| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Antimalware DoctorWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.09.2010, 15:26
| #1 |
| |  Antimalware Doctor Hi @all!!! hab mir leider was eingefangen bzw. mein PC. Bin laut anleitung vorgegangen. 1.) Iexplore: Code:
ATTFilter This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as *** on 07.09.2010 at 16:11:33.
Services Stopped:
Processes terminated by Rkill or while it was running:
Rkill completed on 07.09.2010 at 16:11:36.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4561
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943
07.09.2010 15:39:28
mbam-log-2010-09-07 (15-39-28).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|I:\|)
Durchsuchte Objekte: 776263
Laufzeit: 1 Stunde(n), 58 Minute(n), 5 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 27
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewrgetuj (Trojan.Agent.Gen) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\lt4tmf (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mediafix70700en02.exe (Trojan.FakeAlert) -> No action taken.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\***\AppData\Local\Temp\geurge.exe (Trojan.Agent.Gen) -> No action taken.
C:\Users\***\AppData\Local\Temp\doa546.exe (Backdoor.Bot) -> No action taken.
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> No action taken.
C:\Users\***\AppData\Local\Temp\7619,062.exe (Trojan.Dropper) -> No action taken.
C:\Users\***\AppData\Local\Temp\awttsvlg.exe (Trojan.Downloader) -> No action taken.
C:\Users\***\AppData\Local\Temp\jytr.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\***\AppData\Local\Temp\lnudls.exe (Trojan.Downloader) -> No action taken.
C:\Users\***\AppData\Local\Temp\nwmxaecrso.exe (Trojan.Agent.Gen) -> No action taken.
C:\Users\***\AppData\Local\Temp\remacsnowx.exe (Trojan.Agent) -> No action taken.
C:\Users\***\AppData\Local\Temp\sxcfgslr.exe (Trojan.Downloader) -> No action taken.
C:\Users\***\AppData\Local\Temp\thuurs.exe (Heuristics.Shuriken) -> No action taken.
C:\Users\***\AppData\Roaming\antispy.exe (Trojan.FakeAlert) -> No action taken.
I:\fun.xls.exe (Worm.AutoRun) -> No action taken.
I:\Software - CD\Freeripmp3\freeripmp3.exe (Adware.MyWay) -> No action taken.
I:\System Volume Information\_restore{8A678CD9-BC47-45B9-B58C-B964E2B82263}\RP200\A0058960.exe (Worm.AutoRun) -> No action taken.
I:\System Volume Information\_restore{CFB6E64A-5D4B-4564-98E3-77EC49187E45}\RP12\A0004309.exe (Worm.AutoRun) -> No action taken.
C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> No action taken.
C:\Windows\System32\msxml71.dll (Trojan.FakeAlert) -> No action taken.
C:\Users\***\AppData\Roaming\49B403C00339D9F911D0257CF39FD721\mediafix70700en02.exe (Trojan.FakeAlert) -> No action taken.
hab ich durchgeführt bis keine Fehler mehr in Regestry 4.) RSIT Code:
ATTFilter info.txt logfile of random's system information tool 1.08 2010-09-07 16:07:18
======Uninstall list======
-->MsiExec /X{11AE6807-50D2-4F59-82B3-2C3E695E94C2}
3DVIA player 5.0-->MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.4 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
AI Suite-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\setup.exe" -l0x7
Apple Application Support-->MsiExec.exe /I{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->"C:\Program Files (x86)\AskBarDis\unins000.exe"
Aspell 0.6 Dictionary (Language: de)-->"C:\ProgramData\Aspell\Dictionaries\Uninstall-AspellDict-de.exe"
Aspell Data-->"C:\ProgramData\Aspell\Uninstall-AspellData.exe"
ASUSUpdate-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x7
BitTorrent-->D:\Program Files (x86)\BitTorrent\uninst.exe
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner-->"D:\Program Files (x86)\CCleaner\uninst.exe"
Command & Conquer(TM) Generäle-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command and Conquer(TM) Generäle Die Stunde Null -->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
Company of Heroes-->"E:\Games\Company of Heroes\Uninstall_German.exe"
Crystal Reports Basic for Visual Studio 2008-->MsiExec.exe /X{AA467959-A1D6-4F45-90CD-11DC57733F32}
DAEMON Tools Toolbar-->C:\Program Files (x86)\DAEMON Tools Toolbar\uninst.exe
Dev-C++ 5 beta 9 release (4.9.9.2)-->"E:\Dev-Cpp\uninstall.exe"
Die Gilde - Gaukler, Gruften und Geschütze-->E:\Games\JoWooD\DIEGIL~1\UNWISE.EXE E:\Games\JoWooD\DIEGIL~1\INSTALL.LOG
Die Gilde 2 - Die Seeräuber der Hanse-->E:\Program Files (x86)\Die Gilde 2 - Die Seeräuber der Hanse\uninstall.exe
Die Gilde 2-->C:\Windows\unvise32.exe E:\Programme\Die Gilde 2\uninstal.log
Die Gilde Addon Update v. 2.06 -->E:\Games\JoWooD\DIEGIL~1\UNWISE.EXE E:\Games\JoWooD\DIEGIL~1\INSTALL.LOG
Die Gilde Update v1.04a-->E:\Games\JoWooD\DIEGIL~1\UNWISE.EXE E:\Games\JoWooD\DIEGIL~1\INSTALL.LOG
Die Schlacht um Mittelerde™ II-->E:\Program Files (x86)\Electronic Arts\Die Schlacht um Mittelerde II\EAUninstall.exe
DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
EA Download Manager-->E:\Program Files (x86)\Electronic Arts\EADM\Uninstall.exe
EVEREST Ultimate Edition v5.30-->"D:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\unins000.exe"
FIFA 10-->MsiExec.exe /X{11202615-E557-4ECF-9B86-F59C81E52909}
FileZilla Client 3.2.7.1-->D:\Program Files (x86)\FileZilla FTP Client\uninstall.exe
Freelancer-->"E:\Program Files (x86)\Microsoft Games\Freelancer\UNINSTAL.EXE" /runtemp /addremove
FUSSBALL MANAGER 10-->E:\Program Files (x86)\EA SPORTS\FUSSBALL MANAGER 10\eauninstall.exe
GameCenter 1.3.0.5-->"C:\Program Files (x86)\Cyanide\GameCenter\unins000.exe"
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)-->C:\Windows\SQL9_KB970892_ENU\Hotfix.exe /Uninstall
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)-->C:\Windows\SQLTools9_KB970892_ENU\Hotfix.exe /Uninstall
Grand Theft Auto IV-->"C:\Program Files (x86)\InstallShield Installation Information\{579BA58C-F33D-4970-9953-B94B43768AC3}\setup.exe" -runfromtemp -l0x0007 -removeonly
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)-->C:\Windows\SysWOW64\msiexec.exe /package {D7DAD1E4-45F4-3B2B-899A-EA728167EC4F} /uninstall {06694B0F-B778-4E13-B841-4FF9CC81D0C5} /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)-->C:\Windows\SysWOW64\msiexec.exe /package {D7DAD1E4-45F4-3B2B-899A-EA728167EC4F} /uninstall {E1404B9C-5F36-406A-B720-70FA3F242B7B} /qb+ REBOOTPROMPT=""
Java Media Framework 2.1.1a-->C:\Windows\IsUninst.exe -f"D:\Program Files (x86)\JMF2.1.1\Uninst.isu"
