Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: akm virus - 50€

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.03.2012, 12:48   #1
richieelliot
 
akm virus - 50€ - Standard

akm virus - 50€



liebes trojana board team,
ich brauche eure hilfe, hab mir den akm virus (50€ zahlen) im administratorbenutzerkonto eingefangen. nach recherche im forum habe ich mich unter einem anderen benutzerkonto im abgesicherten modus angemeldet, OTL heruntergeladen und es gestartet.
unten angehängt der Text aus OTL.Txt und Extras.Txt.
Wie geht es jetzt weiter?
bitte um eure hilfe
liebe grüße & vielen dank im voraus
richieelliot

Alt 04.03.2012, 12:49   #2
richieelliot
 
akm virus - 50€ - Standard

akm virus - 50€



OTL.Txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 04.03.2012 12:26:23 - Run 1
OTL by OldTimer - Version 3.2.35.0     Folder = C:\Users\ellioten\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 83,02% Memory free
6,23 Gb Paging File | 5,85 Gb Available in Paging File | 93,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581,17 Gb Total Space | 200,20 Gb Free Space | 34,45% Space Free | Partition Type: NTFS
Drive D: | 931,28 Gb Total Space | 492,17 Gb Free Space | 52,85% Space Free | Partition Type: FAT32
Drive E: | 14,99 Gb Total Space | 2,94 Gb Free Space | 19,62% Space Free | Partition Type: FAT32
 
Computer Name: RICHIEELLIOT-PC | User Name: richie elliot | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.04 12:14:33 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Users\ellioten\Desktop\OTL.exe
PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.08 21:46:02 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.02.27 22:02:22 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.05.26 13:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.10 19:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010.07.21 11:26:30 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010.07.16 11:03:06 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (IpInIp)
DRV - [2011.09.12 17:05:46 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011.08.10 14:07:08 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.05.08 19:15:49 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010.07.16 11:02:42 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010.05.23 16:52:38 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.05.23 16:52:38 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.04.03 23:55:31 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.01.28 15:25:03 | 000,068,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.08.25 03:22:52 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008.08.18 18:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008.08.01 12:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.10.24 09:47:26 | 000,023,288 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\synasUSB.sys -- (SynasUSB)
DRV - [2007.09.21 08:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2006.01.29 12:48:22 | 000,017,688 | ---- | M] (SIA Syncrosoft) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\NSynas32.sys -- (Nsynas32)
DRV - [2004.09.28 18:19:52 | 000,024,576 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrau0002.sys -- (rrau0002)
DRV - [2004.09.28 18:19:46 | 000,097,280 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrwd0002.sys -- (rrwd0002)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=502&systemid=1&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Medion | MSN [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Medion | MSN [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{2DE132AC-27CB-4739-A26A-C419E3B24B0D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^AT&apn_uid=6c2f7d52-8aff-4be8-8d0c-94b2bc66fc54&apn_sauid=E759C55B-F957-4382-BBD3-7935E82AD610
IE - HKCU\..\SearchScopes\{8FB6E1B5-3D51-48C2-9927-73380F249A54}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=502&systemid=1&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.at"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.7.2.0
FF - prefs.js..extensions.enabledItems: sparweltgutscheinewl@sparwelt.de:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=502&systemid=1&sr=0&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011.09.12 17:07:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.02.20 11:31:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.20 10:29:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.06 03:17:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.04 15:45:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.05.29 01:38:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.02.20 11:31:05 | 000,000,000 | ---D | M]
 
