app=system | 
"{82A47AAF-FB01-44A8-864A-0291E5135A13}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A6CCF9D6-6BAC-49E0-A8D2-DE95BCA93809}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AB6C74FB-7043-4ED0-928A-902EE6B9E133}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E2B4AE31-9F15-496D-A22F-798F80666E44}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{E7C709D5-1FB1-4C88-8E56-1A37FB713E76}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ECA024CE-91D2-4DE9-AF0A-94B4143245B0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F2DD02B8-7DDC-4DB3-BB5F-85A61E0DEE29}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F63F7614-D4FE-4100-96F1-512708AAE1C9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FCFDD1-0D4B-499C-B967-0B19839B8FA0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{092201D6-48C1-4A19-908B-4F4AA3CFC78D}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{17E700D3-8575-489D-A28A-B8F8B9C9C608}" = protocol=17 | dir=in | app=f:\fc2\far cry 2\bin\fc2editor.exe | 
"{1882F048-50E7-4CF1-AD7A-9139239BBFD1}" = protocol=6 | dir=in | app=c:\users\anna&arthur\appdata\roaming\dropbox\bin\dropbox.exe | 
"{1A5EC63A-0E8C-474B-84DA-96706803AFFF}" = protocol=6 | dir=in | app=f:\gta 4\rockstar games social club\rgsclauncher.exe | 
"{23A59D2E-7796-4DC6-8A94-40712408A549}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{25E47A4C-0DE4-4AE7-B809-401B38690072}" = protocol=17 | dir=in | app=f:\bf2\bf2.exe | 
"{28730B45-E709-4DC4-8B96-6C77707EB046}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2D830299-AFEA-4AB4-B9B7-29D46D197BCB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3101F3BA-86EA-4720-B6C6-B00667035048}" = protocol=17 | dir=in | app=f:\rise of nations\thrones.exe | 
"{31DED621-1F12-47D6-A728-E894D2DD0DF2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{39A08F81-ADD1-4F99-8543-28BCEFD510E4}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{413926D6-5232-4286-BD1E-A4B1604A83D8}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{43F9924B-5997-4F83-9153-607CEBE09B8E}" = protocol=6 | dir=in | app=f:\steam\steamapps\radical89\day of defeat source\hl2.exe | 
"{46CEFA8F-A38E-4487-89BC-F7E863657842}" = protocol=17 | dir=in | app=f:\moh airborne\unrealengine3\binaries\moha.exe | 
"{599E9B4F-5311-406A-A424-57FC3FA3EB0A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{6D2DA4CD-7DF3-476C-ABE9-CAE090C97643}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\mafia ii\pc\mafia2.exe | 
"{6EC5068F-C34F-4C5A-8CA4-06FCB7BCE025}" = protocol=17 | dir=in | app=f:\supp\gpgnet\gpg.multiplayer.client.exe | 
"{72D85E9D-A975-433E-82DB-5CCE9C1943F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{76A1F84D-78AB-4411-A64D-BB64CCCD6568}" = protocol=6 | dir=in | app=f:\fc2\far cry 2\bin\fc2launcher.exe | 
"{7F1443A9-03F1-4A47-9693-217664537BF4}" = protocol=17 | dir=in | app=f:\supp\supreme commander\bin\supremecommander.exe | 
"{8BC0D41B-EA48-4AA2-8A0C-DF9AC6D11912}" = protocol=6 | dir=in | app=f:\fc2\far cry 2\bin\fc2editor.exe | 
"{8E4C07AA-8D29-428B-A6A5-5380ED250FF5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8EAD3022-7325-44AB-A64A-FD48E0C4CEE1}" = protocol=6 | dir=in | app=f:\steam\steamapps\radical89\counter-strike source\hl2.exe | 
"{9004D13C-5880-45BA-AE1B-136FF6D382BE}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{9264AF61-CF28-4B48-ADE0-8DDDB713A3E5}" = protocol=17 | dir=in | app=f:\fc2\far cry 2\bin\fc2launcher.exe | 
"{94507747-B831-496D-946A-F01C26EB02F1}" = protocol=6 | dir=in | app=c:\selbst installierte programme\schlacht um mittelerde\game.dat | 
"{94C125BF-FE3D-4463-8E14-F3C474A76119}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{97404D23-2AB9-4E84-921F-D83DFA21B06B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{99FF5CFE-33F3-4D81-A442-232D9FDB9927}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A5BCB315-771C-44FB-9049-1510E1C18783}" = protocol=17 | dir=in | app=c:\selbst installierte programme\schlacht um mittelerde\game.dat | 
"{A7E11A82-933F-4863-B6F8-249E4FE6BB4A}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\mafia ii\pc\mafia2.exe | 
"{AD39C5BF-4C43-42BC-89C8-CE1D7DCE87C9}" = protocol=6 | dir=in | app=f:\supp\supreme commander\bin\supremecommander.exe | 
"{B1577E64-7098-4223-B94E-667FF92F7AE2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B4F6A856-A09F-4AF5-B395-8C29DA3AC0AC}" = protocol=6 | dir=in | app=f:\bf2\bf2.exe | 
"{B54A62A5-B2D0-4AB0-A6E2-11B7CBC02AEB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BAEBE689-06A1-4961-BB79-1523F7996B1E}" = protocol=6 | dir=in | app=f:\rise of nations\thrones.exe | 
"{BD8FEEDE-472A-4F03-9AAF-78CDDDF09AA4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BE1D305E-6A17-4B62-95FD-58CB7562F468}" = protocol=17 | dir=in | app=f:\steam\steamapps\radical89\day of defeat source\hl2.exe | 
"{C502BDF0-41A6-4A96-B027-2B5CC37F7519}" = protocol=17 | dir=in | app=f:\gta 4\rockstar games social club\rgsclauncher.exe | 
"{C7560095-2333-4B0D-9730-A1E3DC99D413}" = protocol=6 | dir=in | app=f:\steam\steam.exe | 
"{CB99FB3D-E05E-4845-BF56-12D367E5C8BE}" = protocol=17 | dir=in | app=f:\fc2\far cry 2\bin\farcry2.exe | 
"{D0AAB08F-A21E-401E-8F26-BE4813ACA788}" = protocol=6 | dir=in | app=f:\supp\gpgnet\gpg.multiplayer.client.exe | 
