Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.11.2011, 23:25   #1
Antonio89
 
TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll - Standard

TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll



Hallo, ich hab gestern versehentlich von einer Musikseite (remix.to), bei welcher ich registriert bin und nach langer Zeit wieder besucht habe, einen Trojaner auf dem Rechner heruntergeladen. Seit dem spinnt der PC rum und ich habe Angst, dass einige Dinge kaputt gehen oder gelöscht werden.
Dieser Trojaner löst aus, dass sich das Internet manchmal von alleine schließt, zudem wird ICQ gestartet, ohne das ich es beeilflussen kann.
Außerdem kommen noch Fehlermeldungen. Ich benutze Avira AntiVir, welches mir auch diesen Fund gezeigt hat. Ich habe mich bereits in anderen Foren umgesehen, und geslesen, dass einige andere auch diesen Virus auf dem Rechner haben/hatten, aber keiner hat von diesen Auswirkungen gesprochen, die der Trojaner bei mir auslöst. Daher weiß ich nicht, was ich machen soll.
Zum Betreibssystem: Ich habe Windows Vista Home Edition mit 32-Bit drauf.
Soll ich eine Logfile erstellen und es anschließend hier posten? Ich benutze Online-Banking, habe gelesen, dass bei manchen Trojanern empfohlen wird, seine Daten ändern/sperren zu lassen.
Ich bitte euch um Hilfe und eine schnelle Antwort, dass wäre echt sehr nett !!

Geändert von Antonio89 (23.11.2011 um 00:14 Uhr)

Alt 23.11.2011, 11:07   #2
kira
/// Helfer-Team
 
TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll - Standard

TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

Ich habe zwei Vorschläge: :

1.
Wenn du glaubst zu kennen die Zeitpunkt wo dein System noch einwandfrei funktioniert hat, die Systemwiederherstellung ist einen Versuch Wert!:

- Gibt es einen "relativ einfachen Weg",wenn eine frische Infektion vorliegt, oder mal bestimmte Probleme bekommt man auch gelöst, was man sogleich ausprobieren sollte. Dies bietet Dir die Möglichkeit, Systemänderungen am Computer ohne Auswirkung auf persönliche Dateien, wie z. B. E-Mails, Dokumente oder Fotos, rückgängig zu machen.
Zitat:
-> Systemwiederherstellung
► Bitte wähle das älteste verfügbare Datum für die Wiederherstellung von Windows aus, wo dein Rechner noch einwandfrei funktioniert hat!
  • Du musst dich als Administrator oder als Benutzer mit Administratorrechten anmelden.
  • Die Systemwiederherstellung lässt sich unter Windows Vista/XP/7 wie folgt aufrufen:
  • StartAlle ProgrammeZubehörSystemprogrammeSystemwiederherstellung
->Eine Schritt-für-Schritt-Anleitung zum Einsatz der Systemwiederherstellung unter Windows XP
->Systemwiederherstellung unter Windows Vista
->Unter Win 7
Falls nötig, kannst Du es im abgesicherten Modus auch tun - (Link bitte unbedingt anklicken & lesen!)
Die Systemwiederherstellung ist nur ein "Notlösung", das Problem wird damit nie 100%ig beseitigt, da dem Zeitpunkt des Eindringen des Trojaners nicht mehr feststellen kann. Aber man kann damit die Funktionsfähigkeit eines Computersystems erhöhen.
(Kannst noch immer bis zum heutigen Zeitpunkt rückgängig machen, falls liefert nicht das gewünschte Ergebnis)

berichte mir auch, ob die SWH funktioniert hat, bzw ob Du das System auf einen früheren Wiederherstellungspunkt zurückstellen können?

2.
Zitat:
Sollte die Systemwiederherstellung nicht funktionieren (Malware kann es verhindern):
- Du kannst auch noch die folgenden Methoden ausprobieren, um das Problem zu beheben.:-> Verwenden der letzten als funktionierend bekannten Konfiguration
3.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

4.
Systemscan mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.


  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

5.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

__________________

Alt 23.11.2011, 14:05   #3
Antonio89
 
TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll - Standard

TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll



Hallo, erstmal vielen Dank für die schnelle Antwort.
Ich habe gerade versucht, das System wieder herzustellen, jeden ist ein "Unbekannter Fehler" aufgetreten bei der Systemwiederhesrstellung, habe versucht, es zu drei verschiedenen Wiederherstellungspunkten wiederherzustellen, ging bei allen nicht.
Jetzt versuche ich das andere. Ich melde mich dann nochmals, wenn ich fertig bin.
Lieben Gruß
Antonio
__________________

Alt 23.11.2011, 16:22   #4
Antonio89
 
TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll - Standard

TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll



Habe jetzt Malwarebytes heruntergeladen und laufen lassen.
Laut Logfile wurden die Viren gelöscht, ich lass es jetzt nochmal mit AntiVir durchlaufen.

Ist es jetzt gelöscht oder soll ich nochmal etwas machen?

Hier die Logfile:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8224

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

23.11.2011 15:31:47
mbam-log-2011-11-23 (15-31-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 383106
Laufzeit: 1 Stunde(n), 3 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\R8388QA8U8 (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\idgbn5xehg (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (hxxp://startsear.ch/?aff=1) Good: (hxxp://www.google.com) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\superantispyware\BootSafe.exe (Trojan.Agent) -> No action taken.
c:\program files\superantispyware\UPD161F.tmp (Trojan.Agent) -> No action taken.
c:\program files\superantispyware\UPD197A.tmp (Trojan.Agent) -> No action taken.
c:\system volume information\systemrestore\frstaging\Users\Username\AppData\Local\Temp\Xqp.exe (Trojan.Downloader) -> No action taken.
c:\system volume information\systemrestore\frstaging\Users\Username\AppData\Local\Temp\Xqt.exe (Trojan.Downloader) -> No action taken.
c:\system volume information\systemrestore\frstaging\Users\Username\AppData\Local\Temp\Xqy.exe (Trojan.Downloader) -> No action taken.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> No action taken.
c:\Users\Username\AppData\Roaming\rundx.dll (Trojan.Krypt) -> No action taken.

Alt 24.11.2011, 04:56   #5
kira
/// Helfer-Team
 
TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll - Standard

TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll



Zitat:
Zitat von Antonio89 Beitrag anzeigen

Ist es jetzt gelöscht oder soll ich nochmal etwas machen?
Zitat:
No action taken.
** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:
  • per Doppelklick starten.
  • gleich mal die Datenbanken zu aktualisieren - online updaten
  • Vollständiger Suchlauf wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

dann weiter mit die Schritte bitte!

__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 24.11.2011, 23:08   #6
Antonio89
 
TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll - Standard

TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll



Hallo, ich habe soeben wieder einen vollständigen Suchlauf gemacht.
Ich habe beim 1. Suchlauf versehentlich alle infizierte Dateien gelöscht und vergessen den Haken zu entfernen bei den "C:\System Volume Information" Dateien.. Hat das irgendwelche Konsequenzen?
Muss ich jetzt noch irgendetwas befürchten?

Vielen Dank nochmal für die schnelle Antwort, Kira!!
--------------------------------------------------------------------
Hier die Logfile:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8234

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

24.11.2011 23:02:38
mbam-log-2011-11-24 (23-02-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 394409
Laufzeit: 1 Stunde(n), 52 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 25.11.2011, 10:11   #7
kira
/// Helfer-Team
 
TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll - Standard

TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll



Zitat:
Zitat von Antonio89 Beitrag anzeigen
Ich habe beim 1. Suchlauf versehentlich alle infizierte Dateien gelöscht und vergessen den Haken zu entfernen bei den "C:\System Volume Information" Dateien.. Hat das irgendwelche Konsequenzen?
eigentlich nicht, da dein System sowieso von Malware befallen ist/war, also die SWH hilft auch nicht mehr bzw eben hat nicht funktioniert

arbeite bitte alle Punkte noch ab
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 25.11.2011, 13:47   #8
Antonio89
 
TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll - Standard

TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll



So Schritt 4 ist nun auch erfüllt.
Hier die beiden Logfiles:


Code:
ATTFilter
OTL logfile created on: 25.11.2011 13:34:28 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Username\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 51,97% Memory free
6,22 Gb Paging File | 4,65 Gb Available in Paging File | 74,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,65 Gb Total Space | 47,31 Gb Free Space | 33,17% Space Free | Partition Type: NTFS
Drive D: | 142,67 Gb Total Space | 107,35 Gb Free Space | 75,24% Space Free | Partition Type: NTFS
 
Computer Name: Username-PC | User Name: Username | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.25 13:31:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Username\Desktop\OTL.exe
PRC - [2011.11.09 19:52:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.10.09 10:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011.09.20 11:39:48 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.18 23:14:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.08.03 12:50:00 | 000,812,648 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.07.22 00:06:30 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2011.06.29 11:31:48 | 000,269,480 | R--- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.28 12:35:55 | 000,136,360 | R--- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.12.13 08:39:19 | 000,281,768 | R--- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | R--- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.12.14 22:27:00 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Username\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.09.19 04:00:10 | 006,294,048 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.21 22:06:52 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011.11.09 19:52:19 | 001,989,592 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.12.12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.04.28 09:49:20 | 000,003,072 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.18 23:14:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.06.29 11:31:48 | 000,269,480 | R--- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.28 12:35:55 | 000,136,360 | R--- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [File_System | Boot | Running] --  -- (MFX)
DRV - [2011.10.09 22:06:20 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.08.18 23:14:38 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.08.18 23:14:38 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011.08.03 12:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.06.29 11:31:49 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.29 11:31:48 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.10 10:41:28 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.10.08 10:43:08 | 000,005,632 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidshim.sys -- (hidshim)
DRV - [2008.10.08 10:43:06 | 000,022,528 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys -- (nuvotonhidgeneric)
DRV - [2006.11.29 01:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bild.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:5220
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.bild.de"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.06.30 13:14:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.02 21:34:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com [2011.01.06 02:48:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.23 13:54:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.23 13:54:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.23 13:54:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.02 21:34:36 | 000,000,000 | ---D | M]
 
[2010.05.11 23:25:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Username\AppData\Roaming\mozilla\Extensions
[2010.05.11 23:25:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Username\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011.11.23 13:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\7jknhtdv.default\extensions
[2010.07.31 01:02:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\7jknhtdv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.12 16:36:01 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\7jknhtdv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.10.20 05:54:14 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Username\AppData\Roaming\mozilla\Firefox\Profiles\7jknhtdv.default\extensions\vshare@toolbar
[2010.08.12 15:48:32 | 000,005,591 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\1und1-suche.xml
[2010.08.12 15:48:32 | 000,001,371 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\amazonde.xml
[2010.10.22 23:57:45 | 000,000,873 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\conduit.xml
[2010.08.12 15:48:32 | 000,010,605 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\gmx-suche.xml
[2011.11.24 12:38:35 | 000,000,950 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\icqplugin-1.xml
[2011.06.20 20:04:02 | 000,000,950 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\icqplugin-2.xml
[2011.08.17 13:49:31 | 000,000,950 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\icqplugin-3.xml
[2011.08.28 17:51:44 | 000,000,950 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\icqplugin-4.xml
[2011.09.07 13:20:45 | 000,000,950 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\icqplugin-5.xml
[2011.09.27 17:07:51 | 000,000,950 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\icqplugin-6.xml
[2011.10.01 11:17:09 | 000,000,950 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\icqplugin-7.xml
[2011.11.09 19:52:59 | 000,000,950 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\icqplugin-8.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\icqplugin.xml
[2011.07.31 12:22:44 | 000,001,420 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\preisvergleich.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\startsear.xml
[2010.12.29 20:27:14 | 000,003,915 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\sweetim.xml
[2010.08.12 15:48:32 | 000,005,588 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\webde-suche.xml
[2011.11.09 19:52:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.12.16 16:15:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.10.23 19:04:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.11.09 19:52:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.06.09 12:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011.05.01 23:41:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.01 23:41:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.05.01 23:41:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.01 23:41:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.01 23:41:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.01 23:41:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: SweetIM Search ()
CHR - default_search_provider: search_url = hxxp://search.sweetim.com/?q={searchTerms}&src=6&barid={9CBE9700-1381-11E0-A35D-001D72EB33B8}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Username\AppData\Roaming\Complitly\Complitly.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run File not found
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe File not found
O4 - HKLM..\Run: [PlusService] C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [daemon] C:\Users\Username\AppData\Roaming\daemon.exe File not found
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{287D781F-7C09-476F-9FE5-22460EB9F7BB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FAFED2A-826B-479E-B6A9-4636C777D5EA}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Username\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Username\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.25 13:30:59 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Username\Desktop\OTL.exe
[2011.11.23 22:42:59 | 000,000,000 | ---D | C] -- C:\Users\Username\Desktop\Neuer Ordner
[2011.11.23 18:41:16 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{9DFBD760-43F9-4237-A9C6-72AED4E5C95C}
[2011.11.23 18:41:11 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{6EEAFFBB-A9E4-4F31-8186-81FCCC407386}
[2011.11.23 14:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.23 14:07:18 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.23 14:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.21 17:41:45 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{EB7C7A7B-2617-4416-A264-EA56B410ED93}
[2011.11.21 17:41:43 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{39479407-4FDA-48F9-BFA1-F5F02DFB7CFB}
[2011.11.21 15:15:23 | 000,000,000 | ---D | C] -- C:\Users\Username\Desktop\860OKMZO
[2011.11.20 16:27:14 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{CD57DCF7-54B4-4A56-BB6C-2EB9D2F86F3C}
[2011.11.20 16:27:12 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{9A08C7F2-FB7F-4B1B-AD9B-FE5557D38158}
[2011.11.20 03:50:41 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{FD1626A8-C0D8-4748-B79B-64D7FCD59CEA}
[2011.11.20 03:50:40 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{6569AABA-A8F2-410C-BC9F-BABD3E69AC43}
[2011.11.19 13:10:53 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{0DEA093C-66C1-444A-A04D-582D626DED36}
[2011.11.19 13:10:50 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{3C6C8F6B-2643-4440-B182-5E2EF16EE227}
[2011.11.18 13:08:32 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{4788CEDD-9B09-4EC8-BF30-CF1334DAD973}
[2011.11.18 13:08:29 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{7A53F069-EB35-4A68-A61E-8A9FAA12B851}
[2011.11.17 15:42:53 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{D8D82F69-882D-4E79-9B77-ED18248DE8F7}
[2011.11.17 15:42:49 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{EBAD3F99-6BA1-4ABF-B9BF-EAD226433C87}
[2011.11.17 00:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.11.17 00:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011.11.17 00:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.11.17 00:06:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.11.16 17:06:59 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{ADF07B13-6788-419D-BE41-BFCCF0A0921F}
[2011.11.16 17:06:56 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{E7B38FBB-5417-435D-A86A-20F6ED88DD4A}
[2011.11.15 15:26:43 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{1D2612B7-D254-41BD-AE37-701BE03BC3BA}
[2011.11.15 15:26:37 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{6EA55885-F9C5-46C0-8724-0CB2A5D1EABC}
[2011.11.14 14:47:16 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{9EA83A27-3BBC-4C44-A972-F9A3808303C6}
[2011.11.14 14:47:05 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{7278FA4D-8CC5-49EF-B49B-6D2EDCB75FA7}
[2011.11.13 17:57:03 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{68B6211A-4183-467E-9D5B-2D63E1A9DE98}
[2011.11.13 17:56:59 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{446EBDF5-1759-4AC9-9084-6D0CE6C3F3BC}
[2011.11.13 16:07:55 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\PokerStars
[2011.11.13 16:07:45 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars
[2011.11.13 16:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars
[2011.11.13 16:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.NET
[2011.11.12 13:33:45 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{478E6BF2-8342-444D-99E3-AA8ED8307B29}
[2011.11.12 13:33:42 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{850B5A7D-BB15-4D01-AFCB-295BEC1B25A9}
[2011.11.11 16:06:16 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{E0759960-EE35-4ABD-9E3D-3AF78A8C119B}
[2011.11.11 16:06:09 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{144B311A-907C-4795-9864-F43478014838}
[2011.11.10 19:44:12 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{09719CAE-665F-49A9-B020-B056AB11717D}
[2011.11.10 19:44:08 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{A1CE369E-4A01-4C85-911D-CACDE231BC56}
[2011.11.09 17:48:34 | 000,000,000 | ---D | C] -- C:\Users\Username\Documents\Messenger Plus
[2011.11.09 17:34:34 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{5370CC39-6604-434F-91B2-F35DF0352D26}
[2011.11.09 17:34:28 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{4F02A01E-B81F-4241-8E86-4DAB15EE0034}
[2011.11.08 19:26:01 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{35CECC28-A13E-4802-AA6E-689AFBFDCDB9}
[2011.11.08 19:25:54 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{C59E7541-1B84-4775-8591-B18DD01B9F93}
[2011.11.07 22:54:46 | 000,000,000 | ---D | C] -- C:\Users\Username\Desktop\fb
[2011.11.07 18:02:53 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{53D16C90-B704-4440-81A2-E4B9B9EB641A}
[2011.11.07 18:02:51 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{348F4583-1141-47F6-AB63-F6EA56365B79}
[2011.11.06 21:12:04 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{41B564A4-7C5B-4054-A776-53BBAC89B0A4}
[2011.11.06 21:12:00 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{42115404-AA50-4DAF-BD69-91E9BD592F8C}
[2011.11.04 21:52:38 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{23153A74-4C86-471B-A432-B0285B89A426}
[2011.11.04 21:52:35 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{1C5F6106-CA2C-44E6-9A28-EAE44EA3F497}
[2011.11.04 11:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011.11.04 11:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2011.11.03 21:59:28 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{F9747E8F-F6C0-4E27-9D46-084FD693DA85}
[2011.11.03 21:59:25 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{7AC1B7D5-4534-4380-8B71-96159DB29D9E}
[2011.11.02 18:16:49 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{66DC562D-2137-4190-AA17-9FDEB6AD2816}
[2011.11.02 18:16:47 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{D04FF37B-5B6B-4B0F-A17B-2C401C104A5C}
[2011.11.01 21:40:51 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{93D17958-D239-47BC-BF2C-CA5038935C12}
[2011.11.01 21:40:43 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{E5BA5980-11BE-4B23-A6FC-356D7DEB0D7B}
[2011.10.31 17:24:18 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{C2DA35F5-F8C3-489E-BD5A-03F441B6D5CC}
[2011.10.31 17:24:15 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{BCADEACE-EA20-4F71-8D33-1AB375088613}
[2011.10.30 12:57:42 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{8B7E54C7-3CE4-4950-90D4-6E6B8A199116}
[2011.10.30 12:57:40 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{D6248742-6850-49D3-9261-DC7122387667}
[2011.10.29 12:51:46 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{C7CC1AAE-2740-4FA9-873A-AB1CA0D78108}
[2011.10.29 12:51:44 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{D3E9133A-3896-49F9-90FB-3FCAED9D599D}
[2011.10.28 16:06:46 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{8D5E7A92-DF7C-4041-AAF8-9015E1C75BC8}
[2011.10.28 16:06:44 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{0130FD20-6F2C-48E2-9615-EC91288E7A8A}
[2011.10.27 21:22:46 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{0C9BA0E1-D0D0-4302-928E-8CCBBAF62308}
[2011.10.27 21:22:42 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{FE358269-19E2-4EE0-9B26-4B2980EE67E2}
[2011.10.26 19:18:56 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{0A868509-423D-4346-801C-113BF8C752AB}
[2011.10.26 19:18:51 | 000,000,000 | ---D | C] -- C:\Users\Username\AppData\Local\{23D761A7-950E-441E-8ABA-B430BA503E46}
[2010.06.16 00:06:24 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009.12.15 06:46:29 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.25 13:31:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Username\Desktop\OTL.exe
[2011.11.25 13:28:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.24 22:36:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.24 22:36:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.23 22:42:51 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.23 22:42:51 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.23 22:42:51 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.23 22:42:51 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.23 15:36:16 | 3215,847,424 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.23 14:07:22 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.22 23:05:00 | 000,001,335 | ---- | M] () -- C:\Users\Username\AppData\Roaming\x0004.dat
[2011.11.22 17:53:53 | 000,025,645 | ---- | M] () -- C:\Users\Username\AppData\Roaming\x0001.dat
[2011.11.22 17:53:53 | 000,002,097 | ---- | M] () -- C:\Users\Username\AppData\Roaming\x0006.dat
[2011.11.22 17:53:53 | 000,000,491 | ---- | M] () -- C:\Users\Username\AppData\Roaming\x0003.dat
[2011.11.22 17:53:53 | 000,000,441 | ---- | M] () -- C:\Users\Username\AppData\Roaming\x0005.dat
[2011.11.22 17:53:53 | 000,000,219 | ---- | M] () -- C:\Users\Username\AppData\Roaming\x0002.dat
[2011.11.22 17:53:53 | 000,000,003 | ---- | M] () -- C:\Users\Username\AppData\Roaming\x0000.dat
[2011.11.21 22:22:15 | 000,001,356 | ---- | M] () -- C:\Users\Username\AppData\Local\d3d9caps.dat
[2011.11.21 22:06:52 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.11.21 15:27:31 | 000,257,719 | ---- | M] () -- C:\Users\Username\Desktop\iphone 3g.jpg
[2011.11.18 13:08:11 | 000,030,329 | ---- | M] () -- C:\Users\Username\Desktop\sadasda.jpg
[2011.11.17 00:10:14 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.11.17 00:07:15 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.11.16 01:18:44 | 000,144,098 | ---- | M] () -- C:\Users\Username\Desktop\cats.jpg
[2011.11.15 20:03:59 | 000,112,640 | ---- | M] () -- C:\Users\Username\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.13 16:07:45 | 000,000,862 | ---- | M] () -- C:\Users\Username\Desktop\PokerStars.lnk
[2011.11.09 17:54:11 | 000,000,600 | ---- | M] () -- C:\Users\Username\AppData\Roaming\winscp.rnd
[2011.11.04 11:31:35 | 000,001,025 | ---- | M] () -- C:\Users\Username\Desktop\Free Audio Dub.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.23 14:07:22 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.22 17:53:53 | 000,025,645 | ---- | C] () -- C:\Users\Username\AppData\Roaming\x0001.dat
[2011.11.22 17:53:53 | 000,002,097 | ---- | C] () -- C:\Users\Username\AppData\Roaming\x0006.dat
[2011.11.22 17:53:53 | 000,001,335 | ---- | C] () -- C:\Users\Username\AppData\Roaming\x0004.dat
[2011.11.22 17:53:53 | 000,000,491 | ---- | C] () -- C:\Users\Username\AppData\Roaming\x0003.dat
[2011.11.22 17:53:53 | 000,000,441 | ---- | C] () -- C:\Users\Username\AppData\Roaming\x0005.dat
[2011.11.22 17:53:53 | 000,000,219 | ---- | C] () -- C:\Users\Username\AppData\Roaming\x0002.dat
[2011.11.22 17:53:53 | 000,000,003 | ---- | C] () -- C:\Users\Username\AppData\Roaming\x0000.dat
[2011.11.21 15:27:31 | 000,257,719 | ---- | C] () -- C:\Users\Username\Desktop\iphone 3g.jpg
[2011.11.18 13:08:11 | 000,030,329 | ---- | C] () -- C:\Users\Username\Desktop\sadasda.jpg
[2011.11.17 00:10:14 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.11.17 00:07:15 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.11.16 01:18:43 | 000,144,098 | ---- | C] () -- C:\Users\Username\Desktop\cats.jpg
[2011.11.13 16:07:45 | 000,000,862 | ---- | C] () -- C:\Users\Username\Desktop\PokerStars.lnk
[2011.11.04 11:31:35 | 000,001,025 | ---- | C] () -- C:\Users\Username\Desktop\Free Audio Dub.lnk
[2011.07.29 12:51:24 | 000,023,580 | ---- | C] () -- C:\Users\Username\AppData\Roaming\UserTile.png
[2011.04.20 14:15:27 | 008,676,883 | ---- | C] () -- C:\Windows\System32\mp3Media2.dll
[2011.02.06 22:21:35 | 000,000,675 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
[2010.10.27 15:11:42 | 000,000,600 | ---- | C] () -- C:\Users\Username\AppData\Roaming\winscp.rnd
[2010.10.15 07:49:32 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.09.02 21:34:03 | 000,023,686 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010.08.26 16:57:57 | 000,225,392 | ---- | C] () -- C:\Windows\hpoins43.dat
[2010.08.23 12:08:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.16 00:06:24 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys
[2010.06.16 00:06:24 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys
[2010.06.16 00:06:24 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini
[2010.06.10 20:20:35 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.04.29 13:16:59 | 000,003,982 | ---- | C] () -- C:\Windows\kj01d.sys
[2010.04.29 13:11:35 | 000,000,255 | ---- | C] () -- C:\Windows\z56k2.ini
[2009.12.17 14:23:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.12.17 14:23:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.12.16 15:38:45 | 000,001,356 | ---- | C] () -- C:\Users\Username\AppData\Local\d3d9caps.dat
[2009.12.15 06:40:05 | 000,014,028 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2009.12.14 22:09:00 | 000,112,640 | ---- | C] () -- C:\Users\Username\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.14 22:03:36 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2009.12.14 22:03:36 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2009.12.14 22:03:36 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009.12.14 22:03:36 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009.12.14 22:03:36 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009.06.11 11:34:22 | 000,000,675 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2008.11.20 12:57:32 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.11.20 12:57:32 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.11.20 12:57:32 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.11.20 12:57:32 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.11.20 04:52:53 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.11.20 04:52:53 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.11.20 04:20:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.11.11 04:27:31 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.11.11 04:27:24 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.11.11 04:27:24 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.11.11 04:26:52 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,328,096 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003.05.13 21:41:58 | 000,049,152 | ---- | C] () -- C:\Windows\System32\cdlock.dll
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2009.12.14 22:11:45 | 000,000,000 | -HSD | M] -- C:\Users\Username\AppData\Roaming\.#
[2011.10.09 22:06:33 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\Boilsoft
[2011.11.22 17:28:48 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\Complitly
[2011.04.23 12:22:08 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\Desktopicon
[2011.11.04 11:31:46 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\DVDVideoSoft
[2011.01.23 21:13:55 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\GetRightToGo
[2011.05.22 23:31:10 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\gtk-2.0
[2011.11.22 23:02:31 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\ICQ
[2011.07.12 00:08:08 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\IrfanView
[2010.03.27 00:52:58 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\JonDo
[2010.11.18 22:23:45 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\Leadertech
[2011.07.24 23:57:38 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\Leawo
[2011.07.24 23:59:09 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\Leawo Video2AVI v2
[2010.06.10 20:25:59 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\MAGIX
[2011.01.13 02:00:14 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\Nokia
[2010.06.30 14:37:23 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\PC Suite
[2011.11.23 13:54:15 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\PhotoScape
[2010.11.29 18:25:16 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\PixelPlanet
[2011.07.21 00:17:18 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\ProgSense
[2011.02.27 19:51:54 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\Tinn-R
[2010.09.01 18:06:02 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\TuneUp Software
[2011.04.26 00:14:51 | 000,000,000 | ---D | M] -- C:\Users\Username\AppData\Roaming\WindSolutions
[2011.11.23 15:35:13 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.15 13:33:00 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8340A3AF-B83C-47D8-8772-47B1F1F9399B}.job
 