[2011.11.04 14:27:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\richie elliot\AppData\Roaming\mozilla\Extensions
[2010.05.23 10:24:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\richie elliot\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.02.15 23:46:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\richie elliot\AppData\Roaming\mozilla\Firefox\Profiles\p68c1uwt.default\extensions
[2010.08.16 23:21:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\richie elliot\AppData\Roaming\mozilla\Firefox\Profiles\p68c1uwt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.04 14:27:43 | 000,000,000 | ---D | M] (Wincore Mediabar) -- C:\Users\richie elliot\AppData\Roaming\mozilla\Firefox\Profiles\p68c1uwt.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
[2012.02.15 23:46:06 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\richie elliot\AppData\Roaming\mozilla\Firefox\Profiles\p68c1uwt.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2012.02.15 23:46:08 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\richie elliot\AppData\Roaming\mozilla\Firefox\Profiles\p68c1uwt.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.05.29 13:53:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\richie elliot\AppData\Roaming\mozilla\Firefox\Profiles\p68c1uwt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.09 21:29:44 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\richie elliot\AppData\Roaming\mozilla\Firefox\Profiles\p68c1uwt.default\extensions\engine@conduit.com
[2010.05.23 12:37:59 | 000,000,000 | ---D | M] (WINLOAD-Gutschein-Alarm) -- C:\Users\richie elliot\AppData\Roaming\mozilla\Firefox\Profiles\p68c1uwt.default\extensions\sparweltgutscheinewl@sparwelt.de
[2011.07.14 10:32:05 | 000,002,399 | ---- | M] () -- C:\Users\richie elliot\AppData\Roaming\Mozilla\Firefox\Profiles\p68c1uwt.default\searchplugins\askcom.xml
[2011.10.25 10:01:34 | 000,000,931 | ---- | M] () -- C:\Users\richie elliot\AppData\Roaming\Mozilla\Firefox\Profiles\p68c1uwt.default\searchplugins\conduit.xml
[2011.11.04 14:27:28 | 000,002,515 | ---- | M] () -- C:\Users\richie elliot\AppData\Roaming\Mozilla\Firefox\Profiles\p68c1uwt.default\searchplugins\SearchResults.xml
[2012.02.20 10:29:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.20 10:29:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.19 21:51:52 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.17 22:16:05 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.17 22:16:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.17 22:16:05 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.17 22:16:05 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.04 14:27:28 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2011.10.17 22:16:05 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.17 22:16:05 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Programme\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (DataMngr) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Programme\iMesh Applications\MediaBar\Datamngr\BrowserConnection.dll (iMesh, Inc)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Programme\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (iMesh, Inc)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [VX2bt1oYNKCLnkO] C:\Users\richie elliot\AppData\Roaming\h6s5ruij653.exe (Cutting Edge Software Inc.)
O4 - Startup: C:\Users\richie elliot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\richie elliot\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\richie elliot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GmoteServer.lnk = C:\Programme\GmoteServer\GmoteServer.exe ()