"{D1AC77C3-C709-47B9-B218-6A17EBE40DEA}" = protocol=17 | dir=in | app=c:\users\anna&arthur\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D6199C96-F699-435E-A99F-FE865B2D6E14}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DA8FB8D6-1679-46F3-9F81-8F08BB72C226}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{DB22D346-2BB0-46DE-9197-F60D3A94F3A2}" = protocol=6 | dir=in | app=f:\moh airborne\unrealengine3\binaries\moha.exe | 
"{DD696108-C550-4893-A33A-F0907F2E0E01}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{E99D6CF3-89B0-41AF-A75E-00B4FC9A3A48}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EA8C60A7-7309-40BA-81FA-E03F3503839E}" = protocol=17 | dir=in | app=f:\steam\steamapps\radical89\counter-strike source\hl2.exe | 
"{F151855D-61E0-4364-BB25-80F4E42F7BFA}" = protocol=6 | dir=in | app=f:\fc2\far cry 2\bin\farcry2.exe | 
"{F213A928-94D9-43F0-8F0F-FA9F7A3790D4}" = protocol=17 | dir=in | app=f:\steam\steam.exe | 
"{F21456B5-68B1-4E4E-B0E1-65D6A751D4BA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F9872C25-4D50-4222-90E1-6EAA62A0485A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{0D4A7C1E-25D3-4B40-B880-10D9282EB728}C:\users\anna&arthur\downloads\blobby\volley.exe" = protocol=6 | dir=in | app=c:\users\anna&arthur\downloads\blobby\volley.exe | 
"TCP Query User{0FBA8961-5A77-4E97-B0B9-48FBD3F8C391}F:\cod44\iw3mp.exe" = protocol=6 | dir=in | app=f:\cod44\iw3mp.exe | 
"TCP Query User{1BD04BE6-0E7C-4900-B829-D4F83964E649}F:\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=f:\company of heroes\reliccoh.exe | 
"TCP Query User{2EAC6B2E-F8B0-4706-AB0E-059E0ED9762A}I:\lan games\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=i:\lan games\age of empires ii\age2_x1.exe | 
"TCP Query User{2F230614-1F81-4CB2-9331-01F0ACD93938}F:\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=f:\counter-strike source\hl2.exe | 
"TCP Query User{35DBF88B-8CE6-4A9F-A236-99A8CD62DE10}C:\users\anna&arthur\desktop\games\portable.gta.2\gta2.exe" = protocol=6 | dir=in | app=c:\users\anna&arthur\desktop\games\portable.gta.2\gta2.exe | 
"TCP Query User{379EA086-9770-4270-9855-A467577E55AD}I:\neuer ordner\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=i:\neuer ordner\age of empires ii\age2_x1.exe | 
"TCP Query User{43E66D54-90A8-47FD-92F5-D27B6C994CEA}F:\c c generals jim version\command & conquer(tm) generals zero hour\generals (2).exe" = protocol=6 | dir=in | app=f:\c c generals jim version\command & conquer(tm) generals zero hour\generals (2).exe | 
"TCP Query User{5873E795-417E-47A7-A09F-B692BA0F0761}C:\selbst installierte programme\java\bin\javaw.exe" = protocol=6 | dir=in | app=c:\selbst installierte programme\java\bin\javaw.exe | 
"TCP Query User{66A71061-9416-4FB6-8A14-811FC85E3AA2}F:\cod5\codwaw.exe" = protocol=6 | dir=in | app=f:\cod5\codwaw.exe | 
"TCP Query User{6A5E97C2-BFF3-4FBD-B4A9-3EBAC4CE0C7A}F:\cnc generals zero hour\game.dat" = protocol=6 | dir=in | app=f:\cnc generals zero hour\game.dat | 
"TCP Query User{70FB150C-4B4E-4756-9D44-AC3E71ADD2F3}C:\selbst installierte programme\pokerstrategy\equilator\equilator.exe" = protocol=6 | dir=in | app=c:\selbst installierte programme\pokerstrategy\equilator\equilator.exe | 
"TCP Query User{72EC09BC-AD08-49B4-9FA4-4D772CAAB65E}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{74B162F5-B5C5-493C-89BF-E71CE9B012D8}C:\users\anna&arthur\desktop\games\blobby\volley.exe" = protocol=6 | dir=in | app=c:\users\anna&arthur\desktop\games\blobby\volley.exe | 
"TCP Query User{75F832E7-3D07-450B-85D2-E571321843B4}F:\c&c generals\game.dat" = protocol=6 | dir=in | app=f:\c&c generals\game.dat | 
"TCP Query User{77CCDDB3-C190-48F3-BA60-8EE6C976E2D5}F:\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=f:\company of heroes\relicdownloader\relicdownloader.exe | 
"TCP Query User{78D9B042-93E9-4A13-896D-D145A5A8683F}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{7A52EEA9-F1B7-459F-B223-3600A8E84D83}F:\wolfenstein\et.exe" = protocol=6 | dir=in | app=f:\wolfenstein\et.exe | 
"TCP Query User{8185A1CC-D66A-4DF4-92A1-F55D982945B4}F:\tiberian sun\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe" = protocol=6 | dir=in | app=f:\tiberian sun\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe | 
"TCP Query User{8B50D2FA-2A3D-44BE-8291-475C2A513842}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{9BF0D224-FD78-49C8-BDB9-73C78CF09072}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{9D9C1873-B60A-48AF-A8D3-D58D6269D284}F:\cnc generals zero hour\game.dat" = protocol=6 | dir=in | app=f:\cnc generals zero hour\game.dat | 
"TCP Query User{A698826F-6E1C-455F-8694-62D9AB23EDE9}F:\c c generals jim version\command & conquer(tm) generals zero hour\generals.exe" = protocol=6 | dir=in | app=f:\c c generals jim version\command & conquer(tm) generals zero hour\generals.exe | 
"TCP Query User{AFB2C0AF-FEAD-49E9-B00A-BE88472559C2}F:\cnc\stundenull\game.dat" = protocol=6 | dir=in | app=f:\cnc\stundenull\game.dat | 
"TCP Query User{B1F69A7F-2E1B-442B-80FF-D37DF40F10D4}H:\lan\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=h:\lan\counter-strike source\hl2.exe | 