========== Purity Check ==========
 
< End of report >
         
----------------------------------------------------------------------------

Code:
ATTFilter
OTL Extras logfile created on: 25.11.2011 13:34:28 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Username\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 51,97% Memory free
6,22 Gb Paging File | 4,65 Gb Available in Paging File | 74,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,65 Gb Total Space | 47,31 Gb Free Space | 33,17% Space Free | Partition Type: NTFS
Drive D: | 142,67 Gb Total Space | 107,35 Gb Free Space | 75,24% Space Free | Partition Type: NTFS
 
Computer Name: Username-PC | User Name: Username | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe" = C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe:*:Enabled:iPhone PC Suite.exe
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0642D4A0-AA96-4067-8D90-477947C35CDC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{30565A69-571C-4B6E-814C-54BD33B03BE7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{36AE62A1-2D90-4A9B-94D0-A10022966308}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4386A3AF-5AE8-45A9-A4B8-78A762645EE5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{62959022-C6A0-4244-9543-DECBBA5CB2CF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{72A2FDA4-3565-46AC-856D-44C5E5E92905}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7DE65BC8-8E2F-4B8B-8A19-36C5A92B60B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{8061505C-F40B-4B8B-AE6C-634ECED3580E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{826C8AED-DF86-4D89-8B00-46D8386ACFC9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{851AD4BF-A329-4CD1-912C-209F7B85B665}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A4F6C048-D64F-4BEE-A08E-DD6CDE0CB00D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{AAD65E1A-4419-42DF-9188-D8FEF34551B9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B31C7FCC-73ED-4D92-B6E6-CCDBBF9BC603}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{EE56244A-A88B-4A2D-93EE-1AF4C2296921}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FB2595DC-6F33-4612-97DD-9F898502141B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008FA1AE-E93C-431D-A38E-DEF14C6AE117}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{02B15782-4AF2-46A5-94DA-8F6F0E86C546}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{152688F3-1D21-40C5-AF86-D38B85855A15}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{233D5393-DC94-4156-9714-2FDB9BCB78A0}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{27C67D07-85B5-4735-97F9-4DAE73B78CFE}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{2A86A20B-5F83-4635-A518-C8B5758A51B5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2ADD8A2F-7494-45FD-936C-0A2952EC8BC9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{2B99649F-98B5-4F58-B360-EB91215A6B32}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{2CC80CE2-5955-4C72-9152-A5BE4EBC4F79}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{2EC0276E-F33B-42D4-9EF9-22AFC158B5C2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{2EE4461F-AC09-43F1-8BDC-D5CCCC50CE45}" = dir=in | app=c:\program files\netdragon\91 mobile\iphone\iphone pc suite.exe | 
"{3BBD84DE-5687-4C5A-935E-1BE2229992E3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{4015244C-F80C-439E-8EEB-7D5FE709B559}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{44484ABD-DD77-408B-8C79-E689A99E38CF}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{4D9140AE-A55D-4D42-8CC2-3F0E74E0DA6B}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{59743E67-E342-4AA3-84ED-DE04A35BC917}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5C6E19D7-D66F-4527-8874-F4A29E302BC6}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{6A416180-69D0-428A-AD45-90F10FF81764}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8269F7A1-EA8E-43D4-B17E-6D2E6A9016DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{87499AF5-B054-4109-8410-BC7B82A7BDB7}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{89F7BEAD-E7AC-4805-BFE0-C7551D231C15}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{8ED7A5E9-400F-4476-933B-CF8DCA042A09}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{A0616B67-8C9C-4494-A6D3-C7BC45511890}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{A156265C-5219-4C52-8F95-FD5E8F371605}" = dir=in | app=e:\setup\hpznui01.exe | 
"{A27F6D9F-377F-4799-9579-0E35C6ACB784}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{A423F5BD-A9E8-4C5B-A364-E6794015A8CF}" = dir=in | app=c:\program files\netdragon\91 mobile\iphone\iphone pc suite.exe | 
"{A77DB892-D6B4-4FD7-BBAD-2901843261C6}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{AB1DD549-C93C-4783-90AC-EE1E37B97205}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{B951183C-1BB5-46FF-8547-14BCA56CE7DC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BC774B26-93AF-40E4-8FD2-D1DD6123764C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{BE6D7986-43D9-45F7-9145-051B8F9A7F45}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{C88F1B69-C5DA-4A65-9BAE-375075EAC445}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{C91121C4-45C3-458D-977F-3AB226527D24}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{CCF7121C-7AC1-4804-AF31-67171947487D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D45285C4-4D1A-4AD0-B993-061BB2DCB182}" = dir=in | app=c:\program files\netdragon\91 mobile\iphone\iphone pc suite.exe | 
"{D743DF2C-1CF4-4C74-BEA4-5380817B28E8}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{D8639A8F-2DE0-487D-A354-59A25A759310}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{DD306AB2-7D12-4287-8CEC-39D6EB8A6692}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{E15F2818-17CE-46C9-93DB-EC606F38C233}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{E22FC8D2-4C81-4E9E-93E8-727EE0E16373}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{E6EDF2B2-F409-4CAD-BBAC-66FF77F04B98}" = dir=in | app=c:\program files\netdragon\91 mobile\iphone\iphone pc suite.exe | 
"{ED134EDF-1834-4BBA-9698-0F151906F2B6}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{EE94C808-BC30-4508-B31E-D2AD6ACFED6F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{F1BEF671-90AE-4028-A489-08738CCEBF93}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{F866B6BD-DCB3-46C5-AEFF-F06CB60C36CC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"TCP Query User{1B5BF138-46A9-47FA-B112-06AACCCB371A}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{3A58F751-3F40-40D8-A52A-1D38BF0A987A}C:\users\Username\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\Username\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"TCP Query User{3C60D1D1-C6FC-41CD-B2D7-ECEE43BD1C05}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{52F9BDDF-A4E6-46D9-87B3-944F4554863F}C:\users\Username\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light" = protocol=6 | dir=in | app=c:\users\Username\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light | 
"TCP Query User{595CAC55-1B2D-4595-A1FA-DE07E9CB5A8E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{5A079FD7-654F-48FA-B7EF-904D117D7E5A}C:\windows\system32\macromed\flash\flashutil10t_activex.exe" = protocol=6 | dir=in | app=c:\windows\system32\macromed\flash\flashutil10t_activex.exe | 
"TCP Query User{617770C3-2F54-4EC3-A636-7026EE441F7D}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{7BADDAA7-9B7F-4263-898F-B826E3060D1E}D:\fifaaaa\game\fifa.exe" = protocol=6 | dir=in | app=d:\fifaaaa\game\fifa.exe | 
"TCP Query User{918A7E89-DA4D-443E-B18A-47AD184C2FC1}C:\windows\rthdvcpl.exe" = protocol=6 | dir=in | app=c:\windows\rthdvcpl.exe | 
"TCP Query User{98DEC0DD-B668-4BC4-8634-EB91CB063FEE}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{A15731B2-BA0C-4F2F-9A10-589BF935CBB3}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"TCP Query User{BE77A2A7-A18C-41E1-80E6-3DC335920E69}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{BF936373-AF57-42A9-A236-121D68719B6F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{D0075ECA-4049-4EB4-97D6-69661605E3AE}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"TCP Query User{D41AA4B4-01B7-4DC4-94F6-26789FFCCE1E}C:\program files\synaptics\syntp\syntpenh.exe" = protocol=6 | dir=in | app=c:\program files\synaptics\syntp\syntpenh.exe | 
"TCP Query User{E5DDD02F-9AFF-45A6-AF80-3FA80D407DD0}C:\program files\ea sports\fifa 11 demo\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11 demo\game\fifa.exe | 
"TCP Query User{EA392568-6BAB-4222-877E-583371419941}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{F1B25125-ABB5-451A-BB27-FFC87DEC9B83}C:\program files\netdragon\91 mobile\iphone\iphone pc suite.exe" = protocol=6 | dir=in | app=c:\program files\netdragon\91 mobile\iphone\iphone pc suite.exe | 
"TCP Query User{F443D09C-2FDF-426A-B01E-86DF788D4574}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{F5BEDCB7-E6CE-4415-AC16-70C05EA2E4C8}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"TCP Query User{F6EC12F8-4665-44DD-8607-11AAE0B2B6F1}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{0386E77C-9C1B-4C11-9D42-B3271A3659CC}C:\windows\system32\macromed\flash\flashutil10t_activex.exe" = protocol=17 | dir=in | app=c:\windows\system32\macromed\flash\flashutil10t_activex.exe | 
"UDP Query User{1AB71389-9FA9-4ACD-88A8-9CD33BBC5EC2}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{27990AB9-E049-4843-B1CC-8B475BDB86FF}C:\windows\rthdvcpl.exe" = protocol=17 | dir=in | app=c:\windows\rthdvcpl.exe | 
"UDP Query User{2812AF5D-6979-4F71-B0CF-587D7FFFF982}D:\fifaaaa\game\fifa.exe" = protocol=17 | dir=in | app=d:\fifaaaa\game\fifa.exe | 
"UDP Query User{367BE10D-8631-489C-9AFC-67D5AD470773}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{5C7C8A2D-D67E-41B1-B9DD-B1C4C968A152}C:\program files\synaptics\syntp\syntpenh.exe" = protocol=17 | dir=in | app=c:\program files\synaptics\syntp\syntpenh.exe | 
"UDP Query User{63235350-DEBC-4FA8-8EF4-DD7A4B138A8F}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{6A033DE9-0EB4-4C04-AB65-59541CA28892}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{771054A4-7897-4682-B6BD-8884F05D9163}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{89F7C6C2-C636-4F0A-9310-537F3DF26C17}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"UDP Query User{8AED09BA-7A89-46A1-B68C-58F8D7355B64}C:\program files\netdragon\91 mobile\iphone\iphone pc suite.exe" = protocol=17 | dir=in | app=c:\program files\netdragon\91 mobile\iphone\iphone pc suite.exe | 
"UDP Query User{A175886B-CC86-400C-AF45-BE50184827E5}C:\program files\ea sports\fifa 11 demo\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11 demo\game\fifa.exe | 
"UDP Query User{A9A714B1-A6ED-4C6C-AB0D-E19A3078F3DC}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{BBF2F775-2351-4FF8-A9AD-60B43F604746}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{C9112D65-94BE-44B8-8C15-E33D89549E56}C:\users\Username\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light" = protocol=17 | dir=in | app=c:\users\Username\appdata\local\temp\jivexviewer\jre\bin\jivex[dv] light | 
"UDP Query User{CF6EAED0-7190-4FBD-B105-4A4E9B751AA9}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"UDP Query User{D130FA76-3B65-4745-8519-66A00A2B1D24}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"UDP Query User{D137F57E-EC45-4445-910F-9481E89DBE4E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{D75AEE26-7599-4ECC-9280-E2C6836F7266}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{E8E21047-ECA4-4A1C-9F79-66B0CD4F96C5}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"UDP Query User{EA0DAE03-FAFF-4335-93CE-9857858151D0}C:\users\Username\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\Username\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{302E9B7B-2B6A-4C29-9A02-9F2110649779}" = Nuvoton EC Generic HID Driver
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D42B43A-EA63-4234-B00A-757C15B2B185}_is1" =  Leawo AVI Converter Version  4.0.0.0
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time  Lib Setup
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D31DAB50-15BD-404E-8CEB-FCEE95F33D59}" = PdfEditor
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F870B987-18BC-45FC-9BE8-35C02DCDA10F}" = Broadcom Gigabit Integrated Controller
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced PDF-to-Word 1.0 Demo" = Advanced PDF-to-Word 1.0 Demo
"Ashampoo WinOptimizer 8_is1" = Ashampoo WinOptimizer 8 v.8.04
"AutocompletePro2_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.908
"Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"PhotoScape" = PhotoScape
"PokerStars" = PokerStars
"RealPlayer 12.0" = RealPlayer
"SopCast" = SopCast 3.2.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.11
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Azinky Gameroom" = Azinky Gameroom
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.11.2011 07:46:49 | Computer Name = Username-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14024
 
Error - 15.11.2011 08:09:19 | Computer Name = Username-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.11.2011 08:09:19 | Computer Name = Username-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1364041
 
Error - 15.11.2011 08:09:19 | Computer Name = Username-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1364041
 
Error - 15.11.2011 08:09:20 | Computer Name = Username-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.11.2011 08:09:20 | Computer Name = Username-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1365211
 
Error - 15.11.2011 08:09:20 | Computer Name = Username-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1365211
 
Error - 15.11.2011 08:09:22 | Computer Name = Username-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.11.2011 08:09:22 | Computer Name = Username-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1366397
 
Error - 15.11.2011 08:09:22 | Computer Name = Username-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1366397
 
[ System Events ]
Error - 23.11.2011 08:44:00 | Computer Name = Username-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 23.11.2011 08:45:34 | Computer Name = Username-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.11.2011 08:57:09 | Computer Name = Username-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 23.11.2011 08:58:31 | Computer Name = Username-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.11.2011 09:12:10 | Computer Name = Username-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 23.11.2011 09:14:08 | Computer Name = Username-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 23.11.2011 09:16:52 | Computer Name = Username-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 23.11.2011 09:17:44 | Computer Name = Username-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.11.2011 10:36:24 | Computer Name = Username-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 23.11.2011 10:37:54 | Computer Name = Username-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         

Alt 25.11.2011, 13:55   #9
Antonio89
 
TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll - Standard

TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll



Und hier die Textdatei von CCleaner:

