Trojanerpaket!

Onikage · 23.08.2010, 14:08

Hallo Forum!

Ich habe mir vor einer Weile ein paar Trojaner eingefangen die wie ich dachte von Spybot bereits entfernt wurden. Mit Schrecken musste ich gestern feststellen, dass es nicht so war. Auf einen Schlag hatte ich ein ganzes Paket voller Adware, Spyware, Malware, Dialer und Keylogger.
Das Ding ist jetzt, das ich sehr starke Einschränkungen einbüßen muss.
Zum Beispiel kann ich nicht ins Internet, da sich sofort ein Dialer einwählt und verdeckt auf Pornoseiten geht. Des weiteren kann ich keine einzige Datei mehr öffnen weil 'Fraud.Antimalwaredoctor' und 'Fraud.Sysguard' alle Dateien als infiziert markiert. Ich kann also nur im abgesicherten Modus agieren.

Hier sind die 3 bekannten Namen der Übeltäter

Es handelt sich um...

- AdRotator
- Fraud.Antimalewaredoctor
- Fraud.Sysguard

Ich habe mit Spybot, AVG und Malwarebytes einige Scans durchgeführt und alle bis auf AVG haben Bedrohungen gefunden und auch 'entfernt' nur hat das alles nichts gebracht. Die Fenster von 'Fraud.Antimalwaredoctor' u.'Fraud.Sysguard' öffnen sich noch genauso wie immer.

Ich habe einige logs gespeichert und hänge sie an den Post

Hier noch der HijackThis log
HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:36:38, on 23.08.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Users\Messiah\Ordner\Desktop\Desktop\Desktop\Hijackthis\HiJackThis204.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [rmansweocx.exe] "C:\Users\Messiah\AppData\Local\Temp\rmansweocx.exe"
O4 - HKLM\..\Run: [bipro] rundll32 "C:\Windows\$NtUninstallMTF1011$\mmduch.dll",,Run
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [newsecureapp70700.exe] C:\Users\Messiah\AppData\Roaming\8F35DE14562F9D6F8B2BBBAD5628D8A5\newsecureapp70700.exe
O4 - HKCU\..\Run: [ldeiwwog] C:\Users\Messiah\AppData\Local\gmfbuagor\vuvpipwshdw.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [rmansweocx.exe] "C:\Users\Messiah\AppData\Local\Temp\rmansweocx.exe"
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {00001026-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter26 Class) - hxxp://download.netmarble.net/web/nmstarter/NMStarter26_20091109.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AAV UpdateService - Unknown owner - C:\Program Files\Common Files\AAV\aavus.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe

--
End of file - 6772 bytes

--- --- ---

markusg · 23.08.2010, 14:26

1. deinstaliere spybot, stört nur die reinigung und nach meinem dafürhalten ist das programm sowieso nicht so besonders. starte nun in den abges. modus
2.

bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Onikage · 23.08.2010, 15:17

Vielen Dank für deine schnelle Antwort, markusg!

Ich habe Spybot S&D deinstalliert und mit CCleaner bisschen aufgeräumt.
Danach mit Combofix gescannt und siehe da, es tut sich schon was.
Keine Fenster poppen mehr auf im normalen Modus!

Hier der Combofix- Log

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-08-22.05 - Messiah 23.08.2010  15:54:18.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3326.2777 [GMT 2:00]
ausgeführt von:: c:\users\Messiah\Ordner\Desktop\Desktop\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\users\Messiah\AppData\Local\gmfbuagor
c:\users\Messiah\AppData\Local\gmfbuagor\vuvpipwshdw.exe
c:\users\Messiah\AppData\Roaming\8F35DE14562F9D6F8B2BBBAD5628D8A5
c:\users\Messiah\AppData\Roaming\8F35DE14562F9D6F8B2BBBAD5628D8A5\enemies-names.txt
c:\users\Messiah\AppData\Roaming\8F35DE14562F9D6F8B2BBBAD5628D8A5\local.ini
c:\users\Messiah\AppData\Roaming\8F35DE14562F9D6F8B2BBBAD5628D8A5\lsrslt.ini
c:\users\Messiah\AppData\Roaming\8F35DE14562F9D6F8B2BBBAD5628D8A5\newsecureapp70700.exe
c:\windows\$NtUninstallMTF1011$
c:\windows\$NtUninstallMTF1011$\apUninstall.exe
c:\windows\$NtUninstallMTF1011$\mmduch.dll
c:\windows\$NtUninstallMTF1011$\mmx.dll
c:\windows\system32\%appdata%

.
(((((((((((((((((((((((   Dateien erstellt von 2010-07-23 bis 2010-08-23  ))))))))))))))))))))))))))))))
.

2010-08-23 11:31 . 2010-08-23 11:31	--------	d-----w-	c:\users\Messiah\AppData\Roaming\Malwarebytes
2010-08-23 11:31 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-23 11:31 . 2010-08-23 11:31	--------	d-----w-	c:\programdata\Malwarebytes
2010-08-23 11:31 . 2010-08-23 11:31	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-23 11:31 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-23 04:23 . 2010-08-23 04:23	--------	d-----w-	c:\users\Messiah\AppData\Roaming\B1C47A703FFF7DBD69526FFF5AA75EF0
2010-08-22 05:44 . 2010-08-22 05:44	--------	d-----w-	C:\$AVG
2010-08-22 04:46 . 2010-08-22 04:46	12536	----a-w-	c:\windows\system32\avgrsstx.dll
2010-08-22 04:46 . 2010-08-22 04:46	243024	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2010-08-22 04:46 . 2010-08-22 04:46	216400	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2010-08-22 04:46 . 2010-08-22 15:26	--------	d-----w-	c:\windows\system32\drivers\Avg
2010-08-22 04:46 . 2010-08-22 04:46	29584	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2010-08-22 04:45 . 2010-08-22 04:45	--------	d-----w-	c:\program files\AVG
2010-08-22 04:45 . 2010-08-22 04:45	--------	d-----w-	c:\programdata\avg9
2010-08-16 17:17 . 2010-08-16 17:17	--------	d-----w-	c:\program files\NCSoft
2010-08-16 03:18 . 2005-05-10 16:54	258352	----a-w-	c:\windows\system32\unicows.dll
2010-08-12 00:05 . 2010-06-18 17:31	36864	----a-w-	c:\windows\system32\rtutils.dll
2010-08-12 00:05 . 2010-06-08 17:35	3600768	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-08-12 00:05 . 2010-06-08 17:35	3548040	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-08-12 00:05 . 2010-06-11 16:15	1248768	----a-w-	c:\windows\system32\msxml3.dll
2010-08-12 00:05 . 2010-06-18 15:04	302080	----a-w-	c:\windows\system32\drivers\srv.sys
2010-08-12 00:05 . 2010-06-18 15:04	144896	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-08-12 00:05 . 2010-06-16 16:04	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-08-11 17:18 . 2010-08-11 17:18	--------	d-----w-	c:\users\Messiah\AppData\Local\2K Games
2010-08-06 16:27 . 2010-08-07 14:26	--------	d-----w-	c:\program files\Electronic Arts
2010-08-04 04:10 . 2010-08-04 04:10	--------	d-----w-	c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2010-08-04 03:47 . 2010-08-04 03:47	--------	d-----w-	c:\program files\Eidos
2010-08-03 11:03 . 2010-08-03 11:03	--------	d-----w-	c:\program files\Iceberg Interactive
2010-08-02 08:09 . 2010-06-02 02:55	74072	----a-w-	c:\windows\system32\XAPOFX1_5.dll
2010-08-02 08:09 . 2010-06-02 02:55	527192	----a-w-	c:\windows\system32\XAudio2_7.dll
2010-08-02 08:09 . 2010-06-02 02:55	239960	----a-w-	c:\windows\system32\xactengine3_7.dll
2010-08-02 08:09 . 2010-05-26 09:41	2106216	----a-w-	c:\windows\system32\D3DCompiler_43.dll
2010-08-02 08:09 . 2010-05-26 09:41	1868128	----a-w-	c:\windows\system32\d3dcsx_43.dll
2010-08-02 08:09 . 2010-05-26 09:41	470880	----a-w-	c:\windows\system32\d3dx10_43.dll
2010-08-02 08:09 . 2010-05-26 09:41	248672	----a-w-	c:\windows\system32\d3dx11_43.dll
2010-08-02 08:09 . 2010-05-26 09:41	1998168	----a-w-	c:\windows\system32\D3DX9_43.dll
2010-08-02 08:09 . 2010-02-04 08:01	74072	----a-w-	c:\windows\system32\XAPOFX1_4.dll
2010-08-02 08:09 . 2010-02-04 08:01	528216	----a-w-	c:\windows\system32\XAudio2_6.dll
2010-08-02 08:09 . 2010-02-04 08:01	238936	----a-w-	c:\windows\system32\xactengine3_6.dll
2010-08-02 08:09 . 2010-02-04 08:01	22360	----a-w-	c:\windows\system32\X3DAudio1_7.dll
2010-08-02 08:08 . 2010-08-02 08:08	--------	d--h--w-	c:\windows\msdownld.tmp
2010-08-02 04:51 . 2010-08-02 08:28	--------	d-----w-	c:\program files\Alcohol Soft

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-23 14:02 . 2010-02-13 09:19	35093	----a-w-	c:\programdata\nvModes.dat
2010-08-23 14:02 . 2008-05-21 08:59	--------	d-----w-	c:\programdata\NVIDIA
2010-08-23 13:46 . 2010-03-22 11:22	--------	d-----w-	c:\program files\Ubisoft
2010-08-23 13:46 . 2008-11-06 11:18	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-08-23 13:45 . 2009-02-15 00:37	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-08-23 11:32 . 2008-01-21 07:15	610110	----a-w-	c:\windows\system32\perfc007.dat
2010-08-23 11:32 . 2008-01-21 07:15	1898214	----a-w-	c:\windows\system32\perfh007.dat
2010-08-23 04:23 . 2010-03-22 16:43	0	----a-w-	c:\windows\system32\Access.dat
2010-08-23 03:42 . 2008-11-05 12:46	2032	----a-w-	c:\users\Messiah\AppData\Local\d3d9caps.dat
2010-08-23 03:26 . 2008-11-05 12:46	119752	----a-w-	c:\users\Messiah\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-23 02:58 . 2010-07-05 23:36	--------	d-----w-	c:\program files\Steam
2010-08-23 02:58 . 2008-11-05 13:42	--------	d-----w-	c:\program files\Java
2010-08-23 02:57 . 2009-12-06 07:56	--------	d-----w-	c:\program files\Lavalys
2010-08-23 00:05 . 2008-11-05 14:03	--------	d-----w-	c:\users\Messiah\AppData\Roaming\Skype
2010-08-23 00:03 . 2008-11-05 14:04	--------	d-----w-	c:\users\Messiah\AppData\Roaming\skypePM
2010-08-22 23:44 . 2008-11-06 16:40	--------	d-----w-	c:\users\Messiah\AppData\Roaming\uTorrent
2010-08-22 17:35 . 2010-04-11 12:47	--------	d-----w-	c:\users\Messiah\AppData\Roaming\vlc
2010-08-22 04:40 . 2010-03-19 10:42	--------	d-----w-	c:\programdata\Alwil Software
2010-08-22 03:35 . 2010-05-03 06:14	--------	d-----w-	c:\program files\MWS Reader 4
2010-08-22 03:34 . 2008-12-23 04:47	--------	d-----w-	c:\program files\Image Mender
2010-08-22 03:34 . 2008-11-19 07:59	--------	d-----w-	c:\program files\DVDVideoSoft
2010-08-22 03:33 . 2008-05-21 12:42	--------	d-----w-	c:\program files\Common Files\Adobe
2010-08-14 21:34 . 2008-12-19 22:57	--------	d-----w-	c:\program files\Warcraft III
2010-08-12 12:07 . 2008-11-05 13:43	--------	d-----w-	c:\users\Messiah\AppData\Roaming\FrostWire
2010-08-12 02:34 . 2008-06-05 11:07	--------	d-----w-	c:\programdata\Microsoft Help
2010-08-12 02:31 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-08-11 17:18 . 2010-02-06 12:20	--------	d-----w-	c:\program files\NVIDIA Corporation
2010-08-11 17:18 . 2009-01-02 23:30	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2010-08-04 17:21 . 2010-03-22 16:35	--------	d-----w-	c:\programdata\Tunngle
2010-08-04 17:21 . 2010-03-22 16:35	--------	d-----w-	c:\users\Messiah\AppData\Roaming\Tunngle
2010-08-04 04:28 . 2009-09-24 16:05	--------	d-----w-	c:\program files\Rockstar Games
2010-08-02 08:23 . 2008-11-06 12:56	697328	----a-w-	c:\windows\system32\drivers\sptd.sys
2010-08-01 18:17 . 2010-02-06 14:19	--------	d-----w-	c:\program files\SpeedFan
2010-07-27 13:52 . 2008-11-06 16:40	--------	d-----w-	c:\program files\uTorrent
2010-07-25 16:05 . 2010-02-10 06:23	--------	d-----w-	c:\program files\Dragon Age
2010-07-25 01:14 . 2010-02-09 09:22	--------	d-----w-	c:\program files\JDownloader
2010-07-22 20:39 . 2010-07-01 23:28	--------	d-----w-	c:\program files\MyDefrag v4.3.1
2010-07-21 19:45 . 2009-11-30 16:53	--------	d-----w-	c:\program files\Funcom
2010-07-21 19:44 . 2009-11-30 17:44	--------	d-----w-	c:\programdata\media center programs
2010-07-21 12:21 . 2008-11-06 16:31	848	--sha-w-	c:\windows\system32\KGyGaAvL.sys
2010-07-15 23:45 . 2010-07-15 23:45	73728	----a-w-	c:\windows\system32\np_plugin.dll
2010-07-15 23:43 . 2010-07-15 23:43	73728	------w-	c:\programdata\Skype\Plugins\Plugins\C897D734DD7744E5BA342991851FDE91\np_plugin.dll
2010-07-14 19:20 . 2010-07-05 13:18	--------	d-----w-	c:\users\Messiah\AppData\Roaming\TS3Client
2010-07-11 23:34 . 2010-03-30 20:19	--------	d-----w-	c:\program files\LogMeIn Hamachi
2010-07-10 01:33 . 2010-05-05 02:07	--------	d-----w-	c:\programdata\DivX
2010-07-10 01:33 . 2010-05-05 02:09	57344	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-10 01:22 . 2010-07-10 01:22	56765	----a-w-	c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-10 01:22 . 2010-07-10 01:22	57715	----a-w-	c:\programdata\DivX\Player\Uninstaller.exe
2010-07-10 01:22 . 2008-11-11 20:00	--------	d-----w-	c:\program files\DivX
2010-07-10 01:20 . 2010-07-10 01:20	54153	----a-w-	c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-10 01:18 . 2010-05-05 02:07	144696	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-07-10 01:18 . 2010-05-05 02:09	1062184	----a-w-	c:\programdata\DivX\Setup\Resource.dll
2010-07-10 01:18 . 2010-05-05 02:09	895256	----a-w-	c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-09 20:16 . 2010-07-09 20:16	--------	d-----w-	c:\program files\Opera
2010-07-08 11:45 . 2009-07-13 04:43	--------	d-----w-	c:\program files\World of Warcraft
2010-07-07 16:52 . 2008-11-05 14:03	--------	d-----r-	c:\program files\Skype
2010-07-07 16:52 . 2008-11-05 14:03	--------	d-----w-	c:\programdata\Skype
2010-07-07 16:52 . 2010-07-07 16:52	--------	d-----w-	c:\program files\Common Files\Skype
2010-07-05 23:36 . 2010-07-05 23:36	--------	d-----w-	c:\program files\Common Files\Steam
2010-07-05 23:30 . 2010-03-20 13:23	--------	d-----w-	c:\program files\CCleaner
2010-07-03 18:37 . 2010-03-22 16:35	--------	d-----w-	c:\program files\Tunngle
2010-07-03 18:24 . 2008-11-07 23:43	--------	d-----w-	c:\programdata\Ubisoft
2010-07-02 19:29 . 2010-07-02 19:29	--------	d-----w-	c:\program files\TechArts3D
2010-07-01 21:06 . 2010-07-01 21:06	--------	d-----w-	c:\program files\Alwil Software
2010-07-01 16:47 . 2010-07-01 16:47	56997	----a-w-	c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-07-01 16:47 . 2010-07-01 16:47	53600	----a-w-	c:\programdata\DivX\Update\Uninstaller.exe
2010-07-01 16:47 . 2010-07-01 16:47	54644	----a-w-	c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-07-01 16:47 . 2010-07-01 16:47	54128	----a-w-	c:\programdata\DivX\Converter\Uninstaller.exe
2010-07-01 16:47 . 2010-07-01 16:47	54101	----a-w-	c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-26 06:05 . 2010-08-12 00:06	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 00:06	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 00:06	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 00:06	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-12 00:06	2037760	----a-w-	c:\windows\system32\win32k.sys
2010-06-11 16:16 . 2010-08-12 00:06	274944	----a-w-	c:\windows\system32\schannel.dll
2010-05-27 20:08 . 2010-08-12 00:06	81920	----a-w-	c:\windows\system32\iccvid.dll
2010-05-26 17:06 . 2010-07-01 13:14	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-07-01 13:14	289792	----a-w-	c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2009-11-15 33120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-22 2065760]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"BySoft FreeRAM"=c:\program files\BySoft FreeRAM\FreeRAM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TortoiseHgOverlayIconServer"=c:\program files\TortoiseHg\TortoiseHgOverlayServer.exe
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
"ClipIncSrvTray"="c:\program files\Tobit ClipInc\Player\ClipIncTray.exe"
"RtHDVCpl"=c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a4,7e,fc,97,bc,f1,c9,01