"TCP Query User{BCA88396-FA54-413F-9C57-64706523BE07}C:\selbst installierte programme\java\bin\javaw.exe" = protocol=6 | dir=in | app=c:\selbst installierte programme\java\bin\javaw.exe | 
"TCP Query User{BE10D2EF-0060-4DA3-82F8-A8A695685FAA}C:\selbst installierte programme\pokerstrategy\equilator\equilator.exe" = protocol=6 | dir=in | app=c:\selbst installierte programme\pokerstrategy\equilator\equilator.exe | 
"TCP Query User{C21B5907-C36C-4410-81A2-4A213385C7EB}C:\users\anna&arthur\downloads\blobby\volley.exe" = protocol=6 | dir=in | app=c:\users\anna&arthur\downloads\blobby\volley.exe | 
"TCP Query User{C5C55B03-88BB-48FE-9253-6CFA3FF66FEC}C:\users\anna&arthur\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\anna&arthur\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{C7F6D9F8-EA70-4606-A0CE-4829B70DB8B6}F:\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=f:\battlefield 1942\bf1942.exe | 
"TCP Query User{CB6E55F1-020E-49FA-B1DE-D729DC67D1B4}C:\selbst installierte programme\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\selbst installierte programme\hamachi\hamachi.exe | 
"TCP Query User{D43D3112-18C6-4DEB-8FFE-DFEAC6F5B9F3}C:\users\anna&arthur\desktop\games\blobby\volley.exe" = protocol=6 | dir=in | app=c:\users\anna&arthur\desktop\games\blobby\volley.exe | 
"TCP Query User{D91FF3A6-9439-48B8-BAEF-4909BD24C2CC}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{E6A51257-B778-480F-8654-74F1F3F0D8C4}H:\lan offen\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=h:\lan offen\age of empires ii\age2_x1.exe | 
"TCP Query User{F67E50F6-6E59-47BE-948B-601B32C4868C}C:\selbst installierte programme\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\selbst installierte programme\hamachi\hamachi.exe | 
"TCP Query User{FC55A721-3FE2-4930-A522-180A91F05777}F:\ppes\pes2008.exe" = protocol=6 | dir=in | app=f:\ppes\pes2008.exe | 
"UDP Query User{014FE39D-0B1F-4D67-8163-02551E53DC96}F:\cnc\stundenull\game.dat" = protocol=17 | dir=in | app=f:\cnc\stundenull\game.dat | 
"UDP Query User{0D77B10C-4FB7-412E-8623-B674DD66C870}F:\wolfenstein\et.exe" = protocol=17 | dir=in | app=f:\wolfenstein\et.exe | 
"UDP Query User{0D980B6E-778D-481D-BD90-E6C008056568}F:\cod44\iw3mp.exe" = protocol=17 | dir=in | app=f:\cod44\iw3mp.exe | 
"UDP Query User{0E4A7FC4-108A-4688-8C87-2A5B535C1353}F:\cnc generals zero hour\game.dat" = protocol=17 | dir=in | app=f:\cnc generals zero hour\game.dat | 
"UDP Query User{195A90B4-BFE6-4819-85D8-A8AAC067CA42}F:\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=f:\battlefield 1942\bf1942.exe | 
"UDP Query User{223027E7-A788-48D3-811F-706A80EC10CA}C:\selbst installierte programme\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\selbst installierte programme\hamachi\hamachi.exe | 
"UDP Query User{24F8D034-D722-4FD9-A1EF-A2F892908A5C}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{2780C0F3-9F18-47D5-8A07-AF05F6085009}C:\users\anna&arthur\downloads\blobby\volley.exe" = protocol=17 | dir=in | app=c:\users\anna&arthur\downloads\blobby\volley.exe | 
"UDP Query User{286E88D7-4FEB-4AB1-AE8C-6B414E17AAEB}F:\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=f:\company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{29E9F0D9-C7C3-4462-B78F-1A8C92DEDE62}C:\selbst installierte programme\java\bin\javaw.exe" = protocol=17 | dir=in | app=c:\selbst installierte programme\java\bin\javaw.exe | 
"UDP Query User{367E85CC-B1AA-47AA-8100-EC380788E137}C:\selbst installierte programme\pokerstrategy\equilator\equilator.exe" = protocol=17 | dir=in | app=c:\selbst installierte programme\pokerstrategy\equilator\equilator.exe | 
"UDP Query User{37860636-FB55-4A50-B3A9-57FDA880A13C}F:\tiberian sun\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe" = protocol=17 | dir=in | app=f:\tiberian sun\ea games\command & conquer the first decade\command & conquer(tm) tiberian sun(tm)\sun\game.exe | 
"UDP Query User{4B61B6B5-65C4-4089-91C3-C768AF31AA4B}F:\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=f:\company of heroes\reliccoh.exe | 
"UDP Query User{522659DE-87CA-40CD-9A0F-B2881AEEF16D}F:\cod5\codwaw.exe" = protocol=17 | dir=in | app=f:\cod5\codwaw.exe | 
"UDP Query User{58F3FA2D-7490-41C9-9AA8-63E0247D1211}C:\users\anna&arthur\desktop\games\blobby\volley.exe" = protocol=17 | dir=in | app=c:\users\anna&arthur\desktop\games\blobby\volley.exe | 
"UDP Query User{62F0FC9B-D358-46C8-B015-7CC41EE66938}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{6904B57B-4A0A-4E87-8A52-1051654251E7}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{763357D4-E00D-4F70-BB5D-BFAB3B828E28}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{86F6535F-AE27-43F8-A267-51EA47F9EEAD}F:\c&c generals\game.dat" = protocol=17 | dir=in | app=f:\c&c generals\game.dat | 
"UDP Query User{87895DB4-38BA-4BF7-9B32-18DDB1E77BA4}I:\lan games\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=i:\lan games\age of empires ii\age2_x1.exe | 
"UDP Query User{8C4328CC-A9C5-4461-98F1-575FF98357F3}F:\cnc generals zero hour\game.dat" = protocol=17 | dir=in | app=f:\cnc generals zero hour\game.dat | 
"UDP Query User{8DD15128-85DE-4BA4-8765-0FACF77C7D10}C:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{95B4D4C9-AE2A-4F86-AD1D-4F28742A4990}F:\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=f:\counter-strike source\hl2.exe | 
