Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Anitvir Virus? ; Aufforderung zur Zahlung von 50 €

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.03.2012, 15:01   #1
mafia
 
Anitvir Virus? ; Aufforderung zur Zahlung von 50 € - Standard

Anitvir Virus? ; Aufforderung zur Zahlung von 50 €



Hallo Trojaner Board,

ich habe seit gestern Nacht ein Trojaner auf dem PC, dort werde ich gebeten 50 euro zu zahlen.

hatte blackscreen mit der fehlermeldung. nach dem OTL Scan im abgesicherten Modus,geht jetzt mein normaler Modus( habe antivir ausgeschaltet),gehe davon aus,dass es mit dem programm zu tun hat.

Hier die Fehlermeldung:



Hier die Loggs von OTL:



Extras:

Code:
ATTFilter
OTL Extras logfile created on: 15.03.2012 14:37:42 - Run 3
OTL by OldTimer - Version 3.2.37.0     Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003  Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,17 Gb Available Physical Memory | 79,34% Memory free
5,74 Gb Paging File | 5,26 Gb Available in Paging File | 91,68% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286,97 Gb Total Space | 208,88 Gb Free Space | 72,79% Space Free | Partition Type: NTFS
Drive D: | 644,53 Gb Total Space | 348,72 Gb Free Space | 54,10% Space Free | Partition Type: NTFS
 