R2 clr_optimization_v4.0.21006_32;Microsoft .NET Framework NGEN v4.0.21006_X86;c:\windows\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe [2009-10-07 129856]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 FXDrv32;FXDrv32;D:\FXDrv32.sys [x]
R3 GarenaPEngine;GarenaPEngine;c:\users\Messiah\AppData\Local\Temp\JOZE4E7.tmp [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-09 3587532]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe [2009-10-07 752984]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-02 697328]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-22 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-08-22 243024]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Common Files\AAV\aavus.exe [2007-10-04 122880]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-22 308136]
S2 ClipInc001;ClipInc 001;c:\program files\Tobit ClipInc\Server\ClipInc-Server.exe 001 [x]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-03-16 240232]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
S2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2010-07-02 716024]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-08-23 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-15 10:07]

2010-08-23 c:\windows\Tasks\TuneUp DiskDoctor.job
- c:\program files\TuneUp Utilities 2009\DiskDoctor.exe [2009-07-15 10:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
IE: ?fnen mit WordPerfect
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Offnen mit WordPerfect
IE: Öffnen mit WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
DPF: {00001026-A15C-11D4-97A4-0050BF0FBE67} - hxxp://download.netmarble.net/web/nmstarter/NMStarter26_20091109.cab
FF - ProfilePath - c:\users\Messiah\AppData\Roaming\Mozilla\Firefox\Profiles\3fhdfuw2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\users\Messiah\AppData\Roaming\Mozilla\Firefox\Profiles\3fhdfuw2.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
 c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\adblockplus.js - pref("extensions.adblockplus.currentVersion", "0.0");
c:\program files\Mozilla Firefox\defaults\pref\adblockplus.js - pref("extensions.adblockplus.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\adblockplus.js - pref("extensions.adblockplus.frameobjects", true);
c:\program files\Mozilla Firefox\defaults\pref\adblockplus.js - pref("extensions.adblockplus.fastcollapse", false);
c:\program files\Mozilla Firefox\defaults\pref\adblockplus.js - pref("extensions.adblockplus.showintoolbar", true);
c:\program files\Mozilla Firefox\defaults\pref\adblockplus.js - pref("extensions.adblockplus.showinstatusbar", false);
c:\program files\Mozilla Firefox\defaults\pref\adblockplus.js - pref("extensions.adblockplus.detachsidebar", false);
c:\program files\Mozilla Firefox\defaults\pref\adblockplus.js - pref("extensions.adblockplus.synchronizationinterval", 24);
c:\program files\Mozilla Firefox\defaults\pref\adblockplus.js - pref("extensions.adblockplus.defaulttoolbaraction", 1);
c:\program files\Mozilla Firefox\defaults\pref\adblockplus.js - pref("extensions.adblockplus.defaultstatusbaraction", 2);
c:\program files\Mozilla Firefox\defaults\pref\adblockplus.js - pref("extensions.adblockplus.sidebar_key", "Accel Shift V");
c:\program files\Mozilla Firefox\defaults\pref\adblockplus.js - pref("extensions.adblockplus.settings_key", "Accel Shift E");
c:\program files\Mozilla Firefox\defaults\pref\adblockplus.js - pref("extensions.adblockplus.enable_key", "");
c:\program files\Mozilla Firefox\defaults\pref\adblockplus.js - pref("extensions.adblockplus.flash_scrolltoitem", true);
c:\program files\Mozilla Firefox\defaults\pref\adblockplus.js - pref("extensions.adblockplus.previewimages", true);
c:\program files\Mozilla Firefox\defaults\pref\adblockplus.js - pref("extensions.adblockplus.patternsfile", "adblockplus/patterns.ini");
c:\program files\Mozilla Firefox\defaults\pref\adblockplus.js - pref("extensions.adblockplus.patternsbackups", 5);
c:\program files\Mozilla Firefox\defaults\pref\adblockplus.js - pref("extensions.adblockplus.patternsbackupinterval", 24);
c:\program files\Mozilla Firefox\defaults\pref\adblockplus.js - pref("extensions.adblockplus.whitelistschemes", "about chrome file irc news resource snews x-jsd addbook cid imap mailbox nntp pop data javascript moz-icon");
c:\program files\Mozilla Firefox\defaults\pref\adblockplus.js - pref("extensions.adblockplus.hideimagemanager", true);
c:\program files\Mozilla Firefox\defaults\pref\adblockplus.js - pref("extensions.adblockplus.subscriptions_fallbackurl", "https://adblockplus.org/getSubscription?url=%SUBSCRIPTION%&downloadURL=%URL%&error=%ERROR%&channelStatus=%CHANNELSTATUS%&responseStatus=%RESPONSESTATUS%");
c:\program files\Mozilla Firefox\defaults\pref\adblockplus.js - pref("extensions.adblockplus.subscriptions_fallbackerrors", 5);
c:\program files\Mozilla Firefox\defaults\pref\adblockplus.js - pref("extensions.adblockplus.savestats", true);
c:\program files\Mozilla Firefox\defaults\pref\adblockplus.js - pref("extensions.adblockplus.composer_default", 2);
c:\program files\Mozilla Firefox\defaults\pref\adblockplus.js - pref("extensions.adblockplus.clearStatsOnHistoryPurge", true);
c:\program files\Mozilla Firefox\defaults\pref\adblockplus.js - pref("extensions.{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.description", "chrome://adblockplus/locale/global.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-newsecureapp70700.exe - c:\users\Messiah\AppData\Roaming\8F35DE14562F9D6F8B2BBBAD5628D8A5\newsecureapp70700.exe
HKCU-Run-ldeiwwog - c:\users\Messiah\AppData\Local\gmfbuagor\vuvpipwshdw.exe
HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
HKLM-Run-bipro - c:\windows\$NtUninstallMTF1011$\mmduch.dll
MSConfigStartUp-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
ActiveSetup-{79B93464-AAC9-2B27-9029-0EF44A7D4843} - c:\windows\system32:winIogon.exe
AddRemove-$NtUninstallMTF1011$ - c:\windows\$NtUninstallMTF1011$\apUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-23 16:03
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86EE71F8]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8d1a7d24
\Driver\ACPI -> acpi.sys @ 0x8c9bbd68
\Driver\atapi -> 0x86ee71f8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK 

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Messiah\AppData\Local\Temp\JOZE4E7.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2470280618-2490300084-3438362984-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8c,4b,95,47,07,ff,7f,81,41,79,f0,bc,0a,ca,e2,cd,cb,58,70,76,7a,b1,8b,
   25,fa,98,fd,84,bf,88,0a,ce,0f,05,c9,89,a2,10,5a,ce,94,18,0f,4e,39,82,c4,93,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12

[HKEY_USERS\S-1-5-21-2470280618-2490300084-3438362984-1002\Software\SecuROM\License information*]
"datasecu"=hex:f1,d9,ed,53,67,b1,4a,03,01,91,94,db,04,2b,9e,8e,0b,f9,74,0a,14,
   c0,04,43,dd,23,20,ce,fe,1d,9a,c7,1d,50,8f,53,0c,57,b7,d5,73,3d,e6,64,aa,f2,\
"rkeysecu"=hex:f0,ae,2f,ef,9b,c5,e7,09,be,41,02,57,3c,cf,7f,a7

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(2872)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseHg\ThgShellx86.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\stobject.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Tobit ClipInc\Server\ClipInc-Server.exe
c:\program files\MySQL\MySQL Server 5.1\bin\mysqld.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PSIService.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-23  16:10:18 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-08-23 14:10

Vor Suchlauf: 18 Verzeichnis(se), 110.058.958.848 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 106.450.612.224 Bytes frei

- - End Of File - - 5F52CF1B62BC3355393F1E3BCC7E5E98

--- --- ---

markusg · 23.08.2010, 15:50

Du hast CD-Emulatoren wie Alcohol, DaemonTools oder ähnliche auf diesem Computer installiert. Da diese Emulatoren mit Rootkit-Technik arbeiten, können sie die Fahndung nach bösartigen Rootkits verfälschen und erschweren. Aus diesem Grund bitte entweder das folgende Tool zum Deaktivieren
laufen lassen oder die Software über Systemsteuerung => Software/Programme deinstallieren.
Berichte mir, für welche Variante Du Dich entschieden hast. Die Deaktivierung können wir nach der
Bereinigung rückgängig machen.

Lade
http://filepony.de/download-defogger/
herunter und speichere es auf Deinem Desktop.

Doppelklicke DeFogger, um das Tool zu starten.

• Es öffnet sich das Programm-Fenster des Tools.
• Klick auf den Button Disable, um die CD- Emulation-Treiber zu deaktivieren.
• Klicke Ja, um fortzufahren.
• Wenn die Nachricht 'Finished!' erscheint,
• klicke OK.
• DeFogger wird nun einen Reboot erfragen - klicke OK
• Poste mir das defogger_disable.log hier in den Thread. Keinesfalls die Treiber reaktivieren, bevor es angewiesen wird.

klicke start, programme zubehör, editor, kopiere rein:

DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522

Datei, speichern unter, typ alle dateien, name cfscript.txt
speicherort, dort wo sich combofix.exe befindet, ziehe cfscript auf combofix, programm startet, log posten.

Onikage · 23.08.2010, 17:42

Danke markusg!

Ich kann meinen Computer nun wieder vollkommen kontrollieren.

Ich entschied mich für die deinstallation der CD-Emulatoren.