"UDP Query User{AD28C9ED-FF4E-496B-A2BC-B26A6B8146BB}F:\ppes\pes2008.exe" = protocol=17 | dir=in | app=f:\ppes\pes2008.exe | 
"UDP Query User{ADDD984C-CD15-42E2-86EB-4ED10F1A8606}C:\users\anna&arthur\desktop\games\portable.gta.2\gta2.exe" = protocol=17 | dir=in | app=c:\users\anna&arthur\desktop\games\portable.gta.2\gta2.exe | 
"UDP Query User{B144CEDC-1217-48FE-B454-ADE0CBE7315E}C:\users\anna&arthur\desktop\games\blobby\volley.exe" = protocol=17 | dir=in | app=c:\users\anna&arthur\desktop\games\blobby\volley.exe | 
"UDP Query User{B305131E-A85A-4EDF-84E7-DF552C510005}C:\selbst installierte programme\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\selbst installierte programme\hamachi\hamachi.exe | 
"UDP Query User{B39A7A21-9225-4581-AA4D-4F3BE11ACDBD}F:\c c generals jim version\command & conquer(tm) generals zero hour\generals.exe" = protocol=17 | dir=in | app=f:\c c generals jim version\command & conquer(tm) generals zero hour\generals.exe | 
"UDP Query User{B5590BB8-8B57-42D9-AEF8-6D308339FCD9}H:\lan offen\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=h:\lan offen\age of empires ii\age2_x1.exe | 
"UDP Query User{BF61ADFE-7556-4A40-B4A0-3D10903AA5C3}H:\lan\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=h:\lan\counter-strike source\hl2.exe | 
"UDP Query User{C7A2EB7A-41B9-4203-B7A8-092520F193F8}C:\selbst installierte programme\java\bin\javaw.exe" = protocol=17 | dir=in | app=c:\selbst installierte programme\java\bin\javaw.exe | 
"UDP Query User{CC9BCCFE-B960-46F2-B31E-CB6C5EE5CDC3}C:\users\anna&arthur\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\anna&arthur\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{D00AC604-CF91-40CA-A0A6-8B46B35D8FCB}C:\users\anna&arthur\downloads\blobby\volley.exe" = protocol=17 | dir=in | app=c:\users\anna&arthur\downloads\blobby\volley.exe | 
"UDP Query User{E6DAD101-E5EB-4DD3-BC84-256B5F99DD3A}F:\c c generals jim version\command & conquer(tm) generals zero hour\generals (2).exe" = protocol=17 | dir=in | app=f:\c c generals jim version\command & conquer(tm) generals zero hour\generals (2).exe | 
"UDP Query User{F4CC8BD7-360D-4AF3-A976-17189388F310}C:\selbst installierte programme\pokerstrategy\equilator\equilator.exe" = protocol=17 | dir=in | app=c:\selbst installierte programme\pokerstrategy\equilator\equilator.exe | 
"UDP Query User{FFACFAA7-D421-4343-B7AA-C981C2690749}I:\neuer ordner\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=i:\neuer ordner\age of empires ii\age2_x1.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{25D2B971-310F-42CD-90D4-7BB2863B7D94}" = O&O Defrag Professional
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE41FD74-3E8C-4040-A605-D2BA010ACD08}" = M-Audio Xponent Driver 6.0.1 (x64)
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB 2.0 2.0M UVC WebCam" = USB 2.0 2.0M UVC WebCam
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{045A9539-37B6-464D-94F9-E4ADFA856903}" = PokerStrategy.com Equilator
"{0474CEF2-37AE-441D-8FDE-A1EF7EAD01B9}" = Cisco AnyConnect VPN Client
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{2862A3C1-0CD9-4D8B-A28C-8C337D4DD5EB}" = Express Gate
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FDFD600-7338-4738-90D5-FC4ACA08DC36}" = Pro Evolution Soccer 2008
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42DE940E-8037-4266-9FBF-5A3AEDA39E96}" = Holdem Manager
"{45D4F727-43B5-49CD-B474-B9866A8F4FB8}" = Nokia Map Loader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}" = Watson
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 4.0
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BE06114F-559D-11E0-B5A1-001D0926B1BF}" = Google Earth
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D8DDC00B-2881-407D-AAC2-44AEE70AF0B7}" = Nokia Software Updater
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"{F3F1D08D-ABEF-4528-8383-54C46369EBB6}" = TV Jukebox 3.0
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activision_THPS2UninstallKey" = Tony Hawk's Pro Skater 2
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATITool" = ATITool Overclocking Utility
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Everest Poker" = Everest Poker (Remove Only)
"FileZilla Client" = FileZilla Client 3.3.2.1
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"GMX SMS-Manager" = GMX SMS-Manager
"Hidden and Dangerous Deluxe" = Hidden and Dangerous Deluxe
"ImTOO MP4 Video Converter" = ImTOO MP4 Video Converter
"InstallShield_{045A9539-37B6-464D-94F9-E4ADFA856903}" = PokerStrategy.com Equilator
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"InstallShield_{2FDFD600-7338-4738-90D5-FC4ACA08DC36}" = Pro Evolution Soccer 2008
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"OpenAL" = OpenAL
"PartyPoker" = PartyPoker
"pdfsam" = pdfsam
"PokerStars" = PokerStars
"SecureW2 EAP Suite" = SecureW2 EAP Suite 2.0.2 for Windows
"Starcraft" = Starcraft
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 50130" = Mafia II
"Sweet Home 3D_is1" = Sweet Home 3D version 3.1
"Titan Poker" = Titan Poker
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.1
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---