Computer Name: XP64-SP2 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.jse [@ = JSEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1
.vbe [@ = VBEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.vbs [@ = VBSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsf [@ = WSFFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsh [@ = WSHFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\WINDOWS\system32\mshtml.dll,PrintHTML "%1"
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Program Files (x86)\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Program Files (x86)\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"57103:TCP" = 57103:TCP:*:Enabled:Pando Media Booster
"57103:UDP" = 57103:UDP:*:Enabled:Pando Media Booster
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"2286:UDP" = 2286:UDP:*:Enabled:Windows Media Format SDK (wmplayer.exe)
"2287:UDP" = 2287:UDP:*:Enabled:Windows Media Format SDK (wmplayer.exe)
"57103:TCP" = 57103:TCP:*:Enabled:Pando Media Booster
"57103:UDP" = 57103:UDP:*:Enabled:Pando Media Booster
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\ICQ6.5\ICQ.exe" = C:\Program Files (x86)\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe
"C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" = C:\Program Files (x86)\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- (Microsoft Corporation)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" = C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files (x86)\ICQ7.6\ICQ.exe" = C:\Program Files (x86)\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6 -- (ICQ, LLC.)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\ICQ6.5\ICQ.exe" = C:\Program Files (x86)\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe
"C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" = C:\Program Files (x86)\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- (Microsoft Corporation)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" = C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files (x86)\ICQ7.6\ICQ.exe" = C:\Program Files (x86)\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6 -- (ICQ, LLC.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe" = C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" = C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files (x86)\ICQ6.5\ICQ.exe" = C:\Program Files (x86)\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe
"C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" = C:\Program Files (x86)\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- (Microsoft Corporation)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\Steam\steamapps\shengiboy619\half-life 2 deathmatch\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\shengiboy619\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2
"C:\Documents and Settings\Administrator\Desktop\Programme\SFT Loader\leecher.exe" = C:\Documents and Settings\Administrator\Desktop\Programme\SFT Loader\leecher.exe:*:Enabled:SFT Loader -- (velocode)
"C:\Program Files (x86)\SopCast\adv\SopAdver.exe" = C:\Program Files (x86)\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files (x86)\SopCast\SopCast.exe" = C:\Program Files (x86)\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files (x86)\Java\jre6\bin\java.exe" = C:\Program Files (x86)\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App
"C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$EX00.640\leecher.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$EX00.640\leecher.exe:*:Enabled:SFT Loader
"C:\Documents and Settings\Administrator\Desktop\teamspeak3-server_win64\ts3server_win64.exe" = C:\Documents and Settings\Administrator\Desktop\teamspeak3-server_win64\ts3server_win64.exe:*:Enabled:TeamSpeak 3 Server
"C:\Program Files (x86)\TVUPlayer\TVUPlayer.exe" = C:\Program Files (x86)\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component
"C:\Program Files (x86)\QIP Infium\infium.exe" = C:\Program Files (x86)\QIP Infium\infium.exe:*:Enabled:QIP Infium -- (QIP)
"C:\Program Files (x86)\Steam\Steam.exe" = C:\Program Files (x86)\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"D:\Games\Borlands\Binaries\Borderlands.exe" = D:\Games\Borlands\Binaries\Borderlands.exe:*:Enabled:Borderlands
"C:\Documents and Settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\nfsw.exe" = C:\Documents and Settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\nfsw.exe:*:Enabled:Need for Speed World
"C:\Documents and Settings\walera\Local Settings\Temp\Rar$EX00.203\teamspeak3-server_win64\ts3server_win64.exe" = C:\Documents and Settings\walera\Local Settings\Temp\Rar$EX00.203\teamspeak3-server_win64\ts3server_win64.exe:*:Enabled:TeamSpeak 3 Server
"C:\Program Files (x86)\teamspeak3-server_win64\ts3server_win64.exe" = C:\Program Files (x86)\teamspeak3-server_win64\ts3server_win64.exe:*:Enabled:TeamSpeak 3 Server
"C:\Documents and Settings\walera\Desktop\Programme\SFT Loader\leecher.exe" = C:\Documents and Settings\walera\Desktop\Programme\SFT Loader\leecher.exe:*:Enabled:SFT Loader
"C:\WINDOWS\SysWOW64\PnkBstrA.exe" = C:\WINDOWS\SysWOW64\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\SysWOW64\PnkBstrB.exe" = C:\WINDOWS\SysWOW64\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe" = C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade
"D:\Games\Left4Dead\hl2.exe" = D:\Games\Left4Dead\hl2.exe:*:Enabled:hl2
"C:\Program Files (x86)\Activision\Prototype\prototypef.exe" = C:\Program Files (x86)\Activision\Prototype\prototypef.exe:*:Enabled:Prototype(TM) -- (Activision)
"D:\Games\Fifa 11\Game\fifa.exe" = D:\Games\Fifa 11\Game\fifa.exe:*:Enabled:FIFA 11
"D:\Games\PES 11\pes2011.exe" = D:\Games\PES 11\pes2011.exe:*:Enabled:Pro Evolution Soccer 2011 -- (Konami Digital Entertainment Co., Ltd.)
"D:\Games\Medal of Honor - 10\MP\mohmpgame.exe" = D:\Games\Medal of Honor - 10\MP\mohmpgame.exe:*:Enabled:Medal of Honor: Multiplayer -- (EA Digital Illusions CE AB)
"D:\Games\Medal of Honor - 10\Binaries\moh.exe" = D:\Games\Medal of Honor - 10\Binaries\moh.exe:*:Enabled:Medal of Honor™ -- (Electronic Arts Inc.)
"D:\Games\NBA_2K11-FLT\nba2k11.exe" = D:\Games\NBA_2K11-FLT\nba2k11.exe:*:Enabled:NBA 2K11 -- (2K Sports)
"D:\Games\Call.of.Duty.Black.Ops.UNCUT.GERMAN-0x0007\Call of Duty Black Ops GERMAN Uncut\BlackOps.exe" = D:\Games\Call.of.Duty.Black.Ops.UNCUT.GERMAN-0x0007\Call of Duty Black Ops GERMAN Uncut\BlackOps.exe:*:Enabled:BlackOps
"C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe" = C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- ()
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files (x86)\Steam\steamapps\shengiboy619\day of defeat source\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\shengiboy619\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source
"C:\Program Files (x86)\Steam\steamapps\shengiboy619\counter-strike source\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\shengiboy619\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"C:\Program Files (x86)\Steam\steamapps\shengiboy619\counter-strike\hl.exe" = C:\Program Files (x86)\Steam\steamapps\shengiboy619\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"D:\Games\Portal 2\portal2.exe" = D:\Games\Portal 2\portal2.exe:*:Enabled:portal2 -- ()
"C:\Program Files (x86)\ICQ7.4\ICQ.exe" = C:\Program Files (x86)\ICQ7.4\ICQ.exe:*:Enabled:ICQ
"D:\Games\Postal 2 - Apocalypse Weekend\System\UCC.exe" = D:\Games\Postal 2 - Apocalypse Weekend\System\UCC.exe:*:Enabled:UCC -- ()
"D:\Games\Postal 2 - Apocalypse Weekend\System\postal2.exe" = D:\Games\Postal 2 - Apocalypse Weekend\System\postal2.exe:*:Enabled:postal2 -- ()
"D:\Games\Dead Rising 2\deadrising2.exe" = D:\Games\Dead Rising 2\deadrising2.exe:*:Enabled:Dead Rising 2 -- (CAPCOM CO., LTD.)
"D:\Games\Need for Speed Hot Pursuit\Launcher.exe" = D:\Games\Need for Speed Hot Pursuit\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit -- (Electronic Arts)
"D:\Games\Need for Speed Hot Pursuit\NFS11.exe" = D:\Games\Need for Speed Hot Pursuit\NFS11.exe:*:Enabled:Need for Speed(TM) Hot Pursuit Application -- (Electronic Arts)
"C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client
"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" = C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files (x86)\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files (x86)\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"C:\Program Files (x86)\Steam\steamapps\retsche10\counter-strike source\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\retsche10\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"D:\Games\dead_island_reloaded\Dead Island\deadislandgame.exe" = D:\Games\dead_island_reloaded\Dead Island\deadislandgame.exe:*:Enabled:DeadIsland -- (Techland)
"C:\Program Files (x86)\ICQ7.5\ICQ.exe" = C:\Program Files (x86)\ICQ7.5\ICQ.exe:*:Enabled:ICQ
"C:\Program Files (x86)\ICQ7.6\ICQ.exe" = C:\Program Files (x86)\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6 -- (ICQ, LLC.)
"C:\Program Files (x86)\Net Tools\nettools5.exe" = C:\Program Files (x86)\Net Tools\nettools5.exe:*:Enabled:Net Tools by Mohammad Ahmadi Bidakhvidi
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe" = C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" = C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files (x86)\ICQ6.5\ICQ.exe" = C:\Program Files (x86)\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe
"C:\Program Files (x86)\MSN Messenger\msnmsgr.exe" = C:\Program Files (x86)\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- (Microsoft Corporation)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\Steam\steamapps\shengiboy619\half-life 2 deathmatch\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\shengiboy619\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2
"C:\Documents and Settings\Administrator\Desktop\Programme\SFT Loader\leecher.exe" = C:\Documents and Settings\Administrator\Desktop\Programme\SFT Loader\leecher.exe:*:Enabled:SFT Loader -- (velocode)
"C:\Program Files (x86)\SopCast\adv\SopAdver.exe" = C:\Program Files (x86)\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files (x86)\SopCast\SopCast.exe" = C:\Program Files (x86)\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files (x86)\Java\jre6\bin\java.exe" = C:\Program Files (x86)\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$EX00.640\leecher.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\Rar$EX00.640\leecher.exe:*:Enabled:SFT Loader
"C:\Documents and Settings\Administrator\Desktop\teamspeak3-server_win64\ts3server_win64.exe" = C:\Documents and Settings\Administrator\Desktop\teamspeak3-server_win64\ts3server_win64.exe:*:Enabled:TeamSpeak 3 Server
"C:\Program Files (x86)\TVUPlayer\TVUPlayer.exe" = C:\Program Files (x86)\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component
"C:\Program Files (x86)\QIP Infium\infium.exe" = C:\Program Files (x86)\QIP Infium\infium.exe:*:Enabled:QIP Infium -- (QIP)
"C:\Program Files (x86)\Steam\Steam.exe" = C:\Program Files (x86)\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"D:\Games\Borlands\Binaries\Borderlands.exe" = D:\Games\Borlands\Binaries\Borderlands.exe:*:Enabled:Borderlands
"C:\Documents and Settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\nfsw.exe" = C:\Documents and Settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\nfsw.exe:*:Enabled:Need for Speed World
"C:\Documents and Settings\walera\Local Settings\Temp\Rar$EX00.203\teamspeak3-server_win64\ts3server_win64.exe" = C:\Documents and Settings\walera\Local Settings\Temp\Rar$EX00.203\teamspeak3-server_win64\ts3server_win64.exe:*:Enabled:TeamSpeak 3 Server
"C:\Program Files (x86)\teamspeak3-server_win64\ts3server_win64.exe" = C:\Program Files (x86)\teamspeak3-server_win64\ts3server_win64.exe:*:Enabled:TeamSpeak 3 Server
"C:\Documents and Settings\walera\Desktop\Programme\SFT Loader\leecher.exe" = C:\Documents and Settings\walera\Desktop\Programme\SFT Loader\leecher.exe:*:Enabled:SFT Loader
"C:\WINDOWS\SysWOW64\PnkBstrA.exe" = C:\WINDOWS\SysWOW64\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\SysWOW64\PnkBstrB.exe" = C:\WINDOWS\SysWOW64\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe" = C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade
"D:\Games\Left4Dead\hl2.exe" = D:\Games\Left4Dead\hl2.exe:*:Enabled:hl2
"C:\Program Files (x86)\Activision\Prototype\prototypef.exe" = C:\Program Files (x86)\Activision\Prototype\prototypef.exe:*:Enabled:Prototype(TM) -- (Activision)
"D:\Games\Fifa 11\Game\fifa.exe" = D:\Games\Fifa 11\Game\fifa.exe:*:Enabled:FIFA 11
"D:\Games\PES 11\pes2011.exe" = D:\Games\PES 11\pes2011.exe:*:Enabled:Pro Evolution Soccer 2011 -- (Konami Digital Entertainment Co., Ltd.)
"D:\Games\Medal of Honor - 10\MP\mohmpgame.exe" = D:\Games\Medal of Honor - 10\MP\mohmpgame.exe:*:Enabled:Medal of Honor: Multiplayer -- (EA Digital Illusions CE AB)
"D:\Games\Medal of Honor - 10\Binaries\moh.exe" = D:\Games\Medal of Honor - 10\Binaries\moh.exe:*:Enabled:Medal of Honor™ -- (Electronic Arts Inc.)
"D:\Games\NBA_2K11-FLT\nba2k11.exe" = D:\Games\NBA_2K11-FLT\nba2k11.exe:*:Enabled:NBA 2K11 -- (2K Sports)
"D:\Games\Call.of.Duty.Black.Ops.UNCUT.GERMAN-0x0007\Call of Duty Black Ops GERMAN Uncut\BlackOps.exe" = D:\Games\Call.of.Duty.Black.Ops.UNCUT.GERMAN-0x0007\Call of Duty Black Ops GERMAN Uncut\BlackOps.exe:*:Enabled:BlackOps
"C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe" = C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- ()
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" = C:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files (x86)\Steam\steamapps\shengiboy619\day of defeat source\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\shengiboy619\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source
"C:\Program Files (x86)\Steam\steamapps\shengiboy619\counter-strike source\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\shengiboy619\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source
"C:\Program Files (x86)\Steam\steamapps\shengiboy619\counter-strike\hl.exe" = C:\Program Files (x86)\Steam\steamapps\shengiboy619\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"D:\Games\Portal 2\portal2.exe" = D:\Games\Portal 2\portal2.exe:*:Enabled:portal2 -- ()
"C:\Program Files (x86)\ICQ7.4\ICQ.exe" = C:\Program Files (x86)\ICQ7.4\ICQ.exe:*:Enabled:ICQ
"D:\Games\Postal 2 - Apocalypse Weekend\System\UCC.exe" = D:\Games\Postal 2 - Apocalypse Weekend\System\UCC.exe:*:Enabled:UCC -- ()
"D:\Games\Postal 2 - Apocalypse Weekend\System\postal2.exe" = D:\Games\Postal 2 - Apocalypse Weekend\System\postal2.exe:*:Enabled:postal2 -- ()
"D:\Games\Dead Rising 2\deadrising2.exe" = D:\Games\Dead Rising 2\deadrising2.exe:*:Enabled:Dead Rising 2 -- (CAPCOM CO., LTD.)
"D:\Games\Need for Speed Hot Pursuit\Launcher.exe" = D:\Games\Need for Speed Hot Pursuit\Launcher.exe:*:Enabled:Need for Speed(TM) Hot Pursuit -- (Electronic Arts)
"D:\Games\Need for Speed Hot Pursuit\NFS11.exe" = D:\Games\Need for Speed Hot Pursuit\NFS11.exe:*:Enabled:Need for Speed(TM) Hot Pursuit Application -- (Electronic Arts)
"C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" = C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client
"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" = C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files (x86)\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files (x86)\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"C:\Program Files (x86)\Steam\steamapps\retsche10\counter-strike source\hl2.exe" = C:\Program Files (x86)\Steam\steamapps\retsche10\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files (x86)\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"D:\Games\dead_island_reloaded\Dead Island\deadislandgame.exe" = D:\Games\dead_island_reloaded\Dead Island\deadislandgame.exe:*:Enabled:DeadIsland -- (Techland)
"C:\Program Files (x86)\ICQ7.5\ICQ.exe" = C:\Program Files (x86)\ICQ7.5\ICQ.exe:*:Enabled:ICQ
"C:\Program Files (x86)\ICQ7.6\ICQ.exe" = C:\Program Files (x86)\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6 -- (ICQ, LLC.)
"C:\Program Files (x86)\Net Tools\nettools5.exe" = C:\Program Files (x86)\Net Tools\nettools5.exe:*:Enabled:Net Tools by Mohammad Ahmadi Bidakhvidi
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D5E29E9-0914-A86D-8E67-DBAFF954DD8A}" = ATI Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50CBBEC7-1010-41C5-8718-A1A6FEDD9C3A}" = GEAR driver installer for x64 (Intel64 and AMD64)
"{523C35EE-B401-1EAA-D162-9BFC5CD2CE21}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6EE201F8-D9D1-2D19-CBDA-1031E767B46A}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0300D4E-9907-46B1-BB5D-552FD226F975}" = Microsoft Windows German User Interface Pack
"{D16193A3-921A-4134-B381-597C8F4B8EBD}" = PaperPort Image Printer
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows x64
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WMFDist11-64" = Windows Media Format 11 runtime
"wmp11-64" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0468A4CF-069D-86B6-84BD-F8E4F86E2631}" = Catalyst Control Center Graphics Previews Common
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0D93041A-03EC-11DA-BFBD-00065BBDC0B5}" = MSN Messenger 7.5
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{1960E0DF-6A10-422A-A4DD-79E748C36A49}" = Microsoft LifeCam
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1CC15F50-9681-1653-62F6-7D263D072E25}" = Catalyst Control Center Graphics Previews Common
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}" = TubeBox!
"{25A4B97E-DDAE-3B29-E0EF-F6E6AC21EF71}" = Catalyst Control Center InstallProxy
"{25B9C7BE-5CFD-6173-D3E1-6E4C9EBD8658}" = Catalyst Control Center Graphics Light
"{26999308-FF96-5FBF-B2DB-12E66346FA3A}" = CCC Help German
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 23
"{2927733E-A961-BA53-03C5-03774A081030}" = ccc-core-static
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.209.00
"{30148775-0642-7507-58EA-3CDB7E828BA2}" = Catalyst Control Center Core Implementation
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3972209B-4946-9B49-1911-0AC122FB8073}" = CCC Help Russian
"{40261D0A-A385-4C1A-A7DE-5F270D9B1031}" = Nero 7 Ultra Edition
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{43165058-0CD3-F336-0B4E-879A03DC8F50}" = Catalyst Control Center Graphics Full Existing
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{434D0831-A4CC-401A-9E74-621000018401}" = F1 2010
"{43F18082-D8A1-5A37-829D-CF1C4ED9ED2A}" = CCC Help Portuguese
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{4905D4CA-7295-F988-AE8A-B04675295133}" = CCC Help Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55A83F62-4CC7-8A5F-0FB0-FE55B53B3ED1}" = CCC Help Finnish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B31B7DD-ED2E-F515-C900-B2E91138A34F}" = ccc-core-preinstall
"{5C65178E-D3DE-BBBE-AAC3-F6B35E3CE9AD}" = CCC Help Spanish
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5F032DC8-A020-D42E-F2E6-41C748A92A06}" = Catalyst Control Center Graphics Full New
"{618A812B-3099-8DB2-C8E4-95D15A7B7CD5}" = Catalyst Control Center HydraVision Full
"{6A7E75AF-C2C7-4B1E-FE46-E0979833D6D5}" = CCC Help Spanish
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B48554C-9089-4177-A38D-B8FE122F11FC}" = TubeBox!
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71AFFCBF-0864-C19D-0C07-5DF67BA0382D}" = CCC Help Turkish
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.3.0
"{81DD0597-29EB-4FA0-8223-4F41362B2E72}" = NBA 2K11
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{8425081E-FEFF-6E4B-408E-53345859896C}" = CCC Help English
"{8946D1C8-B1A3-2D2D-731A-E9D29B9FE5CF}" = CCC Help German
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{8F75F503-B422-1608-4688-9B7AEBAE72A5}" = CCC Help French
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90FE2C60-A4C3-D61D-790A-9493EE405AEA}" = CCC Help Swedish
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{ADAA5D11-5D8F-31EC-1992-693239110308}" = CCC Help French
"{AFADD3B4-021C-9005-7BC2-6D1CD5D6C148}" = CCC Help Italian
"{B21C00B6-2B53-BB00-B4FE-27316019A9C5}" = CCC Help Chinese Traditional
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43FFAD8-47AD-4F8D-F14B-F4AECD521171}" = Catalyst Control Center
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{BD7CDF5A-315E-A085-CF42-921B37D7A507}" = CCC Help Hungarian
"{BE9269F2-562B-7BC7-9BE9-16EF8B52B403}" = Catalyst Control Center Localization All
"{BF243C52-D0D2-A777-D388-DFCCF00FFC23}" = CCC Help Dutch
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam-Software
"{C7370250-3AA3-23F8-DE52-21701C911BBD}" = CCC Help Korean
"{C7DA1638-A3B9-0AF6-B1B3-5ACBC08E7204}" = CCC Help Polish
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE709472-FCC6-698B-2F25-EA0531EAE88B}" = CCC Help English
"{CF283C0A-B5D9-EB97-E2F4-32E88FD8233F}" = CCC Help Portuguese
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D472CC91-8FFC-B07C-F755-363498CF7724}" = CCC Help Danish
"{D68E33C8-F508-F069-FF15-59B2BF50B0D3}" = CCC Help Japanese
"{D82DC9BA-D752-2D34-4412-3984C4D9BA27}" = Catalyst Control Center Localization All
"{E236A12C-FE29-49C4-C10C-F9AFF2EE8D39}" = CCC Help Chinese Standard
"{EFA83B92-06EA-D90D-1342-A7872D97B89F}" = CCC Help Italian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FAFD1909-311F-2035-6C97-7151A3B485C5}" = CCC Help Greek
"{FD433CFA-5819-54FC-005C-140926CDBB6F}" = CCC Help Czech
"{FF97034A-E1FE-CC80-E5D4-549796B72E36}" = CCC Help Norwegian
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"GameSaike SixaxisDriver_is1" = SixaxisDriver 0.91
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.7.0
"Mafia II_is1" = Mafia II
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"NetTools_is1" = NetTools 5.0
"OpenAL" = OpenAL
"Postal 2" = Postal 2
"Postal 2 - Apocalypse Weekend_is1" = Postal 2 - Apocalypse Weekend
"Postal 2 - Share The Pain_is1" = Postal 2 - Share The Pain
"Postal 2_is1" = Portal 2
"PriceGong" = PriceGong 2.1.0
"PS3 Video 9" = PS3 Video 9 6
"PunkBusterSvc" = PunkBuster Services
"SopCast" = SopCast 3.2.9
"Steam App 10" = Counter-Strike
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 300" = Day of Defeat: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"TVersity Codec Pack" = TVersity Codec Pack 1.4
"TVersity Media Server" = TVersity Media Server 1.9.3
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.11
"WinPcapInst" = WinPcap 3.0
"YouTube Downloader App" = YouTube Downloader App 3.00
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP Infium" = QIP Infium 2.0.9034
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.03.2012 08:57:34 | Computer Name = XP64-SP2 | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"
 nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich 
durch eine fehlerhafte Registrierung verursacht.
 