Combofix-Log
Combofix Logfile:

Code:

ATTFilter

ComboFix 10-08-22.05 - Messiah 23.08.2010  18:24:33.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3326.2470 [GMT 2:00]
ausgeführt von:: c:\users\Messiah\Ordner\Desktop\Desktop\Desktop\ComboFix.exe
.

(((((((((((((((((((((((   Dateien erstellt von 2010-07-23 bis 2010-08-23  ))))))))))))))))))))))))))))))
.

2010-08-23 16:33 . 2010-08-23 16:33	--------	d-----w-	c:\users\Messiah\AppData\Local\temp
2010-08-23 16:33 . 2010-08-23 16:33	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-08-23 16:33 . 2010-08-23 16:33	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-08-23 11:31 . 2010-08-23 11:31	--------	d-----w-	c:\users\Messiah\AppData\Roaming\Malwarebytes
2010-08-23 11:31 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-23 11:31 . 2010-08-23 11:31	--------	d-----w-	c:\programdata\Malwarebytes
2010-08-23 11:31 . 2010-08-23 11:31	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-23 11:31 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-23 04:23 . 2010-08-23 04:23	--------	d-----w-	c:\users\Messiah\AppData\Roaming\B1C47A703FFF7DBD69526FFF5AA75EF0
2010-08-22 05:44 . 2010-08-22 05:44	--------	d-----w-	C:\$AVG
2010-08-22 04:46 . 2010-08-22 04:46	12536	----a-w-	c:\windows\system32\avgrsstx.dll
2010-08-22 04:46 . 2010-08-22 04:46	243024	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2010-08-22 04:46 . 2010-08-22 04:46	216400	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2010-08-22 04:46 . 2010-08-22 15:26	--------	d-----w-	c:\windows\system32\drivers\Avg
2010-08-22 04:46 . 2010-08-22 04:46	29584	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2010-08-22 04:45 . 2010-08-22 04:45	--------	d-----w-	c:\program files\AVG
2010-08-22 04:45 . 2010-08-22 04:45	--------	d-----w-	c:\programdata\avg9
2010-08-16 17:17 . 2010-08-16 17:17	--------	d-----w-	c:\program files\NCSoft
2010-08-16 03:18 . 2005-05-10 16:54	258352	----a-w-	c:\windows\system32\unicows.dll
2010-08-12 00:05 . 2010-06-18 17:31	36864	----a-w-	c:\windows\system32\rtutils.dll
2010-08-12 00:05 . 2010-06-08 17:35	3600768	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-08-12 00:05 . 2010-06-08 17:35	3548040	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-08-12 00:05 . 2010-06-11 16:15	1248768	----a-w-	c:\windows\system32\msxml3.dll
2010-08-12 00:05 . 2010-06-18 15:04	302080	----a-w-	c:\windows\system32\drivers\srv.sys
2010-08-12 00:05 . 2010-06-18 15:04	144896	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-08-12 00:05 . 2010-06-16 16:04	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-08-11 17:18 . 2010-08-11 17:18	--------	d-----w-	c:\users\Messiah\AppData\Local\2K Games
2010-08-06 16:27 . 2010-08-07 14:26	--------	d-----w-	c:\program files\Electronic Arts
2010-08-04 04:10 . 2010-08-04 04:10	--------	d-----w-	c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2010-08-04 03:47 . 2010-08-04 03:47	--------	d-----w-	c:\program files\Eidos
2010-08-03 11:03 . 2010-08-03 11:03	--------	d-----w-	c:\program files\Iceberg Interactive
2010-08-02 08:09 . 2010-06-02 02:55	74072	----a-w-	c:\windows\system32\XAPOFX1_5.dll
2010-08-02 08:09 . 2010-06-02 02:55	527192	----a-w-	c:\windows\system32\XAudio2_7.dll
2010-08-02 08:09 . 2010-06-02 02:55	239960	----a-w-	c:\windows\system32\xactengine3_7.dll
2010-08-02 08:09 . 2010-05-26 09:41	2106216	----a-w-	c:\windows\system32\D3DCompiler_43.dll
2010-08-02 08:09 . 2010-05-26 09:41	1868128	----a-w-	c:\windows\system32\d3dcsx_43.dll
2010-08-02 08:09 . 2010-05-26 09:41	470880	----a-w-	c:\windows\system32\d3dx10_43.dll
2010-08-02 08:09 . 2010-05-26 09:41	248672	----a-w-	c:\windows\system32\d3dx11_43.dll
2010-08-02 08:09 . 2010-05-26 09:41	1998168	----a-w-	c:\windows\system32\D3DX9_43.dll
2010-08-02 08:09 . 2010-02-04 08:01	74072	----a-w-	c:\windows\system32\XAPOFX1_4.dll
2010-08-02 08:09 . 2010-02-04 08:01	528216	----a-w-	c:\windows\system32\XAudio2_6.dll
2010-08-02 08:09 . 2010-02-04 08:01	238936	----a-w-	c:\windows\system32\xactengine3_6.dll
2010-08-02 08:09 . 2010-02-04 08:01	22360	----a-w-	c:\windows\system32\X3DAudio1_7.dll
2010-08-02 08:08 . 2010-08-02 08:08	--------	d--h--w-	c:\windows\msdownld.tmp

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-23 16:28 . 2008-01-21 07:15	629758	----a-w-	c:\windows\system32\perfc007.dat
2010-08-23 16:28 . 2008-01-21 07:15	1959574	----a-w-	c:\windows\system32\perfh007.dat
2010-08-23 16:22 . 2008-05-21 08:59	--------	d-----w-	c:\programdata\NVIDIA
2010-08-23 16:20 . 2010-03-22 16:43	0	----a-w-	c:\windows\system32\Access.dat
2010-08-23 16:18 . 2010-02-13 09:19	35093	----a-w-	c:\programdata\nvModes.dat
2010-08-23 13:46 . 2010-03-22 11:22	--------	d-----w-	c:\program files\Ubisoft
2010-08-23 13:46 . 2008-11-06 11:18	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-08-23 13:45 . 2009-02-15 00:37	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-08-23 03:42 . 2008-11-05 12:46	2032	----a-w-	c:\users\Messiah\AppData\Local\d3d9caps.dat
2010-08-23 03:26 . 2008-11-05 12:46	119752	----a-w-	c:\users\Messiah\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-23 02:58 . 2010-07-05 23:36	--------	d-----w-	c:\program files\Steam
2010-08-23 02:58 . 2008-11-05 13:42	--------	d-----w-	c:\program files\Java
2010-08-23 02:57 . 2009-12-06 07:56	--------	d-----w-	c:\program files\Lavalys
2010-08-23 00:05 . 2008-11-05 14:03	--------	d-----w-	c:\users\Messiah\AppData\Roaming\Skype
2010-08-23 00:03 . 2008-11-05 14:04	--------	d-----w-	c:\users\Messiah\AppData\Roaming\skypePM
2010-08-22 23:44 . 2008-11-06 16:40	--------	d-----w-	c:\users\Messiah\AppData\Roaming\uTorrent
2010-08-22 17:35 . 2010-04-11 12:47	--------	d-----w-	c:\users\Messiah\AppData\Roaming\vlc
2010-08-22 04:40 . 2010-03-19 10:42	--------	d-----w-	c:\programdata\Alwil Software
2010-08-22 03:35 . 2010-05-03 06:14	--------	d-----w-	c:\program files\MWS Reader 4
2010-08-22 03:34 . 2008-12-23 04:47	--------	d-----w-	c:\program files\Image Mender
2010-08-22 03:34 . 2008-11-19 07:59	--------	d-----w-	c:\program files\DVDVideoSoft
2010-08-22 03:33 . 2008-05-21 12:42	--------	d-----w-	c:\program files\Common Files\Adobe
2010-08-14 21:34 . 2008-12-19 22:57	--------	d-----w-	c:\program files\Warcraft III
2010-08-12 12:07 . 2008-11-05 13:43	--------	d-----w-	c:\users\Messiah\AppData\Roaming\FrostWire
2010-08-12 02:34 . 2008-06-05 11:07	--------	d-----w-	c:\programdata\Microsoft Help
2010-08-12 02:31 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-08-11 17:18 . 2010-02-06 12:20	--------	d-----w-	c:\program files\NVIDIA Corporation
2010-08-11 17:18 . 2009-01-02 23:30	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2010-08-04 17:21 . 2010-03-22 16:35	--------	d-----w-	c:\programdata\Tunngle
2010-08-04 17:21 . 2010-03-22 16:35	--------	d-----w-	c:\users\Messiah\AppData\Roaming\Tunngle
2010-08-04 04:28 . 2009-09-24 16:05	--------	d-----w-	c:\program files\Rockstar Games
2010-08-02 08:23 . 2008-11-06 12:56	697328	----a-w-	c:\windows\system32\drivers\sptd.sys
2010-08-01 18:17 . 2010-02-06 14:19	--------	d-----w-	c:\program files\SpeedFan
2010-07-27 13:52 . 2008-11-06 16:40	--------	d-----w-	c:\program files\uTorrent
2010-07-25 16:05 . 2010-02-10 06:23	--------	d-----w-	c:\program files\Dragon Age
2010-07-25 01:14 . 2010-02-09 09:22	--------	d-----w-	c:\program files\JDownloader
2010-07-22 20:39 . 2010-07-01 23:28	--------	d-----w-	c:\program files\MyDefrag v4.3.1
2010-07-21 19:45 . 2009-11-30 16:53	--------	d-----w-	c:\program files\Funcom
2010-07-21 19:44 . 2009-11-30 17:44	--------	d-----w-	c:\programdata\media center programs
2010-07-21 12:21 . 2008-11-06 16:31	848	--sha-w-	c:\windows\system32\KGyGaAvL.sys
2010-07-15 23:45 . 2010-07-15 23:45	73728	----a-w-	c:\windows\system32\np_plugin.dll
2010-07-15 23:43 . 2010-07-15 23:43	73728	------w-	c:\programdata\Skype\Plugins\Plugins\C897D734DD7744E5BA342991851FDE91\np_plugin.dll
2010-07-14 19:20 . 2010-07-05 13:18	--------	d-----w-	c:\users\Messiah\AppData\Roaming\TS3Client
2010-07-11 23:34 . 2010-03-30 20:19	--------	d-----w-	c:\program files\LogMeIn Hamachi
2010-07-10 01:33 . 2010-05-05 02:07	--------	d-----w-	c:\programdata\DivX
2010-07-10 01:33 . 2010-05-05 02:09	57344	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-10 01:22 . 2010-07-10 01:22	56765	----a-w-	c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-10 01:22 . 2010-07-10 01:22	57715	----a-w-	c:\programdata\DivX\Player\Uninstaller.exe
2010-07-10 01:22 . 2008-11-11 20:00	--------	d-----w-	c:\program files\DivX
2010-07-10 01:20 . 2010-07-10 01:20	54153	----a-w-	c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-10 01:18 . 2010-05-05 02:07	144696	----a-w-	c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-07-10 01:18 . 2010-05-05 02:09	1062184	----a-w-	c:\programdata\DivX\Setup\Resource.dll
2010-07-10 01:18 . 2010-05-05 02:09	895256	----a-w-	c:\programdata\DivX\Setup\DivXSetup.exe
2010-07-09 20:16 . 2010-07-09 20:16	--------	d-----w-	c:\program files\Opera
2010-07-08 11:45 . 2009-07-13 04:43	--------	d-----w-	c:\program files\World of Warcraft
2010-07-07 16:52 . 2008-11-05 14:03	--------	d-----r-	c:\program files\Skype
2010-07-07 16:52 . 2008-11-05 14:03	--------	d-----w-	c:\programdata\Skype
2010-07-07 16:52 . 2010-07-07 16:52	--------	d-----w-	c:\program files\Common Files\Skype
2010-07-05 23:36 . 2010-07-05 23:36	--------	d-----w-	c:\program files\Common Files\Steam
2010-07-05 23:30 . 2010-03-20 13:23	--------	d-----w-	c:\program files\CCleaner
2010-07-03 18:37 . 2010-03-22 16:35	--------	d-----w-	c:\program files\Tunngle
2010-07-03 18:24 . 2008-11-07 23:43	--------	d-----w-	c:\programdata\Ubisoft
2010-07-02 19:29 . 2010-07-02 19:29	--------	d-----w-	c:\program files\TechArts3D
2010-07-01 21:06 . 2010-07-01 21:06	--------	d-----w-	c:\program files\Alwil Software
2010-07-01 16:47 . 2010-07-01 16:47	56997	----a-w-	c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-07-01 16:47 . 2010-07-01 16:47	53600	----a-w-	c:\programdata\DivX\Update\Uninstaller.exe
2010-07-01 16:47 . 2010-07-01 16:47	54644	----a-w-	c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-07-01 16:47 . 2010-07-01 16:47	54128	----a-w-	c:\programdata\DivX\Converter\Uninstaller.exe
2010-07-01 16:47 . 2010-07-01 16:47	54101	----a-w-	c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-26 06:05 . 2010-08-12 00:06	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 00:06	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 00:06	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 00:06	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-12 00:06	2037760	----a-w-	c:\windows\system32\win32k.sys
2010-06-11 16:16 . 2010-08-12 00:06	274944	----a-w-	c:\windows\system32\schannel.dll
2010-05-27 20:08 . 2010-08-12 00:06	81920	----a-w-	c:\windows\system32\iccvid.dll
2010-05-26 17:06 . 2010-07-01 13:14	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-07-01 13:14	289792	----a-w-	c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55	87304	----a-w-	c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-22 2065760]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"BySoft FreeRAM"=c:\program files\BySoft FreeRAM\FreeRAM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"TortoiseHgOverlayIconServer"=c:\program files\TortoiseHg\TortoiseHgOverlayServer.exe
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
"ClipIncSrvTray"="c:\program files\Tobit ClipInc\Player\ClipIncTray.exe"
"RtHDVCpl"=c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a4,7e,fc,97,bc,f1,c9,01