Code:
ATTFilter
Acer GridVista		13.12.2009	1,51MB	2.72.317
Acer Mobility Center Plug-In	Acer Inc.	19.11.2008	4,13MB	3.0.3000
Acer Product Registration	Acer Incorporated	13.12.2009	5,92MB	3.0.0.10
Adobe AIR	Adobe Systems Inc.	15.09.2010	28,4MB	2.0.2.12610
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	18.07.2011		10.3.181.26
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	20.11.2011		11.1.102.55
Adobe Reader 9.4.5 - Deutsch	Adobe Systems Incorporated	18.06.2011	166,4MB	9.4.5
Advanced PDF-to-Word 1.0 Demo		29.11.2010	0,70MB	
Apple Application Support	Apple Inc.	10.10.2011	61,1MB	2.1.5
Apple Mobile Device Support	Apple Inc.	16.11.2011	24,1MB	4.0.0.97
Apple Software Update	Apple Inc.	07.07.2011	2,38MB	2.1.3.127
Ashampoo WinOptimizer 8 v.8.04	Ashampoo GmbH & Co. KG	22.04.2011	57,5MB	8.0.4
AutocompletePro		05.01.2011	0,86MB	
Avira AntiVir Personal - Free Antivirus	Avira GmbH	14.10.2011	72,6MB	10.2.0.704
AviSynth 2.5		23.06.2010	5,81MB	
Azinky Gameroom	Azinky Games	20.11.2011		
Bonjour	Apple Inc.	10.10.2011	0,73MB	3.0.0.10
Broadcom Gigabit Integrated Controller	Broadcom Corporation	09.11.2008	0,90MB	11.32.03
CCleaner	Piriform	24.11.2011	4,13MB	3.12
Complitly		04.10.2011	0,78MB	
DivX Plus Web Player	DivX,Inc.	16.12.2009	8,77MB	2.0.0
Free Audio Dub version 1.7.9.908	DVDVideoSoft Ltd.	03.11.2011	3,25MB	
Freez FLV to MP3 Converter	www.smallvideosoft.com	19.04.2011	9,21MB	1.5
GIMP 2.6.11	The GIMP Team	14.05.2011	111,1MB	2.6.11
HDAUDIO Soft Data Fax Modem with SmartCP		19.11.2008	0,71MB	
HP Customer Participation Program 13.0	HP	25.08.2010	270MB	13.0
HP Imaging Device Functions 13.0	HP	25.08.2010	3,36MB	13.0
HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6	HP	25.08.2010	39,0MB	13.0
HP Print Projects 1.0	HP	25.08.2010	3,29MB	1.0
HP Smart Web Printing 4.60	HP	01.09.2010	26,4MB	4.60
HP Solution Center 13.0	HP	25.08.2010	3,45MB	13.0
HP Update	Hewlett-Packard	25.08.2010	3,76MB	4.000.011.006
ICQ7.6	ICQ	03.10.2011	57,0MB	7.6
iTunes	Apple Inc.	16.11.2011	169,7MB	10.5.1.42
Java(TM) 6 Update 29	Sun Microsystems, Inc.	28.12.2009	95,0MB	6.0.290
Launch Manager		13.12.2009	2,40MB	
Leawo AVI Converter Version  4.0.0.0		25.07.2011		
Malwarebytes' Anti-Malware Version 1.51.2.1300	Malwarebytes Corporation	22.11.2011	4,80MB	1.51.2.1300
Messenger Plus! 5	Yuna Software	29.09.2011	17,0MB	5.10.0.748
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	16.12.2009	37,0MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	15.12.2009	27,8MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	24.06.2010	120,3MB	4.0.30319
Microsoft Office File Validation Add-In	Microsoft Corporation	13.09.2011	7,92MB	14.0.5130.5003
Microsoft Office Home and Student 2007	Microsoft Corporation	15.12.2009	298MB	12.0.6425.1000
Microsoft Office Suite Activation Assistant	Microsoft Corporation	19.11.2008	8,37MB	2.9
Microsoft Silverlight	Microsoft Corporation	11.10.2011	20,3MB	4.0.60831.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	03.01.2011	1,74MB	3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	15.12.2009	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.06.2011	0,29MB	8.0.61001
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	15.12.2009	0,19MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	18.04.2011	0,58MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	15.09.2010	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	15.12.2009	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	01.02.2011	0,57MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15.06.2011	0,58MB	9.0.30729.6161
Microsoft Visual C++ Run Time  Lib Setup	Microsoft	24.07.2011	0,17MB	1.0.0
Microsoft Works	Microsoft Corporation	15.12.2009		08.05.0822
Mozilla Firefox 8.0 (x86 de)	Mozilla	08.11.2011	38,1MB	8.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	13.12.2009	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	15.12.2009	1,34MB	4.20.9876.0
Nokia PC Suite	Nokia	29.06.2010	43,2MB	7.1.51.0
NTI Backup Now 5	NewTech Infosystems	19.11.2008	28,6MB	5.1.2.606
NTI Media Maker 8	NewTech Infosystems	19.11.2008	187,0MB	8.0.2.6329
Nur Deinstallierung der CopyTrans Suite möglich.	WindSolutions	25.04.2011	10,5MB	2.27
Nuvoton EC Generic HID Driver	Nuvoton Technology Corporation	13.12.2009	2,44MB	7.80.5000
NVIDIA 3D Vision Controller-Treiber 280.19	NVIDIA Corporation	18.08.2011	0,41MB	280.19
NVIDIA Grafiktreiber 280.26	NVIDIA Corporation	18.08.2011	93,2MB	280.26
NVIDIA HD-Audiotreiber 1.2.23.3	NVIDIA Corporation	18.08.2011	3,28MB	1.2.23.3
NVIDIA PhysX-Systemsoftware 9.10.0514	NVIDIA Corporation	15.05.2011	73,3MB	9.10.0514
NVIDIA Update 1.4.28	NVIDIA Corporation	18.08.2011	6,36MB	1.4.28
Octoshape add-in for Adobe Flash Player		02.06.2011		
PC Inspector File Recovery		31.08.2010	5,93MB	4.0
PDF24 Creator 3.0.0	PDF24.org	30.04.2011	35,4MB	
PdfEditor	PixelPlanet	28.11.2010	54,9MB	1.0
PhotoScape		15.12.2009	25,9MB	
PokerStars	PokerStars	12.11.2011	88,4MB	
QuickTime	Apple Inc.	16.11.2011	73,3MB	7.71.80.42
RealPlayer	RealNetworks	21.07.2011	92,6MB	
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	13.12.2009	28,1MB	6.0.1.5704
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	19.11.2008	6,58MB	3.0.1.3
SopCast 3.2.4	SopCast.com	22.01.2010	9,11MB	3.2.4
SUPERAntiSpyware	SUPERAntiSpyware.com	15.05.2011	55,1MB	4.52.1000
Synaptics Pointing Device Driver	Synaptics	10.11.2008	14,4MB	11.1.4.0
Text-To-Speech-Runtime	Magix Development GmbH	09.06.2010	0,25MB	1.0.0.0
VLC media player 1.1.11	VideoLAN	18.08.2011	82,3MB	1.1.11
vShare.tv plugin 1.3	vShare.tv, Inc.	27.08.2011	0,58MB	1.3
Windows Live Essentials	Microsoft Corporation	02.08.2011		15.4.3538.0513
Windows Live Sync	Microsoft Corporation	03.01.2011	2,79MB	14.0.8117.416
Windows Media Player Firefox Plugin	Microsoft Corp	25.10.2010	0,29MB	1.0.0.8
WinRAR		15.12.2009	3,78MB
         
Habe noch eine Frage.. Avira zeigt mir immer eine Meldung an, in der steht, dass zu meiner Sicherheut "der Zugriff auf die Datei D:\autorun.inf blockiert" wurde.
Wieso ist das so?

Alt 25.11.2011, 20:32   #10
kira
/// Helfer-Team
 
TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll - Standard

TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll



Zitat:
Zitat von Antonio89 Beitrag anzeigen
Avira zeigt mir immer eine Meldung an, in der steht, dass zu meiner Sicherheut "der Zugriff auf die Datei D:\autorun.inf blockiert" wurde.
Wieso ist das so?
schaue nach ob, im Konfiguration/Expertenmodus ein Haken (bei "Aktion bei Fund -> Autostart-Funktion blockieren) drin ist?

1.
Im Browser unter Start u. Suchseite benötigst?:
Zitat:
preisvergleich
startsear
web.de
bild.de
2.
Ist Dir bekannt?:
Zitat:
[2011.11.21 15:15:23 | 000,000,000 | ---D | C] -- C:\Users\Username\Desktop\860OKMZO
und
Zitat:
[2011.11.22 17:53:53 | 000,025,645 | ---- | C] () -- C:\Users\Username\AppData\Roaming\x0001.dat
[2011.11.22 17:53:53 | 000,002,097 | ---- | C] () -- C:\Users\Username\AppData\Roaming\x0006.dat
[2011.11.22 17:53:53 | 000,001,335 | ---- | C] () -- C:\Users\Username\AppData\Roaming\x0004.dat
[2011.11.22 17:53:53 | 000,000,491 | ---- | C] () -- C:\Users\Username\AppData\Roaming\x0003.dat
[2011.11.22 17:53:53 | 000,000,441 | ---- | C] () -- C:\Users\Username\AppData\Roaming\x0005.dat
[2011.11.22 17:53:53 | 000,000,219 | ---- | C] () -- C:\Users\Username\AppData\Roaming\x0002.dat
[2011.11.22 17:53:53 | 000,000,003 | ---- | C] () -- C:\Users\Username\AppData\Roaming\x0000.dat
3.
Messenger Plus! Live:
Zur Kategorie des Unsicheren gehört! Hast Du während der Installation der von Programm "zusätzlich" angebotenen Software abgewählt? Nämlich da neben der eigentlichen Software auch Adware -Programm wird (mit)installiert
Wenn du unbedingt möchtest (nicht empfohlen, da es absolut nicht nötig ist und dein MSN davon nicht betroffen), kannst du nochmal installieren, aber alles genau durchlesen, und Partnerprogrammen, Sponsoren etc möglichst abwählen![/b][/size][/quote]
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
es ist besser ein Spy- und Adware freies Messenger Tool einzusetzen - wie Trillian,kann man in der Basisversion von Trillian die Instant Messenger ICQ, AIM, Yahoo! Messenger, Windows Live Messenger (MSN) und IRC vereinen) oder Miranda ),kannst du nochmal installieren,aber alles genau durchlesen, und Partnerprogrammen,Sponsoren etc musst du abwählen!

4.
Falls unter Systemsteuerung-> "Programme und Funktionen" existiert...
und wenn ohne deine Erlaubnis installiert wurde und nicht benötigst, kannst deinstallieren:
Code:
ATTFilter
vShare.tv plugin
         
- Manche Erweiterungen wollen sich doch nur wichtig machen

5.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

6.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf


7.
Hast Du absichtlich die IP "127.0.0.1:5220" als Proxy eingestellt? Wenn ja, warum? Wenn nein:
wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus
im Internet Explorer:
Extras => Internetoptionen => Verbindungen => Lan-Einstellungen
Haken bei Proxyserver für LAN verwenden und Proxyserver für lokale Adressen umgehen entfernen.

Zitat:
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:5220
8.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bild.de/
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
[2010.08.12 15:48:32 | 000,005,591 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\1und1-suche.xml
[2010.10.22 23:57:45 | 000,000,873 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\conduit.xml
[2011.06.20 20:04:02 | 000,000,950 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\icqplugin-2.xml
[2011.08.17 13:49:31 | 000,000,950 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\icqplugin-3.xml
[2011.08.28 17:51:44 | 000,000,950 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\icqplugin-4.xml
[2011.09.07 13:20:45 | 000,000,950 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\icqplugin-5.xml
[2011.09.27 17:07:51 | 000,000,950 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\icqplugin-6.xml
[2011.10.01 11:17:09 | 000,000,950 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\icqplugin-7.xml
[2011.11.09 19:52:59 | 000,000,950 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\icqplugin-8.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\icqplugin.xml
[2010.12.29 20:27:14 | 000,003,915 | ---- | M] () -- C:\Users\Username\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\sweetim.xml
[2011.05.01 23:41:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.05.01 23:41:32 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
CHR - default_search_provider: SweetIM Search ()
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.

Reg:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{98DEC0DD-B668-4BC4-8634-EB91CB063FEE}C:\program files\limewire\limewire.exe" =-
"UDP Query User{D130FA76-3B65-4745-8519-66A00A2B1D24}C:\program files\limewire\limewire.exe" =-

:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

9.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

10.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

11.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:
► Berichte mir kurz über alle Umsetzungsschritte, die Du erledigt hast!
► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 26.11.2011, 05:27   #11
Antonio89
 
TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll - Standard

TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll



Ja, im Konfiguration/Expertenmodus ist ein Haken (bei "Aktion bei Fund -> Autostart-Funktion blockieren) drin! Soll ich den Haken entfernen?

Zu 1.)
Ich brauche keine der Suchseiten, ich hab die schon mehrmals versucht zu löschen, aber das ging irgendwie nicht, ich versuchs nochmal.

Zu 2.)
Das ist ein Ordner mit Fotos von meinem Handy.
Die sieben "... .dat" Dateien sind mir nicht bekannt, die sind auch neu in dem Ordner.

Zu 3.)
Ich wähle generell immer diese Angebote und Toolbars ab, da sie mich stören. Daher benutz ich auch immer Benutzerdefinierte Installationen.
Ich habe es aber gerade nochmal deinstalliert und anschließend wieder neu installiert.

Zu 4.)
Das habe ich selber heruntergelaaden um Streams im Internet zu sehen.

Zu 5.)
Gerade geschehen.

Zu 6.)
Gerade geschehen.

Zu 7.)
Nein, die IP habe ich nicht absichtlich als Proxy eingestellt, kenne mich damit auch nicht aus. Wenn ich den Haken bei Proxyserver für LAN verwenden setze, dann kommt folgende Fehlermeldung bei Firefox: "Fehler: Proxy-Server verweigert die Verbindung. Firefox wurde konfiguriert, einen Proxy-Server zu nutzen, der die Verbindung zurückweist."

Zu 8.)
[quote]
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
File C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\1und1-suche.xml not found.
File C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\conduit.xml not found.
C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\icqplugin.xml moved successfully.
File C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\7jknhtdv.default\searchplugins\sweetim.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\bing.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml not found.
Unable to fix default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File EY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: X
->Temp folder emptied: 244080 bytes
->Temporary Internet Files folder emptied: 36876 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 20365760 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4475 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 20,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11262011_043154

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
[\quote]

Habe zunächst vergessen, das "Username" zu ersetzen beim Script, habe das dann aber ein zweites Mal laufen lassen.

Zu 9.)
Bei mir gibt es die Rubrik "Statistiken und Protokolle" nicht
Deswegen poste ich mal die Logfile, ich hoffe das bringt dir auch was:
[quote]
SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 11/26/2011 at 05:04 AM

Application Version : 5.0.1136

Core Rules Database Version : 7988
Trace Rules Database Version: 5800

Scan type : Complete Scan
Total Scan Time : 00:09:37

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned : 794
Memory threats detected : 0
Registry items scanned : 40815
Registry threats detected : 0
File items scanned : 11678
File threats detected : 22

Adware.Tracking Cookie
C:\USERS\X\AppData\Roaming\Microsoft\Windows\Cookies\Low\65X9QGGP.txt [ Cookie:X@serving-sys.com/ ]
.smartadserver.com [ C:\USERS\X\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JKNHTDV.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\X\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JKNHTDV.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\X\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JKNHTDV.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\X\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JKNHTDV.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\X\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JKNHTDV.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\X\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JKNHTDV.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\X\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JKNHTDV.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\X\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JKNHTDV.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\X\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JKNHTDV.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\X\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JKNHTDV.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\X\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JKNHTDV.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\X\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JKNHTDV.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\X\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JKNHTDV.DEFAULT\COOKIES.SQLITE ]
.im.banner.t-online.de [ C:\USERS\X\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JKNHTDV.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\X\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JKNHTDV.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\X\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JKNHTDV.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\X\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JKNHTDV.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\X\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JKNHTDV.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\X\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JKNHTDV.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\X\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JKNHTDV.DEFAULT\COOKIES.SQLITE ]
.olympiaverlag.122.2o7.net [ C:\USERS\X\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JKNHTDV.DEFAULT\COOKIES.SQLITE ]
[\quote]

Zu 10.)
Gerade Geschehen.

Zu 11.)

Hier die beiden Logfiles:
1. OTL.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.11.2011 05:15:54 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\X\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 47,99% Memory free
6,22 Gb Paging File | 4,67 Gb Available in Paging File | 75,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,65 Gb Total Space | 51,80 Gb Free Space | 36,31% Space Free | Partition Type: NTFS
Drive D: | 142,67 Gb Total Space | 107,35 Gb Free Space | 75,24% Space Free | Partition Type: NTFS
 
Computer Name: X-PC | User Name: X | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.26 04:33:36 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\X\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011.11.26 04:16:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\X\Desktop\OTL.exe
PRC - [2011.11.22 12:47:14 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011.11.09 19:52:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.10.24 16:51:19 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011.09.27 06:22:28 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.18 23:14:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.08.03 12:50:00 | 000,812,648 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.07.22 00:06:30 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2011.06.29 11:31:48 | 000,269,480 | R--- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.28 12:35:55 | 000,136,360 | R--- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.28 08:59:58 | 000,220,552 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe
PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.12.13 08:39:19 | 000,281,768 | R--- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | R--- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.09.19 04:00:10 | 006,294,048 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.26 04:53:36 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011.11.26 04:53:36 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011.11.21 22:06:52 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011.11.09 19:52:19 | 001,989,592 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.08.18 23:18:04 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011.08.18 23:18:04 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.12.12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.04.28 09:49:20 | 000,003,072 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.18 23:14:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.06.29 11:31:48 | 000,269,480 | R--- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.28 12:35:55 | 000,136,360 | R--- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [File_System | Boot | Running] --  -- (MFX)
DRV - [2011.10.09 22:06:20 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.08.18 23:14:38 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.08.18 23:14:38 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011.08.03 12:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.06.29 11:31:49 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.29 11:31:48 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.10 10:41:28 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.10.08 10:43:08 | 000,005,632 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidshim.sys -- (hidshim)
DRV - [2008.10.08 10:43:06 | 000,022,528 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys -- (nuvotonhidgeneric)
DRV - [2006.11.29 01:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = WEB.DE Suche - einfach, schnell und relevant! [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:5220
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.bild.de"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.06.30 13:14:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.02 21:34:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com [2011.01.06 02:48:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.23 13:54:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.23 13:54:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.23 13:54:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.02 21:34:36 | 000,000,000 | ---D | M]
 
[2010.05.11 23:25:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\X\AppData\Roaming\mozilla\Extensions
[2010.05.11 23:25:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\X\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011.11.23 13:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\7jknhtdv.default\extensions
[2010.07.31 01:02:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\7jknhtdv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.12 16:36:01 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\7jknhtdv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.10.20 05:54:14 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\7jknhtdv.default\extensions\vshare@toolbar
[2011.11.09 19:52:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.12.16 16:15:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.10.23 19:04:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.11.09 19:52:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.06.09 12:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011.05.01 23:41:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.01 23:41:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.01 23:41:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.01 23:41:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: SweetIM Search ()
CHR - default_search_provider: search_url = hxxp://search.sweetim.com/?q={searchTerms}&src=6&barid={9CBE9700-1381-11E0-A35D-001D72EB33B8}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PlusService] C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{287D781F-7C09-476F-9FE5-22460EB9F7BB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FAFED2A-826B-479E-B6A9-4636C777D5EA}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\X\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\X\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.26 04:18:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.11.26 04:16:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\X\Desktop\OTL.exe
[2011.11.26 04:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2011.11.26 03:45:13 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{5E829C6D-E766-435E-9BDB-ADC0191DA155}
[2011.11.26 03:45:11 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{F06C2CA0-EE5A-48FF-B417-620DF7E2CD0F}
[2011.11.25 18:42:46 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{9F35BFA7-B7EF-415E-899B-BDDC440D18A2}
[2011.11.25 14:38:04 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{62778DC2-B0A8-4B4A-A45E-0DD099839E64}
[2011.11.25 14:37:59 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{8BED579D-B1D5-4224-972B-7A61D34FE69C}
[2011.11.25 13:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.11.23 22:42:59 | 000,000,000 | ---D | C] -- C:\Users\X\Desktop\Neuer Ordner
[2011.11.23 18:41:16 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{9DFBD760-43F9-4237-A9C6-72AED4E5C95C}
[2011.11.23 18:41:11 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{6EEAFFBB-A9E4-4F31-8186-81FCCC407386}
[2011.11.23 14:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.23 14:07:18 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.23 14:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.21 17:41:45 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{EB7C7A7B-2617-4416-A264-EA56B410ED93}
[2011.11.21 17:41:43 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{39479407-4FDA-48F9-BFA1-F5F02DFB7CFB}
[2011.11.21 15:15:23 | 000,000,000 | ---D | C] -- C:\Users\X\Desktop\860OKMZO
[2011.11.20 16:27:14 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{CD57DCF7-54B4-4A56-BB6C-2EB9D2F86F3C}
[2011.11.20 16:27:12 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{9A08C7F2-FB7F-4B1B-AD9B-FE5557D38158}
[2011.11.20 03:50:41 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{FD1626A8-C0D8-4748-B79B-64D7FCD59CEA}
[2011.11.20 03:50:40 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{6569AABA-A8F2-410C-BC9F-BABD3E69AC43}
[2011.11.19 13:10:53 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{0DEA093C-66C1-444A-A04D-582D626DED36}
[2011.11.19 13:10:50 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{3C6C8F6B-2643-4440-B182-5E2EF16EE227}
[2011.11.18 13:08:32 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{4788CEDD-9B09-4EC8-BF30-CF1334DAD973}
[2011.11.18 13:08:29 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{7A53F069-EB35-4A68-A61E-8A9FAA12B851}
[2011.11.17 15:42:53 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{D8D82F69-882D-4E79-9B77-ED18248DE8F7}
[2011.11.17 15:42:49 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{EBAD3F99-6BA1-4ABF-B9BF-EAD226433C87}
[2011.11.17 00:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.11.17 00:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011.11.17 00:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.11.17 00:06:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.11.16 17:06:59 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{ADF07B13-6788-419D-BE41-BFCCF0A0921F}
[2011.11.16 17:06:56 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{E7B38FBB-5417-435D-A86A-20F6ED88DD4A}
[2011.11.15 15:26:43 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{1D2612B7-D254-41BD-AE37-701BE03BC3BA}
[2011.11.15 15:26:37 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{6EA55885-F9C5-46C0-8724-0CB2A5D1EABC}
[2011.11.14 14:47:16 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{9EA83A27-3BBC-4C44-A972-F9A3808303C6}
[2011.11.14 14:47:05 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{7278FA4D-8CC5-49EF-B49B-6D2EDCB75FA7}
[2011.11.13 17:57:03 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{68B6211A-4183-467E-9D5B-2D63E1A9DE98}
[2011.11.13 17:56:59 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{446EBDF5-1759-4AC9-9084-6D0CE6C3F3BC}
[2011.11.13 16:07:55 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\PokerStars
[2011.11.13 16:07:45 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars
[2011.11.13 16:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars
[2011.11.13 16:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.NET
[2011.11.12 13:33:45 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{478E6BF2-8342-444D-99E3-AA8ED8307B29}
[2011.11.12 13:33:42 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{850B5A7D-BB15-4D01-AFCB-295BEC1B25A9}
[2011.11.11 16:06:16 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{E0759960-EE35-4ABD-9E3D-3AF78A8C119B}
[2011.11.11 16:06:09 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{144B311A-907C-4795-9864-F43478014838}
[2011.11.10 19:44:12 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{09719CAE-665F-49A9-B020-B056AB11717D}
[2011.11.10 19:44:08 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{A1CE369E-4A01-4C85-911D-CACDE231BC56}
[2011.11.09 17:48:34 | 000,000,000 | ---D | C] -- C:\Users\X\Documents\Messenger Plus
[2011.11.09 17:34:34 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{5370CC39-6604-434F-91B2-F35DF0352D26}
[2011.11.09 17:34:28 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{4F02A01E-B81F-4241-8E86-4DAB15EE0034}
[2011.11.08 19:26:01 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{35CECC28-A13E-4802-AA6E-689AFBFDCDB9}
[2011.11.08 19:25:54 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{C59E7541-1B84-4775-8591-B18DD01B9F93}
[2011.11.07 22:54:46 | 000,000,000 | ---D | C] -- C:\Users\X\Desktop\fb
[2011.11.07 18:02:53 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{53D16C90-B704-4440-81A2-E4B9B9EB641A}
[2011.11.07 18:02:51 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{348F4583-1141-47F6-AB63-F6EA56365B79}
[2011.11.06 21:12:04 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{41B564A4-7C5B-4054-A776-53BBAC89B0A4}
[2011.11.06 21:12:00 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{42115404-AA50-4DAF-BD69-91E9BD592F8C}
[2011.11.04 21:52:38 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{23153A74-4C86-471B-A432-B0285B89A426}
[2011.11.04 21:52:35 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{1C5F6106-CA2C-44E6-9A28-EAE44EA3F497}
[2011.11.04 11:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011.11.04 11:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2011.11.03 21:59:28 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{F9747E8F-F6C0-4E27-9D46-084FD693DA85}
[2011.11.03 21:59:25 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{7AC1B7D5-4534-4380-8B71-96159DB29D9E}
[2011.11.02 18:16:49 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{66DC562D-2137-4190-AA17-9FDEB6AD2816}
[2011.11.02 18:16:47 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{D04FF37B-5B6B-4B0F-A17B-2C401C104A5C}
[2011.11.01 21:40:51 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{93D17958-D239-47BC-BF2C-CA5038935C12}
[2011.11.01 21:40:43 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{E5BA5980-11BE-4B23-A6FC-356D7DEB0D7B}
[2011.10.31 17:24:18 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{C2DA35F5-F8C3-489E-BD5A-03F441B6D5CC}
[2011.10.31 17:24:15 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{BCADEACE-EA20-4F71-8D33-1AB375088613}
[2011.10.30 12:57:42 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{8B7E54C7-3CE4-4950-90D4-6E6B8A199116}
[2011.10.30 12:57:40 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{D6248742-6850-49D3-9261-DC7122387667}
[2011.10.29 12:51:46 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{C7CC1AAE-2740-4FA9-873A-AB1CA0D78108}
[2011.10.29 12:51:44 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{D3E9133A-3896-49F9-90FB-3FCAED9D599D}
[2011.10.28 16:06:46 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{8D5E7A92-DF7C-4041-AAF8-9015E1C75BC8}
[2011.10.28 16:06:44 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{0130FD20-6F2C-48E2-9615-EC91288E7A8A}
[2011.10.27 21:22:46 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{0C9BA0E1-D0D0-4302-928E-8CCBBAF62308}
[2011.10.27 21:22:42 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{FE358269-19E2-4EE0-9B26-4B2980EE67E2}
[2010.06.16 00:06:24 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009.12.15 06:46:29 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.26 04:38:44 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.26 04:38:44 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.26 04:38:44 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.26 04:38:44 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.26 04:33:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.26 04:33:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.26 04:33:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.26 04:33:01 | 3215,847,424 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.26 04:16:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\X\Desktop\OTL.exe
[2011.11.26 04:07:31 | 000,022,908 | ---- | M] () -- C:\Users\X\Documents\cc_20111126_040727.reg
[2011.11.26 04:04:36 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.11.25 14:15:36 | 000,326,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.11.25 14:03:56 | 000,256,136 | ---- | M] () -- C:\Users\X\Documents\cc_20111125_140344.reg
[2011.11.25 13:50:25 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.23 14:07:22 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.22 23:05:00 | 000,001,335 | ---- | M] () -- C:\Users\X\AppData\Roaming\x0004.dat
[2011.11.22 17:53:53 | 000,025,645 | ---- | M] () -- C:\Users\X\AppData\Roaming\x0001.dat
[2011.11.22 17:53:53 | 000,002,097 | ---- | M] () -- C:\Users\X\AppData\Roaming\x0006.dat
[2011.11.22 17:53:53 | 000,000,491 | ---- | M] () -- C:\Users\X\AppData\Roaming\x0003.dat
[2011.11.22 17:53:53 | 000,000,441 | ---- | M] () -- C:\Users\X\AppData\Roaming\x0005.dat
[2011.11.22 17:53:53 | 000,000,219 | ---- | M] () -- C:\Users\X\AppData\Roaming\x0002.dat
[2011.11.22 17:53:53 | 000,000,003 | ---- | M] () -- C:\Users\X\AppData\Roaming\x0000.dat
[2011.11.21 22:22:15 | 000,001,356 | ---- | M] () -- C:\Users\X\AppData\Local\d3d9caps.dat
[2011.11.21 22:06:52 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.11.21 15:27:31 | 000,257,719 | ---- | M] () -- C:\Users\X\Desktop\iphone 3g.jpg
[2011.11.18 13:08:11 | 000,030,329 | ---- | M] () -- C:\Users\X\Desktop\sadasda.jpg
[2011.11.17 00:10:14 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.11.17 00:07:15 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.11.16 01:18:44 | 000,144,098 | ---- | M] () -- C:\Users\X\Desktop\cats.jpg
[2011.11.15 20:03:59 | 000,112,640 | ---- | M] () -- C:\Users\X\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.13 16:07:45 | 000,000,862 | ---- | M] () -- C:\Users\X\Desktop\PokerStars.lnk
[2011.11.09 17:54:11 | 000,000,600 | ---- | M] () -- C:\Users\X\AppData\Roaming\winscp.rnd
[2011.11.04 11:31:35 | 000,001,025 | ---- | M] () -- C:\Users\X\Desktop\Free Audio Dub.lnk
 