Error - 15.03.2012 09:28:06 | Computer Name = XP64-SP2 | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{7B849a69-220F-451E-B3FE-2CB811AF94AE}"
 nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich 
durch eine fehlerhafte Registrierung verursacht.
 
Error - 15.03.2012 09:28:06 | Computer Name = XP64-SP2 | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"
 nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich 
durch eine fehlerhafte Registrierung verursacht.
 
Error - 15.03.2012 09:28:10 | Computer Name = XP64-SP2 | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{7B849a69-220F-451E-B3FE-2CB811AF94AE}"
 nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich 
durch eine fehlerhafte Registrierung verursacht.
 
Error - 15.03.2012 09:28:10 | Computer Name = XP64-SP2 | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"
 nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich 
durch eine fehlerhafte Registrierung verursacht.
 
Error - 15.03.2012 09:31:37 | Computer Name = XP64-SP2 | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{7B849a69-220F-451E-B3FE-2CB811AF94AE}"
 nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich 
durch eine fehlerhafte Registrierung verursacht.
 
Error - 15.03.2012 09:31:37 | Computer Name = XP64-SP2 | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"
 nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich 
durch eine fehlerhafte Registrierung verursacht.
 
Error - 15.03.2012 09:31:40 | Computer Name = XP64-SP2 | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{7B849a69-220F-451E-B3FE-2CB811AF94AE}"
 nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich 
durch eine fehlerhafte Registrierung verursacht.
 
Error - 15.03.2012 09:31:40 | Computer Name = XP64-SP2 | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"
 nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich 
durch eine fehlerhafte Registrierung verursacht.
 
Error - 15.03.2012 09:31:53 | Computer Name = XP64-SP2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
 
[ OSession Events ]
Error - 09.11.2010 05:02:06 | Computer Name = XP64-SP2 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 29.12.2011 08:18:37 | Computer Name = XP64-SP2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NPPTNT2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 29.12.2011 08:19:50 | Computer Name = XP64-SP2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NPPTNT2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 29.12.2011 08:38:39 | Computer Name = XP64-SP2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NPPTNT2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 29.12.2011 08:40:58 | Computer Name = XP64-SP2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NPPTNT2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 29.12.2011 08:42:00 | Computer Name = XP64-SP2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NPPTNT2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 29.12.2011 08:43:18 | Computer Name = XP64-SP2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NPPTNT2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 29.12.2011 08:44:34 | Computer Name = XP64-SP2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NPPTNT2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 29.12.2011 19:03:15 | Computer Name = XP64-SP2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NPPTNT2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 30.12.2011 06:26:50 | Computer Name = XP64-SP2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NPPTNT2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 30.12.2011 06:38:47 | Computer Name = XP64-SP2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NPPTNT2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >
         

OTL:

Code:
ATTFilter
OTL logfile created on: 15.03.2012 14:37:42 - Run 3
OTL by OldTimer - Version 3.2.37.0     Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003  Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,17 Gb Available Physical Memory | 79,34% Memory free
5,74 Gb Paging File | 5,26 Gb Available in Paging File | 91,68% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286,97 Gb Total Space | 208,88 Gb Free Space | 72,79% Space Free | Partition Type: NTFS
Drive D: | 644,53 Gb Total Space | 348,72 Gb Free Space | 54,10% Space Free | Partition Type: NTFS
 
Computer Name: XP64-SP2 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\WINDOWS\SysWOW64\PnkBstrB.exe ()
PRC - C:\WINDOWS\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files (x86)\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files (x86)\Microsoft LifeCam\MSCamSvc.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\WINDOWS\SysWOW64\PnkBstrB.exe ()
MOD - C:\WINDOWS\SysWOW64\PnkBstrA.exe ()
MOD - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TVersityMediaServer) -- C:\Program Files (x86)\TVersity\Media Server\MediaServer.exe ()
SRV - (PnkBstrB) -- C:\WINDOWS\SysWOW64\PnkBstrB.exe ()
SRV - (Spooler) -- C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\WINDOWS\SysWOW64\PnkBstrA.exe ()
SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (npggsvc) -- C:\WINDOWS\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (ATI Smart) -- C:\WINDOWS\SysWOW64\ati2saag.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Program Files (x86)\Microsoft LifeCam\MSCamSvc.exe (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (GEARAspiWDM) -- C:\WINDOWS\Sysnative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (AnyDVD) -- C:\WINDOWS\SysWOW64\Drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (StarOpen) -- C:\WINDOWS\SysWow64\drivers\StarOpen.sys ()
DRV - (mnmdd) -- C:\WINDOWS\SysWow64\mnmdd.dll (Microsoft Corporation)
DRV - (Winsock) -- C:\WINDOWS\SysWow64\winsock.dll (Microsoft Corporation)
DRV - (NPPTNT2) -- C:\WINDOWS\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (NPF) -- C:\WINDOWS\SysWOW64\Drivers\npf.sys (Politecnico di Torino)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/?query={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=&apn_uid=DFA3D23A-BBD0-4E03-91F0-D97334FE39CA&apn_sauid=7CAF5C9D-D03B-4815-AE7F-AEA2B24A26CE
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/?query={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.9&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.20 22:46:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.18 13:45:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.25 19:53:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.1.0\FF [2010.09.26 22:57:08 | 000,000,000 | ---D | M]
 