R2 clr_optimization_v4.0.21006_32;Microsoft .NET Framework NGEN v4.0.21006_X86;c:\windows\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe [2009-10-07 129856]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 FXDrv32;FXDrv32;D:\FXDrv32.sys [x]
R3 GarenaPEngine;GarenaPEngine;c:\users\Messiah\AppData\Local\Temp\JOZE4E7.tmp [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-09 3587532]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe [2009-10-07 752984]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-08-02 697328]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-22 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-08-22 243024]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Common Files\AAV\aavus.exe [2007-10-04 122880]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-22 308136]
S2 ClipInc001;ClipInc 001;c:\program files\Tobit ClipInc\Server\ClipInc-Server.exe 001 [x]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-03-16 240232]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
S2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2010-07-02 716024]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-08-23 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-15 10:07]

2010-08-23 c:\windows\Tasks\TuneUp DiskDoctor.job
- c:\program files\TuneUp Utilities 2009\DiskDoctor.exe [2009-07-15 10:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
IE: ?fnen mit WordPerfect
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Offnen mit WordPerfect
IE: Öffnen mit WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
DPF: {00001026-A15C-11D4-97A4-0050BF0FBE67} - hxxp://download.netmarble.net/web/nmstarter/NMStarter26_20091109.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-08-23 18:33
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Messiah\AppData\Local\Temp\JOZE4E7.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-2470280618-2490300084-3438362984-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8c,4b,95,47,07,ff,7f,81,41,79,f0,bc,0a,ca,e2,cd,cb,58,70,76,7a,b1,8b,
   25,fa,98,fd,84,bf,88,0a,ce,0f,05,c9,89,a2,10,5a,ce,94,18,0f,4e,39,82,c4,93,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12

[HKEY_USERS\S-1-5-21-2470280618-2490300084-3438362984-1002\Software\SecuROM\License information*]
"datasecu"=hex:f1,d9,ed,53,67,b1,4a,03,01,91,94,db,04,2b,9e,8e,0b,f9,74,0a,14,
   c0,04,43,dd,23,20,ce,fe,1d,9a,c7,1d,50,8f,53,0c,57,b7,d5,73,3d,e6,64,aa,f2,\
"rkeysecu"=hex:f0,ae,2f,ef,9b,c5,e7,09,be,41,02,57,3c,cf,7f,a7

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-08-23  18:36:06
ComboFix-quarantined-files.txt  2010-08-23 16:36
ComboFix2.txt  2010-08-23 14:10

Vor Suchlauf: 25 Verzeichnis(se), 103.374.049.280 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 103.323.107.328 Bytes frei

- - End Of File - - 9EE0DB924C4CA618C6E24CCD23420F4A

--- --- ---

markusg · 23.08.2010, 18:21

öffne den arbeitsplatz (mein computer) dann öffne c: dort qoobox, dann rechtsklick auf quarantäne, und zu quarantäne.rar oder zip hinzufügen.
das archiv, welches sich im qoobox-ordner befindet zu uns hochladen.
http://www.trojaner-board.de/54791-a...ner-board.html
wenn das erledigt is, bescheid geben

markusg · 23.08.2010, 19:03

danke.
weiter gehts.
ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
poste beide logs.

Onikage · 23.08.2010, 19:37

OTLOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 23.08.2010 20:20:29 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Messiah\Ordner\Desktop\Desktop\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 95,59 Gb Free Space | 20,52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MESSIAH-PC
Current User Name: Messiah
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Messiah\Ordner\Desktop\Desktop\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\AAV\aavus.exe ()
PRC - C:\Windows\System32\PSIService.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Messiah\Ordner\Desktop\Desktop\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (TunngleService) -- C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (DAUpdaterSvc) -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.21006_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.21006\SMSvcHost.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ClipInc001) -- C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Programme\Common Files\AAV\aavus.exe ()
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SymIMMP) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (GarenaPEngine) -- C:\Users\Messiah\AppData\Local\Temp\JOZE4E7.tmp File not found
DRV - (FXDrv32) -- D:\FXDrv32.sys File not found
DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found
DRV - (catchme) -- C:\Users\Messiah\AppData\Local\Temp\catchme.sys File not found
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\System32\drivers\tap0901t.sys (Tunngle.net)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (cpuz132) -- C:\Windows\System32\drivers\cpuz132_x32.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (xnacc) -- C:\Windows\System32\drivers\xnacc.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (xusb21) -- C:\Windows\System32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (ATITool) -- C:\Windows\System32\drivers\ATITool.sys ()
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2470280618-2490300084-3438362984-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKU\S-1-5-21-2470280618-2490300084-3438362984-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2470280618-2490300084-3438362984-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010.08.22 06:45:35 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2010.08.23 16:02:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKU\S-1-5-21-2470280618-2490300084-3438362984-1002\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2470280618-2490300084-3438362984-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2470280618-2490300084-3438362984-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2470280618-2490300084-3438362984-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2470280618-2490300084-3438362984-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2470280618-2490300084-3438362984-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Programme\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {00001026-A15C-11D4-97A4-0050BF0FBE67} hxxp://download.netmarble.net/web/nmstarter/NMStarter26_20091109.cab (NetmarbleStarter26 Class)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Messiah\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Messiah\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {57EC5BFE-7CB7-3057-8385-C9D72918511C} - .NET Framework
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {BA50EB42-1C60-588B-5664-821AE2C74C28} - 
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.divxa32 - C:\Windows\System32\DivXa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.MP42 - C:\Windows\System32\Mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.MP43 - C:\Windows\System32\Mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.MPG4 - C:\Windows\System32\Mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.23 20:17:55 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Messiah\Ordner\Desktop\Desktop\Desktop\OTL.exe
[2010.08.23 18:36:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.08.23 18:36:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.08.23 18:36:08 | 000,000,000 | ---D | C] -- C:\Users\Messiah\AppData\Local\temp
[2010.08.23 18:20:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.08.23 18:20:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.08.23 15:52:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.08.23 15:52:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.08.23 15:52:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.08.23 15:52:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.08.23 15:52:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.08.23 13:31:49 | 000,000,000 | ---D | C] -- C:\Users\Messiah\AppData\Roaming\Malwarebytes
[2010.08.23 13:31:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.23 13:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.23 13:31:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.23 13:31:32 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.23 06:23:18 | 000,000,000 | ---D | C] -- C:\Users\Messiah\AppData\Roaming\B1C47A703FFF7DBD69526FFF5AA75EF0
[2010.08.22 07:44:49 | 000,000,000 | ---D | C] -- C:\$AVG
[2010.08.22 06:46:37 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010.08.22 06:46:36 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010.08.22 06:46:31 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010.08.22 06:46:30 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010.08.22 06:46:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010.08.22 06:45:34 | 000,000,000 | ---D | C] -- C:\Programme\AVG
[2010.08.22 06:45:33 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010.08.17 23:01:06 | 000,000,000 | ---D | C] -- C:\Users\Messiah\Ordner\Desktop\Desktop\Desktop\Hijackthis
[2010.08.16 19:17:40 | 000,000,000 | ---D | C] -- C:\Programme\NCSoft
[2010.08.16 05:18:02 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unicows.dll
[2010.08.12 02:06:15 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.12 02:06:10 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.12 02:06:10 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.12 02:06:10 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.12 02:06:10 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.12 02:06:10 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.12 02:06:10 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.12 02:06:09 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.12 02:06:09 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.12 02:06:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.12 02:06:09 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.12 02:06:09 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.12 02:06:09 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.12 02:06:09 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.12 02:06:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.12 02:06:07 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.12 02:06:01 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.12 02:05:58 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.12 02:05:49 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.12 02:05:48 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.11 19:18:49 | 000,000,000 | ---D | C] -- C:\Users\Messiah\AppData\Local\2K Games
[2010.08.06 19:09:32 | 000,000,000 | ---D | C] -- C:\Users\Messiah\Documents\Electronic Arts
[2010.08.06 18:27:11 | 000,000,000 | ---D | C] -- C:\Programme\Electronic Arts
[2010.08.04 06:12:38 | 000,000,000 | ---D | C] -- C:\Users\Messiah\Documents\Eidos
[2010.08.04 06:10:57 | 000,000,000 | ---D | C] -- C:\Windows\6833245EDD86479A882A8360D62C8194.TMP
[2010.08.04 05:47:05 | 000,000,000 | ---D | C] -- C:\Programme\Eidos
[2010.08.03 13:03:35 | 000,000,000 | ---D | C] -- C:\Programme\Iceberg Interactive
[2010.08.02 10:09:07 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2010.08.02 10:09:07 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2010.08.02 10:09:07 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2010.08.02 10:09:06 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2010.08.02 10:09:06 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2010.08.02 10:09:05 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2010.08.02 10:09:05 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2010.08.02 10:09:05 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2010.08.02 10:09:04 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010.08.02 10:09:04 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010.08.02 10:09:04 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010.08.02 10:09:04 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010.08.02 10:08:32 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.23 20:22:25 | 000,003,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.23 20:22:25 | 000,003,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.23 20:18:46 | 009,437,184 | ---- | M] () -- C:\Users\Messiah\NTUSER.DAT
[2010.08.23 20:17:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Messiah\Ordner\Desktop\Desktop\Desktop\OTL.exe
[2010.08.23 20:00:00 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.08.23 18:51:22 | 063,742,127 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010.08.23 18:47:11 | 000,002,389 | ---- | M] () -- C:\Users\Messiah\Ordner\Desktop\Desktop\Desktop\Skype.lnk
[2010.08.23 18:36:17 | 000,035,093 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.08.23 18:36:17 | 000,035,093 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.08.23 18:33:38 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.08.23 18:28:38 | 001,959,574 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.23 18:28:38 | 001,114,352 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.23 18:28:38 | 000,629,758 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.23 18:28:38 | 000,567,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.23 18:28:38 | 000,007,144 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.23 18:22:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.23 18:22:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.23 18:22:05 | 3487,952,896 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.23 18:20:39 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2010.08.23 18:20:35 | 000,524,288 | -HS- | M] () -- C:\Users\Messiah\NTUSER.DAT{d3e0c61c-434c-11de-b0ad-001c25e00668}.TMContainer00000000000000000001.regtrans-ms
[2010.08.23 18:20:35 | 000,065,536 | -HS- | M] () -- C:\Users\Messiah\NTUSER.DAT{d3e0c61c-434c-11de-b0ad-001c25e00668}.TM.blf
[2010.08.23 18:20:34 | 006,291,456 | -H-- | M] () -- C:\Users\Messiah\AppData\Local\IconCache.db
[2010.08.23 16:02:46 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.08.23 15:40:44 | 003,825,642 | R--- | M] () -- C:\Users\Messiah\Ordner\Desktop\Desktop\Desktop\ComboFix.exe
[2010.08.23 13:31:36 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebyte.lnk
[2010.08.23 13:08:21 | 000,000,714 | ---- | M] () -- C:\Windows\lsrslt.ini
[2010.08.23 06:22:03 | 000,554,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.23 05:42:55 | 000,002,032 | ---- | M] () -- C:\Users\Messiah\AppData\Local\d3d9caps.dat
[2010.08.23 05:33:01 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\TuneUp DiskDoctor.job
[2010.08.23 05:26:40 | 000,119,752 | ---- | M] () -- C:\Users\Messiah\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.23 02:31:04 | 000,138,752 | ---- | M] () -- C:\Users\Messiah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.22 06:46:37 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010.08.22 06:46:37 | 000,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010.08.22 06:46:36 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010.08.22 06:46:31 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010.08.22 06:46:30 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010.08.22 06:46:30 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010.08.16 19:17:42 | 000,001,809 | ---- | M] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk
[2010.08.02 10:33:41 | 000,000,255 | ---- | M] () -- C:\Users\Messiah\Documents\ax_files.xml
[2010.08.02 10:23:07 | 000,697,328 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010.07.26 19:42:58 | 000,001,016 | ---- | M] () -- C:\Users\Messiah\Ordner\Desktop\Desktop\Desktop\daorigins - Verknüpfung.lnk
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.23 16:01:47 | 3487,952,896 | -HS- | C] () -- C:\hiberfil.sys
[2010.08.23 15:52:31 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.08.23 15:52:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.08.23 15:52:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.08.23 15:52:31 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.08.23 15:52:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.08.23 15:51:49 | 003,825,642 | R--- | C] () -- C:\Users\Messiah\Ordner\Desktop\Desktop\Desktop\ComboFix.exe
[2010.08.23 13:31:36 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebyte.lnk
[2010.08.23 13:08:20 | 000,000,714 | ---- | C] () -- C:\Windows\lsrslt.ini
[2010.08.23 05:33:01 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\TuneUp DiskDoctor.job
[2010.08.22 07:00:14 | 000,002,389 | ---- | C] () -- C:\Users\Messiah\Ordner\Desktop\Desktop\Desktop\Skype.lnk
[2010.08.22 06:46:37 | 000,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010.08.22 06:46:30 | 063,742,127 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010.08.22 06:46:30 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010.08.16 19:17:42 | 000,001,809 | ---- | C] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk
[2010.08.02 10:33:41 | 000,000,255 | ---- | C] () -- C:\Users\Messiah\Documents\ax_files.xml
[2010.07.26 19:36:48 | 000,001,016 | ---- | C] () -- C:\Users\Messiah\Ordner\Desktop\Desktop\Desktop\daorigins - Verknüpfung.lnk
[2010.07.16 01:45:37 | 000,073,728 | ---- | C] () -- C:\Windows\System32\np_plugin.dll
[2010.05.08 00:50:28 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.26 21:04:54 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010.02.26 11:39:49 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.02.18 13:55:06 | 000,000,237 | ---- | C] () -- C:\Windows\ACTIVEJP.INI
[2010.02.13 11:20:04 | 000,035,093 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.02.13 11:19:33 | 000,035,093 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.10.23 20:19:52 | 000,000,215 | ---- | C] () -- C:\Users\Messiah\AppData\Roaming\burnaware.ini
[2009.09.13 20:37:36 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.09.09 05:43:49 | 000,139,040 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.09.09 05:43:49 | 000,022,328 | ---- | C] () -- C:\Users\Messiah\AppData\Roaming\PnkBstrK.sys
[2009.06.20 17:13:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.17 18:44:23 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.05.17 18:44:22 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.04.05 10:43:28 | 000,000,095 | ---- | C] () -- C:\Users\Messiah\AppData\Local\fusioncache.dat
[2009.03.13 21:37:45 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009.02.15 02:59:52 | 000,000,039 | ---- | C] () -- C:\Windows\wininit.ini
[2008.12.27 19:03:21 | 000,144,384 | ---- | C] () -- C:\Windows\System32\miccyhook.dll
[2008.12.20 18:46:17 | 000,000,552 | ---- | C] () -- C:\Users\Messiah\AppData\Local\d3d8caps.dat
[2008.11.06 18:31:17 | 000,000,848 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008.11.06 18:01:15 | 000,138,752 | ---- | C] () -- C:\Users\Messiah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.05 14:46:54 | 000,002,032 | ---- | C] () -- C:\Users\Messiah\AppData\Local\d3d9caps.dat
[2008.05.21 14:18:36 | 000,442,368 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2008.05.21 14:15:59 | 000,000,074 | ---- | C] () -- C:\Windows\tm.ini
[2008.05.21 14:00:28 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2008.03.01 21:18:37 | 000,244,224 | ---- | C] () -- C:\Windows\System32\gc.dll
[2006.11.10 15:08:50 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.08.02 23:24:01 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2002.05.16 01:38:40 | 000,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll
[2002.05.04 15:19:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\avisynthEx.dll
[2002.04.21 20:30:14 | 000,151,552 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2002.04.19 16:23:26 | 000,106,137 | ---- | C] () -- C:\Windows\System32\libpostproc.dll
[2002.04.19 15:51:04 | 000,211,760 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2002.04.02 00:16:30 | 000,454,656 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2002.04.02 00:16:14 | 000,118,784 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2002.04.02 00:15:40 | 000,011,264 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2002.02.21 18:41:20 | 000,157,184 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2001.06.22 13:06:02 | 000,167,936 | ---- | C] () -- C:\Windows\System32\MPEG2DEC.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2008.12.11 19:01:52 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Acreon
[2010.08.23 06:23:18 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\B1C47A703FFF7DBD69526FFF5AA75EF0
[2009.04.06 12:16:00 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\DAEMON Tools
[2009.08.18 20:20:46 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\DAEMON Tools Lite
[2009.04.06 12:16:00 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\DAEMON Tools Pro
[2009.01.27 00:20:45 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\dyyno-vlc
[2010.08.12 14:07:09 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\FrostWire
[2010.01.17 16:59:33 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\GetRightToGo
[2010.01.20 11:53:09 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\gtk-2.0
[2010.01.04 05:07:42 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009.10.30 01:12:09 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Mount&Blade
[2010.04.05 04:26:54 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Mount&Blade Warband
[2010.03.31 16:31:31 | 000,000,000 | -H-D | M] -- C:\Users\Messiah\AppData\Roaming\netmarble
[2010.04.29 22:10:15 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Notepad++
[2010.07.09 22:16:45 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Opera
[2009.09.13 20:34:46 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\RayV
[2010.01.25 17:23:55 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\SecondLife
[2008.12.23 06:56:03 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Serif
[2010.05.07 00:18:39 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\SQLyog
[2009.07.26 01:33:49 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Subversion
[2008.12.18 01:05:13 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\TeamViewer
[2010.07.14 21:20:42 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\TS3Client
[2009.05.18 01:03:12 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\TuneUp Software
[2010.08.04 19:21:42 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Tunngle
[2009.04.05 10:49:51 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Turbine
[2010.03.22 13:47:09 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Ubisoft
[2010.08.23 20:23:12 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\uTorrent
[2010.08.23 20:00:00 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2010.08.23 18:20:39 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.23 05:33:01 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\TuneUp DiskDoctor.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.12.11 19:01:52 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Acreon
[2010.01.04 04:53:50 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Adobe
[2008.11.12 20:07:13 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Apple Computer
[2008.12.28 07:30:14 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\AVS4YOU
[2010.08.23 06:23:18 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\B1C47A703FFF7DBD69526FFF5AA75EF0
[2008.11.15 17:38:11 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Corel
[2009.04.06 12:16:00 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\DAEMON Tools
[2009.08.18 20:20:46 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\DAEMON Tools Lite
[2009.04.06 12:16:00 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\DAEMON Tools Pro
[2010.05.05 04:10:08 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\DivX
[2009.11.22 03:32:33 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\dvdcss
[2009.01.27 00:20:45 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\dyyno-vlc
[2010.08.12 14:07:09 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\FrostWire
[2010.01.17 16:59:33 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\GetRightToGo
[2010.01.20 11:53:09 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\gtk-2.0
[2010.02.02 21:25:15 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Hamachi
[2008.01.21 03:43:07 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Identities
[2008.11.06 13:11:03 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\InstallShield
[2010.01.04 05:07:42 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2008.11.05 15:13:14 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Macromedia
[2010.08.23 13:31:49 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Media Center Programs
[2010.08.22 06:44:33 | 000,000,000 | --SD | M] -- C:\Users\Messiah\AppData\Roaming\Microsoft
[2009.10.30 01:12:09 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Mount&Blade
[2010.04.05 04:26:54 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Mount&Blade Warband
[2010.08.23 17:21:27 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Mozilla
[2010.03.31 16:31:31 | 000,000,000 | -H-D | M] -- C:\Users\Messiah\AppData\Roaming\netmarble
[2010.04.29 22:10:15 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Notepad++
[2010.03.27 21:27:31 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\NVIDIA
[2010.07.09 22:16:45 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Opera
[2009.09.13 20:34:46 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\RayV
[2010.01.25 17:23:55 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\SecondLife
[2008.12.12 17:22:14 | 000,000,000 | RH-D | M] -- C:\Users\Messiah\AppData\Roaming\SecuROM
[2008.12.23 06:56:03 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Serif
[2010.08.23 20:20:38 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Skype
[2010.08.23 18:47:16 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\skypePM
[2010.05.07 00:18:39 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\SQLyog
[2009.07.26 01:33:49 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Subversion
[2008.11.05 14:47:35 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Symantec
[2010.01.23 16:00:14 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\teamspeak2
[2008.12.18 01:05:13 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\TeamViewer
[2010.05.06 16:19:44 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\TortoiseHg
[2010.07.14 21:20:42 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\TS3Client
[2009.05.18 01:03:12 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\TuneUp Software
[2010.08.04 19:21:42 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Tunngle
[2009.04.05 10:49:51 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Turbine
[2008.11.07 19:43:40 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\U3
[2010.03.22 13:47:09 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Ubisoft
[2010.08.23 20:23:12 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\uTorrent
[2010.08.22 19:35:27 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\vlc
[2008.11.05 16:36:57 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\WinRAR
[2010.04.03 19:47:45 | 000,000,000 | ---D | M] -- C:\Users\Messiah\AppData\Roaming\Xfire
 