Java MP3 PlugIn-->C:\Windows\IsUninst.exe -f"D:\Program Files (x86)\Java\jre6\Uninst.isu"
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013F0}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
LyX 1.6.4-1-->"E:\Lyx\Uninstall-LyX.exe"
Malwarebytes' Anti-Malware-->"D:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
MathPlayer-->C:\Program Files (x86)\Design Science\MathPlayer\Setup.exe -u
Microsoft Document Explorer 2008-->C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
Microsoft Document Explorer 2008-->MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}
Microsoft Flight Simulator X Service Pack 1-->C:\Windows\SysWOW64\msiexec.exe /qb /l*vx "%TEMP%\FlightSimPatchUninstall.log" /uninstall {7FB5887E-FA27-4CDC-BBA4-146487E789FA} /package {F535B2CF-C9BB-4162-B03A-02D6971F32CC}
Microsoft Flight Simulator X Service Pack 2-->MsiExec.exe /X{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}
Microsoft Flight Simulator X-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F535B2CF-C9BB-4162-B03A-02D6971F32CC}
Microsoft Flight Simulator X-->MsiExec.exe /X{F535B2CF-C9BB-4162-B03A-02D6971F32CC}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{8FB1B528-E260-451E-9B55-E9152F94B80B}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{F97E3841-CA9D-4964-9D64-26066241D26F}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0021-0409-0000-0000000FF1CE} /uninstall {E1044ED2-E4AD-4B39-B500-31109750F6B4}
Microsoft Office Visio 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0054-0409-0000-0000000FF1CE} /uninstall {519D9F45-CBF4-4E57-B419-11F196CCA8AE}
Microsoft Office Visio 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}
Microsoft Office Visio MUI (English) 2007-->MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPROR /dll OSETUP.DLL
Microsoft Office Visio Professional 2007-->MsiExec.exe /X{91120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer 2007-->MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}
Microsoft Office Visual Web Developer MUI (English) 2007-->MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Express Edition-->MsiExec.exe /I{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"C:\Program Files (x86)\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Compact 3.5 Design Tools ENU-->MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU-->MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft SQL Server Compact 3.5 for Devices ENU-->MsiExec.exe /I{241F2BF7-69EB-42A4-9156-96B2426C7504}
Microsoft SQL Server Database Publishing Wizard 1.2-->MsiExec.exe /X{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
Microsoft Visual Studio 2008 Professional Edition - ENU-->E:\Program Files (x86)\Microsoft Visual Studio 9.0\Microsoft Visual Studio 2008 Professional Edition - ENU\setup.exe
Microsoft Visual Studio Web Authoring Component-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
MiKTeX 2.7-->"E:\Program Files (x86)\MiKTeX 2.7\miktex\bin\copystart_admin.exe" "E:\Program Files (x86)\MiKTeX 2.7\miktex\config\uninstall.dat"
Mozilla Firefox (3.5.6)-->D:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter-->C:\Program Files (x86)\InstallShield Installation Information\{51123D42-6B9C-4B93-900C-29F9EC5963C9}\setup.exe -runfromtemp -l0x0009 -removeonly
NHL™ 09-->MsiExec.exe /X{827B97A9-B347-4110-9F89-37AF2B758F94}
Norton Security Scan-->C:\Program Files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\InstStub.exe /X
NVIDIA PhysX v8.05.26-->MsiExec.exe /X{11AE6807-50D2-4F59-82B3-2C3E695E94C2}
Packet Tracer 5.1-->"D:\Program Files (x86)\Packet Tracer 5.1\unins000.exe"
Patch v4.1-->"E:\Program Files (x86)\The Guild 2 - Renaissance\unins001.exe"
ProtectDisc Driver, Version 11-->C:\Program Files (x86)\ProtectDisc Driver Installer\uninstall_v11.exe
QuickTime-->MsiExec.exe /I{EB900AF8-CC61-4E15-871B-98D1EA3E8025}
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
Rockstar Games Social Club-->"C:\Program Files (x86)\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x0007 -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio 2007 (KB982127)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {AA3200A8-BD90-4763-B7D0-27DFBFB8DD71}
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Star Wars Empire at War-->C:\Program Files (x86)\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}\setup.exe -runfromtemp -l0x0007 -removeonly
Star Wars: The Force Unleashed-->"E:\Program Files (x86)\Activision\Star Wars The Force Unleashed\unins000.exe"
Steamless Left4Dead2 Pack-->E:\Program Files (x86)\Steamless Left4Dead2 Pack\uninstall.exe
TeleTeachingTool-->"D:\Program Files (x86)\TeleTeachingTool\Uninstall.exe" "D:\Program Files (x86)\TeleTeachingTool\install.log"
The Guild 2 - Renaissance-->"E:\Program Files (x86)\The Guild 2 - Renaissance\unins000.exe"
The Guild 2 - Renaissance-->"E:\Program Files (x86)\The Guild 2 - Renaissance\unins002.exe"
TmNationsForever Update 2010-03-15-->"E:\Program Files (x86)\TmNationsForever\unins000.exe"
Tour de France 2010 - Der offizielle Radsport-Manager Version 1-->"E:\Program Files (x86)\Cyanide\Pro Cycling Manager - Season 2010\unins000.exe"
Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)-->MsiExec.exe /X{07629207-FAA0-4F1A-8092-BF5085BE511F}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Visio 2007 Help (KB963666)-->msiexec /package {90120000-0054-0409-0000-0000000FF1CE} /uninstall {D2C4ACC9-12F5-4E1C-81A8-5DC878AC6278}
VC Runtimes MSI-->MsiExec.exe /X{FF29527A-44CD-3422-945E-981A13584000}
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Visual Studio 2005 Tools for Office Second Edition Runtime-->C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime-->C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe
Visual Studio Tools for the Office system 3.0 Runtime-->MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6}
VLC media player 1.0.1-->D:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Windows Mobile 5.0 SDK R2 for Pocket PC-->MsiExec.exe /I{6C9F6D23-E9AD-43C9-B43A-011562AAF876}
Windows Mobile 5.0 SDK R2 for Smartphone-->MsiExec.exe /I{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}
WinRAR-->D:\Program Files (x86)\WinRAR\uninstall.exe
======Security center information======
AS: Windows Defender
======System event log======
Computer Name: Athlon-7850
Event Code: 4383
Message: Windows-Wartung hat das Update 977816-18_neutral_PACKAGE aus Paket KB977816 (Security Update) in den Status Installiert(Installed) gesetzt.