[2010.01.27 11:39:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2012.03.01 18:17:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\2r5pe3hm.default\extensions
[2010.05.27 16:25:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\2r5pe3hm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.12 20:33:02 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\2r5pe3hm.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
[2012.01.05 13:05:39 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\2r5pe3hm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.08.26 19:32:26 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\2r5pe3hm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.23 20:52:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\2r5pe3hm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.03.01 18:17:39 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\2r5pe3hm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.02.04 20:30:26 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\2r5pe3hm.default\extensions\firefox@tvunetworks.com
[2011.04.27 19:09:57 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\askcom.xml
[2010.10.06 19:37:07 | 000,000,873 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\conduit.xml
[2012.03.12 14:27:17 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-1.xml
[2011.03.07 13:36:01 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-10.xml
[2011.03.11 21:37:53 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-11.xml
[2011.03.26 11:22:46 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-12.xml
[2011.04.29 20:11:33 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-13.xml
[2011.05.08 10:29:07 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-14.xml
[2011.06.22 12:28:56 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-15.xml
[2011.08.18 11:36:39 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-16.xml
[2011.11.10 12:06:44 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-17.xml
[2010.08.25 09:36:11 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-2.xml
[2010.09.09 15:59:16 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-3.xml
[2010.09.17 18:53:08 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-4.xml
[2010.09.26 23:23:23 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-5.xml
[2010.10.29 08:51:47 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-6.xml
[2010.10.30 13:00:44 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-7.xml
[2010.12.12 05:26:01 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-8.xml
[2011.03.04 07:40:07 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin-9.xml
[2011.03.30 13:14:34 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\icqplugin.xml
[2010.04.20 21:27:45 | 000,002,062 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2r5pe3hm.default\searchplugins\qip-search.xml
[2011.11.10 12:06:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.04.27 19:22:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2R5PE3HM.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
[2012.02.18 13:45:37 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.14 06:31:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.14 06:31:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.14 06:31:23 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.14 06:31:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.14 06:31:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.14 06:31:23 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files (x86)\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SkypeM] C:\Documents and Settings\Administrator\Local Settings\Application Data\Skype\Skype.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1274869229406 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5A18774-BA8D-45E2-B7CE-27B58D8018F7}: DhcpNameServer = 192.168.220.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -  File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) -  File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) -  File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) -  File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) -  File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) -  File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) -  File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) -  File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) -  File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.27 10:46:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.15 12:40:03 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012.02.25 00:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\MacroX
[2012.02.20 22:45:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
[2012.02.18 14:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2012.02.18 14:00:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2012.02.18 14:00:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.02.18 14:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[7 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.15 14:31:41 | 000,001,120 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.15 14:31:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.15 14:27:11 | 000,000,253 | RHS- | M] () -- C:\boot.ini
[2012.03.15 12:44:49 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012.03.15 09:52:00 | 000,001,124 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.15 03:02:20 | 000,000,970 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.02.25 00:58:45 | 000,001,352 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\AutoHotkey.ahk
[2012.02.23 11:30:12 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2012.02.16 10:06:54 | 001,151,562 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[7 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.25 00:58:45 | 000,001,352 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\AutoHotkey.ahk
[2012.02.09 22:23:53 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011.12.23 19:31:49 | 000,005,504 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\StarOpen.sys
[2011.10.28 12:36:33 | 000,452,096 | ---- | C] () -- C:\WINDOWS\SysWow64\nmap.exe
[2011.10.28 12:36:33 | 000,290,816 | ---- | C] () -- C:\WINDOWS\SysWow64\nmapserv.exe
[2011.08.02 17:22:46 | 000,039,064 | -H-- | C] () -- C:\WINDOWS\SysWow64\mlfcache.dat
[2011.04.29 20:16:15 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.05 21:09:48 | 000,059,904 | ---- | C] () -- C:\WINDOWS\SysWow64\OVDecode.dll
[2011.02.06 16:24:53 | 000,000,411 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010.12.25 16:26:42 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.12.01 10:25:53 | 000,000,037 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2010.10.07 05:56:37 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010.08.20 11:36:48 | 000,158,840 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010.08.16 11:52:30 | 000,669,184 | ---- | C] () -- C:\WINDOWS\SysWow64\pbsvc.exe
[2010.08.16 11:52:30 | 000,189,248 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2010.08.16 11:52:30 | 000,066,872 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe
[2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\SysWow64\xlive.dll.cat
[2010.03.24 12:41:11 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
 
========== LOP Check ==========
 
[2010.11.17 13:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\2K Sports
[2010.11.29 21:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Bioshock2
[2011.12.23 19:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe Limited
[2010.01.27 13:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2011.09.13 15:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoft
[2011.08.26 19:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers
[2012.02.02 22:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Electronic Arts
[2012.03.15 14:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICQ
[2011.08.02 18:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Jens Lorek
[2010.10.10 10:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2011.07.01 11:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LolClient
[2011.05.15 21:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mael
[2010.09.09 17:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Need for Speed World
[2011.05.14 20:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Octoshape
[2012.03.07 15:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PriceGong
[2010.03.12 20:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QIP
[2011.12.23 15:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Red Kawa
[2011.12.23 15:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Regensoft
[2011.04.29 01:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft
[2012.01.20 10:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TS3Client
[2010.11.13 15:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TubeBox
[2010.07.06 07:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010.02.03 20:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011.12.23 19:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010.10.09 17:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2010.01.27 11:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010.10.19 08:04:40 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\DSS
[2011.05.12 12:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Core
[2011.05.12 12:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2010.01.28 11:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2011.10.25 16:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2010.10.09 10:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KONAMI
[2010.01.27 12:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010.03.05 14:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010.07.24 11:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011.08.02 18:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010.01.29 07:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redirected
[2010.01.27 11:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2012.02.09 22:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2011.05.12 12:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Solidshield
[2010.01.27 12:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2012.03.15 14:30:25 | 000,032,526 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt
 
========== Purity Check ==========
 
 

< End of report >
         

Ich bedanke mich im voraus

Alt 15.03.2012, 17:04   #2
markusg
/// Malware-holic
 
Anitvir Virus? ; Aufforderung zur Zahlung von 50 € - Standard

Anitvir Virus? ; Aufforderung zur Zahlung von 50 €



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [SkypeM] C:\Documents and Settings\Administrator\Local Settings\Application Data\Skype\Skype.exe ()
 :Files
C:\Documents and Settings\Administrator\Local Settings\Application Data\Skype
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________

__________________

Alt 15.03.2012, 17:44   #3
mafia
 
Anitvir Virus? ; Aufforderung zur Zahlung von 50 € - Standard

Anitvir Virus? ; Aufforderung zur Zahlung von 50 €



danke für deinen beitrag.habe es wie du es sagtest gemacht

PC läuft jetzt eig ganz normal..wenn irgendwas wieder kommt.melde ich mich

ein dankeschön an dich =)

Code:
ATTFilter
ll processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SkypeM deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Skype\Skype.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: Administrator
->Flash cache emptied: 267671 bytes
 
User: All Users
 
User: Default User
 
User: LocalService
 
User: NetworkService
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 35109367 bytes
->Temporary Internet Files folder emptied: 41878415 bytes
->Java cache emptied: 2520628 bytes
->FireFox cache emptied: 111184960 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 530256 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 763412 bytes
->Temporary Internet Files folder emptied: 62147 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2168024 bytes
%systemroot%\System32 .tmp files removed: 3242505 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 594432 bytes
 
Total Files Cleaned = 189,00 mb
 
 
OTL by OldTimer - Version 3.2.37.0 log created on 03152012_173834

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\CDEFSTUJ\1233293;sz=728x90;click3rd=http%3A%2F%2Fclick.v1.de.euserv[1].php%253Fs%253D16765%253Bc%253D48123%253Burl%253D;net=cdde;ord=1298397878;ord1=888875;cmpgurl=about%253Ablank not found!

Registry entries deleted on Reboot...
         
__________________

Alt 15.03.2012, 20:25   #4
markusg
/// Malware-holic
 
Anitvir Virus? ; Aufforderung zur Zahlung von 50 € - Standard

Anitvir Virus? ; Aufforderung zur Zahlung von 50 €



upload fehlt...
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.03.2012, 21:05   #5
mafia
 
Anitvir Virus? ; Aufforderung zur Zahlung von 50 € - Standard

Anitvir Virus? ; Aufforderung zur Zahlung von 50 €



Datei: MovedFiles.rar_1 empfangen

Vorgang erfolgreich abgeschlossen.

hast du es bekommen?