< %APPDATA%\*.exe /s >
[2008.12.11 19:02:33 | 000,272,384 | ---- | M] () -- C:\Users\Messiah\AppData\Roaming\Acreon\WowMatrix\Modules\curl.exe
[2008.12.25 07:22:08 | 000,000,000 | ---- | M] () -- C:\Users\Messiah\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
[2009.05.15 19:58:50 | 000,010,134 | R--- | M] () -- C:\Users\Messiah\AppData\Roaming\Microsoft\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\ARPPRODUCTICON.exe
[2009.05.15 19:58:51 | 000,065,536 | R--- | M] (Macrovision Corporation) -- C:\Users\Messiah\AppData\Roaming\Microsoft\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\NewShortcut2_0CE1A6C0F3F749E68F9D2431F9827441.exe
[2009.05.15 19:58:52 | 000,065,536 | R--- | M] (Macrovision Corporation) -- C:\Users\Messiah\AppData\Roaming\Microsoft\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\NewShortcut3_0CE1A6C0F3F749E68F9D2431F9827441.exe
[2009.05.15 19:58:51 | 000,065,536 | R--- | M] (Macrovision Corporation) -- C:\Users\Messiah\AppData\Roaming\Microsoft\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\NewShortcut4_0CE1A6C0F3F749E68F9D2431F9827441.exe
[2009.05.15 19:58:52 | 000,065,536 | R--- | M] (Macrovision Corporation) -- C:\Users\Messiah\AppData\Roaming\Microsoft\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\NewShortcut5_0CE1A6C0F3F749E68F9D2431F9827441.exe
[2009.05.15 19:58:52 | 000,008,854 | R--- | M] () -- C:\Users\Messiah\AppData\Roaming\Microsoft\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\UNINST_Uninstall_G_0CE1A6C0F3F749E68F9D2431F9827441_1.exe
[2009.08.01 08:40:57 | 000,012,862 | R--- | M] () -- C:\Users\Messiah\AppData\Roaming\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe
[2009.06.23 04:20:24 | 000,010,134 | R--- | M] () -- C:\Users\Messiah\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2010.02.19 11:31:36 | 001,574,416 | ---- | M] (CJ internet) -- C:\Users\Messiah\AppData\Roaming\netmarble\NMWizard24.exe
[2007.10.23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Messiah\AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 11:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\Messiah\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Users\Messiah\Documents\DriverGenius\Backup\Driver Backup 2-26-2010-103643\IDE-Kanal#1\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Users\Messiah\Documents\DriverGenius\Backup\Driver Backup 2-26-2010-103643\IDE-Kanal#2\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Users\Messiah\Documents\DriverGenius\Backup\Driver Backup 2-26-2010-103643\IDE-Kanal#3\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Users\Messiah\Documents\DriverGenius\Backup\Driver Backup 2-26-2010-103643\IDE-Kanal\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Users\Messiah\Documents\DriverGenius\Backup\Driver Backup 2-26-2010-103643\Standard-Zweikanal-PCI-IDE-Controller#1\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Users\Messiah\Documents\DriverGenius\Backup\Driver Backup 2-26-2010-103643\Standard-Zweikanal-PCI-IDE-Controller\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2009.08.04 18:44:14 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=269DE658DEAF032564E8B6430B5BD170 -- C:\NVIDIA\nForceWinVista\15.51\English\IDE\Win7\sataraid\nvstor32.sys
[2009.08.04 18:44:14 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=269DE658DEAF032564E8B6430B5BD170 -- C:\NVIDIA\nForceWinVista\15.51\English\IDE\WinVista\sataraid\nvstor32.sys
[2009.08.04 18:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\NVIDIA\nForceWinVista\15.51\English\IDE\Win7\sata_ide\nvstor32.sys
[2009.08.04 18:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\NVIDIA\nForceWinVista\15.51\English\IDE\WinVista\sata_ide\nvstor32.sys
[2007.09.11 15:19:16 | 000,114,208 | ---- | M] (NVIDIA Corporation) MD5=8FFB327669B980549BD318D939A34F9B -- C:\Treiber\Chipsatz\nforce_winvista32_16.08_international_whql\IDE\WinVista\sata_ide\nvstor32.sys
[2007.09.11 15:19:16 | 000,114,208 | ---- | M] (NVIDIA Corporation) MD5=8FFB327669B980549BD318D939A34F9B -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_4b699c67\nvstor32.sys
[2007.09.11 15:19:18 | 000,114,208 | ---- | M] (NVIDIA Corporation) MD5=AFD01721DC3297E6715C5F472DD8BCCD -- C:\Treiber\Chipsatz\nforce_winvista32_16.08_international_whql\IDE\WinVista\sataraid\nvstor32.sys
[2008.01.26 03:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\Windows\System32\drivers\nvstor32.sys
[2008.01.26 03:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_ef43fd49\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.10 23:27:48 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.10 23:28:24 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
========== Files - Unicode (All) ==========
[2010.07.02 21:32:22 | 000,002,005 | ---- | M] ()(C:\Users\Public\Desktop\3D??????.lnk) -- C:\Users\Public\Desktop\3Dカスタム少女.lnk
[2010.07.02 21:32:22 | 000,002,005 | ---- | C] ()(C:\Users\Public\Desktop\3D??????.lnk) -- C:\Users\Public\Desktop\3Dカスタム少女.lnk
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 481 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D06A4C76
< End of report >