O4 - Startup: C:\Users\richie elliot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\music.lnk = D:\My Music [2012.02.09 12:22:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\richie elliot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\richie elliot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Media Player.lnk = C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Free YouTube Download - C:\Users\richie elliot\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\richie elliot\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten österreichischen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten österreichischen Shopping-Websites File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7606793A-BB19-49AE-B3F3-41B45FED3179}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll) - C:\Programme\iMesh Applications\MediaBar\Datamngr\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll) - C:\Programme\iMesh Applications\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\richie elliot\AppData\Roaming\h6s5ruij653.exe) - C:\Users\richie elliot\AppData\Roaming\h6s5ruij653.exe (Cutting Edge Software Inc.)
O20 - HKCU Winlogon: UserInit - (C:\Users\richie elliot\AppData\Roaming\h6s5ruij653.exe) - C:\Users\richie elliot\AppData\Roaming\h6s5ruij653.exe (Cutting Edge Software Inc.)
O20 - HKCU Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\richie elliot\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\richie elliot\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4cae3396-f98a-11df-b838-40618601bd92}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL PhILIPp.eXE
O33 - MountPoints2\{4d3ec9cf-ced0-11df-bdbc-40618601bd92}\Shell - "" = AutoRun
O33 - MountPoints2\{4d3ec9cf-ced0-11df-bdbc-40618601bd92}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\{8578ab1f-b1cc-11de-b8fb-0025d37f6c9a}\Shell - "" = AutoRun
O33 - MountPoints2\{8578ab1f-b1cc-11de-b8fb-0025d37f6c9a}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{bda0acc6-ad3b-11de-8f58-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bda0acc6-ad3b-11de-8f58-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.02 20:39:22 | 000,304,128 | ---- | C] (Cutting Edge Software Inc.) -- C:\Users\richie elliot\AppData\Roaming\h6s5ruij653.exe
[2012.02.28 21:24:06 | 000,000,000 | R--D | C] -- C:\Users\richie elliot\Desktop\elly cut Project
[2012.02.21 21:15:33 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallJammer Registry
[2012.02.21 21:15:23 | 000,000,000 | ---D | C] -- C:\Users\richie elliot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GmoteServer
[2012.02.21 21:15:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GmoteServer
[2012.02.21 21:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\GmoteServer
[2012.02.20 11:32:41 | 000,000,000 | ---D | C] -- C:\Users\richie elliot\AppData\Local\HP
[2012.02.20 11:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2012.02.19 21:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.02.03 22:50:19 | 000,000,000 | ---D | C] -- C:\Users\richie elliot\Desktop\drucken
[2012.02.03 22:14:42 | 000,000,000 | ---D | C] -- C:\Users\richie elliot\Desktop\meine scans
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.04 12:15:55 | 000,672,476 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.04 12:15:55 | 000,603,966 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.04 12:15:55 | 000,139,676 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.04 12:15:55 | 000,111,656 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.04 12:11:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.04 12:10:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.04 12:10:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.04 12:10:21 | 000,240,073 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.03.02 20:43:58 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.02 20:39:18 | 000,304,128 | ---- | M] (Cutting Edge Software Inc.) -- C:\Users\richie elliot\AppData\Roaming\h6s5ruij653.exe
[2012.03.02 20:09:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.02 17:02:08 | 000,000,000 | ---- | M] () -- C:\Users\richie elliot\AppData\Local\prvlcl.dat