Record Number: 100451
Source Name: Microsoft-Windows-Servicing
Time Written: 20100415125338.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: Athlon-7850
Event Code: 4383
Message: Windows-Wartung hat das Update 977816-16_neutral_PACKAGE aus Paket KB977816 (Security Update) in den Status Installiert(Installed) gesetzt.
Record Number: 100450
Source Name: Microsoft-Windows-Servicing
Time Written: 20100415125338.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: Athlon-7850
Event Code: 4373
Message: Windows-Wartung hat das Paket KB977816(Security Update) erfolgreich in den Status Installiert(Installed) gesetzt.
Record Number: 100449
Source Name: Microsoft-Windows-Servicing
Time Written: 20100415125338.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: Athlon-7850
Event Code: 4383
Message: Windows-Wartung hat das Update 977816-22_neutral_PACKAGE aus Paket KB977816 (Security Update) in den Status Installiert(Installed) gesetzt.
Record Number: 100448
Source Name: Microsoft-Windows-Servicing
Time Written: 20100415125338.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: Athlon-7850
Event Code: 4383
Message: Windows-Wartung hat das Update 977816-21_neutral_PACKAGE aus Paket KB977816 (Security Update) in den Status Installiert(Installed) gesetzt.
Record Number: 100447
Source Name: Microsoft-Windows-Servicing
Time Written: 20100415125338.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
=====Application event log=====
Computer Name: Athlon-7850
Event Code: 1005
Message: Ergebnis der Inanspruchnahme von Windows-Rechten: hr=0x0
Record Number: 35501
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20100303214722.000000-000
Event Type: Informationen
User:
Computer Name: Athlon-7850
Event Code: 1003
Message: Softwarelizenzierungsdienst hat die Überprüfung des Lizenzierungsstatus abgeschlossen.
Anwendungs-ID=55c92734-d682-4d71-983e-d6ec3f16059f
Lizenzierungsstatus=
{1,[11db994f-af86-4eb9-af35-fb4e3b0256f5, 8, 0xC004F014,0x0]}
{1,[3a1d44e2-bede-46fb-8a02-0cd485a1db8b, 8, 0xC004F014,0x0]}
{1,[6b16d38b-7dac-4614-9948-b4a92ddba889, 8, 0xC004F014,0x0]}
{1,[9e042223-03bf-49ae-808f-ff37f128d40d, 8, 0xC004F014,0x0]}
{1,[a3481201-436e-4fc9-88b4-34ccf7f81789, 8, 0xC004F014,0x0]}
{1,[a4eec485-e375-48b4-8f51-80d13a4086b6, 8, 0xC004F014,0x0]}
{1,[a7a4a974-ad47-420e-8e1a-83d28572058a, 8, 0xC004F014,0x0]}
{1,[b6795467-dc45-4acf-af87-e948ee3f15f4, 8, 0xC004F014,0x0]}
{1,[bffdc375-bbd5-499d-8ef1-4f37b61c895f, 8, 0xC004F014,0x0]}
{1,[c3505bd0-004a-49b9-84db-a1a4869eddf1, 8, 0xC004F014,0x0]}
{1,[c5d8ec70-e2ae-42d8-aaa9-eec3772438ee, 8, 0xC004F014,0x0]}
{1,[cdb090c3-053c-4cd1-9cb2-e35b1738747a, 8, 0xC004F014,0x0]}
{1,[da0483a8-c443-45fd-9b52-2bba9b2ee8ab, 8, 0xC004F014,0x0]}
{1,[e05164a4-fb9a-471f-8c3a-6959b4cf1b72, 8, 0xC004F014,0x0]}
{1,[f3acdd3c-119a-4932-a3d7-0b6f33a1dca9, 0, 0x0,0x0],[0x0,0x0,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0,0,0x0]}
{1,[afd5f68f-b70f-4000-a21d-28dbc8be8b07, 8, 0xC004F014,0x0]}
Record Number: 35500
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20100303214722.000000-000
Event Type: Informationen
User:
Computer Name: Athlon-7850
Event Code: 1033
Message: Die Richtlinien werden ausgeschlossen, da sie nur mit dem override-only-Attribut definiert wurden.
Richtliniennamen=(IIS-W3SVC-MaxConcurrentRequests) (Telnet-Client-EnableTelnetClient) (Telnet-Client-EnableTelnetClient_w) (Telnet-Server-EnableTelnetServer) (Telnet-Server-EnableTelnetServer_w)
Anwendungs-ID=55c92734-d682-4d71-983e-d6ec3f16059f
SKU-ID=f3acdd3c-119a-4932-a3d7-0b6f33a1dca9
Record Number: 35499
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20100303214722.000000-000
Event Type: Informationen
User:
Computer Name: Athlon-7850
Event Code: 1531
Message: Der Benutzerprofildienst wurde erfolgreich gestartet.
Record Number: 35498
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100303214718.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: Athlon-7850
Event Code: 4625
Message: Das EventSystem-Subsystem unterdrückt duplizierte Ereignisprotokolleinträge für eine Dauer von 86400 Sekunden. Dieses Zeitlimit kann durch den REG_DWORD-Wert SuppressDuplicateDuration unter folgendem Registrierungsschlüssel gesteuert werden: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 35497
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100303214718.000000-000
Event Type: Informationen
User:
=====Security event log=====
Computer Name: Athlon-7850
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: ATHLON-7850$
Kontodomäne: NETZWERK
Anmelde-ID: 0x3e7
Anmeldetyp: 5
Neue Anmeldung:
Sicherheits-ID: S-1-5-20
Kontoname: NETZWERKDIENST
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e4
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Prozessinformationen:
Prozess-ID: 0x2b8
Prozessname: C:\Windows\System32\services.exe
Netzwerkinformationen:
Arbeitsstationsname:
Quellnetzwerkadresse: -
Quellport: -
Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: Advapi
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0
Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 17622
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091122112216.964144-000
Event Type: Überwachung erfolgreich
User:
Computer Name: Athlon-7850
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Berechtigungen: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 17621
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091122112216.870543-000
Event Type: Überwachung erfolgreich
User:
Computer Name: Athlon-7850
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: ATHLON-7850$
Kontodomäne: NETZWERK
Anmelde-ID: 0x3e7
Anmeldetyp: 5
Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Prozessinformationen:
Prozess-ID: 0x2b8
Prozessname: C:\Windows\System32\services.exe
Netzwerkinformationen:
Arbeitsstationsname:
Quellnetzwerkadresse: -
Quellport: -
Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: Advapi
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0
Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 17620
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091122112216.870543-000
Event Type: Überwachung erfolgreich
User:
Computer Name: Athlon-7850
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: ATHLON-7850$
Kontodomäne: NETZWERK
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Konto, dessen Anmeldeinformationen verwendet wurden:
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Zielserver:
Zielservername: localhost
Weitere Informationen: localhost
Prozessinformationen:
Prozess-ID: 0x2b8
Prozessname: C:\Windows\System32\services.exe
Netzwerkinformationen:
Netzwerkadresse: -
Port: -
Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 17619
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091122112216.870543-000
Event Type: Überwachung erfolgreich
User:
Computer Name: Athlon-7850
Event Code: 4902
Message: Eine Benutzerrichtlinien-Überwachungstabelle wurde erstellt.