OTL Scan 2

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.05.2011 19:29:45 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Anna&Arthur\Downloads
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 16 4394 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 93,15 Gb Total Space | 4,89 Gb Free Space | 5,25% Space Free | Partition Type: NTFS
Drive D: | 20,12 Gb Total Space | 8,08 Gb Free Space | 40,14% Space Free | Partition Type: NTFS
Drive F: | 101,41 Gb Total Space | 4,79 Gb Free Space | 4,72% Space Free | Partition Type: NTFS
Drive G: | 18,19 Gb Total Space | 1,76 Gb Free Space | 9,66% Space Free | Partition Type: FAT32
 
Computer Name: HEADQUARTER | User Name: Anna&Arthur | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Anna&Arthur\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Selbst installierte Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe ()
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Anna&Arthur\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (O&O Defrag) -- C:\Windows\SysNative\oodag.exe (O&O Software GmbH)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV:64bit: - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV:64bit: - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (pgsql-8.3) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\DRIVERS\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64j.sys (Nokia)
DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (AF15BDA) -- C:\Windows\SysNative\DRIVERS\AF15BDA.sys (ITETech )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (NETw5v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys ( )
DRV:64bit: - (lullaby) -- C:\Windows\SysNative\DRIVERS\lullaby.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys ()
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys (REDC)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys (Microsoft Corporation)
DRV:64bit: - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys (REDC)
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\DRIVERS\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\Drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV:64bit: - (ATITool) -- C:\Windows\SysNative\DRIVERS\ATITool64.sys ()
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\DRIVERS\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys ()
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\DRIVERS\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\DRIVERS\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\Drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\DRIVERS\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (lirsgt) -- C:\Windows\SysWOW64\drivers\lirsgt.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/?ref=hp"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.2.8
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.50
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
FF - prefs.js..extensions.enabledItems: taboo@runningfrombears.com:0.6.1
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.16
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - prefs.js..network.proxy.backup.ftp: "proxyuhh.uni-hamburg.de"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "proxyuhh.uni-hamburg.de"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "proxyuhh.uni-hamburg.de"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "proxyuhh.uni-hamburg.de"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "proxyuhh.uni-hamburg.de"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "proxyuhh.uni-hamburg.de"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "proxyuhh.uni-hamburg.de"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxyuhh.uni-hamburg.de"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "proxyuhh.uni-hamburg.de"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Selbst installierte Programme\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Selbst installierte Programme\plugins [2010.09.25 22:37:51 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Selbst installierte Programme\Mozilla Firefox\components [2011.05.18 07:22:19 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Selbst installierte Programme\Mozilla Firefox\plugins [2011.05.18 07:22:19 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.04.29 18:53:35 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.09.22 17:51:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Anna&Arthur\AppData\Roaming\mozilla\Extensions
[2010.09.22 17:51:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Anna&Arthur\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.05.19 00:28:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Anna&Arthur\AppData\Roaming\mozilla\Firefox\Profiles\dmsfv1pz.default\extensions
[2011.03.23 02:08:55 | 000,000,000 | -H-D | M] (Session Manager) -- C:\Users\Anna&Arthur\AppData\Roaming\mozilla\Firefox\Profiles\dmsfv1pz.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2010.04.27 01:03:39 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anna&Arthur\AppData\Roaming\mozilla\Firefox\Profiles\dmsfv1pz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.13 16:07:07 | 000,000,000 | -H-D | M] ("Split Browser") -- C:\Users\Anna&Arthur\AppData\Roaming\mozilla\Firefox\Profiles\dmsfv1pz.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2011.05.14 12:08:35 | 000,000,000 | -H-D | M] (AniWeather) -- C:\Users\Anna&Arthur\AppData\Roaming\mozilla\Firefox\Profiles\dmsfv1pz.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2011.03.26 06:19:52 | 000,000,000 | -H-D | M] (FoxyTunes) -- C:\Users\Anna&Arthur\AppData\Roaming\mozilla\Firefox\Profiles\dmsfv1pz.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2011.05.01 13:14:28 | 000,000,000 | -H-D | M] (NoScript) -- C:\Users\Anna&Arthur\AppData\Roaming\mozilla\Firefox\Profiles\dmsfv1pz.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011.03.26 06:19:41 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Anna&Arthur\AppData\Roaming\mozilla\Firefox\Profiles\dmsfv1pz.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.31 12:21:18 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Anna&Arthur\AppData\Roaming\mozilla\Firefox\Profiles\dmsfv1pz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.26 06:19:50 | 000,000,000 | -H-D | M] (ReminderFox) -- C:\Users\Anna&Arthur\AppData\Roaming\mozilla\Firefox\Profiles\dmsfv1pz.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011.05.15 11:47:07 | 000,000,000 | -H-D | M] (Adblock Plus) -- C:\Users\Anna&Arthur\AppData\Roaming\mozilla\Firefox\Profiles\dmsfv1pz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.04.21 22:50:26 | 000,000,000 | -H-D | M] ("BetterPrivacy") -- C:\Users\Anna&Arthur\AppData\Roaming\mozilla\Firefox\Profiles\dmsfv1pz.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011.03.23 02:08:57 | 000,000,000 | -H-D | M] (Download Statusbar) -- C:\Users\Anna&Arthur\AppData\Roaming\mozilla\Firefox\Profiles\dmsfv1pz.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2011.04.27 21:22:32 | 000,000,000 | -H-D | M] ("AutoPager") -- C:\Users\Anna&Arthur\AppData\Roaming\mozilla\Firefox\Profiles\dmsfv1pz.default\extensions\autopager@mozilla.org
[2010.01.21 20:57:31 | 000,000,000 | -H-D | M] (Taboo) -- C:\Users\Anna&Arthur\AppData\Roaming\mozilla\Firefox\Profiles\dmsfv1pz.default\extensions\taboo@runningfrombears.com
[2010.11.07 21:35:21 | 000,001,832 | -H-- | M] () -- C:\Users\Anna&Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\dmsfv1pz.default\searchplugins\bing.xml
[2010.11.28 03:18:00 | 000,000,873 | -H-- | M] () -- C:\Users\Anna&Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\dmsfv1pz.default\searchplugins\conduit.xml
[2009.07.23 19:15:05 | 000,004,153 | -H-- | M] () -- C:\Users\Anna&Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\dmsfv1pz.default\searchplugins\youtube.xml
File not found (No name found) -- 