[2012.03.02 16:52:37 | 093,767,325 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2012.03.01 21:46:05 | 000,240,073 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.02.28 19:37:28 | 063,660,532 | ---- | M] () -- C:\Users\richie elliot\Desktop\Unbenannt 2.wav
[2012.02.28 19:35:19 | 000,084,992 | ---- | M] () -- C:\Users\richie elliot\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.28 19:31:42 | 000,404,463 | ---- | M] () -- C:\Users\richie elliot\Desktop\forrest hill mix.wav.asd
[2012.02.28 19:26:47 | 063,572,904 | ---- | M] () -- C:\Users\richie elliot\Desktop\forrest hill mix.wav
[2012.02.28 19:14:44 | 000,000,982 | ---- | M] () -- C:\Users\richie elliot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.02.21 21:15:33 | 000,000,887 | ---- | M] () -- C:\Users\richie elliot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GmoteServer.lnk
[2012.02.20 21:16:14 | 003,700,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.20 11:32:47 | 000,181,493 | ---- | M] () -- C:\Windows\hpoins38.dat
[2012.02.20 11:29:23 | 000,001,271 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2012.02.20 11:29:04 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Shop für HP Zubehör.lnk
[2012.02.20 11:28:09 | 000,002,031 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012.02.20 11:26:36 | 000,002,220 | ---- | M] () -- C:\Users\Public\Desktop\Windows Live Fotogalerie.lnk
[2012.02.15 14:44:08 | 000,181,303 | ---- | M] () -- C:\Windows\hpoins38.dat.temp
[2012.02.12 02:50:16 | 000,010,288 | ---- | M] () -- C:\Users\richie elliot\Desktop\emailspamanhang.odt
[2012.02.07 11:58:32 | 000,169,541 | ---- | M] () -- C:\Users\richie elliot\Desktop\Druckdaten_Visitenkarten Flyeralarm.pdf
[2012.02.05 02:28:50 | 000,013,567 | ---- | M] () -- C:\Users\richie elliot\Desktop\Arbeitstitel.odt
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.28 19:37:28 | 063,660,532 | ---- | C] () -- C:\Users\richie elliot\Desktop\Unbenannt 2.wav
[2012.02.28 19:31:42 | 000,404,463 | ---- | C] () -- C:\Users\richie elliot\Desktop\forrest hill mix.wav.asd
[2012.02.28 19:26:42 | 063,572,904 | ---- | C] () -- C:\Users\richie elliot\Desktop\forrest hill mix.wav
[2012.02.21 21:15:33 | 000,000,887 | ---- | C] () -- C:\Users\richie elliot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GmoteServer.lnk
[2012.02.20 11:29:23 | 000,001,271 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2012.02.20 11:29:04 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Shop für HP Zubehör.lnk
[2012.02.20 11:26:36 | 000,002,220 | ---- | C] () -- C:\Users\Public\Desktop\Windows Live Fotogalerie.lnk
[2012.02.20 11:22:08 | 000,181,303 | ---- | C] () -- C:\Windows\hpoins38.dat.temp
[2012.02.20 11:22:08 | 000,000,622 | ---- | C] () -- C:\Windows\hpomdl38.dat.temp
[2012.02.15 14:41:20 | 000,181,493 | ---- | C] () -- C:\Windows\hpoins38.dat
[2012.02.12 02:50:14 | 000,010,288 | ---- | C] () -- C:\Users\richie elliot\Desktop\emailspamanhang.odt
[2012.02.09 11:31:54 | 000,472,354 | ---- | C] () -- C:\Users\richie elliot\Desktop\02 Element klingel.mp3
[2012.02.07 11:58:32 | 000,169,541 | ---- | C] () -- C:\Users\richie elliot\Desktop\Druckdaten_Visitenkarten Flyeralarm.pdf
[2012.02.05 02:28:45 | 000,013,567 | ---- | C] () -- C:\Users\richie elliot\Desktop\Arbeitstitel.odt
[2012.01.28 14:25:13 | 000,164,247 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012.01.28 14:21:00 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.11.20 02:46:37 | 000,000,767 | ---- | C] () -- C:\Windows\cedt.INI
[2011.05.05 09:30:09 | 000,000,000 | ---- | C] () -- C:\Users\richie elliot\AppData\Local\{D3788773-7A84-470C-A227-771AAD0A8EE5}
[2011.03.27 19:44:19 | 000,000,680 | ---- | C] () -- C:\Users\richie elliot\AppData\Local\d3d9caps.dat
[2010.06.20 15:49:00 | 000,000,000 | ---- | C] () -- C:\Users\richie elliot\AppData\Local\prvlcl.dat
 