========== Files Created - No Company Name ==========
 
[2011.11.26 04:07:29 | 000,022,908 | ---- | C] () -- C:\Users\X\Documents\cc_20111126_040727.reg
[2011.11.25 14:03:47 | 000,256,136 | ---- | C] () -- C:\Users\X\Documents\cc_20111125_140344.reg
[2011.11.25 13:50:25 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.23 14:07:22 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.22 17:53:53 | 000,025,645 | ---- | C] () -- C:\Users\X\AppData\Roaming\x0001.dat
[2011.11.22 17:53:53 | 000,002,097 | ---- | C] () -- C:\Users\X\AppData\Roaming\x0006.dat
[2011.11.22 17:53:53 | 000,001,335 | ---- | C] () -- C:\Users\X\AppData\Roaming\x0004.dat
[2011.11.22 17:53:53 | 000,000,491 | ---- | C] () -- C:\Users\X\AppData\Roaming\x0003.dat
[2011.11.22 17:53:53 | 000,000,441 | ---- | C] () -- C:\Users\X\AppData\Roaming\x0005.dat
[2011.11.22 17:53:53 | 000,000,219 | ---- | C] () -- C:\Users\X\AppData\Roaming\x0002.dat
[2011.11.22 17:53:53 | 000,000,003 | ---- | C] () -- C:\Users\X\AppData\Roaming\x0000.dat
[2011.11.21 15:27:31 | 000,257,719 | ---- | C] () -- C:\Users\X\Desktop\iphone 3g.jpg
[2011.11.18 13:08:11 | 000,030,329 | ---- | C] () -- C:\Users\X\Desktop\sadasda.jpg
[2011.11.17 00:10:14 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.11.17 00:07:15 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.11.16 01:18:43 | 000,144,098 | ---- | C] () -- C:\Users\X\Desktop\cats.jpg
[2011.11.13 16:07:45 | 000,000,862 | ---- | C] () -- C:\Users\X\Desktop\PokerStars.lnk
[2011.11.04 11:31:35 | 000,001,025 | ---- | C] () -- C:\Users\X\Desktop\Free Audio Dub.lnk
[2011.07.29 12:51:24 | 000,023,580 | ---- | C] () -- C:\Users\X\AppData\Roaming\UserTile.png
[2011.04.20 14:15:27 | 008,676,883 | ---- | C] () -- C:\Windows\System32\mp3Media2.dll
[2011.02.06 22:21:35 | 000,000,675 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
[2010.10.27 15:11:42 | 000,000,600 | ---- | C] () -- C:\Users\X\AppData\Roaming\winscp.rnd
[2010.10.15 07:49:32 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.09.02 21:34:03 | 000,023,686 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010.08.26 16:57:57 | 000,225,392 | ---- | C] () -- C:\Windows\hpoins43.dat
[2010.08.23 12:08:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.16 00:06:24 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys
[2010.06.16 00:06:24 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys
[2010.06.16 00:06:24 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini
[2010.06.10 20:20:35 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.04.29 13:16:59 | 000,003,982 | ---- | C] () -- C:\Windows\kj01d.sys
[2010.04.29 13:11:35 | 000,000,255 | ---- | C] () -- C:\Windows\z56k2.ini
[2009.12.17 14:23:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.12.17 14:23:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.12.16 15:38:45 | 000,001,356 | ---- | C] () -- C:\Users\X\AppData\Local\d3d9caps.dat
[2009.12.15 06:40:05 | 000,014,028 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2009.12.14 22:09:00 | 000,112,640 | ---- | C] () -- C:\Users\X\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.14 22:03:36 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2009.12.14 22:03:36 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2009.12.14 22:03:36 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009.12.14 22:03:36 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009.12.14 22:03:36 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009.06.11 11:34:22 | 000,000,675 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2008.11.20 12:57:32 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.11.20 12:57:32 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.11.20 12:57:32 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.11.20 12:57:32 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.11.20 04:52:53 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.11.20 04:52:53 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.11.20 04:20:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.11.11 04:27:31 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.11.11 04:27:24 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.11.11 04:27:24 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.11.11 04:26:52 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,326,000 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003.05.13 21:41:58 | 000,049,152 | ---- | C] () -- C:\Windows\System32\cdlock.dll
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2009.12.14 22:11:45 | 000,000,000 | -HSD | M] -- C:\Users\X\AppData\Roaming\.#
[2011.10.09 22:06:33 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Boilsoft
[2011.11.22 17:28:48 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Complitly
[2011.04.23 12:22:08 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Desktopicon
[2011.11.04 11:31:46 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\DVDVideoSoft
[2011.01.23 21:13:55 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\GetRightToGo
[2011.05.22 23:31:10 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\gtk-2.0
[2011.11.22 23:02:31 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\ICQ
[2011.07.12 00:08:08 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\IrfanView
[2010.03.27 00:52:58 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\JonDo
[2010.11.18 22:23:45 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Leadertech
[2011.07.24 23:57:38 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Leawo
[2011.07.24 23:59:09 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Leawo Video2AVI v2
[2010.06.10 20:25:59 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\MAGIX
[2011.01.13 02:00:14 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Nokia
[2010.06.30 14:37:23 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\PC Suite
[2011.11.23 13:54:15 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\PhotoScape
[2010.11.29 18:25:16 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\PixelPlanet
[2011.07.21 00:17:18 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\ProgSense
[2011.02.27 19:51:54 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Tinn-R
[2010.09.01 18:06:02 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\TuneUp Software
[2011.04.26 00:14:51 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\WindSolutions
[2011.11.26 04:32:04 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.15 13:33:00 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8340A3AF-B83C-47D8-8772-47B1F1F9399B}.job
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---
[\quote]
-----------------------------------------------------------------------------
2. Extras.Txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.11.2011 05:15:54 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\X\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 47,99% Memory free
6,22 Gb Paging File | 4,67 Gb Available in Paging File | 75,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,65 Gb Total Space | 51,80 Gb Free Space | 36,31% Space Free | Partition Type: NTFS
Drive D: | 142,67 Gb Total Space | 107,35 Gb Free Space | 75,24% Space Free | Partition Type: NTFS
 
Computer Name: X-PC | User Name: X | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe" = C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe:*:Enabled:iPhone PC Suite.exe
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0642D4A0-AA96-4067-8D90-477947C35CDC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{30565A69-571C-4B6E-814C-54BD33B03BE7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{36AE62A1-2D90-4A9B-94D0-A10022966308}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4386A3AF-5AE8-45A9-A4B8-78A762645EE5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{62959022-C6A0-4244-9543-DECBBA5CB2CF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{72A2FDA4-3565-46AC-856D-44C5E5E92905}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7DE65BC8-8E2F-4B8B-8A19-36C5A92B60B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{8061505C-F40B-4B8B-AE6C-634ECED3580E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{826C8AED-DF86-4D89-8B00-46D8386ACFC9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{851AD4BF-A329-4CD1-912C-209F7B85B665}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A4F6C048-D64F-4BEE-A08E-DD6CDE0CB00D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{AAD65E1A-4419-42DF-9188-D8FEF34551B9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B31C7FCC-73ED-4D92-B6E6-CCDBBF9BC603}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{EE56244A-A88B-4A2D-93EE-1AF4C2296921}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FB2595DC-6F33-4612-97DD-9F898502141B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008FA1AE-E93C-431D-A38E-DEF14C6AE117}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{02B15782-4AF2-46A5-94DA-8F6F0E86C546}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{152688F3-1D21-40C5-AF86-D38B85855A15}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{233D5393-DC94-4156-9714-2FDB9BCB78A0}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{27C67D07-85B5-4735-97F9-4DAE73B78CFE}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{2A86A20B-5F83-4635-A518-C8B5758A51B5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2ADD8A2F-7494-45FD-936C-0A2952EC8BC9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{2B99649F-98B5-4F58-B360-EB91215A6B32}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{2CC80CE2-5955-4C72-9152-A5BE4EBC4F79}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{2EC0276E-F33B-42D4-9EF9-22AFC158B5C2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3BBD84DE-5687-4C5A-935E-1BE2229992E3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{4015244C-F80C-439E-8EEB-7D5FE709B559}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{44484ABD-DD77-408B-8C79-E689A99E38CF}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{59743E67-E342-4AA3-84ED-DE04A35BC917}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5C6E19D7-D66F-4527-8874-F4A29E302BC6}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{6A416180-69D0-428A-AD45-90F10FF81764}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8269F7A1-EA8E-43D4-B17E-6D2E6A9016DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{87499AF5-B054-4109-8410-BC7B82A7BDB7}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{89F7BEAD-E7AC-4805-BFE0-C7551D231C15}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{8ED7A5E9-400F-4476-933B-CF8DCA042A09}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{A0616B67-8C9C-4494-A6D3-C7BC45511890}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{A156265C-5219-4C52-8F95-FD5E8F371605}" = dir=in | app=e:\setup\hpznui01.exe | 
"{A27F6D9F-377F-4799-9579-0E35C6ACB784}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{A77DB892-D6B4-4FD7-BBAD-2901843261C6}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{AB1DD549-C93C-4783-90AC-EE1E37B97205}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{B951183C-1BB5-46FF-8547-14BCA56CE7DC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BC774B26-93AF-40E4-8FD2-D1DD6123764C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{BE6D7986-43D9-45F7-9145-051B8F9A7F45}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{C88F1B69-C5DA-4A65-9BAE-375075EAC445}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{C91121C4-45C3-458D-977F-3AB226527D24}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{CCF7121C-7AC1-4804-AF31-67171947487D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D743DF2C-1CF4-4C74-BEA4-5380817B28E8}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{D8639A8F-2DE0-487D-A354-59A25A759310}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{DD306AB2-7D12-4287-8CEC-39D6EB8A6692}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{E15F2818-17CE-46C9-93DB-EC606F38C233}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{E22FC8D2-4C81-4E9E-93E8-727EE0E16373}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{ED134EDF-1834-4BBA-9698-0F151906F2B6}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{EE94C808-BC30-4508-B31E-D2AD6ACFED6F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{F1BEF671-90AE-4028-A489-08738CCEBF93}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{F866B6BD-DCB3-46C5-AEFF-F06CB60C36CC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"TCP Query User{1B5BF138-46A9-47FA-B112-06AACCCB371A}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{3A58F751-3F40-40D8-A52A-1D38BF0A987A}C:\users\X\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\X\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"TCP Query User{5A079FD7-654F-48FA-B7EF-904D117D7E5A}C:\windows\system32\macromed\flash\flashutil10t_activex.exe" = protocol=6 | dir=in | app=c:\windows\system32\macromed\flash\flashutil10t_activex.exe | 
"TCP Query User{617770C3-2F54-4EC3-A636-7026EE441F7D}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{918A7E89-DA4D-443E-B18A-47AD184C2FC1}C:\windows\rthdvcpl.exe" = protocol=6 | dir=in | app=c:\windows\rthdvcpl.exe | 
"TCP Query User{A15731B2-BA0C-4F2F-9A10-589BF935CBB3}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"TCP Query User{BF936373-AF57-42A9-A236-121D68719B6F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{D41AA4B4-01B7-4DC4-94F6-26789FFCCE1E}C:\program files\synaptics\syntp\syntpenh.exe" = protocol=6 | dir=in | app=c:\program files\synaptics\syntp\syntpenh.exe | 
"TCP Query User{F443D09C-2FDF-426A-B01E-86DF788D4574}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{0386E77C-9C1B-4C11-9D42-B3271A3659CC}C:\windows\system32\macromed\flash\flashutil10t_activex.exe" = protocol=17 | dir=in | app=c:\windows\system32\macromed\flash\flashutil10t_activex.exe | 
"UDP Query User{27990AB9-E049-4843-B1CC-8B475BDB86FF}C:\windows\rthdvcpl.exe" = protocol=17 | dir=in | app=c:\windows\rthdvcpl.exe | 
"UDP Query User{367BE10D-8631-489C-9AFC-67D5AD470773}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{5C7C8A2D-D67E-41B1-B9DD-B1C4C968A152}C:\program files\synaptics\syntp\syntpenh.exe" = protocol=17 | dir=in | app=c:\program files\synaptics\syntp\syntpenh.exe | 
"UDP Query User{63235350-DEBC-4FA8-8EF4-DD7A4B138A8F}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{6A033DE9-0EB4-4C04-AB65-59541CA28892}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{CF6EAED0-7190-4FBD-B105-4A4E9B751AA9}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"UDP Query User{D75AEE26-7599-4ECC-9280-E2C6836F7266}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{EA0DAE03-FAFF-4335-93CE-9857858151D0}C:\users\X\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\X\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{302E9B7B-2B6A-4C29-9A02-9F2110649779}" = Nuvoton EC Generic HID Driver
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D42B43A-EA63-4234-B00A-757C15B2B185}_is1" =  Leawo AVI Converter Version  4.0.0.0
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time  Lib Setup
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D31DAB50-15BD-404E-8CEB-FCEE95F33D59}" = PdfEditor
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F870B987-18BC-45FC-9BE8-35C02DCDA10F}" = Broadcom Gigabit Integrated Controller
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced PDF-to-Word 1.0 Demo" = Advanced PDF-to-Word 1.0 Demo
"Ashampoo WinOptimizer 8_is1" = Ashampoo WinOptimizer 8 v.8.04
"AutocompletePro2_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.908
"Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"PhotoScape" = PhotoScape
"PokerStars" = PokerStars
"RealPlayer 12.0" = RealPlayer
"SopCast" = SopCast 3.2.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.11
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Azinky Gameroom" = Azinky Gameroom
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.11.2011 08:09:22 | Computer Name = X-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1366397
 
Error - 15.11.2011 08:09:22 | Computer Name = X-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1366397
 
Error - 15.11.2011 08:09:24 | Computer Name = X-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.11.2011 08:09:24 | Computer Name = X-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1368862
 
Error - 15.11.2011 08:09:24 | Computer Name = X-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1368862
 
Error - 15.11.2011 17:22:05 | Computer Name = X-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.11.2011 17:26:33 | Computer Name = X-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung InstallFlashPlayer.exe, Version 11.1.102.55,
 Zeitstempel 0x4eaf866a, fehlerhaftes Modul InstallFlashPlayer.exe, Version 11.1.102.55,
 Zeitstempel 0x4eaf866a, Ausnahmecode 0xc0000005, Fehleroffset 0x0000296f,  Prozess-ID
 0x1448, Anwendungsstartzeit 01cca3dd3e02da07.
 
Error - 15.11.2011 20:37:52 | Computer Name = X-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.11.2011 20:37:52 | Computer Name = X-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1232
 
Error - 15.11.2011 20:37:52 | Computer Name = X-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1232
 
[ System Events ]
Error - 25.11.2011 09:17:44 | Computer Name = X-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 25.11.2011 23:04:30 | Computer Name = X-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 25.11.2011 23:04:30 | Computer Name = X-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 25.11.2011 23:04:30 | Computer Name = X-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.11.2011 23:18:06 | Computer Name = X-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 25.11.2011 23:20:32 | Computer Name = X-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 25.11.2011 23:21:59 | Computer Name = X-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 25.11.2011 23:31:55 | Computer Name = X-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 25.11.2011 23:33:09 | Computer Name = X-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 25.11.2011 23:34:39 | Computer Name = X-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---
[\quote]

Im Moment ist der Zustand des Pc's in Ordnung, abgesehen von der Avira Meldung, dass 'D:\autorun.inf blockiert wird, gibt es keine Probleme oder Auffälligkeiten!

Vielen Dank für die Mühe!

Alt 26.11.2011, 07:11   #12
kira
/// Helfer-Team
 
TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll - Standard

TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll



Zum Schluss noch:

Zitat:
Zitat von Antonio89 Beitrag anzeigen
Ja, im Konfiguration/Expertenmodus ist ein Haken (bei "Aktion bei Fund -> Autostart-Funktion blockieren) drin! Soll ich den Haken entfernen?
wenn dich die Meldung nervt? dann schon..oder?