--- --- ---

Onikage · 23.08.2010, 19:38

EXTRASOTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 23.08.2010 20:20:29 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Messiah\Ordner\Desktop\Desktop\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 95,59 Gb Free Space | 20,52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MESSIAH-PC
Current User Name: Messiah
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04859F04-F611-4C98-B00C-D19FC1C8DD58}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{04AD0B50-D130-475A-8BC4-5480FE06E3E9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{063F00F4-5714-4C6C-9F6A-304D9720E65C}" = lport=6112 | protocol=17 | dir=in | name=battlenet | 
"{097AFE4B-B773-4066-8176-E6D7DD6BC64F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0C0F7C68-99F8-4B66-93FF-B12AC439619F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{12954EE6-189F-428D-9BBA-D4331505D079}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{24A748F9-B802-47AC-9DE5-A6EA030BAF37}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{2A6D2C14-079E-44C6-B808-8460F7CC98D0}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{420326F7-F758-4CF9-A168-2D35F7F04CFB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4626655B-03FD-4FA1-9BBD-B0FFDB4582F9}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{5B6CC7E2-F2DC-4F2D-B0F3-E7486F4FF142}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{63DB3D6D-6AB7-4B69-A08F-E5FC821378C4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{686FA485-9492-44E5-A543-CD627E91F578}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{78BD3199-F24C-4EB5-9257-93749070C4FE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{78E5B022-6B49-45D5-9A6A-B6967F28B539}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8E43F915-E9CF-42DE-B462-567847E8B0A2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{969540BE-B438-4BCC-A35E-86F04512583C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{98EFF8F4-09AE-47C2-8B21-3EE2C708EFE3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BF42F0E8-E661-4A5C-9380-1F6B89F8CDFC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D2B5BE95-9556-43AC-8D98-251D0775276B}" = lport=3306 | protocol=6 | dir=in | name=mysql server | 
"{D793962F-CE64-4B29-99C6-CDF735EB543D}" = lport=6112 | protocol=6 | dir=in | name=battlenet | 
"{DCE71587-20AB-4E10-A429-CF884092DF3A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E960A4ED-41E9-48A4-850F-A2B27CEAD64B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E9C88E77-E96E-41E1-BA00-9CC2924839FD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EB2E861C-2B5B-475F-B486-73B8157AAE9E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{ED67E0DE-9767-4818-887D-D76603CDF43B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F2F4C391-C7F3-48D3-AC98-A128C7A3A521}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001F0098-786E-4CE5-8D66-1E4059B01298}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{02A5F137-420A-4B8E-9842-21BCF41E39F9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0321C1EB-3E16-40CF-8A6E-C604A0B0C156}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{046860AF-49EE-48E1-9E08-440916DC5BC5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{07E173C1-9BEB-475A-AEA3-BAD9554A9FD3}" = protocol=6 | dir=in | app=c:\program files\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | 
"{0A506A20-BDF9-4BF5-944B-644FD1E95652}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0A78C1F7-206A-41D3-B624-9C6A19E1273A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\maniac957\counter-strike source\hl2.exe | 
"{0B4B7B8A-CEAE-4498-9CA3-CFBC925FB4AB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{10A8D81E-FFA6-4C9B-802D-4101D1E3C684}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe | 
"{1117A512-A58D-4554-94B6-2D0F49427521}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe | 
"{11B0F5D4-42A5-4110-9B7D-49FA1D058332}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{124E5F9E-A2AB-4463-96D8-7AF97B4FDA03}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{14B14D0B-6995-4CE8-8434-6B889C03D0FF}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe | 
"{15A2463F-67EF-412A-9D0B-C4428CA131A3}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{16E24CBA-BC4A-428B-941C-6ED2653BC8FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{17866993-0DEC-4A74-9F38-E60CC7BA25C8}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{17D2017E-AE69-4785-B55F-FBE27BBD86F4}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{19BC98FB-3D1F-4B55-B989-D30E4852A799}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1C6BC4A7-EDC5-4E25-BED9-814BF4B9A511}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{20543D4B-A181-41FD-8412-BF26C3998D55}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{2109B490-0C6C-475B-BCCD-1DF46FD8C71C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe | 
"{22EF8C15-982A-4164-8569-815EA27356A9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{23255150-2775-4988-AF70-E1F6B16B4662}" = protocol=17 | dir=in | app=c:\program files\capcom\resident evil 5\re5dx9.exe | 
"{24CBE58D-F2C9-4572-80B1-98CDD693E42E}" = protocol=17 | dir=in | app=c:\program files\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | 
"{26E28660-DFCF-40BF-AF40-AF5BD7F99593}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{28BB732E-CA02-409C-B932-AC334083FA40}" = protocol=6 | dir=in | app=c:\program files\capcom\resident evil 5\re5dx10.exe | 
"{2B6F5D71-4816-451A-8C4A-D994450B86C9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{32560084-7B6F-4B27-85DE-BBD739EF6BC1}" = protocol=6 | dir=out | app=system | 
"{333C972A-8F16-4CFC-A153-C5C07691AFB3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3503BC5B-466C-4A33-A2DA-71FF6B20CBA7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{350DAD0B-6044-4A0E-A576-8F928BD8B76E}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"{36B78688-5F4E-4ED8-B782-AFD6385BF795}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{39EE6962-C300-4A44-A8B1-E4001ADF6FA8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3A40704C-D9FB-423A-9128-5F2D1743A6B0}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe | 
"{3A8A0513-D3E3-43C2-97C0-39660C3A1102}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{3AE919C9-EC0A-4FA5-A998-9D46D96B5FE7}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{3BF21B03-72BE-4DB4-ADB7-A64AB404FF1A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3D497F85-A7A1-45B2-A83D-01E3B72107CE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{401A6C48-C50D-4BF8-8291-E5DBBB3B143F}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{4366FB32-A1F6-435B-88D1-49AB183F13C5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4A5BC984-6E60-4131-A03B-6BAFE95291D5}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe | 
"{4F107467-CC02-4281-8274-B1BD724003F1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mafia ii - public demo\launcher.exe | 
"{4FD6A62C-8E01-4072-BBEF-2F8A4B6214FA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{52069F9E-C048-460D-A408-23A62BF5E961}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{535A2B31-DC27-4A66-B1B8-66CFDAAA5B4A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{55C0BD2D-D174-4216-BC1F-A4BE96F01C97}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{56CE03BA-F760-452E-93D7-10F5933D47BC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{56EA1D09-BEF8-4F1A-BEB5-E3872BE2A126}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{57F383F4-806E-4E46-B657-FFD2246B500A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{59590175-EE65-4341-A9FF-51644E2890DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5999DBF5-4454-4C6A-A014-A464B51F3877}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5DBA3162-56D3-4C8A-8F9C-A5D7075BCA0C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5F44641D-5F50-473B-8875-40B971CB78BB}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{605BFE96-264D-4889-921D-D9E380EE889A}" = protocol=17 | dir=in | app=c:\program files\tunngle\tunngle.exe | 
"{60BD3081-5013-48FD-975E-93BB9B7C455D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe | 
"{633CC668-953C-4B23-9036-86CE5B41A087}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{64EFDDC8-E4B6-4172-97EA-E25DD26D13C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{66B076BB-5078-402C-B107-FB3478E4A3B8}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe | 
"{67271674-E430-4531-8104-C7ED5E41671F}" = protocol=6 | dir=in | app=c:\program files\tunngle\tunngle.exe | 
"{69B80EDB-7782-4E15-9C71-AF9E9A783AED}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6B429144-D519-4674-BCBA-6482AF75FC91}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe | 
"{6B832149-5E94-4358-8E8E-89A75E1CC32D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6E09292F-CE2B-475A-893F-580E9A5D6DC5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{70747124-EC81-4F3D-BD7C-F4DE28F21C27}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{73980781-8070-4662-896B-6DE465D30F35}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{7438EF27-17AF-4DD4-A705-81143F429D0B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mafia ii - public demo\launcher.exe | 
"{75DE0BE5-6DD2-4B9D-902D-19AA6A227950}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{786D8091-3EE2-409B-B192-AAA6BBB1FA30}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7AEB1DEF-54E4-45D0-8B00-5115015B1891}" = protocol=6 | dir=in | app=c:\program files\tunngle\tnglctrl.exe | 
"{7C4B3FD3-CF05-47E5-9C88-7859CD336E45}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"{7DB8CBB9-BD32-463A-8FD0-BA35FD13EE0F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{804AD996-A768-45A5-9112-9291530670B7}" = protocol=58 | dir=in | app=system | 
"{80F611E1-CD12-4531-9BE7-36EB6C57F2D2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{85E0BAB0-7E57-4C3B-941C-11E10A17F586}" = protocol=17 | dir=in | app=c:\program files\tunngle\tunngle.exe | 
"{8A520F47-59E7-42D8-AE6E-90ADB3993E4B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8AE0F4BF-AFE1-445C-8F8D-D6C3488763D1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8E4D4FC9-7C1E-43A9-97B9-03D093EAB84F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8F0A1534-C363-44C4-B78B-618BA4EB447D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{91B41606-A08C-4978-A17D-44C77E0AE75D}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{9330414E-A724-4CA9-948A-AED25684FAEA}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe | 
"{93FAF0D0-0F75-428D-97B0-FE81FBD28A3E}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{94C1FEDC-53B3-4C00-865F-039C5BE70405}" = protocol=6 | dir=in | app=c:\program files\tunngle\tunngle.exe | 
"{95698E71-7CB8-49E0-8250-F26EDABD3802}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\addon.exe | 
"{95EF8538-4F7D-40C1-9EC7-42F5D1BC1992}" = protocol=6 | dir=in | app=c:\program files\capcom\resident evil 5\re5dx9.exe | 
"{9675F25B-F5A5-4BA7-A216-6701B31F9DE8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{968FAFA2-8CBB-4A2F-A1BF-AF896DD827BE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9B7F2E99-7FB7-40DD-97EC-BF7E064B01A2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9B9E4F00-1C1C-43DF-81D5-B3696C60D530}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9D93EFBE-01DF-4866-8205-D3DD0092C75E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\maniac957\counter-strike source\hl2.exe | 
"{9E0DC430-630A-43DF-80CD-82766A796A63}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{A28EAC3E-EB03-4057-B1EC-3C47C4280643}" = protocol=6 | dir=in | app=c:\program files\tunngle\tnglctrl.exe | 
"{A667227D-4AD0-49E5-949F-1EB277805A3F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{A6B3C5C2-6D78-4439-8DAE-088DB76BF9D5}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\addon.exe | 
"{ACD4D47D-B78F-4A04-AE95-FC0DA49589B4}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 | 
"{ACE737E3-44FF-4CAE-A6A7-6F63C6786B88}" = protocol=6 | dir=in | app=c:\program files\volition inc\red faction guerrilla\rfg.exe | 
"{AD2403C6-6AEB-4574-A518-8FEDF6B5E467}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe | 
"{AD85C33A-0D53-4D80-9DEE-60C8A9A16269}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{AF03A7C4-1267-4AC2-9ED2-6DB5993735A5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B17F5A97-CEF9-496C-ACFA-1D6A4ADC8B55}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe | 
"{B35B7FE8-F0EB-43C8-9CB9-4A58345C4EA5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B5438A97-A20B-4EAB-97B2-DFC17C9DF421}" = protocol=17 | dir=in | app=c:\program files\tunngle\tnglctrl.exe | 
"{B8FDF8FD-5AE8-4982-930B-0836C155A79D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B948AAAB-93FD-4236-9CD9-03134EE8CC5B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B954648E-E410-4DE7-B2B0-A6F2DF94F206}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe | 
"{BAB45696-807A-46DC-921F-5DD9AC2CD679}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{BD5D24C0-6632-45CD-9C56-4EEE1427AE9F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe | 
"{C286534A-133C-468D-845A-8BE938D42CF7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C3BDE7A8-C421-4777-8198-831CEF554A8F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{C61DBB0E-D9D7-4489-A7F8-A80E15DC68E4}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{C62D2AB5-0B69-4C2F-90B9-94F7E2B87A89}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe | 
"{C70C6475-1572-454B-BE74-91651AFD45A6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C9965EAB-84DD-4C7F-87A5-E1CE711F4E73}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{C998600F-DDC3-4770-8B41-00248E68417F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CBEAA60F-98E9-477B-8D24-6B2C5CF89B29}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{CD301194-BA63-4EE4-B0E4-6AB94C424DDD}" = protocol=17 | dir=in | app=c:\program files\volition inc\red faction guerrilla\rfg.exe | 
"{CD904C48-E809-4003-A8E0-544AB3263717}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe | 
"{CF639759-7334-4594-9DD2-A16AC0053CB8}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe | 
"{D1AA42B1-1ADB-4554-AD9D-EADFAC3CB9E8}" = protocol=17 | dir=in | app=c:\program files\capcom\resident evil 5\re5dx10.exe | 
"{D570E183-68BE-4412-A72E-5FAC5262B718}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D96B593C-2DB2-41FE-917A-7899B2571B3D}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{E300DE20-732D-45DB-BE30-9945760702F0}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe | 
"{E4A032A7-FB77-4DD5-A789-0D8F8D20671B}" = protocol=6 | dir=in | app=c:\users\public\games\world of private\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{E6ECA77A-1B6A-47CC-B74E-6B34EA9F2C40}" = protocol=17 | dir=in | app=c:\users\public\games\world of private\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{EC5AD8A9-5A6E-47AE-B636-4933E5F55024}" = protocol=17 | dir=in | app=c:\program files\tunngle\tnglctrl.exe | 
"{F3021524-9A3B-4B8F-A119-26AE84DAA5AD}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{F3213332-051A-42D0-9997-8B1B811F01BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F6A7A559-1B30-49D1-99C5-986C5D549C83}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{F882BA7A-474A-47FF-B95C-A96A00426F83}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{F9C59D42-FDF5-4141-B26D-035615894132}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe | 
"{FD7FF983-D717-459F-ACD2-176C517D85B9}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe | 
"{FF13289C-40D3-49EB-846A-75435A350FAF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{FFF6EFD2-CFBF-4F36-B544-9B4B5777B65E}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe | 
"TCP Query User{0BA02C22-FA0C-4C72-9F76-746290F46162}C:\program files\realtime worlds\apb\beta-eu\binaries\user-apbgame_use_me.exe" = protocol=6 | dir=in | app=c:\program files\realtime worlds\apb\beta-eu\binaries\user-apbgame_use_me.exe | 
"TCP Query User{0C132490-A49C-4E82-9BF0-FFFB338B9EBF}C:\program files\steam\steamapps\maniac957\pirates, vikings, and knights ii\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\maniac957\pirates, vikings, and knights ii\hl2.exe | 