Alt 15.03.2012, 21:14   #6
markusg
/// Malware-holic
 
Anitvir Virus? ; Aufforderung zur Zahlung von 50 € - Standard

Anitvir Virus? ; Aufforderung zur Zahlung von 50 €



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.
__________________
--> Anitvir Virus? ; Aufforderung zur Zahlung von 50 €

Alt 16.03.2012, 17:06   #7
mafia
 
Anitvir Virus? ; Aufforderung zur Zahlung von 50 € - Standard

Anitvir Virus? ; Aufforderung zur Zahlung von 50 €



Leider ist das programm für mein windows nicht geeignet

habe windows xp 64 bit

Alt 16.03.2012, 17:07   #8
markusg
/// Malware-holic
 
Anitvir Virus? ; Aufforderung zur Zahlung von 50 € - Standard

Anitvir Virus? ; Aufforderung zur Zahlung von 50 €



aja, sorry :-)
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.03.2012, 18:58   #9
mafia
 
Anitvir Virus? ; Aufforderung zur Zahlung von 50 € - Standard

Anitvir Virus? ; Aufforderung zur Zahlung von 50 €



ok habe ich gemacht

Hat Lockerd File und Unsigned file angezeigt

Code:
ATTFilter
18:57:22.0656 0752	TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43
18:57:22.0921 0752	============================================================
18:57:22.0921 0752	Current date / time: 2012/03/16 18:57:22.0921
18:57:22.0921 0752	SystemInfo:
18:57:22.0921 0752	
18:57:22.0921 0752	OS Version: 5.2.3790 ServicePack: 2.0
18:57:22.0921 0752	Product type: Workstation
18:57:22.0921 0752	ComputerName: XP64-SP2
18:57:22.0921 0752	UserName: Administrator
18:57:22.0921 0752	Windows directory: C:\WINDOWS
18:57:22.0921 0752	System windows directory: C:\WINDOWS
18:57:22.0921 0752	Running under WOW64
18:57:22.0921 0752	Processor architecture: Intel x64
18:57:22.0921 0752	Number of processors: 3
18:57:22.0921 0752	Page size: 0x1000
18:57:22.0921 0752	Boot type: Normal boot
18:57:22.0921 0752	============================================================
18:57:23.0750 0752	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000044
18:57:23.0750 0752	\Device\Harddisk0\DR0:
18:57:23.0765 0752	MBR used
18:57:23.0765 0752	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23DF2697
18:57:23.0765 0752	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23DF2715, BlocksNum 0x5090F3EB
18:57:23.0828 0752	Initialize success
18:57:23.0828 0752	============================================================
18:57:31.0984 1916	============================================================
18:57:31.0984 1916	Scan started
18:57:31.0984 1916	Mode: Manual; SigCheck; TDLFS; 
18:57:31.0984 1916	============================================================
18:57:32.0265 1916	Abiosdsk - ok
18:57:32.0296 1916	ACPI            (0cc42d1fb637112de6f6196ddaf83dec) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:57:32.0359 1916	ACPI - ok
18:57:32.0390 1916	ACPIEC          (a4d4f508bc6613442b0c32cde443e382) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:57:32.0421 1916	ACPIEC - ok
18:57:32.0437 1916	adpu160m - ok
18:57:32.0437 1916	adpu320 - ok
18:57:32.0468 1916	aec             (92500bc3a6e241bbc357f532dd500a75) C:\WINDOWS\system32\drivers\aec.sys
18:57:32.0515 1916	aec - ok
18:57:32.0546 1916	AFD             (e01a5efa2ada5f3acfe877dca449d34d) C:\WINDOWS\System32\drivers\afd.sys
18:57:32.0562 1916	AFD - ok
18:57:32.0562 1916	aic78u2 - ok
18:57:32.0578 1916	aic78xx - ok
18:57:32.0578 1916	AliIde - ok
18:57:32.0593 1916	AmdIde - ok
18:57:32.0609 1916	AmdPPM64        (cce290f816a286a6632530da169f5545) C:\WINDOWS\system32\DRIVERS\AmdPPM64.sys
18:57:32.0625 1916	AmdPPM64 - ok
18:57:32.0656 1916	AnyDVD          (7ce7d6019d0d73f9203ba4ff4ba35b6a) C:\WINDOWS\system32\Drivers\AnyDVD.sys
18:57:32.0687 1916	AnyDVD - ok
18:57:32.0687 1916	arc - ok
18:57:32.0703 1916	Arp1394         (fda73c1ecd1ec4f366ff0ab85abf816d) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:57:32.0750 1916	Arp1394 - ok
18:57:32.0750 1916	AsIO - ok
18:57:33.0046 1916	AsyncMac        (7380acdd2d8e6621392e56d9a0467fe4) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:57:33.0093 1916	AsyncMac - ok
18:57:33.0109 1916	atapi           (7a1814d0d112f50f828e25557a1ed29f) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:57:33.0156 1916	atapi - ok
18:57:33.0187 1916	Atdisk - ok
18:57:33.0296 1916	ati2mtag        (76104a169471f61c64509b66fcc76b89) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:57:33.0406 1916	ati2mtag - ok
18:57:33.0421 1916	AtiHDAudioService (fde81f76eaebcef7762a276a19a08f08) C:\WINDOWS\system32\drivers\AtihdXP6.sys
18:57:33.0421 1916	AtiHDAudioService - ok
18:57:33.0468 1916	AtiHdmiService  (04c35110bf235a6f17f19586aa8c88d2) C:\WINDOWS\system32\drivers\AtiHdmi.sys
18:57:33.0468 1916	AtiHdmiService - ok
18:57:33.0484 1916	Atmarpc         (62d65fce5695b53a2ddf92e83111ea06) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:57:33.0531 1916	Atmarpc - ok
18:57:33.0562 1916	audstub         (1437089f59dba75fee4ed959077a938e) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:57:33.0593 1916	audstub - ok
18:57:33.0640 1916	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:57:33.0640 1916	avgntflt - ok
18:57:33.0656 1916	avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:57:33.0656 1916	avipbb - ok
18:57:33.0671 1916	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
18:57:33.0687 1916	avkmgr - ok
18:57:33.0718 1916	Beep            (8ba2e5cdfde406dc4646afb894804844) C:\WINDOWS\system32\drivers\Beep.sys
18:57:33.0765 1916	Beep - ok
18:57:33.0781 1916	CCDECODE        (2367a4dda10960624fe696bcedfc995a) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:57:33.0828 1916	CCDECODE - ok
18:57:33.0859 1916	CdaC15BA        (982563cf02cd6d4e5d8e0f4b5cbb9b6a) C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys
18:57:33.0906 1916	CdaC15BA - ok
18:57:33.0906 1916	CdaD10BA        (9067d96899d98ca4535a76e8c8b2e3a5) C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys
18:57:33.0953 1916	CdaD10BA - ok
18:57:33.0953 1916	Cdfs            (4d99e36322fb51a8d1b2b6d6b69d9889) C:\WINDOWS\system32\drivers\Cdfs.sys
18:57:34.0015 1916	Cdfs - ok
18:57:34.0015 1916	Cdrom           (11663fe50e499ffee77979542b285f38) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:57:34.0062 1916	Cdrom - ok
18:57:34.0078 1916	Changer - ok
18:57:34.0093 1916	CmdIde - ok
18:57:34.0109 1916	crcdisk         (423f7a6e3af4c2a73c8c8ad945f72cba) C:\WINDOWS\system32\DRIVERS\crcdisk.sys
18:57:34.0156 1916	crcdisk - ok
18:57:34.0171 1916	Disk            (417d7b9c6f36685a417e54690f8bd7b2) C:\WINDOWS\system32\DRIVERS\disk.sys
18:57:34.0218 1916	Disk - ok
18:57:34.0234 1916	dmboot          (19d704c92c2e2bd4dc99db18a3523918) C:\WINDOWS\system32\drivers\dmboot.sys
18:57:34.0281 1916	dmboot - ok
18:57:34.0296 1916	dmio            (b293ce1c9243219f6b9e5dbcaa75b962) C:\WINDOWS\system32\drivers\dmio.sys
18:57:34.0343 1916	dmio - ok
18:57:34.0375 1916	dmload          (c294e31d6cb7407a43c96ec1fec1f8a4) C:\WINDOWS\system32\drivers\dmload.sys
18:57:34.0421 1916	dmload - ok
18:57:34.0421 1916	dpti2o - ok
18:57:34.0515 1916	dump_wmimmc - ok
18:57:34.0562 1916	ElbyCDIO        (a05fc7eca0966ebb70e4d17b855a853b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
18:57:34.0562 1916	ElbyCDIO - ok
18:57:34.0609 1916	Fastfat         (7c713b9f6f968f135d3d819492882cdd) C:\WINDOWS\system32\drivers\Fastfat.sys
18:57:34.0656 1916	Fastfat - ok
18:57:34.0656 1916	Fdc             (7e35d423ff10ab5b8af1d3de86236690) C:\WINDOWS\system32\drivers\Fdc.sys
18:57:34.0703 1916	Fdc - ok
18:57:34.0718 1916	Fips            (73ea9000f8fb2e060954eb7c3377a3c7) C:\WINDOWS\system32\drivers\Fips.sys
18:57:34.0765 1916	Fips - ok
18:57:34.0781 1916	Flpydisk        (8ac77974378eac3548330951a5deeebf) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:57:34.0828 1916	Flpydisk - ok
18:57:34.0843 1916	FltMgr          (087db260f98056ac40261acae4240882) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:57:34.0890 1916	FltMgr - ok
18:57:34.0890 1916	Fs_Rec          (70df80567a55a97894b4e8952ec5e7fc) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:57:34.0937 1916	Fs_Rec - ok
18:57:34.0968 1916	Ftdisk          (e90aa7c073519dd8571670818cb85ccb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:57:35.0015 1916	Ftdisk - ok
18:57:35.0015 1916	GEARAspiWDM     (7508fcfb8d93556213f530dffaedec45) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
18:57:35.0031 1916	GEARAspiWDM - ok
18:57:35.0046 1916	Gpc             (865d4d0b4e3730ef8040000cfb846d9f) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:57:35.0093 1916	Gpc - ok
18:57:35.0125 1916	HDAudBus        (d36e47728cdbc8d17a77d36a6cbc29bb) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:57:35.0156 1916	HDAudBus - ok
18:57:35.0171 1916	hidusb          (f32bec5614a61bbb2bede070d279f88b) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:57:35.0218 1916	hidusb - ok
18:57:35.0250 1916	HTTP            (b54738df11d0e06072bf9c332db1d254) C:\WINDOWS\system32\Drivers\HTTP.sys
18:57:35.0265 1916	HTTP - ok
18:57:35.0265 1916	i2omgmt - ok