1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = WEB.DE - E-Mail - Suche - DSL - De-Mail - Shopping - Entertainment
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = WEB.DE Suche - einfach, schnell und relevant! [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:5220
FF - prefs.js..browser.startup.homepage: "www.bild.de"
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
CHR - default_search_provider: SweetIM Search ()
CHR - default_search_provider: search_url = http://search.sweetim.com/?q={searchTerms}&src=6&barid={9CBE9700-1381-11E0-A35D-001D72EB33B8}

:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

2.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird GMER beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

3.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
  • Downloade die MBR.exe von Gmer und
    kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
    Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
  • Start => ausführen => cmd (da reinschreiben) => OK
    es öffnet sich eine Eingabeaufforderung.

    Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
  • Nach dem Prompt (>_) folgenden

    aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
    Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

    Code:
    ATTFilter
    mbr.exe -t > C:\mbr.log & C:\mbr.log
             
    (Enter drücken)
  • Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
    Bitte kopiere den Inhalt hier in Deinen Thread.
4.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

5.
Lade dir von hier -> TrendMicro™ HijackThis™/Version 2.0.4 herunter
Zitat:
Keine offenen Fenster, solang bis HijackThis läuft!!-> HijackThis starten-> "Do a system scan and save a logfile" klicken (kurz warten) -> das erhaltene Logfile "markieren" -> "kopieren"-> hier in deinem Thread (rechte Maustaste) "einfügen" (musst du im Forum eingeloggt sein!)
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 26.11.2011, 14:58   #13
Antonio89
 
TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll - Standard

TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll



Ja, das nervt natürlich wenn alle paar Minuten Avira dieser Fehlermeldung anzeigt, aber ich weiß ja nicht, was es damit auf sich hat, was das bedeutet, wenn autorun blockiert wird oder nicht? Soll das so sein oder nicht?

1.
Code:
ATTFilter
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "www.bild.de" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: X
->Temp folder emptied: 244080 bytes
->Temporary Internet Files folder emptied: 1972856 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46235510 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 751 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4475 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 46,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 11262011_141215

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

2.) Das ging leider nicht!

3.)
Code:
ATTFilter
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD3200BEVT-22ZCT0 rev.11.01A11 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x84F661F8]<< 
1 ntkrnlpa!IofCallDriver[0x82478912] -> \Device\Harddisk0\DR0[0x861544F8]
3 CLASSPNP[0x8ABA88B3] -> ntkrnlpa!IofCallDriver[0x82478912] -> \Device\Ide\IdeDeviceP0T0L0-0[0x859A7B98]
\Driver\atapi[0x85982E70] -> IRP_MJ_CREATE -> 0x84F661F8
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi -> 0x84f661f8
user & kernel MBR OK 
Warning: possible MBR rootkit infection !
         
4.)

OTL.Txt
[Code]OTL logfile created on: 26.11.2011 14:34:59 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\X\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,40% Memory free
6,22 Gb Paging File | 4,92 Gb Available in Paging File | 79,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,65 Gb Total Space | 51,79 Gb Free Space | 36,30% Space Free | Partition Type: NTFS
Drive D: | 142,67 Gb Total Space | 107,35 Gb Free Space | 75,24% Space Free | Partition Type: NTFS

Computer Name: X-PC | User Name: X | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.11.26 14:17:32 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\X\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2011.11.26 04:16:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\X\Desktop\OTL.exe
PRC - [2011.11.09 19:52:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.10.24 16:51:19 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.18 23:14:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.08.03 12:50:00 | 000,812,648 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.07.22 00:06:30 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2011.06.29 11:31:48 | 000,269,480 | R--- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.28 12:35:55 | 000,136,360 | R--- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.28 08:59:58 | 000,220,552 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe
PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.12.13 08:39:19 | 000,281,768 | R--- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | R--- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.09.19 04:00:10 | 006,294,048 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe


========== Modules (No Company Name) ==========

MOD - [2011.11.21 22:06:52 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011.11.09 19:52:19 | 001,989,592 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.12.12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008.04.28 09:49:20 | 000,003,072 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.18 23:14:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.06.29 11:31:48 | 000,269,480 | R--- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.28 12:35:55 | 000,136,360 | R--- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.06 16:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Boot | Running] -- -- (MFX)
DRV - [2011.10.09 22:06:20 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.08.18 23:14:38 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.08.18 23:14:38 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011.08.03 12:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.06.29 11:31:49 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.29 11:31:48 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.10 10:41:28 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.10.08 10:43:08 | 000,005,632 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidshim.sys -- (hidshim)
DRV - [2008.10.08 10:43:06 | 000,022,528 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys -- (nuvotonhidgeneric)
DRV - [2006.11.29 01:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.bild.de"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.06.30 13:14:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.02 21:34:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com [2011.01.06 02:48:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.23 13:54:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.23 13:54:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.23 13:54:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.09.02 21:34:36 | 000,000,000 | ---D | M]

[2010.05.11 23:25:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\X\AppData\Roaming\mozilla\Extensions
[2010.05.11 23:25:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\X\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011.11.23 13:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\7jknhtdv.default\extensions
[2010.07.31 01:02:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\7jknhtdv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.12 16:36:01 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\7jknhtdv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.10.20 05:54:14 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\7jknhtdv.default\extensions\vshare@toolbar
[2011.11.09 19:52:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.12.16 16:15:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.10.23 19:04:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.11.09 19:52:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.06.09 12:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011.05.01 23:41:32 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.01 23:41:32 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.01 23:41:32 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.01 23:41:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

========== Chrome ==========

CHR - default_search_provider: SweetIM Search ()
CHR - default_search_provider: search_url = hxxp://search.sweetim.com/?q={searchTerms}&src=6&barid={9CBE9700-1381-11E0-A35D-001D72EB33B8}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PlusService] C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{287D781F-7C09-476F-9FE5-22460EB9F7BB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FAFED2A-826B-479E-B6A9-4636C777D5EA}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\X\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\X\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.11.26 04:18:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.11.26 04:16:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\X\Desktop\OTL.exe
[2011.11.26 04:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2011.11.26 03:45:13 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{5E829C6D-E766-435E-9BDB-ADC0191DA155}
[2011.11.26 03:45:11 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{F06C2CA0-EE5A-48FF-B417-620DF7E2CD0F}
[2011.11.25 18:42:46 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{9F35BFA7-B7EF-415E-899B-BDDC440D18A2}
[2011.11.25 14:38:04 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{62778DC2-B0A8-4B4A-A45E-0DD099839E64}
[2011.11.25 14:37:59 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{8BED579D-B1D5-4224-972B-7A61D34FE69C}
[2011.11.25 13:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.11.23 22:42:59 | 000,000,000 | ---D | C] -- C:\Users\X\Desktop\Neuer Ordner
[2011.11.23 18:41:16 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{9DFBD760-43F9-4237-A9C6-72AED4E5C95C}
[2011.11.23 18:41:11 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{6EEAFFBB-A9E4-4F31-8186-81FCCC407386}
[2011.11.23 14:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.23 14:07:18 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.23 14:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.21 17:41:45 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{EB7C7A7B-2617-4416-A264-EA56B410ED93}
[2011.11.21 17:41:43 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{39479407-4FDA-48F9-BFA1-F5F02DFB7CFB}
[2011.11.21 15:15:23 | 000,000,000 | ---D | C] -- C:\Users\X\Desktop\860OKMZO
[2011.11.20 16:27:14 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{CD57DCF7-54B4-4A56-BB6C-2EB9D2F86F3C}
[2011.11.20 16:27:12 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{9A08C7F2-FB7F-4B1B-AD9B-FE5557D38158}
[2011.11.20 03:50:41 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{FD1626A8-C0D8-4748-B79B-64D7FCD59CEA}
[2011.11.20 03:50:40 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{6569AABA-A8F2-410C-BC9F-BABD3E69AC43}
[2011.11.19 13:10:53 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{0DEA093C-66C1-444A-A04D-582D626DED36}
[2011.11.19 13:10:50 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{3C6C8F6B-2643-4440-B182-5E2EF16EE227}
[2011.11.18 13:08:32 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{4788CEDD-9B09-4EC8-BF30-CF1334DAD973}
[2011.11.18 13:08:29 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{7A53F069-EB35-4A68-A61E-8A9FAA12B851}
[2011.11.17 15:42:53 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{D8D82F69-882D-4E79-9B77-ED18248DE8F7}
[2011.11.17 15:42:49 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{EBAD3F99-6BA1-4ABF-B9BF-EAD226433C87}
[2011.11.17 00:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.11.17 00:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011.11.17 00:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.11.17 00:06:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.11.16 17:06:59 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{ADF07B13-6788-419D-BE41-BFCCF0A0921F}
[2011.11.16 17:06:56 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{E7B38FBB-5417-435D-A86A-20F6ED88DD4A}
[2011.11.15 15:26:43 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{1D2612B7-D254-41BD-AE37-701BE03BC3BA}
[2011.11.15 15:26:37 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{6EA55885-F9C5-46C0-8724-0CB2A5D1EABC}
[2011.11.14 14:47:16 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{9EA83A27-3BBC-4C44-A972-F9A3808303C6}
[2011.11.14 14:47:05 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{7278FA4D-8CC5-49EF-B49B-6D2EDCB75FA7}
[2011.11.13 17:57:03 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{68B6211A-4183-467E-9D5B-2D63E1A9DE98}
[2011.11.13 17:56:59 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{446EBDF5-1759-4AC9-9084-6D0CE6C3F3BC}
[2011.11.13 16:07:55 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\PokerStars
[2011.11.13 16:07:45 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars
[2011.11.13 16:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars
[2011.11.13 16:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.NET
[2011.11.12 13:33:45 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{478E6BF2-8342-444D-99E3-AA8ED8307B29}
[2011.11.12 13:33:42 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{850B5A7D-BB15-4D01-AFCB-295BEC1B25A9}
[2011.11.11 16:06:16 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{E0759960-EE35-4ABD-9E3D-3AF78A8C119B}
[2011.11.11 16:06:09 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{144B311A-907C-4795-9864-F43478014838}
[2011.11.10 19:44:12 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{09719CAE-665F-49A9-B020-B056AB11717D}
[2011.11.10 19:44:08 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{A1CE369E-4A01-4C85-911D-CACDE231BC56}
[2011.11.09 17:48:34 | 000,000,000 | ---D | C] -- C:\Users\X\Documents\Messenger Plus
[2011.11.09 17:34:34 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{5370CC39-6604-434F-91B2-F35DF0352D26}
[2011.11.09 17:34:28 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{4F02A01E-B81F-4241-8E86-4DAB15EE0034}
[2011.11.08 19:26:01 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{35CECC28-A13E-4802-AA6E-689AFBFDCDB9}
[2011.11.08 19:25:54 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{C59E7541-1B84-4775-8591-B18DD01B9F93}
[2011.11.07 22:54:46 | 000,000,000 | ---D | C] -- C:\Users\X\Desktop\fb
[2011.11.07 18:02:53 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{53D16C90-B704-4440-81A2-E4B9B9EB641A}
[2011.11.07 18:02:51 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{348F4583-1141-47F6-AB63-F6EA56365B79}
[2011.11.06 21:12:04 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{41B564A4-7C5B-4054-A776-53BBAC89B0A4}
[2011.11.06 21:12:00 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{42115404-AA50-4DAF-BD69-91E9BD592F8C}
[2011.11.04 21:52:38 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{23153A74-4C86-471B-A432-B0285B89A426}
[2011.11.04 21:52:35 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{1C5F6106-CA2C-44E6-9A28-EAE44EA3F497}
[2011.11.04 11:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011.11.04 11:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2011.11.03 21:59:28 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{F9747E8F-F6C0-4E27-9D46-084FD693DA85}
[2011.11.03 21:59:25 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{7AC1B7D5-4534-4380-8B71-96159DB29D9E}
[2011.11.02 18:16:49 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{66DC562D-2137-4190-AA17-9FDEB6AD2816}
[2011.11.02 18:16:47 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{D04FF37B-5B6B-4B0F-A17B-2C401C104A5C}
[2011.11.01 21:40:51 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{93D17958-D239-47BC-BF2C-CA5038935C12}
[2011.11.01 21:40:43 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{E5BA5980-11BE-4B23-A6FC-356D7DEB0D7B}
[2011.10.31 17:24:18 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{C2DA35F5-F8C3-489E-BD5A-03F441B6D5CC}
[2011.10.31 17:24:15 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{BCADEACE-EA20-4F71-8D33-1AB375088613}
[2011.10.30 12:57:42 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{8B7E54C7-3CE4-4950-90D4-6E6B8A199116}
[2011.10.30 12:57:40 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{D6248742-6850-49D3-9261-DC7122387667}
[2011.10.29 12:51:46 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{C7CC1AAE-2740-4FA9-873A-AB1CA0D78108}
[2011.10.29 12:51:44 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{D3E9133A-3896-49F9-90FB-3FCAED9D599D}
[2011.10.28 16:06:46 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{8D5E7A92-DF7C-4041-AAF8-9015E1C75BC8}
[2011.10.28 16:06:44 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{0130FD20-6F2C-48E2-9615-EC91288E7A8A}
[2011.10.27 21:22:46 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{0C9BA0E1-D0D0-4302-928E-8CCBBAF62308}
[2011.10.27 21:22:42 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Local\{FE358269-19E2-4EE0-9B26-4B2980EE67E2}
[2010.06.16 00:06:24 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009.12.15 06:46:29 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011.11.26 14:29:43 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2011.11.26 14:22:22 | 000,294,216 | ---- | M] () -- C:\Users\X\Desktop\gmer.zip
[2011.11.26 14:20:07 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.26 14:20:07 | 000,592,304 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.26 14:20:07 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.26 14:20:07 | 000,100,378 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.26 14:13:37 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.26 14:13:37 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.26 14:13:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.26 14:13:28 | 3215,847,424 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.26 04:16:15 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\X\Desktop\OTL.exe
[2011.11.26 04:07:31 | 000,022,908 | ---- | M] () -- C:\Users\X\Documents\cc_20111126_040727.reg
[2011.11.26 04:04:36 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.11.25 14:15:36 | 000,326,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.11.25 14:03:56 | 000,256,136 | ---- | M] () -- C:\Users\X\Documents\cc_20111125_140344.reg
[2011.11.25 13:50:25 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.23 14:07:22 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.22 23:05:00 | 000,001,335 | ---- | M] () -- C:\Users\X\AppData\Roaming\x0004.dat
[2011.11.22 17:53:53 | 000,025,645 | ---- | M] () -- C:\Users\X\AppData\Roaming\x0001.dat
[2011.11.22 17:53:53 | 000,002,097 | ---- | M] () -- C:\Users\X\AppData\Roaming\x0006.dat
[2011.11.22 17:53:53 | 000,000,491 | ---- | M] () -- C:\Users\X\AppData\Roaming\x0003.dat
[2011.11.22 17:53:53 | 000,000,441 | ---- | M] () -- C:\Users\X\AppData\Roaming\x0005.dat
[2011.11.22 17:53:53 | 000,000,219 | ---- | M] () -- C:\Users\X\AppData\Roaming\x0002.dat
[2011.11.22 17:53:53 | 000,000,003 | ---- | M] () -- C:\Users\X\AppData\Roaming\x0000.dat
[2011.11.21 22:22:15 | 000,001,356 | ---- | M] () -- C:\Users\X\AppData\Local\d3d9caps.dat
[2011.11.21 22:06:52 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.11.21 15:27:31 | 000,257,719 | ---- | M] () -- C:\Users\X\Desktop\iphone 3g.jpg
[2011.11.18 13:08:11 | 000,030,329 | ---- | M] () -- C:\Users\X\Desktop\sadasda.jpg
[2011.11.17 00:10:14 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.11.17 00:07:15 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.11.16 01:18:44 | 000,144,098 | ---- | M] () -- C:\Users\X\Desktop\cats.jpg
[2011.11.15 20:03:59 | 000,112,640 | ---- | M] () -- C:\Users\X\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.13 16:07:45 | 000,000,862 | ---- | M] () -- C:\Users\X\Desktop\PokerStars.lnk
[2011.11.09 17:54:11 | 000,000,600 | ---- | M] () -- C:\Users\X\AppData\Roaming\winscp.rnd
[2011.11.04 11:31:35 | 000,001,025 | ---- | M] () -- C:\Users\X\Desktop\Free Audio Dub.lnk

========== Files Created - No Company Name ==========

[2011.11.26 14:30:17 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2011.11.26 14:22:33 | 000,302,592 | ---- | C] () -- C:\Users\X\Desktop\gmer.exe
[2011.11.26 14:22:19 | 000,294,216 | ---- | C] () -- C:\Users\X\Desktop\gmer.zip
[2011.11.26 04:07:29 | 000,022,908 | ---- | C] () -- C:\Users\X\Documents\cc_20111126_040727.reg
[2011.11.25 14:03:47 | 000,256,136 | ---- | C] () -- C:\Users\X\Documents\cc_20111125_140344.reg
[2011.11.25 13:50:25 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.23 14:07:22 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.22 17:53:53 | 000,025,645 | ---- | C] () -- C:\Users\X\AppData\Roaming\x0001.dat
[2011.11.22 17:53:53 | 000,002,097 | ---- | C] () -- C:\Users\X\AppData\Roaming\x0006.dat
[2011.11.22 17:53:53 | 000,001,335 | ---- | C] () -- C:\Users\X\AppData\Roaming\x0004.dat
[2011.11.22 17:53:53 | 000,000,491 | ---- | C] () -- C:\Users\X\AppData\Roaming\x0003.dat
[2011.11.22 17:53:53 | 000,000,441 | ---- | C] () -- C:\Users\X\AppData\Roaming\x0005.dat
[2011.11.22 17:53:53 | 000,000,219 | ---- | C] () -- C:\Users\X\AppData\Roaming\x0002.dat
[2011.11.22 17:53:53 | 000,000,003 | ---- | C] () -- C:\Users\X\AppData\Roaming\x0000.dat
[2011.11.21 15:27:31 | 000,257,719 | ---- | C] () -- C:\Users\X\Desktop\iphone 3g.jpg
[2011.11.18 13:08:11 | 000,030,329 | ---- | C] () -- C:\Users\X\Desktop\sadasda.jpg
[2011.11.17 00:10:14 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.11.17 00:07:15 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.11.16 01:18:43 | 000,144,098 | ---- | C] () -- C:\Users\X\Desktop\cats.jpg
[2011.11.13 16:07:45 | 000,000,862 | ---- | C] () -- C:\Users\X\Desktop\PokerStars.lnk
[2011.11.04 11:31:35 | 000,001,025 | ---- | C] () -- C:\Users\X\Desktop\Free Audio Dub.lnk
[2011.07.29 12:51:24 | 000,023,580 | ---- | C] () -- C:\Users\X\AppData\Roaming\UserTile.png
[2011.04.20 14:15:27 | 008,676,883 | ---- | C] () -- C:\Windows\System32\mp3Media2.dll
[2011.02.06 22:21:35 | 000,000,675 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
[2010.10.27 15:11:42 | 000,000,600 | ---- | C] () -- C:\Users\X\AppData\Roaming\winscp.rnd
[2010.10.15 07:49:32 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.09.02 21:34:03 | 000,023,686 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010.08.26 16:57:57 | 000,225,392 | ---- | C] () -- C:\Windows\hpoins43.dat
[2010.08.23 12:08:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.16 00:06:24 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys
[2010.06.16 00:06:24 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys
[2010.06.16 00:06:24 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini
[2010.06.10 20:20:35 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.04.29 13:16:59 | 000,003,982 | ---- | C] () -- C:\Windows\kj01d.sys
[2010.04.29 13:11:35 | 000,000,255 | ---- | C] () -- C:\Windows\z56k2.ini
[2009.12.17 14:23:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.12.17 14:23:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.12.16 15:38:45 | 000,001,356 | ---- | C] () -- C:\Users\X\AppData\Local\d3d9caps.dat
[2009.12.15 06:40:05 | 000,014,028 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2009.12.14 22:09:00 | 000,112,640 | ---- | C] () -- C:\Users\X\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.14 22:03:36 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2009.12.14 22:03:36 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2009.12.14 22:03:36 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009.12.14 22:03:36 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009.12.14 22:03:36 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009.06.11 11:34:22 | 000,000,675 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2008.11.20 12:57:32 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.11.20 12:57:32 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.11.20 12:57:32 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.11.20 12:57:32 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.11.20 04:52:53 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.11.20 04:52:53 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.11.20 04:20:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.11.11 04:27:31 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.11.11 04:27:24 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.11.11 04:27:24 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.11.11 04:26:52 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,326,000 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,592,304 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,100,378 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003.05.13 21:41:58 | 000,049,152 | ---- | C] () -- C:\Windows\System32\cdlock.dll
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2009.12.14 22:11:45 | 000,000,000 | -HSD | M] -- C:\Users\X\AppData\Roaming\.#
[2011.10.09 22:06:33 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Boilsoft
[2011.11.22 17:28:48 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Complitly
[2011.04.23 12:22:08 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Desktopicon
[2011.11.04 11:31:46 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\DVDVideoSoft
[2011.01.23 21:13:55 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\GetRightToGo
[2011.05.22 23:31:10 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\gtk-2.0
[2011.11.22 23:02:31 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\ICQ
[2011.07.12 00:08:08 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\IrfanView
[2010.03.27 00:52:58 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\JonDo
[2010.11.18 22:23:45 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Leadertech
[2011.07.24 23:57:38 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Leawo
[2011.07.24 23:59:09 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Leawo Video2AVI v2
[2010.06.10 20:25:59 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\MAGIX
[2011.01.13 02:00:14 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Nokia
[2010.06.30 14:37:23 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\PC Suite
[2011.11.23 13:54:15 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\PhotoScape
[2010.11.29 18:25:16 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\PixelPlanet
[2011.07.21 00:17:18 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\ProgSense
[2011.02.27 19:51:54 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\Tinn-R
[2010.09.01 18:06:02 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\TuneUp Software
[2011.04.26 00:14:51 | 000,000,000 | ---D | M] -- C:\Users\X\AppData\Roaming\WindSolutions
[2011.11.26 14:12:32 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.15 13:33:00 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8340A3AF-B83C-47D8-8772-47B1F1F9399B}.job