"TCP Query User{130F3FDF-8745-4B52-BFEA-0DA4FC187006}C:\program files\star vault\mortal online\mortal online launcher.exe" = protocol=6 | dir=in | app=c:\program files\star vault\mortal online\mortal online launcher.exe | 
"TCP Query User{15A0A7F2-7BE8-4DEC-99E3-4BD5EA249665}C:\program files\thq\saints row 2\sr2_pc.exe" = protocol=6 | dir=in | app=c:\program files\thq\saints row 2\sr2_pc.exe | 
"TCP Query User{26AEBA40-0EA6-41AA-AE58-DF9D9E981125}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
"TCP Query User{2A5F2FB0-6F1E-44D7-B001-3F8075BCC938}C:\program files\aspyr\guitar hero iii\gh3.exe" = protocol=6 | dir=in | app=c:\program files\aspyr\guitar hero iii\gh3.exe | 
"TCP Query User{3E869F7A-9FFB-4BFF-834E-B72B0AB19DFD}C:\program files\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe | 
"TCP Query User{3F423D23-BE45-4FE9-9933-8C29BE4AA726}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe | 
"TCP Query User{418CF851-9DD8-44CC-BB5D-6B88624349CC}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{4840241D-555B-4C69-8643-5D22275153A3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{4BE09661-C391-4692-9945-4D8E8D819691}C:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe | 
"TCP Query User{549204DB-C30E-471B-8CCF-8E8253549445}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{629E0310-F901-4594-99D1-68120FBAC3DE}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"TCP Query User{63ABC737-C048-473E-82D5-A51B3D01840F}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"TCP Query User{698209E7-7497-460F-A34E-6FD0A34240C4}C:\program files\star vault\mortal online\mortalonline\unrealengine3\binaries\win32\nowgame.exe" = protocol=6 | dir=in | app=c:\program files\star vault\mortal online\mortalonline\unrealengine3\binaries\win32\nowgame.exe | 
"TCP Query User{6AB8997C-EF2D-4BBE-9285-4F63E9C4075C}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"TCP Query User{6C2ED9EE-1DA8-422B-9F90-63DC3C4FFF3E}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{6C5E00FE-59D2-4C17-ABDD-2BD486363F40}C:\program files\steam\steamapps\maniac957\garrysmod\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\maniac957\garrysmod\hl2.exe | 
"TCP Query User{6D7CC0DE-7713-43A8-A284-8D9CB21112B1}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{7A9CB931-B44F-4CC4-B80C-0DF0F634FC27}C:\users\public\games\world of private\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of private\launcher.exe | 
"TCP Query User{7DD9E20A-CF33-4DCE-B075-A45CF2D42E9D}C:\program files\aspyr\guitar hero aerosmith\guitar hero aerosmith.exe" = protocol=6 | dir=in | app=c:\program files\aspyr\guitar hero aerosmith\guitar hero aerosmith.exe | 
"TCP Query User{7F992E86-DD16-4983-AA34-C6F82531ECF9}C:\yu-gi-oh\joey\joey_pc.exe" = protocol=6 | dir=in | app=c:\yu-gi-oh\joey\joey_pc.exe | 
"TCP Query User{85825080-E80D-404B-8001-714E9833A42C}C:\program files\steam\steamapps\maniac957\source sdk base 2007\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\maniac957\source sdk base 2007\hl2.exe | 
"TCP Query User{8E02E7A2-7D79-43FF-80B8-B3544E82530A}C:\program files\kaiba corp vds\kcvds.exe" = protocol=6 | dir=in | app=c:\program files\kaiba corp vds\kcvds.exe | 
"TCP Query User{993E6FD3-BEAC-4277-A653-8728CDA8B3CD}C:\program files\volition inc\red faction guerrilla\rfg.exe" = protocol=6 | dir=in | app=c:\program files\volition inc\red faction guerrilla\rfg.exe | 
"TCP Query User{9998FD06-8294-4F57-8E19-315A7FBD71B7}C:\program files\steam\steamapps\maniac957\pirates, vikings, and knights ii\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\maniac957\pirates, vikings, and knights ii\hl2.exe | 
"TCP Query User{9F4FA4B8-3F0F-4B69-A3CA-A51B3360C686}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"TCP Query User{A07C46F3-2B20-455C-8491-8520E4F8D496}C:\program files\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe | 
"TCP Query User{A29F3267-C04D-40F2-B8F8-2D570A0A85AE}C:\program files\mount&blade warband\mb_warband.exe" = protocol=6 | dir=in | app=c:\program files\mount&blade warband\mb_warband.exe | 
"TCP Query User{ACED775F-B2E6-4B1E-AE34-846111330903}C:\program files\steam\steamapps\maniac957\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\maniac957\counter-strike source\hl2.exe | 
"TCP Query User{AEE5405D-D592-4BC3-963A-AA8B18B97B90}C:\users\messiah\appdata\local\dyyno receiver\dppm.exe" = protocol=6 | dir=in | app=c:\users\messiah\appdata\local\dyyno receiver\dppm.exe | 
"TCP Query User{AFEE6181-70FD-44FB-A178-45ED651D5521}C:\program files\aspyr\guitar hero aerosmith\guitar hero aerosmith.exe" = protocol=6 | dir=in | app=c:\program files\aspyr\guitar hero aerosmith\guitar hero aerosmith.exe | 
"TCP Query User{BBD7F164-BADB-40B4-AA04-4E3AFE757E3C}C:\program files\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe | 
"TCP Query User{C08E3806-5C59-4E70-8833-90287CCA0458}C:\program files\ubisoft\related designs\anno 1404\addon.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\addon.exe | 
"TCP Query User{C1345B32-EFDC-4B77-84C1-ED16A2DB5A86}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe | 
"TCP Query User{C166FB41-9732-4852-85D6-E5DBDE179590}C:\program files\thq\saints row 2\sr2_pc.exe" = protocol=6 | dir=in | app=c:\program files\thq\saints row 2\sr2_pc.exe | 
"TCP Query User{C8A7A201-22BB-4585-810F-4D75637ABE00}C:\program files\capcom\resident evil 5\re5dx10.exe" = protocol=6 | dir=in | app=c:\program files\capcom\resident evil 5\re5dx10.exe | 
"TCP Query User{CC7D6175-2026-4C3F-B961-4FA9EA7BC5CB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{D0E3CF1C-A8DC-4FB9-B7FE-658E6ECAD837}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{EF7E4082-E988-45E2-AC62-B40B3D004486}C:\program files\aspyr\guitar hero iii\gh3.exe" = protocol=6 | dir=in | app=c:\program files\aspyr\guitar hero iii\gh3.exe | 
"UDP Query User{0B65EF9A-4074-40D8-B4C9-66D546E52067}C:\program files\mount&blade warband\mb_warband.exe" = protocol=17 | dir=in | app=c:\program files\mount&blade warband\mb_warband.exe | 
"UDP Query User{0C67FE48-1370-4F53-B2BA-CBE420A7B483}C:\users\public\games\world of private\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of private\launcher.exe | 
"UDP Query User{0D06B86F-C64A-40A8-A5B7-A4891D5B3448}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"UDP Query User{1C3CA355-FAD7-4B60-A507-116CC7B9981E}C:\program files\star vault\mortal online\mortal online launcher.exe" = protocol=17 | dir=in | app=c:\program files\star vault\mortal online\mortal online launcher.exe | 
"UDP Query User{21E06AB0-5BE6-4F12-ADA4-7BE120381180}C:\program files\aspyr\guitar hero aerosmith\guitar hero aerosmith.exe" = protocol=17 | dir=in | app=c:\program files\aspyr\guitar hero aerosmith\guitar hero aerosmith.exe | 
"UDP Query User{2411490C-6ACA-4E20-83F1-E983CF2EEEBF}C:\program files\kaiba corp vds\kcvds.exe" = protocol=17 | dir=in | app=c:\program files\kaiba corp vds\kcvds.exe | 
"UDP Query User{27625383-62F7-48F2-B8A5-8434D2E78C02}C:\program files\aspyr\guitar hero aerosmith\guitar hero aerosmith.exe" = protocol=17 | dir=in | app=c:\program files\aspyr\guitar hero aerosmith\guitar hero aerosmith.exe | 
"UDP Query User{3EAD611F-9F15-4110-8AC0-7A66899657DC}C:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\addonweb.exe | 
"UDP Query User{3F3DF592-D659-4461-A6E7-6DD6596C0E6E}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe | 
"UDP Query User{48EB1FD9-0BFC-4CFE-9943-E526FD7B8428}C:\program files\steam\steamapps\maniac957\source sdk base 2007\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\maniac957\source sdk base 2007\hl2.exe | 
"UDP Query User{62A45039-56E0-4757-8084-602F87FF7472}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"UDP Query User{67CE0DF1-0DB7-48E1-95DA-620FC749410A}C:\program files\aspyr\guitar hero iii\gh3.exe" = protocol=17 | dir=in | app=c:\program files\aspyr\guitar hero iii\gh3.exe | 
"UDP Query User{6955C3C3-543B-4E96-92F7-A2F0947D2E81}C:\program files\volition inc\red faction guerrilla\rfg.exe" = protocol=17 | dir=in | app=c:\program files\volition inc\red faction guerrilla\rfg.exe | 
"UDP Query User{6C14263A-2498-4F45-B253-A2181DE815FB}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe | 
"UDP Query User{70A31607-6837-4B9A-BE1F-1F6799690118}C:\program files\steam\steamapps\maniac957\pirates, vikings, and knights ii\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\maniac957\pirates, vikings, and knights ii\hl2.exe | 
"UDP Query User{85C74229-BB8D-4284-82E8-AE985FACA82B}C:\users\messiah\appdata\local\dyyno receiver\dppm.exe" = protocol=17 | dir=in | app=c:\users\messiah\appdata\local\dyyno receiver\dppm.exe | 
"UDP Query User{87731852-375A-4CC8-B49E-80F43519532A}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{8FE77E63-32F2-4BBD-86E4-6EEFE817BA81}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{90DAB0CD-F087-4AF8-9D37-7220316E7E69}C:\program files\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe | 
"UDP Query User{93B119E4-2B42-48BF-B35D-A3BAEB8739E1}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{963380FB-FC5B-4B92-BEC7-982A340F55C9}C:\program files\aspyr\guitar hero iii\gh3.exe" = protocol=17 | dir=in | app=c:\program files\aspyr\guitar hero iii\gh3.exe | 
"UDP Query User{9BC190B7-2B48-44EA-BB80-D945F2AA64E3}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{9CF56A1B-8657-4B84-AB01-3587CF55BF68}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{9EB72A1B-E309-4077-9BFE-EF9C74125DF0}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"UDP Query User{A1E1227E-9E29-4D47-8628-A1E6BB489AF7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{A539D4A9-0D09-440D-8DA9-FA93AE893D9B}C:\program files\thq\saints row 2\sr2_pc.exe" = protocol=17 | dir=in | app=c:\program files\thq\saints row 2\sr2_pc.exe | 
"UDP Query User{A6A5B2E0-B52C-4CA5-A226-120E76031033}C:\program files\star vault\mortal online\mortalonline\unrealengine3\binaries\win32\nowgame.exe" = protocol=17 | dir=in | app=c:\program files\star vault\mortal online\mortalonline\unrealengine3\binaries\win32\nowgame.exe | 
"UDP Query User{ABE31439-B234-4C12-B5DA-2CF7D11BF713}C:\program files\steam\steamapps\maniac957\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\maniac957\counter-strike source\hl2.exe | 
"UDP Query User{B8076105-AB1F-48C8-BDF7-81606C86646A}C:\program files\steam\steamapps\maniac957\garrysmod\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\maniac957\garrysmod\hl2.exe | 
"UDP Query User{C9A9CFD9-0257-438C-BA89-33B7A9AF56A4}C:\program files\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe | 
"UDP Query User{CADAF92A-EE7B-4A67-9B89-73DF0CE656C0}C:\program files\steam\steamapps\maniac957\pirates, vikings, and knights ii\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\maniac957\pirates, vikings, and knights ii\hl2.exe | 
"UDP Query User{CD2E37F5-2A0D-4029-AFC7-AE2897E04D4B}C:\yu-gi-oh\joey\joey_pc.exe" = protocol=17 | dir=in | app=c:\yu-gi-oh\joey\joey_pc.exe | 
"UDP Query User{D2AF9F90-2CEF-45B9-A80B-C0495BD922AE}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe | 
"UDP Query User{DBDBAF8C-C4D8-44AE-9AA6-884CBEC4BB85}C:\program files\thq\saints row 2\sr2_pc.exe" = protocol=17 | dir=in | app=c:\program files\thq\saints row 2\sr2_pc.exe | 
"UDP Query User{DD1AF656-7A98-4F0F-8EC3-4624DB05F994}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{DFE3BF27-DA72-421D-A4CF-B32266B82773}C:\program files\ubisoft\related designs\anno 1404\addon.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\addon.exe | 
"UDP Query User{E338A317-78C7-42E7-8124-F1F9DD8F4A85}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{EA2F3550-AE3B-4BBB-99C3-8B62653668E0}C:\program files\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\borderlands\binaries\borderlands.exe | 
"UDP Query User{EA502AA6-2C14-4254-B93A-76616AB1C263}C:\program files\realtime worlds\apb\beta-eu\binaries\user-apbgame_use_me.exe" = protocol=17 | dir=in | app=c:\program files\realtime worlds\apb\beta-eu\binaries\user-apbgame_use_me.exe | 
"UDP Query User{F5B474E0-93DA-44E0-B8B2-450A4E543029}C:\program files\capcom\resident evil 5\re5dx10.exe" = protocol=17 | dir=in | app=c:\program files\capcom\resident evil 5\re5dx10.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
"{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{0ECED7D8-FF53-4DC9-958E-C2177F528DE4}" = MySQL Server 5.1
"{1D2C96C3-A3F3-49E7-B839-95279DED837F}" = Opera 10.60
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{311EBF70-9282-41D1-BAB0-AD22220301B9}" = 3Dカスタム少女
"{334BFBB0-4E83-4C48-8081-E0220AEF6DE9}" = TortoiseHg 1.0.1 (x86)
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{46F42615-BA31-45A0-BE10-2D2119749E95}" = Guitar Hero: Aerosmith
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{50D69C54-6963-49A6-B762-A9FF8F56AF0F}" = Brockhaus multimedial 2008
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57EC5BFE-7CB7-3057-8385-C9D72918511C}" = Microsoft .NET Framework 4 Client Profile Beta 2
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DC6B387-DCD5-4B66-B866-434020FF2ECC}" = TortoiseSVN 1.6.7.18415 (32 bit)
"{5E6ACA2E-60D5-461C-8FD3-04BA9C174B27}_is1" = Mouse Recorder Pro 1.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{6E405B40-3879-3C9B-9286-8D5E71258C35}" = Microsoft .NET Framework 4 Extended Beta 2
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venice
"{A126E617-63F0-4E57-BFA4-7190F5845C39}" = Guitar Hero World Tour
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B571B309-5E65-3DCE-8DE7-205DE2D366C3}" = Microsoft Visual C++ 2008 Express Edition - DEU
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}" = Steuer-Spar-Erklärung 2008
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{C9736F27-3CFC-4AF9-B2A7-5B1A54B1A84F}" = SFV Checker
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1CBC6F7-D82D-4DC5-B81C-9A14F418593A}_is1" = WC3Banlist
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FAFC9FF9-56BE-414D-B637-537E7D06E7B9}" = Serif PhotoPlus 11
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"BySoft FreeRAM" = BySoft FreeRAM 4.0
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1
"Darkness Within 2: The Dark Lineage_is1" = Darkness Within 2: The Dark Lineage
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FrostWire" = FrostWire 4.18.0
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"JDownloader" = JDownloader
"LHTTSGED" = L&H TTS3000 Deutsch
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile Beta 2" = Microsoft .NET Framework 4 Client Profile Beta 2
"Microsoft .NET Framework 4 Extended Beta 2" = Microsoft .NET Framework 4 Extended Beta 2
"Microsoft Visual C++ 2008 Express Edition - DEU" = Microsoft Visual C++ 2008 Express Edition - DEU
"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.8.0
"PowerISO" = PowerISO
"PROHYBRIDR" = 2007 Microsoft Office system
"PunkBusterSvc" = PunkBuster Services
"Saints Row 2_is1" = Saints Row 2
"SpeedFan" = SpeedFan (remove only)
"SQLyog" = SQLyog 8.4 
"Steam App 10" = Counter-Strike
"Steam App 17570" = Pirates, Vikings, & Knights II
"Steam App 218" = Source SDK Base 2007
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 4000" = Garry's Mod
"Steam App 500" = Left 4 Dead
"Steam App 50280" = Mafia II - Demo
"Steam App 630" = Alien Swarm
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 5" = TeamViewer 5
"Tobit ClipInc Server" = ClipInc. 
"Tunngle beta_is1" = Tunngle beta
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"Warcraft III" = Warcraft III
"WBFS Manager 3.0" = WBFS Manager 3.0
"Wc3Refresh" = Wc3Refresh
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 3.1
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2470280618-2490300084-3438362984-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"uTorrent" = µTorrent
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 08.08.2010 22:02:33 | Computer Name = Messiah-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 11.08.2010 13:16:32 | Computer Name = Messiah-PC | Source = VSS | ID = 8194
Description = 
 