18:57:35.0265 1916	i8042prt        (50fd608643d9b56c4c75c0784513f77e) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:57:35.0328 1916	i8042prt - ok
18:57:35.0328 1916	iirsp - ok
18:57:35.0359 1916	imapi           (d2e541613b72ff9fcedf37b166930706) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:57:35.0406 1916	imapi - ok
18:57:35.0406 1916	IntelIde - ok
18:57:35.0421 1916	Ip6Fw           (6601a43ee389d0adb11aaede9a98036b) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:57:35.0468 1916	Ip6Fw - ok
18:57:35.0468 1916	IpFilterDriver  (1b1b4654a5492a42d2e1bf5b2b22d32b) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:57:35.0515 1916	IpFilterDriver - ok
18:57:35.0531 1916	IpInIp - ok
18:57:35.0546 1916	IpNat           (088ecb04137df1f52ec10c29d57a8cca) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:57:35.0593 1916	IpNat - ok
18:57:35.0625 1916	IPSec           (db841ec6f027c780002ef47aabfddf86) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:57:35.0671 1916	IPSec - ok
18:57:35.0687 1916	IRENUM          (8b7015ea0171242cca03c2fb48ccc771) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:57:35.0718 1916	IRENUM - ok
18:57:35.0718 1916	isapnp          (d994162e4d8e931fc16a892a87852bbb) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:57:35.0765 1916	isapnp - ok
18:57:35.0796 1916	Kbdclass        (e85095372008a9194c7ed6206cb782da) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:57:35.0843 1916	Kbdclass - ok
18:57:35.0859 1916	kmixer          (1b280b3b4c10cc2e3ec3aec17eb6b658) C:\WINDOWS\system32\drivers\kmixer.sys
18:57:35.0906 1916	kmixer - ok
18:57:35.0921 1916	KSecDD          (2c44cecb20432e8546f7313bff3fa59e) C:\WINDOWS\system32\drivers\KSecDD.sys
18:57:35.0937 1916	KSecDD - ok
18:57:35.0937 1916	ksthunk         (5cb302b6caace41af70c34b56eb3db23) C:\WINDOWS\system32\drivers\ksthunk.sys
18:57:35.0984 1916	ksthunk - ok
18:57:36.0015 1916	mnmdd           (ad6bc1efa0c1b53409947f06de87fc89) C:\WINDOWS\system32\drivers\mnmdd.sys
18:57:36.0062 1916	mnmdd - ok
18:57:36.0062 1916	Modem           (9a67a96a0cbc2bc658abf8c9b5ee065a) C:\WINDOWS\system32\drivers\Modem.sys
18:57:36.0109 1916	Modem - ok
18:57:36.0156 1916	monfilt         (48796eb50e697a39d19d865e5cbddae2) C:\WINDOWS\system32\drivers\monfilt.sys
18:57:36.0187 1916	monfilt - ok
18:57:36.0218 1916	Mouclass        (12acf32edf03e46805347817acb9f64c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:57:36.0265 1916	Mouclass - ok
18:57:36.0281 1916	mouhid          (a0c4e4a79c5d6f418315c33177f2b5bc) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:57:36.0328 1916	mouhid - ok
18:57:36.0343 1916	MountMgr        (7e9cc7e4282a8e7a480560a6f817c177) C:\WINDOWS\system32\drivers\MountMgr.sys
18:57:36.0390 1916	MountMgr - ok
18:57:36.0406 1916	mraid35x - ok
18:57:36.0421 1916	MRxDAV          (d20686e835be5b9ab8b5a5b5f15fc053) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:57:36.0421 1916	MRxDAV - ok
18:57:36.0437 1916	MRxSmb          (099d19aff75912006b17bafa07fdf4fb) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:57:36.0468 1916	MRxSmb - ok
18:57:36.0500 1916	Msfs            (983f4ab7a50d56cd33e2061ee733bd55) C:\WINDOWS\system32\drivers\Msfs.sys
18:57:36.0546 1916	Msfs - ok
18:57:36.0546 1916	MSKSSRV         (308ec6fbef38871cb2c4cace9c8f4808) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:57:36.0593 1916	MSKSSRV - ok
18:57:36.0593 1916	MSPCLOCK        (8d3226738479719aab3b6d2617d7a55c) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:57:36.0640 1916	MSPCLOCK - ok
18:57:36.0656 1916	MSPQM           (058d63e8d000ae678d4549bfa8eb0deb) C:\WINDOWS\system32\drivers\MSPQM.sys
18:57:36.0703 1916	MSPQM - ok
18:57:36.0718 1916	mssmbios        (5992d1f9ed64017a76afee2b79f5cfb9) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:57:36.0765 1916	mssmbios - ok
18:57:36.0781 1916	MSTEE           (6c679fab17592620de60dc7700a039ea) C:\WINDOWS\system32\drivers\MSTEE.sys
18:57:36.0828 1916	MSTEE - ok
18:57:36.0890 1916	MTsensor        (cac3bb575e4a0417bff28d3196e44d3a) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
18:57:36.0906 1916	MTsensor - ok
18:57:36.0953 1916	Mup             (5902c8e565fe346076786f43103ef02e) C:\WINDOWS\system32\drivers\Mup.sys
18:57:36.0953 1916	Mup - ok
18:57:36.0968 1916	NABTSFEC        (933012d216d0022a500cc6c0dfa16428) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:57:37.0015 1916	NABTSFEC - ok
18:57:37.0031 1916	NDIS            (6fe83d05aebef7930d7ce91568dc99df) C:\WINDOWS\system32\drivers\NDIS.sys
18:57:37.0078 1916	NDIS - ok
18:57:37.0093 1916	NdisIP          (febeb8bf62b229ce9da98c32bf3d26a3) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:57:37.0140 1916	NdisIP - ok
18:57:37.0156 1916	NdisTapi        (389cfab53aa9807ea4536cb0b03609c3) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:57:37.0156 1916	NdisTapi - ok
18:57:37.0187 1916	Ndisuio         (49c1207c1ae8c6958f1c1747132814c2) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:57:37.0234 1916	Ndisuio - ok
18:57:37.0234 1916	NdisWan         (6157a7aeae6d2b948ff2e872ffac765b) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:57:37.0281 1916	NdisWan - ok
18:57:37.0296 1916	NDProxy         (01b8acf7c9afa9005db6378077137bce) C:\WINDOWS\system32\drivers\NDProxy.sys
18:57:37.0312 1916	NDProxy - ok
18:57:37.0312 1916	NetBIOS         (b1cee06471a069149b11fada23ff00fd) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:57:37.0359 1916	NetBIOS - ok
18:57:37.0375 1916	NetBT           (fedaafb6cd700b9e0787c94d81c07db5) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:57:37.0437 1916	NetBT - ok
18:57:37.0453 1916	NIC1394         (dafc30299e872cd7ed3795ea0fa08f67) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:57:37.0500 1916	NIC1394 - ok
18:57:37.0515 1916	NPF - ok
18:57:37.0562 1916	Npfs            (81819038621a2c524781ec503d400287) C:\WINDOWS\system32\drivers\Npfs.sys
18:57:37.0593 1916	Npfs - ok
18:57:37.0609 1916	NPPTNT2 - ok
18:57:37.0625 1916	Ntfs            (c8904b5f90ab2236692e83d491c4d426) C:\WINDOWS\system32\drivers\Ntfs.sys
18:57:37.0703 1916	Ntfs - ok
18:57:37.0718 1916	Null            (501039187c444fa7ab9d97b6a6c667b3) C:\WINDOWS\system32\drivers\Null.sys
18:57:37.0765 1916	Null - ok
18:57:37.0781 1916	ohci1394        (f8160ac8ae516a33221427c2353a7d12) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:57:37.0828 1916	ohci1394 - ok
18:57:37.0843 1916	Parport         (7ddaa09186da9f1d304e819b5a6bbc5a) C:\WINDOWS\system32\DRIVERS\parport.sys
18:57:37.0890 1916	Parport - ok
18:57:37.0890 1916	PartMgr         (5f9a703240468a0c35a629d17ffca847) C:\WINDOWS\system32\drivers\PartMgr.sys
18:57:37.0937 1916	PartMgr - ok
18:57:37.0953 1916	PCI             (5b2c8d6971d8df4937c2fa013cd4c00d) C:\WINDOWS\system32\DRIVERS\pci.sys
18:57:38.0000 1916	PCI - ok
18:57:38.0000 1916	PCIIde          (f1978c7849a0047306db3b8bb94f0764) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:57:38.0046 1916	PCIIde - ok
18:57:38.0062 1916	Pcmcia          (037f3a19f49a4c6a320c4154ebd6ee9d) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:57:38.0109 1916	Pcmcia - ok
18:57:38.0109 1916	PDCOMP - ok
18:57:38.0109 1916	PDFRAME - ok
18:57:38.0125 1916	PDRELI - ok
18:57:38.0125 1916	PDRFRAME - ok
18:57:38.0156 1916	PptpMiniport    (e176f640ee6bf550f61faa9ce9a683f4) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:57:38.0203 1916	PptpMiniport - ok
18:57:38.0203 1916	Processor       (1f6afb4d9ccf57ff90eb4932b672d1e6) C:\WINDOWS\system32\DRIVERS\processr.sys
18:57:38.0250 1916	Processor - ok
18:57:38.0265 1916	PSched          (01aae06e543c0956ac247546a8f2dafe) C:\WINDOWS\system32\DRIVERS\psched.sys
18:57:38.0312 1916	PSched - ok
18:57:38.0312 1916	Ptilink         (35e39a969d227c2a56c1dc98361d8e35) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:57:38.0359 1916	Ptilink - ok
18:57:38.0375 1916	PxHlpa64        (fbf4db6d53585437e41a113300002a2b) C:\WINDOWS\system32\Drivers\PxHlpa64.sys
18:57:38.0375 1916	PxHlpa64 - ok
18:57:38.0390 1916	RasAcd          (d646a315e6386dac1d96c8ce8a4bfee7) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:57:38.0437 1916	RasAcd - ok
18:57:38.0453 1916	Rasl2tp         (d81fdc53ee9c0f68d709e504342d1d74) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:57:38.0500 1916	Rasl2tp - ok
18:57:38.0515 1916	RasPppoe        (31fa5ab662c58cc5cf92396224f6b29a) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:57:38.0562 1916	RasPppoe - ok
18:57:38.0578 1916	Raspti          (701493f9a6ede759af8d3fa7c08bab3b) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:57:38.0625 1916	Raspti - ok
18:57:38.0656 1916	Rdbss           (84e8f7773eb41ce9d57ea4190955845e) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:57:38.0656 1916	Rdbss - ok
18:57:38.0671 1916	RDPCDD          (c013379d04060318c3b2e4967d82739a) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:57:38.0718 1916	RDPCDD - ok
18:57:38.0718 1916	rdpdr           (0482a9be0be2098a12a61464306bf24b) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:57:38.0765 1916	rdpdr - ok