Anzahl von Elementen: 0
Richtlinienkennung: 0x146dc
Record Number: 17618
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091122112216.667742-000
Event Type: Überwachung erfolgreich
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=E:\Program Files (x86)\MiKTeX 2.7\miktex\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;D:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn\;C:\Program Files (x86)\Common Files\DivX Shared\;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 2 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=0203
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE
"VS90COMNTOOLS"=e:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\Tools\
"RGSCLauncher"=E:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club
"RGSC"=E:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\1_0_0_0
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;D:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=D:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by *** at 2010-09-07 16:07:13 Microsoft® Windows Vista™ Home Premium Service Pack 2 System drive C: has 9 GB (17%) free of 52 GB Total RAM: 8190 MB (79% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:07:17, on 07.09.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Program Files (x86)\ASUS\AASP\1.00.82\aaCenter.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Windows\SysWOW64\rundll32.exe D:\Program Files (x86)\NETGEAR\WG111T\wlan111t.exe D:\Program Files (x86)\ASUS\AI Suite\Q-Button\QButton.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe D:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe E:\Eigene Dateien\Desktop\RSIT.exe C:\Program Files (x86)\trend micro\***.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1351351 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - (no file) O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Ai Nap] "D:\Program Files (x86)\ASUS\AI Suite\Q-Button\QButton.exe" O4 - HKLM\..\Run: [QFan Help] "D:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" O4 - HKLM\..\Run: [Cpu Level Up help] "D:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [nxasocewrm.exe] "C:\Users\***\AppData\Local\Temp\nxasocewrm.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files (x86)\Alcohol Soft\Alcohol 52\axcmd.exe" /automount O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [RGSC] E:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "E:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun O4 - HKCU\..\Run: [byivqr] RUNDLL32.EXE C:\Users\***\AppData\Local\Temp\msllhsjn.dll,w O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ? O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - hxxp://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-416053540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{8A9BC827-1B38-4705-9949-BBEAE13D0DB2}: NameServer = 195.3.96.67 213.33.98.136 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: application/xhtml+xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: application/xhtml+xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Unknown owner - C:\Windows\System32\appdrvrem01.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10384 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Norton Security Scan for ***.job C:\Windows\tasks\User_Feed_Synchronization-{4C930AB4-14B1-4E60-A93F-1FEE84B26496}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] AskBar BHO - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [2008-09-29 325000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [2008-09-29 325000] {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "StartCCC"=D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-04-28 61440] "Ai Nap"=D:\Program Files (x86)\ASUS\AI Suite\Q-Button\QButton.exe [2008-12-22 1953280] "QFan Help"=D:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe [2008-05-06 594432] "Cpu Level Up help"=D:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe [2007-11-30 881152] "Adobe Reader Speed Launcher"=D:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] "QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-08-10 421888] "iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2010-09-01 421160] "SunJavaUpdateSched"=D:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-10-11 149280] "DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584] "nxasocewrm.exe"=C:\Users\***\AppData\Local\Temp\nxasocewrm.exe [2010-09-07 48128] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1555968] "AlcoholAutomount"=D:\Program Files (x86)\Alcohol Soft\Alcohol 52\axcmd.exe [2009-04-24 203416] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240] "RGSC"=E:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2010-03-14 306088] "Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2010-05-13 26192168] "DAEMON Tools Pro Agent"=E:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [2010-04-15 427328] "byivqr"=C:\Users\***\AppData\Local\Temp\msllhsjn.dll [2010-09-07 36865] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup NETGEAR WG111T Smart Wizard.lnk - D:\Program Files (x86)\NETGEAR\WG111T\wlan111t.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "ForceActiveDesktopOn"=0 "BindDirectlyToPropertySetStorage"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "D:\Program Files (x86)\BitTorrent\bittorrent.exe"="D:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\SysWOW64\Notepad.exe %1 .js - open - C:\Windows\SysWOW64\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-09-07 16:07:13 ----D---- C:\rsit 2010-09-07 16:07:13 ----D---- C:\Program Files (x86)\trend micro 2010-09-07 13:38:10 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes 2010-09-07 13:38:03 ----A---- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys 2010-09-07 13:38:02 ----D---- C:\ProgramData\Malwarebytes 2010-09-07 13:02:01 ----A---- C:\Windows\SysWOW64\3356018.BAT 2010-09-07 13:01:39 ----D---- C:\Users\***\AppData\Roaming\49B403C00339D9F911D0257CF39FD721 2010-09-06 16:32:18 ----D---- C:\Program Files (x86)\Common Files\Symantec Shared 2010-09-03 23:40:44 ----A---- C:\Windows\SysWOW64\javaws.exe 2010-09-03 23:40:44 ----A---- C:\Windows\SysWOW64\javaw.exe 2010-09-03 23:40:44 ----A---- C:\Windows\SysWOW64\java.exe 2010-09-03 23:40:25 ----D---- C:\Program Files (x86)\Java 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jsound.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmvh263.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmvfw.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmvcm.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmutil.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmmpegv.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmmpa.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmmci.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmjpeg.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmh263enc.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmh261.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmgsm.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmgdi.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmg723.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmfjawt.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmddraw.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmdaudc.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmdaud.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmcvid.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmam.dll 2010-09-03 22:27:34 ----A---- C:\Windows\SysWOW64\jmacm.dll 2010-09-03 20:31:13 ----A---- C:\Windows\IsUninst.exe 2010-09-02 12:55:46 ----D---- C:\Program Files (x86)\iTunes 2010-09-02 12:53:34 ----D---- C:\Program Files (x86)\QuickTime 2010-09-02 12:51:02 ----D---- C:\Program Files (x86)\Bonjour 2010-08-30 21:47:13 ----D---- C:\ProgramData\Symantec 2010-08-30 21:47:13 ----D---- C:\ProgramData\Norton 2010-08-30 21:47:13 ----D---- C:\Program Files (x86)\Norton Security Scan 2010-08-30 21:47:12 ----D---- C:\ProgramData\NortonInstaller 2010-08-30 21:47:12 ----D---- C:\Program Files (x86)\NortonInstaller 2010-08-30 19:28:56 ----D---- C:\ProgramData\EA Logs 2010-08-25 21:27:01 ----D---- C:\Users\***\AppData\Roaming\The Creative Assembly 2010-08-25 17:42:16 ----D---- C:\Program Files (x86)\Design Science 2010-08-17 13:42:46 ----D---- C:\Program Files (x86)\The Guild 2 - Renaissance 2010-08-16 15:49:04 ----A---- C:\Windows\SysWOW64\rtutils.dll 2010-08-16 15:48:32 ----A---- C:\Windows\SysWOW64\iccvid.dll 2010-08-16 15:48:11 ----A---- C:\Windows\SysWOW64\mshtml.dll 2010-08-16 15:48:11 ----A---- C:\Windows\SysWOW64\iertutil.dll 2010-08-16 15:48:10 ----A---- C:\Windows\SysWOW64\ieframe.dll 2010-08-16 15:48:09 ----A---- C:\Windows\SysWOW64\urlmon.dll 2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\wininet.dll 2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\occache.dll 2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\mstime.dll 2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll 2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\msfeeds.dll 2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\ieUnatt.exe 2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\ieui.dll 2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\iesysprep.dll 2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\iesetup.dll 2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\iernonce.dll 2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\iepeers.dll 2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\iedkcs32.dll 2010-08-16 15:48:08 ----A---- C:\Windows\SysWOW64\ie4uinit.exe 2010-08-16 15:48:07 ----A---- C:\Windows\SysWOW64\msfeedssync.exe 2010-08-16 15:48:07 ----A---- C:\Windows\SysWOW64\jsproxy.dll 2010-08-16 15:48:03 ----A---- C:\Windows\SysWOW64\msxml3.dll 2010-08-16 15:47:57 ----A---- C:\Windows\SysWOW64\schannel.dll ======List of files/folders modified in the last 1 months====== 2010-09-07 16:07:16 ----D---- C:\Windows\Temp 2010-09-07 16:07:13 ----RD---- C:\Program Files (x86) 2010-09-07 15:54:51 ----D---- C:\Windows\Debug 2010-09-07 15:54:51 ----D---- C:\Windows 2010-09-07 15:44:02 ----D---- C:\Windows\SysWOW64 2010-09-07 13:38:03 ----D---- C:\Windows\SysWOW64\drivers 2010-09-07 13:38:02 ----HD---- C:\ProgramData 2010-09-07 13:12:20 ----D---- C:\Windows\Prefetch 2010-09-07 13:01:36 ----SHD---- C:\Windows\Installer 2010-09-07 12:15:50 ----SHD---- C:\System Volume Information 2010-09-07 12:11:14 ----D---- C:\Users\***\AppData\Roaming\Skype 2010-09-06 20:16:31 ----SD---- C:\Windows\Downloaded Program Files 2010-09-06 16:32:18 ----D---- C:\Program Files (x86)\Common Files 2010-09-05 15:19:11 ----D---- C:\ProgramData\DivX 2010-09-05 15:19:11 ----D---- C:\Program Files (x86)\DivX 2010-09-05 15:19:11 ----D---- C:\Program Files (x86)\Common Files\DivX Shared 2010-09-03 21:31:31 ----D---- C:\Users\***\AppData\Roaming\vlc 2010-09-03 11:45:30 ----D---- C:\Program Files (x86)\Microsoft Silverlight 2010-09-02 12:55:47 ----RD---- C:\Program Files 2010-09-02 12:55:46 ----D---- C:\ProgramData\Apple Computer 2010-09-02 12:55:46 ----D---- C:\Program Files (x86)\Common Files\Apple 2010-09-02 12:52:16 ----D---- C:\Windows\inf 2010-09-02 12:51:02 ----D---- C:\Windows\System32 2010-09-01 15:25:07 ----SD---- C:\Users\***\AppData\Roaming\Microsoft 2010-08-31 20:58:26 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI 2010-08-30 21:47:18 ----D---- C:\Windows\Tasks 2010-08-30 19:24:29 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2010-08-30 19:18:11 ----D---- C:\Windows\Minidump 2010-08-26 01:16:09 ----D---- C:\Users\***\AppData\Roaming\BitTorrent 2010-08-25 20:52:30 ----RSD---- C:\Windows\assembly 2010-08-25 17:42:16 ----RSD---- C:\Windows\Fonts 2010-08-24 19:42:09 ----D---- C:\Users\***\AppData\Roaming\temp 2010-08-17 12:32:47 ----D---- C:\Windows\winsxs 2010-08-17 12:28:02 ----D---- C:\Windows\Microsoft.NET 2010-08-17 12:19:52 ----D---- C:\Program Files (x86)\Internet Explorer 2010-08-17 12:19:49 ----D---- C:\Program Files (x86)\Windows Mail 2010-08-17 12:19:48 ----D---- C:\Windows\SysWOW64\migration 2010-08-16 22:00:06 ----A---- C:\Windows\win.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [] R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\Windows\System32\drivers\sfdrv01a.sys [] R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [] R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x); C:\Windows\System32\drivers\sfsync04.sys [] R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [] R1 appdrv01;Application Driver (01); C:\Windows\System32\Drivers\appdrv01.sys [] R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2007-12-17 14392] R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [] R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\Windows\system32\drivers\AtiHdmi.sys [] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [] R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [] R3 RTL8169;Realtek 8169-NT-Treiber; C:\Windows\system32\DRIVERS\Rtlh64.sys [] S0 prohlp02;StarForce Protection Helper Driver v2; C:\Windows\System32\drivers\prohlp02.sys [2004-04-08 70400] S0 prosync1;StarForce Protection Synchronization Driver v1; C:\Windows\System32\drivers\prosync1.sys [2003-09-06 6944] S0 sfhlp01;StarForce Protection Helper Driver; C:\Windows\System32\drivers\sfhlp01.sys [2003-12-01 4832] S1 acedrv07;acedrv07; \??\C:\Windows\system32\drivers\acedrv07.sys [] S1 prodrv06;StarForce Protection Environment Driver v6; C:\Windows\System32\drivers\prodrv06.sys [2004-04-08 54272] S1 SSHDRV59;SSHDRV59; \??\C:\Windows\system32\drivers\SSHDRV59.sys [2010-02-13 35840] S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [] S2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [] S3 a2shxq3i;a2shxq3i; C:\Windows\SysWOW64\drivers\a2shxq3i.sys [] S3 asb6kma2;asb6kma2; C:\Windows\SysWOW64\drivers\asb6kma2.sys [] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [] S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [] S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50a64.sys [] S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50a64.sys [] S3 PCD59X2;PCD59X2; \??\C:\Users\***\AppData\Local\Temp\PCD59X2.sys [] S3 PCD59X3;PCD59X3; \??\C:\Users\***\AppData\Local\Temp\PCD59X3.sys [] S3 PCD59X4;PCD59X4; \??\C:\Users\***\AppData\Local\Temp\PCD59X4.sys [] S3 PCD59X5;PCD59X5; \??\C:\Users\***\AppData\Local\Temp\PCD59X5.sys [] S3 PCD59X6;PCD59X6; \??\C:\Users\***\AppData\Local\Temp\PCD59X6.sys [] S3 PCD59X7;PCD59X7; \??\C:\Users\***\AppData\Local\Temp\PCD59X7.sys [] S3 WG111T;NETGEAR WG111T USB2.0 Wireless Card Service; C:\Windows\system32\DRIVERS\WG111Tvx.sys [] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [] S3 xnacc;Treiberdienst XBOX 360-Controller für Windows; C:\Windows\system32\DRIVERS\xnacc.sys [] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672] R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [2008-08-15 86016] R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-07-27 345376] R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680] R2 MSSQLSERVER;SQL Server (MSSQLSERVER); D:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680] R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-12-26 66872] R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-12-26 103736] R2 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968] R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 153952] R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-09-01 932640] S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\Windows\System32\appdrvrem01.exe svc [] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504] S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968] S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408] S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2007-11-07 4466688] -----------------EOF----------------- bin ich jetzt clean Danke für Eure Hilfe!!! lg |