[2010.04.08 19:16:05 | 000,000,000 | -H-D | M] (Java Console) -- C:\SELBST INSTALLIERTE PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.05.30 08:05:29 | 000,000,000 | -H-D | M] (Java Console) -- C:\SELBST INSTALLIERTE PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.27 18:37:32 | 000,000,000 | -H-D | M] (Java Console) -- C:\SELBST INSTALLIERTE PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.03 17:14:05 | 000,000,000 | -H-D | M] (Java Console) -- C:\SELBST INSTALLIERTE PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.08 17:42:55 | 000,000,000 | -H-D | M] (Java Console) -- C:\SELBST INSTALLIERTE PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.30 00:54:11 | 000,000,000 | -H-D | M] (Java Console) -- C:\SELBST INSTALLIERTE PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ANNA&ARTHUR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DMSFV1PZ.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Windows\SysNative\oodtray.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe ()
O4 - Startup: C:\Users\Anna&Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\home update.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Anna&Arthur\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8:64bit: - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Anna&Arthur\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: everestpoker.com ([account] https in Trusted sites)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Program Files\P4G\wallpaper\long_battery_life_wallpaper_1280X800.jpg
O24 - Desktop BackupWallPaper: C:\Program Files\P4G\wallpaper\long_battery_life_wallpaper_1280X800.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0bd6c9c2-a6a5-11df-94b6-00215d9fff04}\Shell - "" = AutoRun
O33 - MountPoints2\{0bd6c9c2-a6a5-11df-94b6-00215d9fff04}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
O33 - MountPoints2\{120f7ce5-8a76-11de-be21-00248c95449b}\Shell\AutoRun\command - "" = N:\ktly.exe
O33 - MountPoints2\{120f7ce5-8a76-11de-be21-00248c95449b}\Shell\open\Command - "" = N:\ktly.exe
O33 - MountPoints2\{1a0f6021-8a6c-11df-94ca-00248c95449b}\Shell\AutoRun\command - "" = H:\Seagate\Installer\InstallSeagateManager.exe
O33 - MountPoints2\{1a0f6021-8a6c-11df-94ca-00248c95449b}\Shell\Install\command - "" = H:\Seagate\Installer\InstallSeagateManager.exe
O33 - MountPoints2\{1bd35eba-828a-11de-bf1e-00248c95449b}\Shell - "" = AutoRun
O33 - MountPoints2\{1bd35eba-828a-11de-bf1e-00248c95449b}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1bd35ec2-828a-11de-bf1e-00248c95449b}\Shell - "" = AutoRun
O33 - MountPoints2\{1bd35ec2-828a-11de-bf1e-00248c95449b}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{1be4eed8-c0a8-11de-b128-00248c95449b}\Shell - "" = AutoRun
O33 - MountPoints2\{1be4eed8-c0a8-11de-b128-00248c95449b}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{33746072-79e1-11de-b8c0-00248c95449b}\Shell - "" = AutoRun
O33 - MountPoints2\{33746072-79e1-11de-b8c0-00248c95449b}\Shell\AutoRun\command - "" = L:\null.exe
O33 - MountPoints2\{59934c73-8507-11de-a54e-00248c95449b}\Shell - "" = AutoRun
O33 - MountPoints2\{59934c73-8507-11de-a54e-00248c95449b}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{59934c74-8507-11de-a54e-00248c95449b}\Shell - "" = AutoRun
O33 - MountPoints2\{59934c74-8507-11de-a54e-00248c95449b}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{85f6133c-5d16-11df-a1b4-00248c95449b}\Shell - "" = AutoRun
O33 - MountPoints2\{85f6133c-5d16-11df-a1b4-00248c95449b}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{85f6134f-5d16-11df-a1b4-00248c95449b}\Shell - "" = AutoRun
O33 - MountPoints2\{85f6134f-5d16-11df-a1b4-00248c95449b}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8cdcf5b0-2bac-11df-ab4d-00215d9fff04}\Shell\AutoRun\command - "" = H:\Setup.exe
O33 - MountPoints2\{9a11253b-7591-11de-8cec-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9a11253b-7591-11de-8cec-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{b3bd17a4-e4d8-11de-8252-00248c95449b}\Shell\AutoRun\command - "" = N:\Rebit\sbin\Seagate-Replica-Autorun.exe
O33 - MountPoints2\{b3bd17a4-e4d8-11de-8252-00248c95449b}\Shell\Install\command - "" = N:\Rebit\sbin\Seagate-Replica-Autorun.exe
O33 - MountPoints2\{b5a96cf8-ae61-11df-b572-00215d9fff04}\Shell - "" = AutoRun
O33 - MountPoints2\{b5a96cf8-ae61-11df-b572-00215d9fff04}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{d14cf266-8572-11de-b224-00248c95449b}\Shell - "" = AutoRun
O33 - MountPoints2\{d14cf266-8572-11de-b224-00248c95449b}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ef1bf68f-67f8-11e0-bc06-00248c95449b}\Shell - "" = AutoRun
O33 - MountPoints2\{ef1bf68f-67f8-11e0-bc06-00248c95449b}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ef1bf690-67f8-11e0-bc06-00248c95449b}\Shell - "" = AutoRun
O33 - MountPoints2\{ef1bf690-67f8-11e0-bc06-00248c95449b}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{fbb1d6c1-2ea1-11df-a848-00215d9fff04}\Shell\AutoRun\command - "" = RECYCLE\usbenable.exe
O33 - MountPoints2\{fbb1d6c1-2ea1-11df-a848-00215d9fff04}\Shell\open\command - "" = RECYCLE\usbenable.exe
O33 - MountPoints2\{fc0bde93-add4-11df-b499-ff38fdb932c5}\Shell - "" = AutoRun
O33 - MountPoints2\{fc0bde93-add4-11df-b499-ff38fdb932c5}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\Rebit\sbin\Seagate-Replica-Autorun.exe
O33 - MountPoints2\N\Shell\Install\command - "" = N:\Rebit\sbin\Seagate-Replica-Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.20 18:44:39 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Roaming\Malwarebytes
[2011.05.20 18:44:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.20 18:44:11 | 000,038,224 | -H-- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.05.20 18:44:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011.05.20 18:44:07 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.05.20 18:44:06 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.05.20 17:29:17 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
[2011.05.20 14:47:23 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{CEBE0BEB-3924-4793-9459-704370F2D8D0}
[2011.05.20 00:10:24 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{A4EAF929-9444-4165-A8F6-B3FB3FE282C8}
[2011.05.18 19:19:13 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{92AEC5C9-3C66-443B-8627-E23E09576842}
[2011.05.18 07:18:31 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{21511F19-1B0F-44AD-A1B0-834C648D2ED3}
[2011.05.17 17:45:59 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{25581F8F-1537-4075-A915-DC3541A21F00}
[2011.05.16 19:41:52 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{D884B43D-BF75-460E-A379-289A862034F5}
[2011.05.16 00:09:45 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{AC38C6C9-26CD-4669-A9B9-036DABA6E242}
[2011.05.15 23:15:07 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\Desktop\robin
[2011.05.15 12:08:59 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{DD76E801-A596-4CBA-A1BF-D1C2CF1B029A}
[2011.05.14 12:07:12 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{CCF65628-FF2C-481D-9DB0-7C6535295147}
[2011.05.13 14:48:45 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{77932D2A-AD3B-4BF0-A6CB-3E54BDC3C629}
[2011.05.12 20:42:46 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{8008E5C2-1735-44DA-8A29-467C45C5F07F}
[2011.05.10 21:56:53 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{AF3E3238-40F4-4BB5-B95A-D3886F9806C7}
[2011.05.09 01:30:20 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{EF0951EA-1661-4010-9C50-AF809DE6456B}
[2011.05.08 13:29:34 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{8733AA8D-CA92-4FA6-A109-25D17EEBA3DA}
[2011.05.08 01:28:46 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{060291FF-3B4C-4F10-8FEA-94981A5BB5A5}
[2011.05.07 12:23:32 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{F3581893-7396-4EF8-97BA-50EA6F7116FA}
[2011.05.06 18:08:22 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{74576508-4AD6-4FC9-8219-51FF1BAFA6FB}
[2011.05.06 17:58:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2011.05.06 01:45:41 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{4480D538-9891-4CF3-871F-DC6C5A9DE17E}
[2011.05.05 16:50:57 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{05E7B85E-9019-41F6-B7FE-885FB1E3DEF4}
[2011.05.04 23:40:55 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Roaming\eTeks
[2011.05.04 23:33:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D
[2011.05.04 23:32:56 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Sweet Home 3D
[2011.05.04 22:44:12 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{B55D5F3C-EE6C-44CC-BF4A-AB89DB5525B2}
[2011.05.03 22:53:50 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{0A08616B-03EE-4B05-845C-9122F01897F5}