========== LOP Check ==========
 
[2012.03.02 20:35:07 | 000,000,000 | ---D | M] -- C:\Users\richie elliot\AppData\Roaming\.minecraft
[2009.09.30 18:49:16 | 000,000,000 | ---D | M] -- C:\Users\richie elliot\AppData\Roaming\Ableton
[2012.02.09 15:57:23 | 000,000,000 | ---D | M] -- C:\Users\richie elliot\AppData\Roaming\Audacity
[2012.01.28 14:07:24 | 000,000,000 | ---D | M] -- C:\Users\richie elliot\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.08.10 14:30:52 | 000,000,000 | ---D | M] -- C:\Users\richie elliot\AppData\Roaming\DAEMON Tools Lite
[2012.03.02 16:47:30 | 000,000,000 | ---D | M] -- C:\Users\richie elliot\AppData\Roaming\Dropbox
[2012.01.29 13:49:59 | 000,000,000 | ---D | M] -- C:\Users\richie elliot\AppData\Roaming\DVDVideoSoft
[2012.01.29 13:49:50 | 000,000,000 | ---D | M] -- C:\Users\richie elliot\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.02 19:25:04 | 000,000,000 | ---D | M] -- C:\Users\richie elliot\AppData\Roaming\FileZilla
[2011.05.20 15:46:03 | 000,000,000 | ---D | M] -- C:\Users\richie elliot\AppData\Roaming\FRITZ!
[2012.01.29 01:41:34 | 000,000,000 | ---D | M] -- C:\Users\richie elliot\AppData\Roaming\Image Zone Express
[2011.11.04 14:27:54 | 000,000,000 | ---D | M] -- C:\Users\richie elliot\AppData\Roaming\MusicNet
[2012.01.14 14:55:07 | 000,000,000 | ---D | M] -- C:\Users\richie elliot\AppData\Roaming\NationRed
[2010.05.30 11:10:20 | 000,000,000 | ---D | M] -- C:\Users\richie elliot\AppData\Roaming\OpenOffice.org
[2012.01.28 15:19:59 | 000,000,000 | ---D | M] -- C:\Users\richie elliot\AppData\Roaming\Printer Info Cache
[2010.06.14 12:17:36 | 000,000,000 | ---D | M] -- C:\Users\richie elliot\AppData\Roaming\Smartelectronix
[2011.01.05 21:41:40 | 000,000,000 | ---D | M] -- C:\Users\richie elliot\AppData\Roaming\SparweltGutschein
[2012.01.28 15:51:15 | 000,000,000 | ---D | M] -- C:\Users\richie elliot\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009.10.22 17:44:00 | 000,000,000 | ---D | M] -- C:\Users\richie elliot\AppData\Roaming\Steinberg
[2010.05.23 10:24:10 | 000,000,000 | ---D | M] -- C:\Users\richie elliot\AppData\Roaming\Thunderbird
[2009.11.30 23:55:03 | 000,000,000 | ---D | M] -- C:\Users\richie elliot\AppData\Roaming\UDC Profiles
[2012.03.01 23:24:09 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.12.27 21:15:21 | 000,000,000 | -H-D | M] -- C:\$AVG
[2009.10.22 17:01:25 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2009.07.29 11:49:21 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.02.20 11:31:10 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.09.29 22:15:05 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.04.30 16:35:52 | 000,000,000 | ---D | M] -- C:\Fiaa
[2011.05.12 17:17:49 | 000,000,000 | -HSD | M] -- C:\found.000
[2009.07.29 14:26:18 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.05.23 16:50:01 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2012.02.21 21:15:33 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.02.20 11:29:32 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.09.29 22:15:06 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.03.01 23:06:43 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.10.22 17:00:39 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.04 11:45:37 | 000,000,000 | ---D | M] -- C:\Windows
[2011.03.20 10:56:18 | 000,000,000 | ---D | M] -- C:\Öffentlich
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.03.11 15:41:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.03.11 15:41:13 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.03.11 15:41:12 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.03.11 15:41:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2008.08.18 18:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\Windows\System32\drivers\nvstor32.sys
[2008.08.18 18:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_d87a3a1f\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2010.12.19 21:51:26 | 000,022,922 | ---- | M] () -- C:\Users\richie elliot\bookletgedanken.pdf
[2011.08.19 18:09:52 | 000,014,826 | ---- | M] () -- C:\Users\richie elliot\einpackliste amerika.odt
[2012.03.04 12:22:23 | 002,359,296 | -HS- | M] () -- C:\Users\richie elliot\NTUSER.DAT
[2012.03.04 12:22:23 | 000,262,144 | -H-- | M] () -- C:\Users\richie elliot\ntuser.dat.LOG1
[2009.09.29 22:17:43 | 000,000,000 | -H-- | M] () -- C:\Users\richie elliot\ntuser.dat.LOG2
[2012.03.04 12:15:40 | 000,065,536 | -HS- | M] () -- C:\Users\richie elliot\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2012.03.04 12:15:40 | 000,524,288 | -HS- | M] () -- C:\Users\richie elliot\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009.09.29 22:27:05 | 000,524,288 | -HS- | M] () -- C:\Users\richie elliot\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009.09.29 22:17:43 | 000,000,020 | -HS- | M] () -- C:\Users\richie elliot\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
========== Files - Unicode (All) ==========
[2012.02.28 19:24:03 | 014,428,520 | ---- | M] ()(C:\Users\richie elliot\Desktop\?????? - ??? ???mix.mp3) -- C:\Users\richie elliot\Desktop\ドビュッシー - 月の光 ジャズmix.mp3
[2012.02.28 19:23:31 | 014,428,520 | ---- | C] ()(C:\Users\richie elliot\Desktop\?????? - ??? ???mix.mp3) -- C:\Users\richie elliot\Desktop\ドビュッシー - 月の光 ジャズmix.mp3

< End of report >
         
--- --- ---
__________________


Alt 04.03.2012, 12:51   #3
richieelliot
 
akm virus - 50€ - Standard

akm virus - 50€



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 04.03.2012 12:26:23 - Run 1
OTL by OldTimer - Version 3.2.35.0     Folder = C:\Users\ellioten\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 83,02% Memory free
6,23 Gb Paging File | 5,85 Gb Available in Paging File | 93,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581,17 Gb Total Space | 200,20 Gb Free Space | 34,45% Space Free | Partition Type: NTFS
Drive D: | 931,28 Gb Total Space | 492,17 Gb Free Space | 52,85% Space Free | Partition Type: FAT32
Drive E: | 14,99 Gb Total Space | 2,94 Gb Free Space | 19,62% Space Free | Partition Type: FAT32
 