Error - 11.08.2010 13:18:24 | Computer Name = Messiah-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 14.08.2010 21:53:03 | Computer Name = Messiah-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul libavcodec.dll, Version 0.0.0.0, Zeitstempel 0x3cbfbe5a,
 Ausnahmecode 0xc0000094, Fehleroffset 0x00008235,  Prozess-ID 0x1378, Anwendungsstartzeit
 01cb3c1c94587b4a.
 
Error - 14.08.2010 21:53:07 | Computer Name = Messiah-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul libavcodec.dll, Version 0.0.0.0, Zeitstempel 0x3cbfbe5a,
 Ausnahmecode 0xc0000094, Fehleroffset 0x00008235,  Prozess-ID 0x1194, Anwendungsstartzeit
 01cb3c1c99d4233a.
 
Error - 14.08.2010 21:53:52 | Computer Name = Messiah-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul libavcodec.dll, Version 0.0.0.0, Zeitstempel 0x3cbfbe5a,
 Ausnahmecode 0xc0000094, Fehleroffset 0x00008235,  Prozess-ID 0x1180, Anwendungsstartzeit
 01cb3c1cb5cec40a.
 
Error - 14.08.2010 21:53:57 | Computer Name = Messiah-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul libavcodec.dll, Version 0.0.0.0, Zeitstempel 0x3cbfbe5a,
 Ausnahmecode 0xc0000094, Fehleroffset 0x00008235,  Prozess-ID 0x123c, Anwendungsstartzeit
 01cb3c1cb6f6a23a.
 
Error - 14.08.2010 21:56:28 | Computer Name = Messiah-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul libavcodec.dll, Version 0.0.0.0, Zeitstempel 0x3cbfbe5a,
 Ausnahmecode 0xc0000094, Fehleroffset 0x00008235,  Prozess-ID 0xfac, Anwendungsstartzeit
 01cb3c1d12621b4a.
 
Error - 14.08.2010 21:56:30 | Computer Name = Messiah-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul libavcodec.dll, Version 0.0.0.0, Zeitstempel 0x3cbfbe5a,
 Ausnahmecode 0xc0000094, Fehleroffset 0x00008235,  Prozess-ID 0xb90, Anwendungsstartzeit
 01cb3c1d13d0514a.
 
Error - 14.08.2010 21:56:32 | Computer Name = Messiah-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung DllHost.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b14e, fehlerhaftes Modul libavcodec.dll, Version 0.0.0.0, Zeitstempel 0x3cbfbe5a,
 Ausnahmecode 0xc0000094, Fehleroffset 0x00008235,  Prozess-ID 0x112c, Anwendungsstartzeit
 01cb3c1d1517503a.
 
[ Media Center Events ]
Error - 28.02.2009 15:28:02 | Computer Name = Messiah-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
 Win32 GetLastError returned 0D  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 23.08.2010 12:22:17 | Computer Name = Messiah-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 23.08.2010 12:22:18 | Computer Name = Messiah-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 23.08.2010 12:22:19 | Computer Name = Messiah-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 23.08.2010 12:22:20 | Computer Name = Messiah-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 23.08.2010 12:22:21 | Computer Name = Messiah-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 23.08.2010 12:22:22 | Computer Name = Messiah-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 23.08.2010 12:23:49 | Computer Name = Messiah-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 23.08.2010 12:24:24 | Computer Name = Messiah-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 23.08.2010 12:24:25 | Computer Name = Messiah-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 23.08.2010 12:33:35 | Computer Name = Messiah-PC | Source = Service Control Manager | ID = 7030
Description = 
 
[ TuneUp Events ]
Error - 05.07.2010 11:12:09 | Computer Name = Messiah-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-05 17:12:09', '\device\harddiskvolume1\program
 files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe','6104',0)
 
Error - 05.07.2010 11:46:53 | Computer Name = Messiah-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-05 17:46:53', '\device\harddiskvolume1\program
 files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe','5944',0)
 
Error - 05.07.2010 15:55:20 | Computer Name = Messiah-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-05 21:55:20', '\device\harddiskvolume1\program
 files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe','4952',0)
 
Error - 05.07.2010 15:56:26 | Computer Name = Messiah-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-05 21:56:26', '\device\harddiskvolume1\program
 files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe','6140',0)
 
Error - 05.07.2010 21:41:10 | Computer Name = Messiah-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-06 03:41:09', '\device\harddiskvolume1\program
 files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe','5216',0)
 
Error - 06.07.2010 11:45:39 | Computer Name = Messiah-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-06 17:45:39', '\device\harddiskvolume1\program
 files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe','5536',0)
 
Error - 08.07.2010 02:46:33 | Computer Name = Messiah-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-08 08:46:33', '\device\harddiskvolume1\program
 files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe','5912',0)
 
Error - 08.07.2010 02:48:29 | Computer Name = Messiah-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-08 08:48:29', '\device\harddiskvolume1\program
 files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe','4592',0)
 
Error - 08.07.2010 02:50:14 | Computer Name = Messiah-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-08 08:50:14', '\device\harddiskvolume1\program
 files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe','868',0)
 
Error - 10.07.2010 20:12:09 | Computer Name = Messiah-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-11 02:12:09', '\device\harddiskvolume1\program
 files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe','5328',0)
 
 
< End of report >

--- --- ---

markusg · 23.08.2010, 19:51

bitte erstelle und poste nen GMER report
http://www.trojaner-board.de/74908-a...t-scanner.html

Onikage · 23.08.2010, 20:49

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-08-23 21:48:18
Windows 6.0.6002 Service Pack 2
Running: 4yirl5yu.exe; Driver: C:\Users\Messiah\AppData\Local\Temp\pwrdifoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                               section is writeable [0xA165C300, 0x3B6D8, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                               section is writeable [0xA1710300, 0x1BEE, 0xE8000020]
?               C:\Users\Messiah\AppData\Local\Temp\catchme.sys                                                                      Das System kann die angegebene Datei nicht finden. !
?               C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                           Das System kann die angegebene Datei nicht finden. !
?               C:\Users\Messiah\AppData\Local\Temp\mbr.sys                                                                          Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe[1680] kernel32.dll!SetUnhandledExceptionFilter              7610A84F 5 Bytes  JMP 0048DC60 C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe
.text           C:\Program Files\Tunngle\TnglCtrl.exe[2388] ntdll.dll!DbgBreakPoint                                                  77738B2E 1 Byte  [90]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                              avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                              avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                            avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                  2
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                               0xEE 0xB5 0x62 0xFD ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                               0x34 0x84 0x29 0x2B ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                  0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                     
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                  0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                               0x68 0x95 0x94 0x28 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                      0xA1 0xB6 0x47 0x09 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                0xD3 0x5C 0xA0 0x55 ...
Reg             HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                      2
Reg             HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                   0xEE 0xB5 0x62 0xFD ...
Reg             HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                      1
Reg             HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                   0x34 0x84 0x29 0x2B ...
Reg             HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                      0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                 
Reg             HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                      0
Reg             HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                   0x68 0x95 0x94 0x28 ...
Reg             HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)        
Reg             HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                          0xA1 0xB6 0x47 0x09 ...
Reg             HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                    0xD3 0x5C 0xA0 0x55 ...

---- Files - GMER 1.0.15 ----

File            C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb                                                               65536 bytes

---- EOF - GMER 1.0.15 ----

--- --- ---

markusg · 24.08.2010, 10:09

sieht gut aus, noch probleme festzustellen?

Onikage · 24.08.2010, 13:45

Keine Probleme.

Ihr leistet hier echt super Arbeit!

Vielen Dank!

markusg · 24.08.2010, 13:58

ok dann tools löschen die wir verwendeten und passwörter endern

23.08.2010, 18:21	#6
markusg /// Malware-holic	Trojanerpaket! öffne den arbeitsplatz (mein computer) dann öffne c: dort qoobox, dann rechtsklick auf quarantäne, und zu quarantäne.rar oder zip hinzufügen. das archiv, welches sich im qoobox-ordner befindet zu uns hochladen. http://www.trojaner-board.de/54791-a...ner-board.html wenn das erledigt is, bescheid geben

23.08.2010, 19:51	#10
markusg /// Malware-holic	Trojanerpaket! bitte erstelle und poste nen GMER report http://www.trojaner-board.de/74908-a...t-scanner.html

24.08.2010, 10:09	#12
markusg /// Malware-holic	Trojanerpaket! sieht gut aus, noch probleme festzustellen?

24.08.2010, 13:58	#14
markusg /// Malware-holic	Trojanerpaket! ok dann tools löschen die wir verwendeten und passwörter endern

23.08.2010, 14:26	#2
markusg /// Malware-holic	Trojanerpaket! 1. deinstaliere spybot, stört nur die reinigung und nach meinem dafürhalten ist das programm sowieso nicht so besonders. starte nun in den abges. modus 2. bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix __________________

24.08.2010, 13:45	#13
Onikage	Trojanerpaket! Keine Probleme. Ihr leistet hier echt super Arbeit! Vielen Dank!

Trojanerpaket!

Plagegeister aller Art und deren Bekämpfung: Trojanerpaket!

Trojanerpaket!

Trojanerpaket!

Trojanerpaket!

Trojanerpaket!

Trojanerpaket!

Trojanerpaket!

Trojanerpaket!

Trojanerpaket!

Trojanerpaket!

Trojanerpaket!

Trojanerpaket!

Trojanerpaket!

Trojanerpaket!

Trojanerpaket!