========== Purity Check ==========



< End of report >[\Code]
--------------------------------------------------------------------
[Code]OTL Extras logfile created on: 26.11.2011 14:34:59 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\X\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,40% Memory free
6,22 Gb Paging File | 4,92 Gb Available in Paging File | 79,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,65 Gb Total Space | 51,79 Gb Free Space | 36,30% Space Free | Partition Type: NTFS
Drive D: | 142,67 Gb Total Space | 107,35 Gb Free Space | 75,24% Space Free | Partition Type: NTFS

Computer Name: X-PC | User Name: X | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe" = C:\Program Files\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe:*:Enabled:iPhone PC Suite.exe


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0642D4A0-AA96-4067-8D90-477947C35CDC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{30565A69-571C-4B6E-814C-54BD33B03BE7}" = lport=139 | protocol=6 | dir=in | app=system |
"{36AE62A1-2D90-4A9B-94D0-A10022966308}" = rport=139 | protocol=6 | dir=out | app=system |
"{4386A3AF-5AE8-45A9-A4B8-78A762645EE5}" = rport=137 | protocol=17 | dir=out | app=system |
"{62959022-C6A0-4244-9543-DECBBA5CB2CF}" = lport=138 | protocol=17 | dir=in | app=system |
"{72A2FDA4-3565-46AC-856D-44C5E5E92905}" = lport=137 | protocol=17 | dir=in | app=system |
"{7DE65BC8-8E2F-4B8B-8A19-36C5A92B60B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8061505C-F40B-4B8B-AE6C-634ECED3580E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{826C8AED-DF86-4D89-8B00-46D8386ACFC9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{851AD4BF-A329-4CD1-912C-209F7B85B665}" = lport=445 | protocol=6 | dir=in | app=system |
"{A4F6C048-D64F-4BEE-A08E-DD6CDE0CB00D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AAD65E1A-4419-42DF-9188-D8FEF34551B9}" = rport=445 | protocol=6 | dir=out | app=system |
"{B31C7FCC-73ED-4D92-B6E6-CCDBBF9BC603}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{EE56244A-A88B-4A2D-93EE-1AF4C2296921}" = rport=138 | protocol=17 | dir=out | app=system |
"{FB2595DC-6F33-4612-97DD-9F898502141B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008FA1AE-E93C-431D-A38E-DEF14C6AE117}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{02B15782-4AF2-46A5-94DA-8F6F0E86C546}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{152688F3-1D21-40C5-AF86-D38B85855A15}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{233D5393-DC94-4156-9714-2FDB9BCB78A0}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{27C67D07-85B5-4735-97F9-4DAE73B78CFE}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{2A86A20B-5F83-4635-A518-C8B5758A51B5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2ADD8A2F-7494-45FD-936C-0A2952EC8BC9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{2B99649F-98B5-4F58-B360-EB91215A6B32}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{2CC80CE2-5955-4C72-9152-A5BE4EBC4F79}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{2EC0276E-F33B-42D4-9EF9-22AFC158B5C2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3BBD84DE-5687-4C5A-935E-1BE2229992E3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{4015244C-F80C-439E-8EEB-7D5FE709B559}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{44484ABD-DD77-408B-8C79-E689A99E38CF}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{59743E67-E342-4AA3-84ED-DE04A35BC917}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5C6E19D7-D66F-4527-8874-F4A29E302BC6}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{6A416180-69D0-428A-AD45-90F10FF81764}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8269F7A1-EA8E-43D4-B17E-6D2E6A9016DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{87499AF5-B054-4109-8410-BC7B82A7BDB7}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{89F7BEAD-E7AC-4805-BFE0-C7551D231C15}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{8ED7A5E9-400F-4476-933B-CF8DCA042A09}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{A0616B67-8C9C-4494-A6D3-C7BC45511890}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A156265C-5219-4C52-8F95-FD5E8F371605}" = dir=in | app=e:\setup\hpznui01.exe |
"{A27F6D9F-377F-4799-9579-0E35C6ACB784}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{A77DB892-D6B4-4FD7-BBAD-2901843261C6}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{AB1DD549-C93C-4783-90AC-EE1E37B97205}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B951183C-1BB5-46FF-8547-14BCA56CE7DC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BC774B26-93AF-40E4-8FD2-D1DD6123764C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{BE6D7986-43D9-45F7-9145-051B8F9A7F45}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{C88F1B69-C5DA-4A65-9BAE-375075EAC445}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{C91121C4-45C3-458D-977F-3AB226527D24}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{CCF7121C-7AC1-4804-AF31-67171947487D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D743DF2C-1CF4-4C74-BEA4-5380817B28E8}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{D8639A8F-2DE0-487D-A354-59A25A759310}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{DD306AB2-7D12-4287-8CEC-39D6EB8A6692}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{E15F2818-17CE-46C9-93DB-EC606F38C233}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{E22FC8D2-4C81-4E9E-93E8-727EE0E16373}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{ED134EDF-1834-4BBA-9698-0F151906F2B6}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{EE94C808-BC30-4508-B31E-D2AD6ACFED6F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{F1BEF671-90AE-4028-A489-08738CCEBF93}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{F866B6BD-DCB3-46C5-AEFF-F06CB60C36CC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{1B5BF138-46A9-47FA-B112-06AACCCB371A}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{3A58F751-3F40-40D8-A52A-1D38BF0A987A}C:\users\X\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\X\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{5A079FD7-654F-48FA-B7EF-904D117D7E5A}C:\windows\system32\macromed\flash\flashutil10t_activex.exe" = protocol=6 | dir=in | app=c:\windows\system32\macromed\flash\flashutil10t_activex.exe |
"TCP Query User{617770C3-2F54-4EC3-A636-7026EE441F7D}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{918A7E89-DA4D-443E-B18A-47AD184C2FC1}C:\windows\rthdvcpl.exe" = protocol=6 | dir=in | app=c:\windows\rthdvcpl.exe |
"TCP Query User{A15731B2-BA0C-4F2F-9A10-589BF935CBB3}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"TCP Query User{BF936373-AF57-42A9-A236-121D68719B6F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D41AA4B4-01B7-4DC4-94F6-26789FFCCE1E}C:\program files\synaptics\syntp\syntpenh.exe" = protocol=6 | dir=in | app=c:\program files\synaptics\syntp\syntpenh.exe |
"TCP Query User{F443D09C-2FDF-426A-B01E-86DF788D4574}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{0386E77C-9C1B-4C11-9D42-B3271A3659CC}C:\windows\system32\macromed\flash\flashutil10t_activex.exe" = protocol=17 | dir=in | app=c:\windows\system32\macromed\flash\flashutil10t_activex.exe |
"UDP Query User{27990AB9-E049-4843-B1CC-8B475BDB86FF}C:\windows\rthdvcpl.exe" = protocol=17 | dir=in | app=c:\windows\rthdvcpl.exe |
"UDP Query User{367BE10D-8631-489C-9AFC-67D5AD470773}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{5C7C8A2D-D67E-41B1-B9DD-B1C4C968A152}C:\program files\synaptics\syntp\syntpenh.exe" = protocol=17 | dir=in | app=c:\program files\synaptics\syntp\syntpenh.exe |
"UDP Query User{63235350-DEBC-4FA8-8EF4-DD7A4B138A8F}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{6A033DE9-0EB4-4C04-AB65-59541CA28892}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{CF6EAED0-7190-4FBD-B105-4A4E9B751AA9}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"UDP Query User{D75AEE26-7599-4ECC-9280-E2C6836F7266}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{EA0DAE03-FAFF-4335-93CE-9857858151D0}C:\users\X\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\X\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{302E9B7B-2B6A-4C29-9A02-9F2110649779}" = Nuvoton EC Generic HID Driver
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D42B43A-EA63-4234-B00A-757C15B2B185}_is1" = Leawo AVI Converter Version 4.0.0.0
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D31DAB50-15BD-404E-8CEB-FCEE95F33D59}" = PdfEditor
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F870B987-18BC-45FC-9BE8-35C02DCDA10F}" = Broadcom Gigabit Integrated Controller
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced PDF-to-Word 1.0 Demo" = Advanced PDF-to-Word 1.0 Demo
"Ashampoo WinOptimizer 8_is1" = Ashampoo WinOptimizer 8 v.8.04
"AutocompletePro2_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.908
"Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"PhotoScape" = PhotoScape
"PokerStars" = PokerStars
"RealPlayer 12.0" = RealPlayer
"SopCast" = SopCast 3.2.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.11
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Azinky Gameroom" = Azinky Gameroom
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15.11.2011 07:45:03 | Computer Name = X-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 57496118

Error - 15.11.2011 07:46:36 | Computer Name = X-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 15.11.2011 07:46:36 | Computer Name = X-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014

Error - 15.11.2011 07:46:36 | Computer Name = X-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014

Error - 15.11.2011 07:46:37 | Computer Name = X-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 15.11.2011 07:46:37 | Computer Name = X-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2028

Error - 15.11.2011 07:46:37 | Computer Name = X-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2028

Error - 15.11.2011 07:46:38 | Computer Name = X-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 15.11.2011 07:46:38 | Computer Name = X-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3291

Error - 15.11.2011 07:46:38 | Computer Name = X-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3291

[ System Events ]
Error - 25.11.2011 23:04:30 | Computer Name = X-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 25.11.2011 23:18:06 | Computer Name = X-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 25.11.2011 23:20:32 | Computer Name = X-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 25.11.2011 23:21:59 | Computer Name = X-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 25.11.2011 23:31:55 | Computer Name = X-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 25.11.2011 23:33:09 | Computer Name = X-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 25.11.2011 23:34:39 | Computer Name = X-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 26.11.2011 09:12:15 | Computer Name = X-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 26.11.2011 09:13:36 | Computer Name = X-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 26.11.2011 09:15:07 | Computer Name = X-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >[\Code]


5.) Bei mir kommt eine Fehlermeldung: "For some reason your system denied write access to the hosts file. If any Hijacked domains are in this file, HijackThis will NOT be able to fix this. .... "

Und ich kann die Logfile nicht speichern, da eine Meldung kommt: "Die Datei C:\Program Files\Trend Micro\HiJackThis\hijackthis.log kann nicht gfunden werden. Möchten Sie eine neue Datei erstellen? "

Habe es nochmal gelöscht und wieder neu installiert, aber da kommt immer noch die Meldung.

Alt 28.11.2011, 07:51   #14
kira
/// Helfer-Team
 
TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll - Standard

TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll



► muss nicht sein, kannst den Haken rausnehmen, aber:
Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

► Schlechte Nachricht:
Vermutlich das bösartige MBR-Rootkit hat sich im MBR festgesetzt...
Der Master Boot Record (MBR) der ersten Festplatte wird beim Start des Rechners geladen, noch vor dem Betriebssystem. Code, der Dort residiert, kann im Prinzip das Betriebssystem kontrollieren.

wenn Du statt Format C:\ für Systemreinigung entscheidest, dann so geht`s weiter:

TDSSKiller von Kaspersky
  • Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
  • Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
  • deaktiviere vorübergehend dein AntiVirus-Programm
  • Starte die TDSSKiller.exe durch Doppelklick.
  • Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
    Bestätige das ggfs. mit Y(es).
    Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
  • Poste mir den Inhalt von C:\TDSSKiller<random>.txt hier in den Thread.
Hier findest Du eine ausführlichere Anleitung.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 28.11.2011, 13:36   #15
Antonio89
 
TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll - Standard

TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll



[quote]13:20:29.0666 1984 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
13:20:29.0773 1984 ============================================================
13:20:29.0774 1984 Current date / time: 2011/11/28 13:20:29.0773
13:20:29.0774 1984 SystemInfo:
13:20:29.0774 1984
13:20:29.0774 1984 OS Version: 6.0.6002 ServicePack: 2.0
13:20:29.0774 1984 Product type: Workstation
13:20:29.0774 1984 ComputerName: X-PC
13:20:29.0774 1984 UserName: X
13:20:29.0774 1984 Windows directory: C:\Windows
13:20:29.0774 1984 System windows directory: C:\Windows
13:20:29.0774 1984 Processor architecture: Intel x86
13:20:29.0774 1984 Number of processors: 2
13:20:29.0774 1984 Page size: 0x1000
13:20:29.0774 1984 Boot type: Normal boot
13:20:29.0774 1984 ============================================================
13:20:30.0853 1984 Initialize success
13:21:19.0170 2256 ============================================================
13:21:19.0170 2256 Scan started
13:21:19.0170 2256 Mode: Manual;
13:21:19.0170 2256 ============================================================
13:21:19.0862 2256 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:21:19.0865 2256 ACPI - ok
13:21:19.0917 2256 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
13:21:19.0923 2256 adp94xx - ok
13:21:19.0950 2256 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
13:21:19.0953 2256 adpahci - ok
13:21:19.0979 2256 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
13:21:19.0981 2256 adpu160m - ok
13:21:20.0009 2256 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
13:21:20.0011 2256 adpu320 - ok
13:21:20.0066 2256 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:21:20.0068 2256 AFD - ok
13:21:20.0099 2256 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
13:21:20.0100 2256 agp440 - ok
13:21:20.0122 2256 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:21:20.0123 2256 aic78xx - ok
13:21:20.0148 2256 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
13:21:20.0150 2256 aliide - ok
13:21:20.0179 2256 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
13:21:20.0180 2256 amdagp - ok
13:21:20.0222 2256 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
13:21:20.0223 2256 amdide - ok
13:21:20.0251 2256 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
13:21:20.0252 2256 AmdK7 - ok
13:21:20.0275 2256 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
13:21:20.0275 2256 AmdK8 - ok
13:21:20.0314 2256 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
13:21:20.0315 2256 arc - ok
13:21:20.0344 2256 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
13:21:20.0345 2256 arcsas - ok
13:21:20.0403 2256 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:21:20.0403 2256 AsyncMac - ok
13:21:20.0446 2256 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:21:20.0447 2256 atapi - ok
13:21:20.0517 2256 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
13:21:20.0518 2256 avgio - ok
13:21:20.0546 2256 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
13:21:20.0546 2256 avgntflt - ok
13:21:20.0594 2256 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
13:21:20.0595 2256 avipbb - ok
13:21:20.0620 2256 b57nd60x (6fb43f0dadb3fdc287d080c19666af8d) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:21:20.0622 2256 b57nd60x - ok
13:21:20.0638 2256 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:21:20.0640 2256 Beep - ok
13:21:20.0674 2256 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
13:21:20.0675 2256 blbdrive - ok
13:21:20.0713 2256 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:21:20.0714 2256 bowser - ok
13:21:20.0733 2256 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:21:20.0734 2256 BrFiltLo - ok
13:21:20.0751 2256 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:21:20.0752 2256 BrFiltUp - ok
13:21:20.0780 2256 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:21:20.0781 2256 Brserid - ok
13:21:20.0810 2256 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:21:20.0811 2256 BrSerWdm - ok
13:21:20.0837 2256 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:21:20.0837 2256 BrUsbMdm - ok
13:21:20.0858 2256 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:21:20.0859 2256 BrUsbSer - ok
13:21:20.0878 2256 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:21:20.0879 2256 BTHMODEM - ok
13:21:20.0914 2256 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:21:20.0915 2256 cdfs - ok
13:21:20.0969 2256 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:21:20.0970 2256 cdrom - ok
13:21:20.0995 2256 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
13:21:20.0996 2256 circlass - ok
13:21:21.0045 2256 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:21:21.0048 2256 CLFS - ok
13:21:21.0081 2256 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
13:21:21.0082 2256 CmBatt - ok
13:21:21.0107 2256 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
13:21:21.0108 2256 cmdide - ok
13:21:21.0130 2256 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
13:21:21.0131 2256 Compbatt - ok
13:21:21.0168 2256 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
13:21:21.0170 2256 crcdisk - ok
13:21:21.0226 2256 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
13:21:21.0227 2256 Crusoe - ok
13:21:21.0277 2256 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:21:21.0278 2256 DfsC - ok
13:21:21.0309 2256 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:21:21.0310 2256 disk - ok
13:21:21.0340 2256 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
13:21:21.0341 2256 DKbFltr - ok
13:21:21.0380 2256 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
13:21:21.0381 2256 Dot4 - ok
13:21:21.0410 2256 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:21:21.0411 2256 Dot4Print - ok
13:21:21.0449 2256 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
13:21:21.0450 2256 dot4usb - ok
13:21:21.0489 2256 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:21:21.0490 2256 drmkaud - ok
13:21:21.0533 2256 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:21:21.0542 2256 DXGKrnl - ok
13:21:21.0571 2256 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:21:21.0573 2256 E1G60 - ok
13:21:21.0611 2256 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:21:21.0613 2256 Ecache - ok
13:21:21.0648 2256 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
13:21:21.0652 2256 elxstor - ok
13:21:21.0675 2256 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
13:21:21.0677 2256 ErrDev - ok
13:21:21.0738 2256 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:21:21.0741 2256 exfat - ok
13:21:21.0787 2256 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:21:21.0790 2256 fastfat - ok
13:21:21.0818 2256 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
13:21:21.0819 2256 fdc - ok
13:21:21.0837 2256 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:21:21.0838 2256 FileInfo - ok
13:21:21.0874 2256 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:21:21.0875 2256 Filetrace - ok
13:21:21.0899 2256 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:21:21.0900 2256 flpydisk - ok
13:21:21.0936 2256 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:21:21.0937 2256 FltMgr - ok
13:21:21.0974 2256 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
13:21:21.0975 2256 Fs_Rec - ok
13:21:22.0016 2256 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
13:21:22.0018 2256 gagp30kx - ok
13:21:22.0050 2256 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:21:22.0051 2256 GEARAspiWDM - ok
13:21:22.0082 2256 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
13:21:22.0084 2256 HdAudAddService - ok
13:21:22.0139 2256 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:21:22.0145 2256 HDAudBus - ok
13:21:22.0181 2256 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:21:22.0182 2256 HidBth - ok
13:21:22.0212 2256 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:21:22.0213 2256 HidIr - ok
13:21:22.0259 2256 hidshim (7f7e5e98cefed8a10f7e56810ea7b6df) C:\Windows\system32\DRIVERS\hidshim.sys
13:21:22.0260 2256 hidshim - ok
13:21:22.0321 2256 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:21:22.0322 2256 HidUsb - ok
13:21:22.0348 2256 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
13:21:22.0349 2256 HpCISSs - ok
13:21:22.0389 2256 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
13:21:22.0391 2256 HSFHWAZL - ok
13:21:22.0443 2256 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
13:21:22.0463 2256 HSF_DPV - ok
13:21:22.0493 2256 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
13:21:22.0496 2256 HSXHWAZL - ok
13:21:22.0536 2256 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:21:22.0544 2256 HTTP - ok
13:21:22.0583 2256 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
13:21:22.0584 2256 i2omp - ok
13:21:22.0611 2256 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:21:22.0613 2256 i8042prt - ok
13:21:22.0646 2256 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
13:21:22.0649 2256 iaStorV - ok
13:21:22.0672 2256 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:21:22.0674 2256 iirsp - ok
13:21:22.0758 2256 IntcAzAudAddService (b8716d9677b04b82fa405c8c54954728) C:\Windows\system32\drivers\RTKVHDA.sys
13:21:22.0803 2256 IntcAzAudAddService - ok
13:21:22.0825 2256 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
13:21:22.0826 2256 intelide - ok
13:21:22.0851 2256 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:21:22.0852 2256 intelppm - ok
13:21:22.0903 2256 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:21:22.0905 2256 IpFilterDriver - ok
13:21:22.0918 2256 IpInIp - ok
13:21:22.0949 2256 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
13:21:22.0950 2256 IPMIDRV - ok
13:21:22.0978 2256 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:21:22.0979 2256 IPNAT - ok
13:21:23.0030 2256 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
13:21:23.0033 2256 irda - ok
13:21:23.0051 2256 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:21:23.0052 2256 IRENUM - ok
13:21:23.0098 2256 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
13:21:23.0100 2256 isapnp - ok
13:21:23.0140 2256 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:21:23.0142 2256 iScsiPrt - ok
13:21:23.0176 2256 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:21:23.0178 2256 iteatapi - ok
13:21:23.0200 2256 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:21:23.0201 2256 iteraid - ok
13:21:23.0226 2256 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:21:23.0227 2256 kbdclass - ok
13:21:23.0260 2256 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:21:23.0261 2256 kbdhid - ok
13:21:23.0331 2256 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
13:21:23.0336 2256 KSecDD - ok
13:21:23.0379 2256 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:21:23.0381 2256 lltdio - ok
13:21:23.0419 2256 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
13:21:23.0420 2256 LSI_FC - ok
13:21:23.0439 2256 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
13:21:23.0442 2256 LSI_SAS - ok
13:21:23.0462 2256 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
13:21:23.0463 2256 LSI_SCSI - ok
13:21:23.0489 2256 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:21:23.0491 2256 luafv - ok
13:21:23.0551 2256 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
13:21:23.0553 2256 MBAMProtector - ok
13:21:23.0589 2256 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:21:23.0590 2256 mdmxsdk - ok
13:21:23.0618 2256 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
13:21:23.0619 2256 megasas - ok
13:21:23.0652 2256 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
13:21:23.0657 2256 MegaSR - ok
13:21:23.0693 2256 MFX (6cb347607891bd10c396a63762b6c439) C:\Windows\system32\drivers\MFX.sys
13:21:23.0693 2256 Suspicious file (NoAccess): C:\Windows\system32\drivers\MFX.sys. md5: 6cb347607891bd10c396a63762b6c439
13:21:23.0695 2256 Suspicious file (Hidden): C:\Windows\system32\drivers\MFX.sys. md5: 6cb347607891bd10c396a63762b6c439
13:21:23.0695 2256 MFX ( LockedFile.Multi.Generic ) - warning
13:21:23.0695 2256 MFX - detected LockedFile.Multi.Generic (1)
13:21:23.0720 2256 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:21:23.0721 2256 Modem - ok
13:21:23.0732 2256 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:21:23.0734 2256 monitor - ok
13:21:23.0747 2256 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:21:23.0749 2256 mouclass - ok
13:21:23.0763 2256 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:21:23.0765 2256 mouhid - ok
13:21:23.0779 2256 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:21:23.0781 2256 MountMgr - ok
13:21:23.0814 2256 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
13:21:23.0815 2256 mpio - ok
13:21:23.0847 2256 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:21:23.0849 2256 mpsdrv - ok
13:21:23.0880 2256 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:21:23.0881 2256 Mraid35x - ok
13:21:23.0945 2256 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:21:23.0947 2256 MRxDAV - ok
13:21:23.0996 2256 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:21:23.0997 2256 mrxsmb - ok
13:21:24.0037 2256 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:21:24.0039 2256 mrxsmb10 - ok
13:21:24.0060 2256 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:21:24.0062 2256 mrxsmb20 - ok
13:21:24.0085 2256 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
13:21:24.0087 2256 msahci - ok
13:21:24.0116 2256 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
13:21:24.0118 2256 msdsm - ok
13:21:24.0159 2256 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:21:24.0161 2256 Msfs - ok
13:21:24.0185 2256 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:21:24.0187 2256 msisadrv - ok
13:21:24.0239 2256 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:21:24.0241 2256 MSKSSRV - ok
13:21:24.0255 2256 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:21:24.0257 2256 MSPCLOCK - ok
13:21:24.0286 2256 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:21:24.0288 2256 MSPQM - ok
13:21:24.0313 2256 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:21:24.0315 2256 MsRPC - ok
13:21:24.0358 2256 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:21:24.0359 2256 mssmbios - ok
13:21:24.0384 2256 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:21:24.0386 2256 MSTEE - ok
13:21:24.0407 2256 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:21:24.0408 2256 Mup - ok
13:21:24.0454 2256 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:21:24.0457 2256 NativeWifiP - ok
13:21:24.0505 2256 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:21:24.0510 2256 NDIS - ok
13:21:24.0525 2256 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:21:24.0526 2256 NdisTapi - ok
13:21:24.0543 2256 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:21:24.0544 2256 Ndisuio - ok
13:21:24.0564 2256 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:21:24.0566 2256 NdisWan - ok
13:21:24.0583 2256 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:21:24.0585 2256 NDProxy - ok
13:21:24.0609 2256 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:21:24.0610 2256 NetBIOS - ok
13:21:24.0657 2256 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:21:24.0663 2256 netbt - ok
13:21:24.0725 2256 netr28 (a013222a9a890ddaac967debade59ead) C:\Windows\system32\DRIVERS\netr28.sys
13:21:24.0731 2256 netr28 - ok
13:21:24.0759 2256 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:21:24.0761 2256 nfrd960 - ok
13:21:24.0779 2256 nmwcd - ok
13:21:24.0790 2256 nmwcdc - ok
13:21:24.0832 2256 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:21:24.0834 2256 Npfs - ok
13:21:24.0869 2256 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
13:21:24.0871 2256 NSCIRDA - ok
13:21:24.0921 2256 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:21:24.0923 2256 nsiproxy - ok
13:21:25.0018 2256 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:21:25.0041 2256 Ntfs - ok
13:21:25.0128 2256 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
13:21:25.0130 2256 NTIDrvr - ok
13:21:25.0175 2256 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:21:25.0176 2256 ntrigdigi - ok
13:21:25.0188 2256 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:21:25.0190 2256 Null - ok
13:21:25.0224 2256 nuvotonhidgeneric (85d8845b7b6a434b7ce35723bf0e5c57) C:\Windows\system32\DRIVERS\nuvotonhidgeneric.sys
13:21:25.0225 2256 nuvotonhidgeneric - ok
13:21:25.0261 2256 NVHDA (0e616537f3e12d4c9fb71181c2f21bd5) C:\Windows\system32\drivers\nvhda32v.sys
13:21:25.0266 2256 NVHDA - ok
13:21:25.0511 2256 nvlddmkm (4152708c0c24e30dae7fa87d5afe1d7b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:21:25.0722 2256 nvlddmkm - ok
13:21:25.0758 2256 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
13:21:25.0760 2256 nvraid - ok
13:21:25.0778 2256 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
13:21:25.0780 2256 nvstor - ok
13:21:25.0813 2256 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
13:21:25.0815 2256 nv_agp - ok
13:21:25.0826 2256 NwlnkFlt - ok
13:21:25.0839 2256 NwlnkFwd - ok
13:21:25.0867 2256 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
13:21:25.0869 2256 ohci1394 - ok
13:21:25.0910 2256 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:21:25.0913 2256 Parport - ok
13:21:25.0948 2256 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
13:21:25.0950 2256 partmgr - ok
13:21:25.0974 2256 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:21:25.0975 2256 Parvdm - ok
13:21:25.0988 2256 pccsmcfd - ok
13:21:26.0016 2256 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:21:26.0018 2256 pci - ok
13:21:26.0042 2256 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
13:21:26.0044 2256 pciide - ok
13:21:26.0070 2256 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
13:21:26.0072 2256 pcmcia - ok
13:21:26.0117 2256 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:21:26.0136 2256 PEAUTH - ok
13:21:26.0213 2256 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:21:26.0216 2256 PptpMiniport - ok
13:21:26.0259 2256 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
13:21:26.0261 2256 Processor - ok
13:21:26.0305 2256 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:21:26.0306 2256 PSched - ok
13:21:26.0355 2256 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
13:21:26.0389 2256 ql2300 - ok
13:21:26.0415 2256 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:21:26.0416 2256 ql40xx - ok
13:21:26.0446 2256 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:21:26.0447 2256 QWAVEdrv - ok
13:21:26.0464 2256 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:21:26.0466 2256 RasAcd - ok
13:21:26.0489 2256 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:21:26.0491 2256 Rasl2tp - ok
13:21:26.0537 2256 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:21:26.0539 2256 RasPppoe - ok
13:21:26.0558 2256 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:21:26.0560 2256 RasSstp - ok
13:21:26.0598 2256 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:21:26.0601 2256 rdbss - ok
13:21:26.0619 2256 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:21:26.0621 2256 RDPCDD - ok
13:21:26.0671 2256 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
13:21:26.0673 2256 rdpdr - ok
13:21:26.0706 2256 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:21:26.0709 2256 RDPENCDD - ok
13:21:26.0757 2256 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
13:21:26.0759 2256 RDPWD - ok
13:21:26.0802 2256 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:21:26.0805 2256 rspndr - ok
13:21:26.0836 2256 RTSTOR (8dab5975b5c7923d61506a48e251dbad) C:\Windows\system32\drivers\RTSTOR.SYS
13:21:26.0839 2256 RTSTOR - ok
13:21:26.0933 2256 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:21:26.0933 2256 SASDIFSV - ok
13:21:26.0946 2256 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:21:26.0948 2256 SASKUTIL - ok
13:21:27.0040 2256 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:21:27.0042 2256 sbp2port - ok
13:21:27.0116 2256 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
13:21:27.0118 2256 sdbus - ok
13:21:27.0171 2256 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:21:27.0173 2256 secdrv - ok
13:21:27.0216 2256 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:21:27.0217 2256 Serenum - ok
13:21:27.0246 2256 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:21:27.0248 2256 Serial - ok
13:21:27.0272 2256 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:21:27.0274 2256 sermouse - ok
13:21:27.0306 2256 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
13:21:27.0308 2256 sffdisk - ok
13:21:27.0324 2256 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
13:21:27.0326 2256 sffp_mmc - ok
13:21:27.0343 2256 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
13:21:27.0345 2256 sffp_sd - ok
13:21:27.0361 2256 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:21:27.0362 2256 sfloppy - ok
13:21:27.0433 2256 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
13:21:27.0434 2256 sisagp - ok
13:21:27.0473 2256 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
13:21:27.0475 2256 SiSRaid2 - ok
13:21:27.0504 2256 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
13:21:27.0506 2256 SiSRaid4 - ok
13:21:27.0575 2256 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:21:27.0577 2256 Smb - ok
13:21:27.0607 2256 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:21:27.0609 2256 spldr - ok
13:21:27.0658 2256 sptd (a199171385be17973fd800fa91f8f78a) C:\Windows\system32\Drivers\sptd.sys
13:21:27.0658 2256 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
13:21:27.0660 2256 sptd ( LockedFile.Multi.Generic ) - warning
13:21:27.0660 2256 sptd - detected LockedFile.Multi.Generic (1)
13:21:27.0699 2256 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:21:27.0703 2256 srv - ok
13:21:27.0736 2256 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:21:27.0740 2256 srv2 - ok
13:21:27.0768 2256 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:21:27.0771 2256 srvnet - ok
13:21:27.0801 2256 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
13:21:27.0803 2256 ssmdrv - ok
13:21:27.0831 2256 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
13:21:27.0832 2256 StillCam - ok
13:21:27.0846 2256 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:21:27.0849 2256 swenum - ok
13:21:27.0900 2256 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:21:27.0902 2256 Symc8xx - ok
13:21:27.0946 2256 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:21:27.0948 2256 Sym_hi - ok
13:21:27.0976 2256 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:21:27.0977 2256 Sym_u3 - ok
13:21:28.0012 2256 SynTP (4c9bb4b3b9eac26211484c30b914c6dc) C:\Windows\system32\DRIVERS\SynTP.sys
13:21:28.0014 2256 SynTP - ok
13:21:28.0077 2256 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
13:21:28.0099 2256 Tcpip - ok
13:21:28.0127 2256 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
13:21:28.0134 2256 Tcpip6 - ok
13:21:28.0172 2256 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
13:21:28.0174 2256 tcpipreg - ok
13:21:28.0197 2256 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:21:28.0199 2256 TDPIPE - ok
13:21:28.0248 2256 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:21:28.0250 2256 TDTCP - ok
13:21:28.0287 2256 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:21:28.0289 2256 tdx - ok
13:21:28.0320 2256 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:21:28.0322 2256 TermDD - ok
13:21:28.0386 2256 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:21:28.0388 2256 tssecsrv - ok
13:21:28.0417 2256 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:21:28.0419 2256 tunmp - ok
13:21:28.0450 2256 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:21:28.0452 2256 tunnel - ok
13:21:28.0482 2256 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
13:21:28.0484 2256 uagp35 - ok
13:21:28.0512 2256 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
13:21:28.0514 2256 UBHelper - ok
13:21:28.0556 2256 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:21:28.0559 2256 udfs - ok
13:21:28.0600 2256 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
13:21:28.0602 2256 uliagpkx - ok
13:21:28.0630 2256 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
13:21:28.0634 2256 uliahci - ok
13:21:28.0661 2256 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:21:28.0663 2256 UlSata - ok
13:21:28.0687 2256 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:21:28.0690 2256 ulsata2 - ok
13:21:28.0714 2256 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:21:28.0716 2256 umbus - ok
13:21:28.0729 2256 upperdev - ok
13:21:28.0784 2256 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
13:21:28.0786 2256 USBAAPL - ok
13:21:28.0798 2256 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:21:28.0801 2256 usbccgp - ok
13:21:28.0827 2256 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:21:28.0829 2256 usbcir - ok
13:21:28.0870 2256 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:21:28.0872 2256 usbehci - ok
13:21:28.0900 2256 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:21:28.0906 2256 usbhub - ok
13:21:28.0936 2256 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
13:21:28.0938 2256 usbohci - ok
13:21:28.0989 2256 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:21:28.0991 2256 usbprint - ok
13:21:29.0027 2256 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:21:29.0028 2256 usbscan - ok
13:21:29.0065 2256 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys
13:21:29.0067 2256 usbser - ok
13:21:29.0079 2256 UsbserFilt - ok
13:21:29.0119 2256 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:21:29.0121 2256 USBSTOR - ok
13:21:29.0143 2256 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:21:29.0145 2256 usbuhci - ok
13:21:29.0175 2256 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
13:21:29.0179 2256 usbvideo - ok
13:21:29.0220 2256 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
13:21:29.0222 2256 vga - ok
13:21:29.0246 2256 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:21:29.0248 2256 VgaSave - ok
13:21:29.0283 2256 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
13:21:29.0285 2256 viaagp - ok
13:21:29.0309 2256 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
13:21:29.0311 2256 ViaC7 - ok
13:21:29.0336 2256 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
13:21:29.0338 2256 viaide - ok
13:21:29.0365 2256 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:21:29.0367 2256 volmgr - ok
13:21:29.0400 2256 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:21:29.0405 2256 volmgrx - ok
13:21:29.0433 2256 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:21:29.0437 2256 volsnap - ok
13:21:29.0473 2256 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
13:21:29.0475 2256 vsmraid - ok
13:21:29.0529 2256 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:21:29.0531 2256 WacomPen - ok
13:21:29.0558 2256 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:21:29.0561 2256 Wanarp - ok
13:21:29.0565 2256 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:21:29.0568 2256 Wanarpv6 - ok
13:21:29.0607 2256 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
13:21:29.0609 2256 Wd - ok
13:21:29.0662 2256 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:21:29.0668 2256 Wdf01000 - ok
13:21:29.0733 2256 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
13:21:29.0738 2256 winachsf - ok
13:21:29.0803 2256 WisINT15 - ok
13:21:29.0842 2256 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:21:29.0844 2256 WmiAcpi - ok
13:21:29.0899 2256 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
13:21:29.0902 2256 WpdUsb - ok
13:21:29.0954 2256 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:21:29.0956 2256 ws2ifsl - ok
13:21:30.0050 2256 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
13:21:30.0053 2256 WudfPf - ok
13:21:30.0097 2256 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:21:30.0100 2256 WUDFRd - ok
13:21:30.0132 2256 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
13:21:30.0134 2256 XAudio - ok
13:21:30.0162 2256 MBR (0x1B8) (bb9d3a6a13c5010348da7c900bb6af50) \Device\Harddisk0\DR0
13:21:30.0303 2256 \Device\Harddisk0\DR0 - ok
13:21:30.0333 2256 Boot (0x1200) (aae2e6f6b6eaca9d502335abfc5fa7c0) \Device\Harddisk0\DR0\Partition0
13:21:30.0334 2256 \Device\Harddisk0\DR0\Partition0 - ok
13:21:30.0353 2256 Boot (0x1200) (bac74db501feeea212fc9ad8709c2783) \Device\Harddisk0\DR0\Partition1
13:21:30.0354 2256 \Device\Harddisk0\DR0\Partition1 - ok
13:21:30.0354 2256 ============================================================
13:21:30.0355 2256 Scan finished
13:21:30.0355 2256 ============================================================
13:21:30.0370 6080 Detected object count: 2
13:21:30.0370 6080 Actual detected object count: 2
13:21:41.0135 6080 MFX ( LockedFile.Multi.Generic ) - skipped by user
13:21:41.0135 6080 MFX ( LockedFile.Multi.Generic ) - User select action: Skip
13:21:41.0138 6080 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:21:41.0138 6080 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
13:21:58.0455 4752 ============================================================
13:21:58.0455 4752 Scan started
13:21:58.0455 4752 Mode: Manual;
13:21:58.0455 4752 ============================================================
13:21:58.0672 4752 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:21:58.0674 4752 ACPI - ok
13:21:58.0706 4752 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
13:21:58.0709 4752 adp94xx - ok
13:21:58.0739 4752 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
13:21:58.0741 4752 adpahci - ok
13:21:58.0767 4752 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
13:21:58.0768 4752 adpu160m - ok
13:21:58.0798 4752 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
13:21:58.0800 4752 adpu320 - ok
13:21:58.0843 4752 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:21:58.0845 4752 AFD - ok
13:21:58.0877 4752 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
13:21:58.0878 4752 agp440 - ok
13:21:58.0900 4752 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:21:58.0901 4752 aic78xx - ok
13:21:58.0926 4752 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
13:21:58.0926 4752 aliide - ok
13:21:58.0957 4752 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
13:21:58.0958 4752 amdagp - ok
13:21:58.0978 4752 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
13:21:58.0978 4752 amdide - ok
13:21:59.0006 4752 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
13:21:59.0007 4752 AmdK7 - ok
13:21:59.0030 4752 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
13:21:59.0031 4752 AmdK8 - ok
13:21:59.0069 4752 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
13:21:59.0070 4752 arc - ok
13:21:59.0089 4752 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
13:21:59.0090 4752 arcsas - ok
13:21:59.0113 4752 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:21:59.0114 4752 AsyncMac - ok
13:21:59.0157 4752 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:21:59.0158 4752 atapi - ok
13:21:59.0227 4752 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
13:21:59.0228 4752 avgio - ok
13:21:59.0256 4752 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
13:21:59.0257 4752 avgntflt - ok
13:21:59.0294 4752 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
13:21:59.0295 4752 avipbb - ok
13:21:59.0320 4752 b57nd60x (6fb43f0dadb3fdc287d080c19666af8d) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:21:59.0322 4752 b57nd60x - ok
13:21:59.0337 4752 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:21:59.0338 4752 Beep - ok
13:21:59.0385 4752 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
13:21:59.0385 4752 blbdrive - ok
13:21:59.0423 4752 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:21:59.0424 4752 bowser - ok
13:21:59.0444 4752 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:21:59.0445 4752 BrFiltLo - ok
13:21:59.0462 4752 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:21:59.0463 4752 BrFiltUp - ok
13:21:59.0490 4752 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:21:59.0491 4752 Brserid - ok
13:21:59.0509 4752 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:21:59.0510 4752 BrSerWdm - ok
13:21:59.0536 4752 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:21:59.0538 4752 BrUsbMdm - ok
13:21:59.0558 4752 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:21:59.0559 4752 BrUsbSer - ok
13:21:59.0578 4752 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:21:59.0579 4752 BTHMODEM - ok
13:21:59.0614 4752 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:21:59.0615 4752 cdfs - ok
13:21:59.0658 4752 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:21:59.0659 4752 cdrom - ok
13:21:59.0684 4752 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
13:21:59.0684 4752 circlass - ok
13:21:59.0734 4752 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:21:59.0736 4752 CLFS - ok
13:21:59.0758 4752 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
13:21:59.0759 4752 CmBatt - ok
13:21:59.0784 4752 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
13:21:59.0785 4752 cmdide - ok
13:21:59.0808 4752 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
13:21:59.0808 4752 Compbatt - ok
13:21:59.0824 4752 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
13:21:59.0825 4752 crcdisk - ok
13:21:59.0848 4752 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
13:21:59.0849 4752 Crusoe - ok
13:21:59.0899 4752 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:21:59.0900 4752 DfsC - ok
13:21:59.0940 4752 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:21:59.0941 4752 disk - ok
13:21:59.0973 4752 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
13:21:59.0974 4752 DKbFltr - ok
13:22:00.0024 4752 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
13:22:00.0026 4752 Dot4 - ok
13:22:00.0054 4752 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:22:00.0055 4752 Dot4Print - ok
13:22:00.0082 4752 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
13:22:00.0083 4752 dot4usb - ok
13:22:00.0110 4752 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:22:00.0111 4752 drmkaud - ok
13:22:00.0166 4752 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:22:00.0171 4752 DXGKrnl - ok
13:22:00.0193 4752 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:22:00.0194 4752 E1G60 - ok
13:22:00.0255 4752 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:22:00.0257 4752 Ecache - ok
13:22:00.0314 4752 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
13:22:00.0317 4752 elxstor - ok
13:22:00.0342 4752 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
13:22:00.0343 4752 ErrDev - ok
13:22:00.0393 4752 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:22:00.0394 4752 exfat - ok
13:22:00.0429 4752 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:22:00.0431 4752 fastfat - ok
13:22:00.0451 4752 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
13:22:00.0453 4752 fdc - ok
13:22:00.0471 4752 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:22:00.0473 4752 FileInfo - ok
13:22:00.0496 4752 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:22:00.0497 4752 Filetrace - ok
13:22:00.0521 4752 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:22:00.0522 4752 flpydisk - ok
13:22:00.0569 4752 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:22:00.0570 4752 FltMgr - ok
13:22:00.0596 4752 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
13:22:00.0596 4752 Fs_Rec - ok
13:22:00.0627 4752 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
13:22:00.0629 4752 gagp30kx - ok
13:22:00.0661 4752 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:22:00.0662 4752 GEARAspiWDM - ok
13:22:00.0692 4752 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
13:22:00.0695 4752 HdAudAddService - ok
13:22:00.0749 4752 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:22:00.0754 4752 HDAudBus - ok
13:22:00.0781 4752 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:22:00.0782 4752 HidBth - ok
13:22:00.0800 4752 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:22:00.0801 4752 HidIr - ok
13:22:00.0836 4752 hidshim (7f7e5e98cefed8a10f7e56810ea7b6df) C:\Windows\system32\DRIVERS\hidshim.sys
13:22:00.0837 4752 hidshim - ok
13:22:00.0853 4752 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:22:00.0854 4752 HidUsb - ok
13:22:00.0881 4752 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
13:22:00.0882 4752 HpCISSs - ok
13:22:00.0922 4752 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
13:22:00.0924 4752 HSFHWAZL - ok
13:22:00.0976 4752 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
13:22:00.0983 4752 HSF_DPV - ok
13:22:01.0015 4752 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
13:22:01.0017 4752 HSXHWAZL - ok
13:22:01.0048 4752 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:22:01.0051 4752 HTTP - ok
13:22:01.0072 4752 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
13:22:01.0073 4752 i2omp - ok
13:22:01.0100 4752 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:22:01.0101 4752 i8042prt - ok
13:22:01.0135 4752 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
13:22:01.0137 4752 iaStorV - ok
13:22:01.0161 4752 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:22:01.0162 4752 iirsp - ok
13:22:01.0247 4752 IntcAzAudAddService (b8716d9677b04b82fa405c8c54954728) C:\Windows\system32\drivers\RTKVHDA.sys
13:22:01.0261 4752 IntcAzAudAddService - ok
13:22:01.0281 4752 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
13:22:01.0282 4752 intelide - ok
13:22:01.0306 4752 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:22:01.0307 4752 intelppm - ok
13:22:01.0336 4752 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:22:01.0337 4752 IpFilterDriver - ok
13:22:01.0351 4752 IpInIp - ok
13:22:01.0382 4752 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
13:22:01.0383 4752 IPMIDRV - ok
13:22:01.0411 4752 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:22:01.0412 4752 IPNAT - ok
13:22:01.0441 4752 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
13:22:01.0442 4752 irda - ok
13:22:01.0462 4752 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:22:01.0464 4752 IRENUM - ok
13:22:01.0497 4752 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
13:22:01.0499 4752 isapnp - ok
13:22:01.0540 4752 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:22:01.0542 4752 iScsiPrt - ok
13:22:01.0576 4752 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:22:01.0577 4752 iteatapi - ok
13:22:01.0599 4752 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:22:01.0601 4752 iteraid - ok
13:22:01.0626 4752 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:22:01.0627 4752 kbdclass - ok
13:22:01.0660 4752 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:22:01.0661 4752 kbdhid - ok
13:22:01.0709 4752 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
13:22:01.0713 4752 KSecDD - ok
13:22:01.0746 4752 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:22:01.0747 4752 lltdio - ok
13:22:01.0785 4752 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
13:22:01.0787 4752 LSI_FC - ok
13:22:01.0805 4752 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
13:22:01.0807 4752 LSI_SAS - ok
13:22:01.0828 4752 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
13:22:01.0829 4752 LSI_SCSI - ok
13:22:01.0842 4752 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:22:01.0843 4752 luafv - ok
13:22:01.0884 4752 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
13:22:01.0886 4752 MBAMProtector - ok
13:22:01.0922 4752 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:22:01.0923 4752 mdmxsdk - ok
13:22:01.0950 4752 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
13:22:01.0952 4752 megasas - ok
13:22:01.0985 4752 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
13:22:01.0988 4752 MegaSR - ok
13:22:02.0026 4752 MFX (6cb347607891bd10c396a63762b6c439) C:\Windows\system32\drivers\MFX.sys
13:22:02.0026 4752 Suspicious file (NoAccess): C:\Windows\system32\drivers\MFX.sys. md5: 6cb347607891bd10c396a63762b6c439
13:22:02.0028 4752 Suspicious file (Hidden): C:\Windows\system32\drivers\MFX.sys. md5: 6cb347607891bd10c396a63762b6c439
13:22:02.0028 4752 MFX ( LockedFile.Multi.Generic ) - warning
13:22:02.0028 4752 MFX - detected LockedFile.Multi.Generic (1)
13:22:02.0052 4752 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:22:02.0054 4752 Modem - ok
13:22:02.0065 4752 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:22:02.0066 4752 monitor - ok
13:22:02.0079 4752 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:22:02.0081 4752 mouclass - ok
13:22:02.0096 4752 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:22:02.0097 4752 mouhid - ok
13:22:02.0112 4752 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:22:02.0113 4752 MountMgr - ok
13:22:02.0147 4752 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
13:22:02.0148 4752 mpio - ok
13:22:02.0180 4752 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:22:02.0181 4752 mpsdrv - ok
13:22:02.0224 4752 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:22:02.0225 4752 Mraid35x - ok
13:22:02.0255 4752 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:22:02.0258 4752 MRxDAV - ok
13:22:02.0328 4752 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:22:02.0330 4752 mrxsmb - ok
13:22:02.0370 4752 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:22:02.0372 4752 mrxsmb10 - ok
13:22:02.0392 4752 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:22:02.0394 4752 mrxsmb20 - ok
13:22:02.0418 4752 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
13:22:02.0419 4752 msahci - ok
13:22:02.0449 4752 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
13:22:02.0451 4752 msdsm - ok
13:22:02.0492 4752 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:22:02.0493 4752 Msfs - ok
13:22:02.0507 4752 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:22:02.0508 4752 msisadrv - ok
13:22:02.0539 4752 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:22:02.0540 4752 MSKSSRV - ok
13:22:02.0555 4752 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:22:02.0556 4752 MSPCLOCK - ok
13:22:02.0568 4752 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:22:02.0569 4752 MSPQM - ok
13:22:02.0601 4752 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:22:02.0603 4752 MsRPC - ok
13:22:02.0624 4752 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:22:02.0625 4752 mssmbios - ok
13:22:02.0650 4752 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:22:02.0652 4752 MSTEE - ok
13:22:02.0673 4752 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:22:02.0675 4752 Mup - ok
13:22:02.0720 4752 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:22:02.0722 4752 NativeWifiP - ok
13:22:02.0760 4752 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:22:02.0764 4752 NDIS - ok
13:22:02.0779 4752 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:22:02.0780 4752 NdisTapi - ok
13:22:02.0798 4752 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:22:02.0799 4752 Ndisuio - ok
13:22:02.0819 4752 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:22:02.0821 4752 NdisWan - ok
13:22:02.0838 4752 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:22:02.0840 4752 NDProxy - ok
13:22:02.0854 4752 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:22:02.0856 4752 NetBIOS - ok
13:22:02.0890 4752 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:22:02.0892 4752 netbt - ok
13:22:02.0958 4752 netr28 (a013222a9a890ddaac967debade59ead) C:\Windows\system32\DRIVERS\netr28.sys
13:22:02.0962 4752 netr28 - ok
13:22:02.0992 4752 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:22:02.0994 4752 nfrd960 - ok
13:22:03.0006 4752 nmwcd - ok
13:22:03.0019 4752 nmwcdc - ok
13:22:03.0052 4752 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:22:03.0054 4752 Npfs - ok
13:22:03.0079 4752 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
13:22:03.0080 4752 NSCIRDA - ok
13:22:03.0109 4752 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:22:03.0111 4752 nsiproxy - ok
13:22:03.0162 4752 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:22:03.0170 4752 Ntfs - ok
13:22:03.0205 4752 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
13:22:03.0207 4752 NTIDrvr - ok
13:22:03.0241 4752 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:22:03.0242 4752 ntrigdigi - ok
13:22:03.0253 4752 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:22:03.0255 4752 Null - ok
13:22:03.0290 4752 nuvotonhidgeneric (85d8845b7b6a434b7ce35723bf0e5c57) C:\Windows\system32\DRIVERS\nuvotonhidgeneric.sys
13:22:03.0291 4752 nuvotonhidgeneric - ok
13:22:03.0328 4752 NVHDA (0e616537f3e12d4c9fb71181c2f21bd5) C:\Windows\system32\drivers\nvhda32v.sys
13:22:03.0330 4752 NVHDA - ok
13:22:03.0577 4752 nvlddmkm (4152708c0c24e30dae7fa87d5afe1d7b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:22:03.0645 4752 nvlddmkm - ok
13:22:03.0679 4752 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
13:22:03.0681 4752 nvraid - ok
13:22:03.0700 4752 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
13:22:03.0701 4752 nvstor - ok
13:22:03.0734 4752 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
13:22:03.0736 4752 nv_agp - ok
13:22:03.0747 4752 NwlnkFlt - ok
13:22:03.0759 4752 NwlnkFwd - ok
13:22:03.0789 4752 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
13:22:03.0790 4752 ohci1394 - ok
13:22:03.0831 4752 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:22:03.0833 4752 Parport - ok
13:22:03.0858 4752 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
13:22:03.0860 4752 partmgr - ok
13:22:03.0884 4752 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:22:03.0885 4752 Parvdm - ok
13:22:03.0905 4752 pccsmcfd - ok
13:22:03.0937 4752 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:22:03.0940 4752 pci - ok
13:22:03.0965 4752 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
13:22:03.0967 4752 pciide - ok
13:22:04.0002 4752 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
13:22:04.0005 4752 pcmcia - ok
13:22:04.0050 4752 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:22:04.0056 4752 PEAUTH - ok
13:22:04.0113 4752 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:22:04.0115 4752 PptpMiniport - ok
13:22:04.0148 4752 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
13:22:04.0149 4752 Processor - ok
13:22:04.0193 4752 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:22:04.0195 4752 PSched - ok
13:22:04.0243 4752 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
13:22:04.0251 4752 ql2300 - ok
13:22:04.0281 4752 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:22:04.0283 4752 ql40xx - ok
13:22:04.0297 4752 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:22:04.0299 4752 QWAVEdrv - ok
13:22:04.0330 4752 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:22:04.0331 4752 RasAcd - ok
13:22:04.0355 4752 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:22:04.0357 4752 Rasl2tp - ok
13:22:04.0392 4752 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:22:04.0393 4752 RasPppoe - ok
13:22:04.0413 4752 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:22:04.0415 4752 RasSstp - ok
13:22:04.0453 4752 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:22:04.0456 4752 rdbss - ok
13:22:04.0474 4752 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:22:04.0476 4752 RDPCDD - ok
13:22:04.0525 4752 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
13:22:04.0528 4752 rdpdr - ok
13:22:04.0540 4752 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:22:04.0542 4752 RDPENCDD - ok
13:22:04.0567 4752 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
13:22:04.0570 4752 RDPWD - ok
13:22:04.0613 4752 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:22:04.0614 4752 rspndr - ok
13:22:04.0647 4752 RTSTOR (8dab5975b5c7923d61506a48e251dbad) C:\Windows\system32\drivers\RTSTOR.SYS
13:22:04.0648 4752 RTSTOR - ok
13:22:04.0732 4752 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:22:04.0732 4752 SASDIFSV - ok
13:22:04.0746 4752 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:22:04.0747 4752 SASKUTIL - ok
13:22:04.0783 4752 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:22:04.0785 4752 sbp2port - ok
13:22:04.0827 4752 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
13:22:04.0828 4752 sdbus - ok
13:22:04.0859 4752 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:22:04.0861 4752 secdrv - ok
13:22:04.0898 4752 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:22:04.0900 4752 Serenum - ok
13:22:04.0934 4752 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:22:04.0936 4752 Serial - ok
13:22:04.0960 4752 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:22:04.0962 4752 sermouse - ok
13:22:04.0994 4752 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
13:22:04.0995 4752 sffdisk - ok
13:22:05.0012 4752 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
13:22:05.0013 4752 sffp_mmc - ok
13:22:05.0031 4752 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
13:22:05.0032 4752 sffp_sd - ok
13:22:05.0049 4752 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:22:05.0050 4752 sfloppy - ok
13:22:05.0098 4752 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
13:22:05.0100 4752 sisagp - ok
13:22:05.0128 4752 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
13:22:05.0129 4752 SiSRaid2 - ok
13:22:05.0159 4752 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
13:22:05.0160 4752 SiSRaid4 - ok
13:22:05.0207 4752 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:22:05.0209 4752 Smb - ok
13:22:05.0262 4752 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:22:05.0263 4752 spldr - ok
13:22:05.0312 4752 sptd (a199171385be17973fd800fa91f8f78a) C:\Windows\system32\Drivers\sptd.sys
13:22:05.0312 4752 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
13:22:05.0315 4752 sptd ( LockedFile.Multi.Generic ) - warning
13:22:05.0315 4752 sptd - detected LockedFile.Multi.Generic (1)
13:22:05.0354 4752 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:22:05.0357 4752 srv - ok
13:22:05.0379 4752 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:22:05.0382 4752 srv2 - ok
13:22:05.0411 4752 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:22:05.0413 4752 srvnet - ok
13:22:05.0445 4752 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
13:22:05.0446 4752 ssmdrv - ok
13:22:05.0474 4752 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
13:22:05.0476 4752 StillCam - ok
13:22:05.0492 4752 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:22:05.0494 4752 swenum - ok
13:22:05.0521 4752 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:22:05.0523 4752 Symc8xx - ok
13:22:05.0556 4752 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:22:05.0558 4752 Sym_hi - ok
13:22:05.0586 4752 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:22:05.0587 4752 Sym_u3 - ok
13:22:05.0622 4752 SynTP (4c9bb4b3b9eac26211484c30b914c6dc) C:\Windows\system32\DRIVERS\SynTP.sys
13:22:05.0624 4752 SynTP - ok
13:22:05.0688 4752 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
13:22:05.0694 4752 Tcpip - ok
13:22:05.0732 4752 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
13:22:05.0739 4752 Tcpip6 - ok
13:22:05.0771 4752 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
13:22:05.0773 4752 tcpipreg - ok
13:22:05.0795 4752 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:22:05.0796 4752 TDPIPE - ok
13:22:05.0814 4752 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:22:05.0816 4752 TDTCP - ok
13:22:05.0853 4752 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:22:05.0855 4752 tdx - ok
13:22:05.0886 4752 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:22:05.0887 4752 TermDD - ok
13:22:05.0941 4752 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:22:05.0943 4752 tssecsrv - ok
13:22:05.0971 4752 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:22:05.0974 4752 tunmp - ok
13:22:06.0005 4752 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:22:06.0007 4752 tunnel - ok
13:22:06.0037 4752 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
13:22:06.0039 4752 uagp35 - ok
13:22:06.0066 4752 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
13:22:06.0068 4752 UBHelper - ok
13:22:06.0100 4752 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:22:06.0102 4752 udfs - ok
13:22:06.0144 4752 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
13:22:06.0145 4752 uliagpkx - ok
13:22:06.0173 4752 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
13:22:06.0176 4752 uliahci - ok
13:22:06.0205 4752 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:22:06.0207 4752 UlSata - ok
13:22:06.0231 4752 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:22:06.0233 4752 ulsata2 - ok
13:22:06.0257 4752 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:22:06.0259 4752 umbus - ok
13:22:06.0273 4752 upperdev - ok
13:22:06.0316 4752 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
13:22:06.0318 4752 USBAAPL - ok
13:22:06.0330 4752 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:22:06.0333 4752 usbccgp - ok
13:22:06.0371 4752 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:22:06.0373 4752 usbcir - ok
13:22:06.0414 4752 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:22:06.0415 4752 usbehci - ok
13:22:06.0452 4752 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:22:06.0454 4752 usbhub - ok
13:22:06.0479 4752 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
13:22:06.0481 4752 usbohci - ok
13:22:06.0533 4752 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:22:06.0534 4752 usbprint - ok
13:22:06.0570 4752 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:22:06.0572 4752 usbscan - ok
13:22:06.0609 4752 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys
13:22:06.0611 4752 usbser - ok
13:22:06.0622 4752 UsbserFilt - ok
13:22:06.0662 4752 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:22:06.0665 4752 USBSTOR - ok
13:22:06.0686 4752 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:22:06.0688 4752 usbuhci - ok
13:22:06.0708 4752 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
13:22:06.0710 4752 usbvideo - ok
13:22:06.0742 4752 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
13:22:06.0744 4752 vga - ok
13:22:06.0767 4752 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:22:06.0769 4752 VgaSave - ok
13:22:06.0793 4752 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
13:22:06.0795 4752 viaagp - ok
13:22:06.0819 4752 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
13:22:06.0821 4752 ViaC7 - ok
13:22:06.0846 4752 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
13:22:06.0847 4752 viaide - ok
13:22:06.0875 4752 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:22:06.0877 4752 volmgr - ok
13:22:06.0911 4752 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:22:06.0914 4752 volmgrx - ok
13:22:06.0943 4752 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:22:06.0946 4752 volsnap - ok
13:22:06.0972 4752 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
13:22:06.0975 4752 vsmraid - ok
13:22:07.0006 4752 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:22:07.0007 4752 WacomPen - ok
13:22:07.0035 4752 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:22:07.0037 4752 Wanarp - ok
13:22:07.0041 4752 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:22:07.0044 4752 Wanarpv6 - ok
13:22:07.0084 4752 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
13:22:07.0085 4752 Wd - ok
13:22:07.0139 4752 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:22:07.0143 4752 Wdf01000 - ok
13:22:07.0210 4752 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
13:22:07.0214 4752 winachsf - ok
13:22:07.0280 4752 WisINT15 - ok
13:22:07.0319 4752 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:22:07.0321 4752 WmiAcpi - ok
13:22:07.0359 4752 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
13:22:07.0361 4752 WpdUsb - ok
13:22:07.0398 4752 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:22:07.0400 4752 ws2ifsl - ok
13:22:07.0460 4752 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
13:22:07.0463 4752 WudfPf - ok
13:22:07.0507 4752 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:22:07.0510 4752 WUDFRd - ok
13:22:07.0575 4752 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
13:22:07.0577 4752 XAudio - ok
13:22:07.0606 4752 MBR (0x1B8) (bb9d3a6a13c5010348da7c900bb6af50) \Device\Harddisk0\DR0
13:22:07.0743 4752 \Device\Harddisk0\DR0 - ok
13:22:07.0843 4752 Boot (0x1200) (aae2e6f6b6eaca9d502335abfc5fa7c0) \Device\Harddisk0\DR0\Partition0
13:22:07.0844 4752 \Device\Harddisk0\DR0\Partition0 - ok
13:22:07.0863 4752 Boot (0x1200) (bac74db501feeea212fc9ad8709c2783) \Device\Harddisk0\DR0\Partition1
13:22:07.0864 4752 \Device\Harddisk0\DR0\Partition1 - ok
13:22:07.0865 4752 ============================================================
13:22:07.0865 4752 Scan finished
13:22:07.0865 4752 ============================================================
13:22:07.0875 4276 Detected object count: 2
13:22:07.0875 4276 Actual detected object count: 2
13:22:15.0598 4276 MFX ( LockedFile.Multi.Generic ) - skipped by user
13:22:15.0598 4276 MFX ( LockedFile.Multi.Generic ) - User select action: Skip
13:22:15.0600 4276 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:22:15.0600 4276 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
13:24:01.0911 4560 ============================================================
13:24:01.0911 4560 Scan started
13:24:01.0911 4560 Mode: Manual;
13:24:01.0911 4560
[\quote]