Computer Name: RICHIEELLIOT-PC | User Name: richie elliot | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A30B93E-0708-46D5-8EB2-0A9C1E31B7F1}" = lport=138 | protocol=17 | dir=in | app=system | 
"{15CB8D90-7869-44C9-98D6-6971A014F77C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1C171F1B-9C64-48CD-96C7-7C273BCD0F12}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1D71E3F6-09DA-48B7-8DAE-2E6944D8DD54}" = lport=137 | protocol=17 | dir=in | app=system | 
"{260C73A1-A807-4794-88CA-C3DDA71725CC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2C830DC8-1819-415C-994F-F54D31AD8BAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{59654A71-7F29-47BA-971A-906ED51075C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{5E57248E-3207-4434-9C68-7D38F40033F3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{69084A1E-D6F3-4A34-9ADA-8CDA85588648}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7A24F3EC-111F-4B2B-BB1B-B7E7C977B5A6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7CDF2AA1-16F3-4719-8C8E-A1C15913107A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{870980CA-434A-4F23-B000-7D86E6ED28A8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8F081F88-CDA1-4E04-8935-D6CB3741D15B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A9CE35C4-4CD9-4C79-8153-A12DC3ADB450}" = lport=445 | protocol=6 | dir=in | app=system | 
"{ACA0F9E8-29DB-4402-8FAE-48D9DAE91573}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AD399367-3A0D-4F00-AEE9-047BD88425FC}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B9EB7AAB-B4AA-4EE5-B4AD-1878A01AB450}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C32691DB-3068-4092-894F-B16C1AE45804}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E80C57D9-9429-4EB1-9F18-5F62295E6662}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EE903CD1-9414-45FE-8FEF-DB78F457C6D8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0198FD5C-7B8E-46AF-B63B-308933F87C95}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{06939B2D-0DC2-4D02-9FF6-697C25FFA6FF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{0F777C54-88A0-4165-BC94-307AF20915F7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{10CEEFDC-F530-496A-AEA5-4C0834E3A64D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{188AC14F-9922-47A1-8F81-A9F0C0DD402D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{1B3F7DF3-608B-408B-AFD4-F7BC219167C1}" = protocol=6 | dir=in | app=c:\users\richie elliot\appdata\roaming\dropbox\bin\dropbox.exe | 
"{1E598B28-0258-4F95-A9EE-3BE05E806810}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{235AF4AB-3C33-433A-ACBE-56FB4147B75E}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{23D772F4-F3C4-4FC0-B03E-DF3952FF4F2E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{27333ACD-4E58-4054-AC58-D78BA01B94AE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{274B08B6-0BF2-4306-8B5F-1F402ED34970}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"{2D11F5F6-C911-463A-87B9-60ACEB7550E7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{30266C93-40E2-4EAC-96D6-54E517692C43}" = protocol=6 | dir=in | app=c:\windows\temp\inode_config.exe | 
"{314C61C6-13C2-46B4-BB3A-3A3B26C6A449}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{32F06EEF-5EF1-40EB-B191-25C82E88F483}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe | 
"{35B50136-EC23-4858-9B6D-1664FB3F49BB}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"{38025E99-F485-400F-A13E-993E9051BB79}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\nation red\nationred.exe | 
"{40BF74C3-80F5-4275-ABE3-6349ABD12757}" = protocol=6 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe | 
"{42221E54-C621-47F4-9EBA-7D26DE1956B9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{42C2B20C-D04E-40EC-8024-BC1B1D8C22F6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{4FBCC4C9-6F3F-4196-9548-3D8090CAE0D8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe | 
"{51EE5794-6B84-4ABC-80A5-99F3069938C8}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{541522DB-C76E-4279-9707-A9C87AD0345A}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{54E4C7C8-4F63-4294-8512-CD787E8D825A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5C1F23ED-491D-48FB-803A-94133011F30F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"{61B1C1D9-7272-434A-88C6-2B15DFDAA6FB}" = protocol=17 | dir=in | app=c:\windows\temp\inode_config.exe | 
"{67E21EBA-1CE0-46C3-9E98-1D19CEEC0A0D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{6E205484-C5B0-4F4A-BD86-6772BFA429A9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7038ED52-4C7B-41FC-90FC-89F344333755}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{74CA6D28-19C8-4C24-8CCA-9B20535E9405}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{78E4E6D6-36A3-4DDB-A5C1-75E5AAD24C58}" = protocol=17 | dir=in | app=c:\users\richie elliot\appdata\roaming\dropbox\bin\dropbox.exe | 