[2011.05.03 08:28:18 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{7D97B783-21F9-46E1-A066-D5B1A4025693}
[2011.05.02 20:03:40 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{E62D6034-9801-4190-82A4-63D0F4B946F1}
[2011.05.01 13:55:14 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{2F6A34E9-6C5D-460F-8E43-3789A43E4413}
[2011.05.01 01:53:58 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{EC22BB6F-CA93-485A-8B8B-FF200058ACFA}
[2011.04.30 01:16:40 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\Desktop\Blockwart - Setzt die Segel ms2008
[2011.04.29 16:51:13 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{F9D1F482-08B0-4FF0-8E8E-A4A4E9E8351F}
[2011.04.29 00:07:25 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{D9DA0081-63D3-41AC-AC6B-CCDEA959F410}
[2011.04.27 21:21:40 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{C9783E00-545D-4BCA-BAEB-014B305F8F85}
[2011.04.26 22:28:19 | 001,653,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.04.26 22:28:19 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.04.26 22:28:15 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2011.04.26 22:28:15 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2011.04.26 22:28:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2011.04.26 22:28:14 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2011.04.26 22:14:20 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{97CC1FBA-2E08-4287-B0F6-0993FEC60540}
[2011.04.25 18:03:40 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{B7FB4CB7-7A56-45E9-A7E9-B6056B172927}
[2011.04.24 15:07:22 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{A7A198D6-A2EA-49A5-91E5-1080B0C47231}
[2011.04.24 03:06:36 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{985CAD39-CF43-4013-8EF0-9B56040980D9}
[2011.04.22 22:51:34 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{F81B8A6A-5F87-4E6C-B897-AFFA002CCA82}
[2011.04.22 10:50:48 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{03A09516-59FC-4462-8832-EA8808225B38}
[2011.04.21 22:50:03 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{5506B0C9-9EEF-4B17-A784-A587AF4CB166}
[2011.04.21 00:13:34 | 000,000,000 | -H-D | C] -- C:\Users\Anna&Arthur\AppData\Local\{2965C58E-C5C7-4991-9B8D-DA10097CDDD1}
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Anna&Arthur\AppData\Local\*.tmp files -> C:\Users\Anna&Arthur\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.20 19:32:00 | 000,001,120 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.20 19:20:42 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011.05.20 19:20:27 | 000,001,116 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.20 19:19:17 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.20 19:19:17 | 000,003,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.20 19:19:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.20 19:19:00 | 000,727,890 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2011.05.20 19:17:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.05.20 19:15:08 | 000,002,129 | ---- | M] () -- C:\Users\Anna&Arthur\Documents\mbam-log-2011-05-20 (19-15-00) virs
[2011.05.20 18:36:21 | 001,458,900 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.05.20 18:36:21 | 000,631,312 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.05.20 18:36:21 | 000,600,138 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.05.20 18:36:21 | 000,128,646 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.05.20 18:36:21 | 000,106,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.05.20 17:32:44 | 000,000,392 | -H-- | M] () -- C:\ProgramData\42655480
[2011.05.20 17:29:25 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~42655480r
[2011.05.20 17:29:25 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~42655480
[2011.05.20 17:29:17 | 000,000,595 | -H-- | M] () -- C:\Users\Anna&Arthur\Desktop\Windows Vista Recovery.lnk
[2011.05.20 17:27:23 | 000,818,380 | -H-- | M] () -- C:\ProgramData\nvModes.dat
[2011.05.20 17:27:23 | 000,818,380 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011.05.20 00:18:18 | 015,059,743 | -H-- | M] () -- C:\Users\Anna&Arthur\Desktop\robin.zip
[2011.05.20 00:10:12 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CD3C5595-AA01-46F7-B81F-20AC5445AFFA}.job
[2011.05.14 00:12:07 | 002,069,186 | -H-- | M] () -- C:\Users\Anna&Arthur\Desktop\ZIMMER.sh3d
[2011.05.12 23:59:30 | 076,227,805 | -H-- | M] () -- C:\Users\Anna&Arthur\Desktop\20070327180158984_BN68-01186B-01L08-0313.pdf
[2011.05.05 19:28:18 | 000,971,383 | -H-- | M] () -- C:\Users\Anna&Arthur\Desktop\crio.sh3d
[2011.05.04 23:33:08 | 000,000,894 | -H-- | M] () -- C:\Users\Anna&Arthur\Desktop\Sweet Home 3D.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Anna&Arthur\AppData\Local\*.tmp files -> C:\Users\Anna&Arthur\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.20 19:15:08 | 000,002,129 | ---- | C] () -- C:\Users\Anna&Arthur\Documents\mbam-log-2011-05-20 (19-15-00) virs
[2011.05.20 17:29:25 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~42655480r
[2011.05.20 17:29:25 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~42655480
[2011.05.20 17:29:17 | 000,000,595 | -H-- | C] () -- C:\Users\Anna&Arthur\Desktop\Windows Vista Recovery.lnk
[2011.05.20 17:29:05 | 000,000,392 | -H-- | C] () -- C:\ProgramData\42655480
[2011.05.20 00:18:15 | 015,059,743 | -H-- | C] () -- C:\Users\Anna&Arthur\Desktop\robin.zip
[2011.05.12 23:58:17 | 076,227,805 | -H-- | C] () -- C:\Users\Anna&Arthur\Desktop\20070327180158984_BN68-01186B-01L08-0313.pdf
[2011.05.05 19:28:18 | 000,971,383 | -H-- | C] () -- C:\Users\Anna&Arthur\Desktop\crio.sh3d
[2011.05.04 23:40:55 | 002,069,186 | -H-- | C] () -- C:\Users\Anna&Arthur\Desktop\ZIMMER.sh3d
[2011.05.04 23:33:08 | 000,000,894 | -H-- | C] () -- C:\Users\Anna&Arthur\Desktop\Sweet Home 3D.lnk
[2011.04.09 18:55:28 | 000,179,261 | -H-- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.12.28 00:58:55 | 000,011,295 | -H-- | C] () -- C:\Windows\scunin.dat
[2010.08.22 12:10:03 | 000,000,035 | -H-- | C] () -- C:\Windows\A5W.INI
[2010.08.08 05:48:03 | 000,000,083 | -H-- | C] () -- C:\Windows\wwp.INI
[2010.05.30 09:46:06 | 000,000,600 | -H-- | C] () -- C:\Users\Anna&Arthur\AppData\Local\PUTTY.RND
[2010.04.29 13:24:56 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.02.01 14:56:32 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010.01.26 23:26:26 | 000,031,049 | -H-- | C] () -- C:\Users\Anna&Arthur\AppData\Roaming\UserTile.png
[2009.09.30 20:27:51 | 000,018,048 | -H-- | C] () -- C:\Windows\SysWow64\drivers\lirsgt.sys
[2009.09.24 00:28:28 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.09.24 00:27:51 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.09.24 00:27:11 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.08.14 16:47:38 | 000,000,000 | -H-- | C] () -- C:\Windows\HMHud.INI
[2009.08.01 21:42:02 | 000,001,356 | -H-- | C] () -- C:\Users\Anna&Arthur\AppData\Local\d3d9caps.dat
[2009.08.01 20:19:54 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.07.27 18:07:28 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2009.07.26 20:13:26 | 000,001,291 | -H-- | C] () -- C:\Windows\eReg.dat
[2009.07.25 18:05:11 | 000,127,488 | -H-- | C] () -- C:\Users\Anna&Arthur\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.23 17:19:39 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2009.07.20 22:49:25 | 000,818,380 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2009.07.20 22:49:24 | 000,818,380 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2009.07.20 21:15:07 | 000,000,732 | -H-- | C] () -- C:\Users\Anna&Arthur\AppData\Local\d3d9caps64.dat
[2008.07.01 19:28:38 | 000,061,440 | -H-- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008.06.23 13:02:02 | 000,097,410 | RH-- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.05.23 17:48:50 | 000,020,270 | -H-- | C] () -- C:\ProgramData\DeviceInstaller.xml
[2008.05.22 09:35:54 | 000,051,962 | -H-- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
[2007.04.27 10:43:58 | 000,120,200 | -H-- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2006.11.02 17:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | -H-- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
< End of report >
         