18:57:38.0796 1916	RDPWD           (e87df32229d27afbd9ea4efc70bd0daa) C:\WINDOWS\system32\drivers\RDPWD.sys
18:57:38.0812 1916	RDPWD - ok
18:57:38.0828 1916	redbook         (1d793394201000d2d56e848c18fe9a62) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:57:38.0875 1916	redbook - ok
18:57:38.0890 1916	ROOTMODEM       (3461054f9f31128d31837ae8691d7f21) C:\WINDOWS\system32\Drivers\RootMdm.sys
18:57:38.0937 1916	ROOTMODEM - ok
18:57:38.0968 1916	RTLE8023x64     (751cdf39e05956fec0a6349958931b8d) C:\WINDOWS\system32\DRIVERS\Rtenic64.sys
18:57:38.0984 1916	RTLE8023x64 - ok
18:57:39.0000 1916	s3017bus        (d6e1d780fe3fe014ccac83c2cf961067) C:\WINDOWS\system32\DRIVERS\s3017bus.sys
18:57:39.0000 1916	s3017bus - ok
18:57:39.0031 1916	s3017mdfl       (4005cb0f1798220eec624e2d588411b0) C:\WINDOWS\system32\DRIVERS\s3017mdfl.sys
18:57:39.0031 1916	s3017mdfl - ok
18:57:39.0046 1916	s3017mdm        (19467740bf06ab124061f59b2bc8d58d) C:\WINDOWS\system32\DRIVERS\s3017mdm.sys
18:57:39.0062 1916	s3017mdm - ok
18:57:39.0062 1916	s3017mgmt       (e659d5964aa8bd18e3a16f38ce471eda) C:\WINDOWS\system32\DRIVERS\s3017mgmt.sys
18:57:39.0078 1916	s3017mgmt - ok
18:57:39.0078 1916	s3017nd5        (b030b78dd935ca8796857998bb973427) C:\WINDOWS\system32\DRIVERS\s3017nd5.sys
18:57:39.0093 1916	s3017nd5 - ok
18:57:39.0109 1916	s3017obex       (619de95f5e415fe5b44b2d6a4876e2a0) C:\WINDOWS\system32\DRIVERS\s3017obex.sys
18:57:39.0109 1916	s3017obex - ok
18:57:39.0125 1916	s3017unic       (a9c55d01b185106f9bee9967bf26e3af) C:\WINDOWS\system32\DRIVERS\s3017unic.sys
18:57:39.0125 1916	s3017unic - ok
18:57:39.0156 1916	Secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:57:39.0156 1916	Secdrv - ok
18:57:39.0171 1916	serenum         (111b29f3fcf9fb61c903a01e3706f7dc) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:57:39.0203 1916	serenum - ok
18:57:39.0218 1916	Serial          (c0dc97399576fccff5fe877ec2d8dacc) C:\WINDOWS\system32\DRIVERS\serial.sys
18:57:39.0265 1916	Serial - ok
18:57:39.0281 1916	Sfloppy         (c6eacc8920a31b8d5842d1f7a28e2113) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:57:39.0328 1916	Sfloppy - ok
18:57:39.0328 1916	Simbad - ok
18:57:39.0359 1916	SLIP            (6763442af574d3d42cbfb8008b7a140f) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:57:39.0406 1916	SLIP - ok
18:57:39.0437 1916	splitter        (17ec29105989101db536c49e1279a0eb) C:\WINDOWS\system32\drivers\splitter.sys
18:57:39.0484 1916	splitter - ok
18:57:39.0515 1916	sptd            (602884696850c86434530790b110e8eb) C:\WINDOWS\system32\Drivers\sptd.sys
18:57:39.0515 1916	Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
18:57:39.0515 1916	sptd ( LockedFile.Multi.Generic ) - warning
18:57:39.0515 1916	sptd - detected LockedFile.Multi.Generic (1)
18:57:39.0531 1916	sr              (dae1d5553d42a06034001d6ef4f5cb36) C:\WINDOWS\system32\DRIVERS\sr.sys
18:57:39.0546 1916	sr - ok
18:57:39.0593 1916	Srv             (b036a5371da7155ef7873cc81b313f68) C:\WINDOWS\system32\DRIVERS\srv.sys
18:57:39.0609 1916	Srv - ok
18:57:39.0625 1916	StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
18:57:39.0625 1916	StarOpen ( UnsignedFile.Multi.Generic ) - warning
18:57:39.0625 1916	StarOpen - detected UnsignedFile.Multi.Generic (1)
18:57:39.0640 1916	streamip        (90c7874ff6babf98a801c7aebe3ad5a6) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:57:39.0687 1916	streamip - ok
18:57:39.0703 1916	swenum          (b6536185feeb8f0c86ad3bf2fbab4f2f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:57:39.0750 1916	swenum - ok
18:57:39.0765 1916	swmidi          (8e9e35b36a27ad154a5f92397cde343c) C:\WINDOWS\system32\drivers\swmidi.sys
18:57:39.0812 1916	swmidi - ok
18:57:39.0812 1916	symc8xx - ok
18:57:39.0828 1916	symmpi - ok
18:57:39.0828 1916	sym_hi - ok
18:57:39.0828 1916	sym_u3 - ok
18:57:39.0843 1916	sysaudio        (2e843f129daf4c789df7acd40e26208f) C:\WINDOWS\system32\drivers\sysaudio.sys
18:57:39.0890 1916	sysaudio - ok
18:57:39.0890 1916	Tcpip           (ce9a7ac526636585a126face243f4574) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:57:39.0921 1916	Tcpip - ok
18:57:39.0937 1916	TDPIPE          (da1e9cd22238fa4db565ef41c7312e1b) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:57:39.0984 1916	TDPIPE - ok
18:57:39.0984 1916	TDTCP           (47d24ebb1c442dcc18d89b8b89bafb49) C:\WINDOWS\system32\drivers\TDTCP.sys
18:57:40.0031 1916	TDTCP - ok
18:57:40.0046 1916	TermDD          (8ab9ad44907d4c57ad10e175c8720ecf) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:57:40.0093 1916	TermDD - ok
18:57:40.0109 1916	TosIde - ok
18:57:40.0125 1916	Udfs            (a6dd2dfcc44ec61d18aa645620cd8f63) C:\WINDOWS\system32\drivers\Udfs.sys
18:57:40.0171 1916	Udfs - ok
18:57:40.0187 1916	ultra - ok
18:57:40.0187 1916	Update          (2288385c3326f956a578f24c15da26da) C:\WINDOWS\system32\DRIVERS\update.sys
18:57:40.0203 1916	Update - ok
18:57:40.0218 1916	usbaudio        (88354ba123549c6b0016592866063837) C:\WINDOWS\system32\drivers\usbaudio.sys
18:57:40.0265 1916	usbaudio - ok
18:57:40.0296 1916	usbccgp         (3421b0691a0e365a020836369a296f0c) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:57:40.0343 1916	usbccgp - ok
18:57:40.0343 1916	usbehci         (ae6521a1c79fc955ff26be9ca5521b51) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:57:40.0390 1916	usbehci - ok
18:57:40.0406 1916	usbhub          (d63cb1b59d54f9c2bb8a4107584a664f) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:57:40.0453 1916	usbhub - ok
18:57:40.0468 1916	usbohci         (fa9c0d7c2dc899d3e7c2a8721d17a3f8) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:57:40.0515 1916	usbohci - ok
18:57:40.0531 1916	usbprint        (040f6f425a6cc4fb156470502cafb31b) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:57:40.0578 1916	usbprint - ok
18:57:40.0593 1916	usbscan         (280894f834f5b9910dadff7568f37b31) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:57:40.0640 1916	usbscan - ok
18:57:40.0656 1916	USBSTOR         (edce8a162e8023fd1751e08e23e41948) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:57:40.0703 1916	USBSTOR - ok
18:57:40.0718 1916	vga             (b40cfd2ffdd838b0ce0c35ee449407bd) C:\WINDOWS\system32\DRIVERS\vgapnp.sys
18:57:40.0765 1916	vga - ok
18:57:40.0796 1916	VgaSave         (78ebfe6f11f10db8237b910e9158ca91) C:\WINDOWS\System32\drivers\vga.sys
18:57:40.0828 1916	VgaSave - ok
18:57:40.0875 1916	VIAHdAudAddService (1396b46088f37a7e9054a89ff888914f) C:\WINDOWS\system32\drivers\viahduaa.sys
18:57:40.0906 1916	VIAHdAudAddService - ok
18:57:40.0906 1916	ViaIde - ok
18:57:40.0921 1916	VolSnap         (fd6d28d1bbf31c719d9c5ec2d20fb5c2) C:\WINDOWS\system32\DRIVERS\volsnap.sys
18:57:40.0968 1916	VolSnap - ok
18:57:41.0000 1916	VX3000          (8eebc100897520605c53486b36314ff5) C:\WINDOWS\system32\DRIVERS\VX3000.sys
18:57:41.0046 1916	VX3000 - ok
18:57:41.0062 1916	Wanarp          (d2a01d73fe4a455c1d741b48c56763b2) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:57:41.0109 1916	Wanarp - ok
18:57:41.0109 1916	WDICA - ok
18:57:41.0109 1916	wdmaud          (daff7e89c84079022b9606f83e1bd29a) C:\WINDOWS\system32\drivers\wdmaud.sys
18:57:41.0156 1916	wdmaud - ok
18:57:41.0203 1916	WmiAcpi         (ea6a8317c29120ede0e422286712d769) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:57:41.0234 1916	WmiAcpi - ok
18:57:41.0265 1916	WpdUsb          (26c038b5f723ee2a433cbfbb12cacffc) C:\WINDOWS\system32\Drivers\wpdusb.sys
18:57:41.0265 1916	WpdUsb - ok
18:57:41.0281 1916	WSTCODEC        (478a0c5cc7dc817269654804e495b81a) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:57:41.0328 1916	WSTCODEC - ok
18:57:41.0328 1916	WudfPf          (3f98a4e57933963cf2a941bb48f9d47a) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:57:41.0343 1916	WudfPf - ok
18:57:41.0343 1916	WudfRd          (881c0c35cdd09077b0e95ec2269cb44c) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:57:41.0359 1916	WudfRd - ok
18:57:41.0375 1916	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:57:41.0703 1916	\Device\Harddisk0\DR0 - ok
18:57:41.0703 1916	Boot (0x1200)   (f9ae1c381f1711bcda25046595afd6ef) \Device\Harddisk0\DR0\Partition0
18:57:41.0703 1916	\Device\Harddisk0\DR0\Partition0 - ok
18:57:41.0703 1916	Boot (0x1200)   (25b698fc65b85ff23778e034f3d73a85) \Device\Harddisk0\DR0\Partition1
18:57:41.0703 1916	\Device\Harddisk0\DR0\Partition1 - ok
18:57:41.0703 1916	============================================================
18:57:41.0703 1916	Scan finished
18:57:41.0703 1916	============================================================
18:57:41.0812 1332	Detected object count: 2
18:57:41.0812 1332	Actual detected object count: 2
18:57:44.0156 1332	sptd ( LockedFile.Multi.Generic ) - skipped by user
18:57:44.0156 1332	sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
18:57:44.0156 1332	StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
18:57:44.0156 1332	StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 17.03.2012, 18:28   #10
markusg
/// Malware-holic
 