"{83DC8993-3183-4E8F-B178-B671DF55E3FA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8602939B-00E5-4894-8576-F2C0C83EA02C}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe | 
"{8FA9A9B2-DDF0-46B1-92E6-DEDE4E6C352E}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{91FF28A0-134C-41D0-9EBA-12108D3A9C14}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{94A4A352-B90E-4A07-922E-92F5D7F7DFD1}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{A4280E35-900F-4862-A1FE-F9AECD4F73A8}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{A9D7A589-D886-421B-A361-AA66D6C2B13C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{B437D126-6B98-470F-9C2D-5EEEA460C027}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{B7AE79A0-7B75-4BB5-B2B9-743042842789}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{BC59524F-594B-470F-AB40-B686A7BA5870}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe | 
"{BF3A67C1-CD9E-47AB-A46D-F0E7F0A7234A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\nation red\nationred.exe | 
"{C13B9566-AE43-4BF8-B3FE-02E04DF230D9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{C60AA770-DDAE-4BF3-810A-FECE8D44A797}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\nuclear dawn\ndsrv.exe | 
"{C8594CDA-60F8-46B1-863D-4CF5D7E42895}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{C904EB50-152B-41BB-B4D1-587691D56F62}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{D2429987-4966-40C7-AE87-ACB851F318CA}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"{D44F09B3-84CF-4F10-9F0A-07BC85B04EA1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{D965AB83-4810-4DB6-AF99-2D037F071702}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\nuclear dawn\ndsrv.exe | 
"{D98D58A7-F567-4334-BB8B-38F85D6E1877}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{E17F610E-66F6-4116-B66A-756DF8266607}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{E6C8B222-37C6-4642-872F-1992D7A7D0B1}" = protocol=17 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe | 
"{E7BC177A-6D1D-4D0F-8BC1-2647AEED5CF6}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{ED01D1A1-A353-43BA-BBE2-2EFB2FC647F0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{EFBB790A-52EC-4D87-821D-D3821BE4B137}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{F2225CE5-677F-4A9A-8E4B-A1AAEED1CDCB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F6AA1BA4-639B-46B5-94BB-E89CAC54EF43}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{F7871CE9-BCAA-41DD-9E5A-B42399510140}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"{F7CFE97B-847F-4973-B9E1-CBFCDC0CA4AE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{FEE67BD8-2E46-4F25-93CF-44A773F5BF61}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"TCP Query User{03891ADA-FC7D-4F49-A40D-47F9386C5B2B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{236C2D7F-C2AC-4D87-B518-A10413356C79}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{2E583B8D-1EC5-4D0E-8E72-2936D688D0DA}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{32D65B01-D539-4E01-ADB3-A38AC10BF583}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{35F43DA2-2914-49BE-A3DB-0ACBBA27C540}C:\program files\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"TCP Query User{363373C3-0945-4F2C-9CAC-183834BAD2A4}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{667A6D91-F97F-4484-9C5D-0BAAD1D10520}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{7FBC4A70-543F-4A13-8190-BFF37AAB96DE}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{944050D4-4B1D-47B8-A013-67F2253482B0}C:\program files\synergy\synergys.exe" = protocol=6 | dir=in | app=c:\program files\synergy\synergys.exe | 
"TCP Query User{9CEB991A-D9A7-4244-B88D-A3FCE881ED8F}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{C9B97732-EC06-4805-86CF-178EDE0C77B1}C:\program files\synergy\synergys.exe" = protocol=6 | dir=in | app=c:\program files\synergy\synergys.exe | 
"UDP Query User{01329FDF-52C2-4E55-BEC7-036F05024121}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{04C8B8C2-AB7E-4A74-99AF-6041EBBB443F}C:\program files\synergy\synergys.exe" = protocol=17 | dir=in | app=c:\program files\synergy\synergys.exe | 