--- --- ---

Alt 21.05.2011, 16:25   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Festplatte beschädigt/Systemneustart/Windows Vista Recovery" Meldungen - Standard

"Festplatte beschädigt/Systemneustart/Windows Vista Recovery" Meldungen



Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________

Alt 22.05.2011, 16:48   #3
virenhater
 
"Festplatte beschädigt/Systemneustart/Windows Vista Recovery" Meldungen - Standard

"Festplatte beschädigt/Systemneustart/Windows Vista Recovery" Meldungen



Hier der Vollscan von Malware, heute morgen:

Seit dem Vollscan und dem Löschen der beiden infizierten Objekten läuft der PC auch wieder viel schneller als früher. Habe wohl nicht nur den "Festplatten beschädigt" Virus gehabt sondern schon länger unwissentlich mehr Viren...

Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 6628

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

22.05.2011 17:33:07
mbam-log-2011-05-22 (17-32-57) vollscan

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|)
Durchsuchte Objekte: 409251
Laufzeit: 2 Stunde(n), 14 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\anna&arthur\downloads\setuppoker_a072a_de.exe (PUP.Casino) -> No action taken.
c:\Users\anna&arthur\downloads\alllles\fff-ea144.exe (Trojan.Orsam) -> No action taken.
__________________

Alt 23.05.2011, 09:19   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"Festplatte beschädigt/Systemneustart/Windows Vista Recovery" Meldungen - Standard

"Festplatte beschädigt/Systemneustart/Windows Vista Recovery" Meldungen



Entfernst du die Funde nie? Wenn nicht, bitte nachholen!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu "Festplatte beschädigt/Systemneustart/Windows Vista Recovery" Meldungen
7-zip, adblock, autorun, avira, bho, conduit, counter-strike source, disabletaskmgr, error, festplatte, flash player, format, gfnexsrv.exe, google, google earth, home, install.exe, jdownloader, logfile, malware, mozilla, mozilla thunderbird, mp3, nicht angezeigt, object, oldtimer, open office, plug-in, problem, realtek, recycle, registry, rundll, scan, sched.exe, searchplugins, security, shell32.dll, shortcut, software, sptd.sys, start menu, svchost.exe, system, syswow64, usb, usb 2.0, video converter, vista, vista recovery, vodafone



Ähnliche Themen: "Festplatte beschädigt/Systemneustart/Windows Vista Recovery" Meldungen


  1. WHS: "Heimserver nicht gefunden" (Win Vista, Recovery CD)
    Netzwerk und Hardware - 06.08.2014 (11)
  2. auch "ide/sata festplatte beschädigt" - aber systemwiederherstellung gelungen!
    Log-Analyse und Auswertung - 28.04.2012 (26)
  3. Überbleibsel des "Bundespolizei"/"Windows System Recovery" -Trojaners
    Log-Analyse und Auswertung - 25.11.2011 (47)
  4. "Festplatte beschädigt" - TR/Crypt.XPACK.GEN3
    Plagegeister aller Art und deren Bekämpfung - 05.07.2011 (20)
  5. Festplatte wäre beschädigt + Pop Up Meldungen
    Log-Analyse und Auswertung - 26.06.2011 (6)
  6. Bildschirm schwarz und Festplatte beschädigt "Das system hat ein problem",
    Plagegeister aller Art und deren Bekämpfung - 25.06.2011 (16)
  7. "Malware Protection" entfernt und nun "Windows Vista Restore" und diverse Festplattenwarnungen
    Plagegeister aller Art und deren Bekämpfung - 17.06.2011 (28)
  8. Maleware Verdacht: Recovery-Aufforderung mit Meldung "Festplatte beschädigt"
    Mülltonne - 16.06.2011 (1)
  9. Trojaner FakeMS --- Festplatte angeblich "beschädigt"
    Log-Analyse und Auswertung - 07.06.2011 (17)
  10. "Festplatte beschädigt"-Meldungen, schwarzer Desktop, alle Dateien versteckt
    Log-Analyse und Auswertung - 01.06.2011 (12)
  11. "Stutter.X,"Windows XP recovery"-Aufforderung, "Festplatte beschädigt"-Meldung, Bildschrim schwarz,
    Log-Analyse und Auswertung - 28.05.2011 (20)
  12. Kritischer Fehler mit Festplatte - Laufwerk C ist "leer" - XP Recovery startet
    Plagegeister aller Art und deren Bekämpfung - 25.05.2011 (17)
  13. Festplatte beschädigt. Private Daten sind in Gefahr. windows 7 recovery auf englisch
    Log-Analyse und Auswertung - 23.05.2011 (7)
  14. Festplatte Cluster beschädigt/Windows Vista Recovery
    Log-Analyse und Auswertung - 21.05.2011 (1)
  15. Festplatte Cluster beschädigt/Windows Xp Recovery/FakeAlert vermutlich TR/Kazy.mekml1
    Plagegeister aller Art und deren Bekämpfung - 16.05.2011 (1)
  16. Festplatte beschädigt. Virus "Windows Regency"
    Log-Analyse und Auswertung - 06.05.2011 (5)
  17. "Windows Restore" Fenster - Nachrichtenfenster über Systemfehler - unaufgeforderter Systemneustart
    Log-Analyse und Auswertung - 24.04.2011 (13)

Zum Thema "Festplatte beschädigt/Systemneustart/Windows Vista Recovery" Meldungen - Hallo, Habe das gleiche Problem wie in diesem Thread http://www.trojaner-board.de/99269-s...m-schwarz.html Fehlermeldungen kommen nicht mehr aber die ganzen Ordner sind noch versteckt und und Schnellstartleiste wird nicht angezeigt und wenn ich - "Festplatte beschädigt/Systemneustart/Windows Vista Recovery" Meldungen...
Archiv
Du betrachtest: "Festplatte beschädigt/Systemneustart/Windows Vista Recovery" Meldungen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.