Antwort

Themen zu TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll
32-bit, antivir, appdata, auswirkungen, avira, avira antivir, e-banking, edition, foren, fund, gelöscht, home, icq, internet, kaputt, logfile, rechner, roaming, rum, spinnt, tr/atraps.gen, trojaner, virus, vista, windows, windows vista, windows vista home



Ähnliche Themen: TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll


  1. Windows 8 Trojaner Zbot.gen gefunden in C:\Users\*****\Appdata\Roaming\Cuyfzy\piutfas.exe
    Log-Analyse und Auswertung - 22.08.2014 (6)
  2. C:\Users\didi\AppData\Roaming\skype.dat
    Log-Analyse und Auswertung - 30.09.2013 (2)
  3. Trojaner: \Users\Kerstin\AppData\Roaming\systeme\upsate.exe
    Log-Analyse und Auswertung - 03.06.2013 (12)
  4. Online- Banking gesperrt! Trojan.FakeAlert.Gen & Trojan.ZbotR.Gen in (C:\Users\\AppData\Temp & C:\Users\\AppData\Roaming\Osje\rutaap.exe)
    Log-Analyse und Auswertung - 06.02.2013 (1)
  5. RunDLL Probleme beim Starten von C:\users\***\AppData\Roaming\pndeb.dll & AppData\Local\powstak.dll
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (5)
  6. Trojaner Generic6.cbnx in C:\Users\Alexander\AppData\Roaming entdeckt
    Log-Analyse und Auswertung - 19.10.2012 (13)
  7. Viren in C:\Users\***\AppData\Roaming\BAcroIEHelpe*.dll
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (5)
  8. GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (14)
  9. Trojaner in Datei C:\users\XY\Appdata\Roaming\appconf32.exe
    Log-Analyse und Auswertung - 30.07.2012 (4)
  10. Win32/Injector.JRX Trojaner C:\Users\XXXXX\AppData\Roaming\WinHost\host.exe
    Plagegeister aller Art und deren Bekämpfung - 02.05.2012 (11)
  11. Sonderbare Ordner in C:\users\.......\appData\Roaming
    Log-Analyse und Auswertung - 05.03.2012 (9)
  12. Trojaner TR/Dropper.Gen2 in C:\Users\Mirja\AppData\Roaming\Mozilla\Firefox\Profiles\6x4lp5w3.default
    Plagegeister aller Art und deren Bekämpfung - 01.02.2012 (8)
  13. Trojaner TR/Offend.KD.484629 in Users\***\AppData\Roaming\Microsoft\hostrun.exe
    Plagegeister aller Art und deren Bekämpfung - 31.12.2011 (6)
  14. c:\Users\Name\AppData\Roaming\acroiehelpe050.dll
    Log-Analyse und Auswertung - 05.12.2011 (15)
  15. kryptik.NIT-Trojaner in C:\Users\Alexander\AppData\Roaming\Yvap\ulnoa.exe
    Log-Analyse und Auswertung - 09.05.2011 (15)
  16. TR/Spy.Zb.aaw.14997 in C:\Users\ICH\appdata\Roaming\...
    Plagegeister aller Art und deren Bekämpfung - 11.07.2010 (17)
  17. Users/***/Appdata/Roaming/Winlogon.exe
    Log-Analyse und Auswertung - 04.07.2010 (7)

Zum Thema TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll - Hallo, ich hab gestern versehentlich von einer Musikseite (remix.to), bei welcher ich registriert bin und nach langer Zeit wieder besucht habe, einen Trojaner auf dem Rechner heruntergeladen. Seit dem spinnt - TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll...
Archiv
Du betrachtest: TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.