"UDP Query User{0721E3C0-479F-411C-82BA-76CA030E3903}C:\program files\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"UDP Query User{291741A7-5BA4-47AA-8B5F-8EA4CDD5C527}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{348D6FC8-17FC-4788-924A-38F192C7DC7D}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{72EB0248-F660-48F0-B04F-F1E4CAB0D676}C:\program files\synergy\synergys.exe" = protocol=17 | dir=in | app=c:\program files\synergy\synergys.exe | 
"UDP Query User{8421EA72-A407-48F1-9EB4-C4D833B57D8E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{B0CE2A90-7EA9-410E-A6F2-2943A76506D4}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{C76BDDB1-2F4B-4EEB-B739-3376C077A588}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{EB18E1C1-2732-409B-9D1C-E73B859617C1}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{FD3F8436-A804-4572-91DB-4CD2FBD41332}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"_{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"_{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = Die Sims™ 3 Design-Garten-Accessoires
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39FE455F-9478-451B-9420-73C15143DF8E}" = Corel Home Office - IPM
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{5943B7F7-678B-477E-9AEE-6E4C6962322B}" = Sparwelt.de Gutschein Alarm
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{61CF2C86-8E46-4210-A115-E4D6C65AF369}" = HP Photosmart B109a-m All-In-One Driver Software 13.0 Rel .6
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{746F49C9-3789-4F8E-AF3A-3A4B42ACFAF8}" = Spellforce 2 Gold
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = Die Sims™ 3 Stadt-Accessoires
"{806422F8-8E0A-494A-A369-0F34F1B89160}" = CorelDRAW Essentials 4 - Extra Content
"{80FE5490-E9DD-4AE9-8537-3EB5EFB606FC}" = PS_AIO_06_B109a-m_SW_Min
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{99484975-321E-495B-8171-2797B82392DD}" = inode FTP
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AE9F7747-0350-4E02-B115-6A2C92F5FA54}" = Corel Home Office
"{AF20390E-5ADD-4CB0-BF9D-EDF6E7891AD9}" = B109a-m
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB833EF9-A198-49BE-970A-BD46F30BFBB4}" = ANNO 1503 Königs- Edition
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}" = Bing Bar
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AVG9Uninstall" = AVG Free 9.0
"AVMFBox" = AVM FRITZ!Box Info
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Bridge Builder" = Bridge Builder
"Canon MP270 series Benutzerregistrierung" = Canon MP270 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"conduitEngine" = Conduit Engine
"DAEMON Tools Lite" = DAEMON Tools Lite
"DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EADM" = EA Download Manager
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EDIROL FA-66 Driver Setup" = EDIROL FA-66 Driver
"Explorer Suite_is1" = Explorer Suite III
"FileZilla Client" = FileZilla Client 3.5.2
"Free Audio Converter_is1" = Free Audio Converter version 2.2.19.602
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.908
"Free DVD Video Burner_is1" = Free DVD Video Burner version 3.1.2.920
"Free Studio_is1" = Free Studio version 4.6
"Free Video Dub_is1" = Free Video Dub version 1.8.12.602
"Free WebM Video Converter_is1" = Free WebM Video Converter version 1.0.0.920
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.4.628
"Free YouTube Download_is1" = Free YouTube Download version 3.0.18.1123
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = HP OCR Software 8.0
"inode FTP" = inode FTP
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Live 7.0.3" = Live 7.0.3
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Native Instruments FM8" = Native Instruments FM8
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"Steam App 39800" = Nation Red
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steinberg HALion Symphonic Orchestra" = Steinberg HALion Symphonic Orchestra
"Syncrosoft License Control" = Syncrosoft Lizenz Kontrolle
"Syncrosoft's License Control" = Syncrosofts Lizenz Kontrolle
"Synergy" = Synergy
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"VLC media player" = VLC media player 1.0.3
"Wincore MediaBar" = Wincore MediaBar
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---
__________________

Antwort

Themen zu akm virus - 50€
50€ zahlen, abgesicherte, abgesicherten, abgesicherten modus, akm virus, andere, anderen, angehängt, angemeldet, board, brauche, forum, gemeldet, modus, otl.txt, troja, trojana, virus, zahlen




Zum Thema akm virus - 50€ - liebes trojana board team, ich brauche eure hilfe, hab mir den akm virus (50€ zahlen) im administratorbenutzerkonto eingefangen. nach recherche im forum habe ich mich unter einem anderen benutzerkonto im - akm virus - 50€...
Archiv
Du betrachtest: akm virus - 50€ auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.