Anitvir Virus? ; Aufforderung zur Zahlung von 50 € - Standard

Anitvir Virus? ; Aufforderung zur Zahlung von 50 €



malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.03.2012, 08:01   #11
mafia
 
Anitvir Virus? ; Aufforderung zur Zahlung von 50 € - Standard

Anitvir Virus? ; Aufforderung zur Zahlung von 50 €



habe ich durchgeführt...

1 datei war infiziert und ich habe die dan gelöscht.

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.17.07

Windows XP Service Pack 2 x64 NTFS
Internet Explorer 7.0.5730.13
Administrator :: XP64-SP2 [Administrator]

Schutz: Deaktiviert

18.03.2012 00:59:30
mbam-log-2012-03-18 (00-59-30).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 392097
Laufzeit: 1 Stunde(n), 40 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
D:\Games\Armies.Of.Exigo-HOODLUM\Keygen\fff-ea98.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 18.03.2012, 20:34   #12
markusg
/// Malware-holic
 
Anitvir Virus? ; Aufforderung zur Zahlung von 50 € - Standard

Anitvir Virus? ; Aufforderung zur Zahlung von 50 €



D:\Games\Armies.Of.Exigo-HOODLUM\Keygen\fff-ea98.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
illegal, deswegen gibts hier nur noch hilfe beim daten sichern, pc neu aufsetzen und absichern.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.03.2012, 01:30   #13
mafia
 
Anitvir Virus? ; Aufforderung zur Zahlung von 50 € - Standard

Anitvir Virus? ; Aufforderung zur Zahlung von 50 €



was heist hier illegal?

habe es mal vom kollegen oder so kopiert.

Alt 21.03.2012, 15:35   #14
markusg
/// Malware-holic
 
Anitvir Virus? ; Aufforderung zur Zahlung von 50 € - Standard

Anitvir Virus? ; Aufforderung zur Zahlung von 50 €



es sind keygens, die verwendung solcher ist nicht legal, denn du schaltest damit eine zu bezahlene software frei, obwohl du nicht für sie bezahlt hast.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.03.2012, 16:49   #15
mafia
 
Anitvir Virus? ; Aufforderung zur Zahlung von 50 € - Standard

Anitvir Virus? ; Aufforderung zur Zahlung von 50 €



kann ich den ordner einfach löschen???

will mein pc nicht formatieren

Antwort

Themen zu Anitvir Virus? ; Aufforderung zur Zahlung von 50 €
.com, 0x00000001, 64-bit, antivir, avgnt, avira, bho, call of duty, converter, counter-strike source, downloader, error, euro, excel, flash player, fontcache, google, google earth, help, logfile, microsoft office word, mp3, normaler modus, office 2007, plug-in, problem, programm, realtek, scan, searchscopes, security, server, software, staropen, teamspeak, trojaner, trojaner board, tubebox, virus, win64, windows internet, wscript.exe, youtube downloader, zahlung



Ähnliche Themen: Anitvir Virus? ; Aufforderung zur Zahlung von 50 €


  1. WINDOWS 7 - Sperrbildschirm und Aufforderung zur Zahlung per PaySafeCard
    Log-Analyse und Auswertung - 10.11.2014 (1)
  2. PolizeiTrojaner Aufforderung zur Zahlung
    Mülltonne - 09.03.2013 (2)
  3. PolizeiTrojaner Aufforderung zur Zahlung
    Mülltonne - 09.03.2013 (2)
  4. Polizei Trojaner mit Webcamfenster - Aufforderung zur Zahlung von 100€
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (6)
  5. GVU Aufforderung zur Zahlung einer Geldstrafe
    Log-Analyse und Auswertung - 14.07.2012 (1)
  6. Verschlüsselungs-Trojaner eingefangen und Aufforderung zur Zahlung von 50 Euro
    Plagegeister aller Art und deren Bekämpfung - 04.05.2012 (3)
  7. Windowssystem gesperrt - Aufforderung zu einer Zahlung (no. 2)
    Log-Analyse und Auswertung - 22.03.2012 (5)
  8. Trojaner - Aufforderung zur Zahlung von 100€ - Scananalysen
    Log-Analyse und Auswertung - 20.03.2012 (2)
  9. Windowssystem gesperrt - Aufforderung zu einer Zahlung von 50 Euro.
    Log-Analyse und Auswertung - 20.03.2012 (10)
  10. Virus Windows Security Center; Aufforderung zur Zahlung von 100 €
    Plagegeister aller Art und deren Bekämpfung - 17.03.2012 (11)
  11. Aufforderung von Zahlung 50 Euro, schwarzer Bildschirm
    Log-Analyse und Auswertung - 18.02.2012 (20)
  12. Rechner gesperrt; Aufforderung zu 50€ Zahlung
    Plagegeister aller Art und deren Bekämpfung - 07.02.2012 (3)
  13. Windows blockiert. Aufforderung zur Zahlung von 50 Euro
    Plagegeister aller Art und deren Bekämpfung - 30.12.2011 (1)
  14. Windows blockiert, Aufforderung zum Download und zur Zahlung
    Log-Analyse und Auswertung - 21.12.2011 (8)
  15. Windows XP system blockiert und aufforderung zu 50€ Zahlung
    Log-Analyse und Auswertung - 20.12.2011 (5)
  16. Windows blockiert und aufforderung zur Zahlung zur freigabe
    Plagegeister aller Art und deren Bekämpfung - 20.12.2011 (6)
  17. Windows Sperrung, Aufforderung zur Zahlung i.H.v. 50 EUR
    Plagegeister aller Art und deren Bekämpfung - 10.12.2011 (19)

Zum Thema Anitvir Virus? ; Aufforderung zur Zahlung von 50 € - Hallo Trojaner Board, ich habe seit gestern Nacht ein Trojaner auf dem PC, dort werde ich gebeten 50 euro zu zahlen. hatte blackscreen mit der fehlermeldung. nach dem OTL Scan - Anitvir Virus? ; Aufforderung zur Zahlung von 50 €...
Archiv
Du betrachtest: Anitvir Virus? ; Aufforderung zur Zahlung von 50 € auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.