|
07.09.2010, 15:29
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Antimalware DoctorZitat:
__________________ |
|
07.09.2010, 15:36
| #3 | |
| | Antimalware DoctorZitat:
also wird wohl ein von irgendeinem Spiel kommen. das war aber net da grund. was noch wichtig ist, dass das Problem nach einen Besuch einer Seite mit Stream aufgetreten ist. suchte nähmlich einen Stream für das u21 Spiel da der ORF nicht überträgt. Sah ganz vernüftig aus. ich wurde nur gefragt, ob ich den Windows Media Player ausführen möchte. danach war ich auch noch auf einer Seite von jener kam es glaub ich eher, nur da hab ich nichts gemacht außer auf Abbrechen zu drücken. lg |
|
07.09.2010, 15:58
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antimalware Doctor Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ --> Welcher Virenscanner? --> Programme richtig installieren --> Backup mit DriveSnapshot --> Das TB unterstützen |
|
07.09.2010, 16:52
| #5 |
| | Antimalware Doctor hab probleme beim Posten des Beitrags!! Danke für deine Hilfe! Code:
ATTFilter OTL logfile created on: 07.09.2010 17:05:45 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = E:\Eigene Dateien\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 75,00% Memory free 16,00 Gb Paging File | 14,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 51,27 Gb Total Space | 8,50 Gb Free Space | 16,58% Space Free | Partition Type: NTFS Drive D: | 23,26 Gb Total Space | 21,14 Gb Free Space | 90,89% Space Free | Partition Type: NTFS Drive E: | 298,09 Gb Total Space | 18,86 Gb Free Space | 6,33% Space Free | Partition Type: NTFS Drive F: | 3,62 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 335,35 Gb Total Space | 3,53 Gb Free Space | 1,05% Space Free | Partition Type: NTFS Computer Name: ATHLON-7850 Current User Name: **** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - E:\Eigene Dateien\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Windows\SysWOW64\PnkBstrB.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe (Skype Technologies S.A.) PRC - D:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - D:\Program Files (x86)\ASUS\AI Suite\Q-Button\QButton.exe () PRC - C:\Program Files (x86)\ASUS\AASP\1.00.82\aaCenter.exe () PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe () PRC - D:\Program Files (x86)\NETGEAR\WG111T\wlan111t.exe (NETGEAR) ========== Modules (SafeList) ========== MOD - E:\Eigene Dateien\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Users\****\AppData\Local\Temp\msllhsjn.dll () MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (PnkBstrB) -- C:\Windows\SysNative\PnkBstrB.exe File not found SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found SRV:64bit: - (appdrvrem01) -- C:\Windows\SysNative\appdrvrem01.exe (Protection Technology) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation) SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (MSSQLSERVER) SQL Server (MSSQLSERVER) -- D:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (SSHDRV59) -- C:\Windows\SysNative\drivers\SSHDRV59.sys File not found DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found DRV:64bit: - (appdrv01) Application Driver (01) -- C:\Windows\SysNative\Drivers\appdrv01.sys (Protection Technology) DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys () DRV:64bit: - (acedrv07) -- C:\Windows\SysNative\drivers\acedrv07.sys () DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys () DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.) DRV:64bit: - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\Windows\SysNative\drivers\sfsync04.sys (Protection Technology (StarForce)) DRV:64bit: - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\Windows\SysNative\drivers\sfdrv01a.sys (Protection Technology (StarForce)) DRV:64bit: - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\SysNative\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV:64bit: - (xnacc) -- C:\Windows\SysNative\DRIVERS\xnacc.sys (Microsoft Corporation) DRV:64bit: - (WG111T) -- C:\Windows\SysNative\DRIVERS\WG111Tvx.sys (Atheros Communications, Inc.) DRV:64bit: - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfvfs02.sys (Protection Technology (StarForce)) DRV:64bit: - (PCAMp50a64) -- C:\Windows\SysNative\Drivers\PCAMp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV:64bit: - (PCASp50a64) -- C:\Windows\SysNative\Drivers\PCASp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys () DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV:64bit: - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (SSHDRV59) -- C:\Windows\SysWOW64\drivers\SSHDRV59.sys () DRV - (prohlp02) -- C:\Windows\System32\drivers\prohlp02.sys (Protection Technology) DRV - (prodrv06) -- C:\Windows\System32\drivers\prodrv06.sys (Protection Technology) DRV - (sfhlp01) -- C:\Windows\System32\drivers\sfhlp01.sys (Protection Technology) DRV - (prosync1) -- C:\Windows\System32\drivers\prosync1.sys (Protection Technology) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.laola1.at/hxxp://www.google.at/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1351351 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Softonic Deutsch Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT1351351&SearchSource=13" FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.7.2.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2010.09.02 12:54:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.02 12:54:09 | 000,000,000 | ---D | M] [2009.10.05 21:40:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla\Extensions [2009.06.30 23:17:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\extensions [2009.06.30 23:17:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2010.08.30 19:17:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\jsjqa5a1.default\extensions [2010.08.06 19:16:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\jsjqa5a1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.30 19:17:03 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\jsjqa5a1.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} [2010.08.06 19:16:05 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\jsjqa5a1.default\extensions\DTToolbar@toolbarnet.com [2009.10.06 17:03:36 | 000,000,894 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\jsjqa5a1.default\searchplugins\conduit.xml [2009.12.06 14:38:59 | 000,002,055 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\jsjqa5a1.default\searchplugins\daemon-search.xml O1 HOSTS File: ([2010.09.07 13:30:16 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Ai Nap] D:\Program Files (x86)\ASUS\AI Suite\Q-Button\QButton.exe () O4 - HKLM..\Run: [Cpu Level Up help] D:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [nxasocewrm.exe] C:\Users\****\AppData\Local\Temp\nxasocewrm.exe () O4 - HKLM..\Run: [QFan Help] D:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe () O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [AlcoholAutomount] D:\Program Files (x86)\Alcohol Soft\Alcohol 52\axcmd.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [byivqr] C:\Users\****\AppData\Local\Temp\msllhsjn.DLL () O4 - HKCU..\Run: [DAEMON Tools Pro Agent] E:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKCU..\Run: [RGSC] E:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-416053540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe (Virtools WebPlayer Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138 O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - Reg Error: Key error. File not found O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - Reg Error: Key error. File not found O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - Reg Error: Key error. File not found O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found O18:64bit: - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - Reg Error: Key error. File not found O18:64bit: - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - Reg Error: Key error. File not found O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.) O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.) O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.) O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img33.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img33.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.01.21 22:00:00 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ UDF ] O33 - MountPoints2\{231d01ce-6e17-11de-af5e-00248c40c75f}\Shell\AutoRun\command - "" = H:\ O33 - MountPoints2\{231d01ce-6e17-11de-af5e-00248c40c75f}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM O33 - MountPoints2\{2e53f36b-6278-11de-864b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{2e53f36b-6278-11de-864b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found O33 - MountPoints2\{3a11e93e-a94d-11df-9142-f92f51994443}\Shell - "" = AutoRun O33 - MountPoints2\{3a11e93e-a94d-11df-9142-f92f51994443}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{97882528-8838-11df-a800-b819468a5c58}\Shell - "" = AutoRun O33 - MountPoints2\{97882528-8838-11df-a800-b819468a5c58}\Shell\AutoRun\command - "" = H:\Launcher.exe -- File not found O33 - MountPoints2\{a4d4d077-6252-11de-8006-00248c40c75f}\Shell - "" = AutoRun O33 - MountPoints2\{a4d4d077-6252-11de-8006-00248c40c75f}\Shell\AutoRun\command - "" = G:\Installer.EXE -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.07 16:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro [2010.09.07 16:07:13 | 000,000,000 | ---D | C] -- C:\rsit [2010.09.07 14:13:53 | 000,574,976 | ---- | C] (OldTimer Tools) -- E:\Eigene Dateien\Desktop\OTL.exe [2010.09.07 14:12:05 | 003,427,248 | ---- | C] (Piriform Ltd) -- E:\Eigene Dateien\Desktop\ccsetup235.exe [2010.09.07 13:38:10 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2010.09.07 13:38:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.09.07 13:38:02 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.09.07 13:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.07 13:36:29 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- E:\Eigene Dateien\Desktop\mbam-setup.exe [2010.09.07 13:01:44 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Windows Server [2010.09.07 13:01:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\49B403C00339D9F911D0257CF39FD721 [2010.09.06 16:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2010.09.03 23:40:44 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.09.03 23:40:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.09.03 23:40:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.09.03 23:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2010.09.03 23:36:22 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{7148F0A6-6813-11D6-A77B-00B0D0142040} [2010.09.03 23:07:06 | 000,718,186 | ---- | C] (InstallShield Software Corporation) -- E:\Eigene Dateien\Desktop\javamp3-1_0.exe [2010.09.03 20:31:13 | 000,304,128 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe [2010.09.02 12:55:47 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.09.02 12:55:46 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.09.02 12:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2010.09.02 12:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010.09.02 12:51:02 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.09.02 12:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2010.08.30 21:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2010.08.30 21:47:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64 [2010.08.30 21:47:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan [2010.08.30 21:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2010.08.30 21:47:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0207030.022 [2010.08.30 21:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2010.08.30 21:47:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2010.08.30 19:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs [2010.08.25 21:27:01 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\The Creative Assembly [2010.08.25 17:42:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Design Science [2010.08.17 13:42:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Guild 2 - Renaissance [2010.08.16 15:49:04 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll [2010.08.16 15:49:04 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll [2010.08.16 15:48:32 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll [2010.08.16 15:48:28 | 004,697,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2010.08.16 15:48:12 | 002,335,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll [2010.08.16 15:48:09 | 000,706,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2010.08.16 15:48:08 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2010.08.16 15:48:08 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2010.08.16 15:48:08 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010.08.16 15:48:08 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.08.16 15:48:08 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2010.08.16 15:48:08 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.08.16 15:48:08 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2010.08.16 15:48:08 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.08.16 15:48:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2010.08.16 15:48:08 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.08.16 15:48:08 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2010.08.16 15:48:08 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2010.08.16 15:48:08 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2010.08.16 15:48:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2010.08.16 15:48:08 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2010.08.16 15:48:08 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2010.08.16 15:48:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2010.08.16 15:48:08 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2010.08.16 15:48:07 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2010.08.16 15:48:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.08.16 15:48:07 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.08.10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx [2010.08.10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts [2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\SysWow64\Interop.SHDocVw.dll ========== Files - Modified Within 30 Days ========== [2010.09.07 17:07:15 | 003,932,160 | -HS- | M] () -- C:\Users\****\ntuser.dat [2010.09.07 16:06:10 | 000,339,991 | ---- | M] () -- E:\Eigene Dateien\Desktop\RSIT.exe [2010.09.07 16:03:28 | 000,000,388 | ---- | M] () -- E:\Eigene Dateien\Documents\cc_20100907_160325.reg [2010.09.07 16:02:57 | 000,010,612 | ---- | M] () -- E:\Eigene Dateien\Documents\cc_20100907_160254.reg [2010.09.07 16:02:37 | 000,165,202 | ---- | M] () -- E:\Eigene Dateien\Documents\cc_20100907_160225.reg [2010.09.07 15:51:29 | 000,000,669 | ---- | M] () -- E:\Eigene Dateien\Desktop\CCleaner.lnk [2010.09.07 15:47:17 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.07 15:47:17 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.07 15:47:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.07 15:47:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.07 15:45:53 | 000,524,288 | -HS- | M] () -- C:\Users\****\ntuser.dat{3d2c20cc-ad21-11df-96f2-ecdfeb6a9557}.TMContainer00000000000000000001.regtrans-ms [2010.09.07 15:45:53 | 000,065,536 | -HS- | M] () -- C:\Users\****\ntuser.dat{3d2c20cc-ad21-11df-96f2-ecdfeb6a9557}.TM.blf [2010.09.07 15:45:52 | 003,813,845 | -H-- | M] () -- C:\Users\****\AppData\Local\IconCache.db [2010.09.07 14:13:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Eigene Dateien\Desktop\OTL.exe [2010.09.07 14:12:15 | 003,427,248 | ---- | M] (Piriform Ltd) -- E:\Eigene Dateien\Desktop\ccsetup235.exe [2010.09.07 13:47:34 | 000,363,520 | ---- | M] () -- E:\Eigene Dateien\Desktop\iExplore.exe [2010.09.07 13:45:44 | 000,363,520 | ---- | M] () -- E:\Eigene Dateien\Desktop\rkill.com [2010.09.07 13:38:05 | 000,000,643 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.07 13:36:40 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- E:\Eigene Dateien\Desktop\mbam-setup.exe [2010.09.07 13:02:01 | 000,000,150 | ---- | M] () -- C:\Windows\SysWow64\3356018.BAT [2010.09.07 13:01:36 | 000,007,488 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg [2010.09.07 12:12:21 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4C930AB4-14B1-4E60-A93F-1FEE84B26496}.job [2010.09.06 16:54:55 | 000,000,498 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for ****.job [2010.09.05 15:19:11 | 000,001,629 | ---- | M] () -- E:\Eigene Dateien\Desktop\DivX Movies.lnk [2010.09.05 15:19:06 | 000,000,993 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010.09.04 21:11:00 | 000,000,905 | ---- | M] () -- E:\Eigene Dateien\Desktop\SteamLess Left4Dead2.lnk [2010.09.04 14:28:50 | 000,009,466 | ---- | M] () -- C:\Windows\SysWow64\sound.mod [2010.09.03 23:07:10 | 000,718,186 | ---- | M] (InstallShield Software Corporation) -- E:\Eigene Dateien\Desktop\javamp3-1_0.exe [2010.09.02 16:05:12 | 000,040,960 | ---- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.02 12:56:14 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.09.02 12:53:42 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.08.31 20:58:26 | 001,711,142 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.08.31 20:58:26 | 000,715,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.08.31 20:58:26 | 000,683,522 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.08.31 20:58:26 | 000,158,740 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.08.31 20:58:26 | 000,136,982 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.08.30 21:47:13 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NSSx64\0207030.022\isolate.ini [2010.08.30 19:48:40 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.08.30 19:37:25 | 000,001,710 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.08.25 18:24:58 | 000,086,416 | ---- | M] () -- C:\Users\****\AppData\Local\GDIPFONTCACHEV1.DAT [2010.08.25 18:23:33 | 000,346,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.08.21 17:15:50 | 000,524,288 | -HS- | M] () -- C:\Users\****\ntuser.dat{3d2c20cc-ad21-11df-96f2-ecdfeb6a9557}.TMContainer00000000000000000002.regtrans-ms [2010.08.21 00:12:56 | 000,524,288 | -HS- | M] () -- C:\Users\****\ntuser.dat{a2c5f669-7fb3-11df-97a7-a712ea30c652}.TMContainer00000000000000000001.regtrans-ms [2010.08.21 00:12:56 | 000,065,536 | -HS- | M] () -- C:\Users\****\ntuser.dat{a2c5f669-7fb3-11df-97a7-a712ea30c652}.TM.blf [2010.08.20 23:14:38 | 000,000,680 | ---- | M] () -- C:\Users\****\AppData\Local\d3d9caps.dat [2010.08.16 22:00:06 | 000,000,253 | ---- | M] () -- C:\Windows\win.ini [2010.08.16 19:29:35 | 001,689,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.08.16 19:24:02 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk [2010.08.10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx [2010.08.10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts ========== Files Created - No Company Name ========== [2010.09.07 16:06:09 | 000,339,991 | ---- | C] () -- E:\Eigene Dateien\Desktop\RSIT.exe [2010.09.07 16:03:26 | 000,000,388 | ---- | C] () -- E:\Eigene Dateien\Documents\cc_20100907_160325.reg [2010.09.07 16:02:55 | 000,010,612 | ---- | C] () -- E:\Eigene Dateien\Documents\cc_20100907_160254.reg [2010.09.07 16:02:28 | 000,165,202 | ---- | C] () -- E:\Eigene Dateien\Documents\cc_20100907_160225.reg [2010.09.07 15:51:29 | 000,000,669 | ---- | C] () -- E:\Eigene Dateien\Desktop\CCleaner.lnk [2010.09.07 13:47:33 | 000,363,520 | ---- | C] () -- E:\Eigene Dateien\Desktop\iExplore.exe [2010.09.07 13:45:42 | 000,363,520 | ---- | C] () -- E:\Eigene Dateien\Desktop\rkill.com [2010.09.07 13:38:05 | 000,000,643 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.07 13:02:01 | 000,000,150 | ---- | C] () -- C:\Windows\SysWow64\3356018.BAT [2010.09.05 15:19:06 | 000,000,993 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010.09.04 21:11:00 | 000,000,905 | ---- | C] () -- E:\Eigene Dateien\Desktop\SteamLess Left4Dead2.lnk [2010.09.03 22:27:34 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\jmmpa.dll [2010.09.03 22:27:34 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\jsound.dll [2010.09.03 22:27:34 | 000,282,624 | ---- | C] () -- C:\Windows\SysWow64\jmh261.dll [2010.09.03 22:27:34 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\jmvh263.dll [2010.09.03 22:27:34 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\jmjpeg.dll [2010.09.03 22:27:34 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\jmh263enc.dll [2010.09.03 22:27:34 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\jmg723.dll [2010.09.03 22:27:34 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\jmmpegv.dll [2010.09.03 22:27:34 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\jmutil.dll [2010.09.03 22:27:34 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\jmgsm.dll [2010.09.03 22:27:34 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\jmam.dll [2010.09.03 22:27:34 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\jmcvid.dll [2010.09.03 22:27:34 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\jmacm.dll [2010.09.03 22:27:34 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\jmvfw.dll [2010.09.03 22:27:34 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\jmdaud.dll [2010.09.03 22:27:34 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\jmvcm.dll [2010.09.03 22:27:34 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\jmgdi.dll [2010.09.03 22:27:34 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\jmddraw.dll [2010.09.03 22:27:34 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\jmfjawt.dll [2010.09.03 22:27:34 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\jmmci.dll [2010.09.03 22:27:34 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\jmdaudc.dll [2010.09.02 12:56:14 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.09.02 12:53:42 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.08.30 21:47:16 | 000,000,498 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for ****.job [2010.08.30 21:47:13 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0207030.022\isolate.ini [2010.08.30 19:48:40 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.08.30 19:36:52 | 000,001,629 | ---- | C] () -- E:\Eigene Dateien\Desktop\DivX Movies.lnk [2010.08.26 00:21:10 | 000,009,466 | ---- | C] () -- C:\Windows\SysWow64\sound.mod [2010.08.21 14:48:08 | 000,524,288 | -HS- | C] () -- C:\Users\****\ntuser.dat{3d2c20cc-ad21-11df-96f2-ecdfeb6a9557}.TMContainer00000000000000000002.regtrans-ms [2010.08.21 14:48:08 | 000,524,288 | -HS- | C] () -- C:\Users\****\ntuser.dat{3d2c20cc-ad21-11df-96f2-ecdfeb6a9557}.TMContainer00000000000000000001.regtrans-ms [2010.08.21 14:48:08 | 000,065,536 | -HS- | C] () -- C:\Users\****\ntuser.dat{3d2c20cc-ad21-11df-96f2-ecdfeb6a9557}.TM.blf [2010.08.16 19:24:02 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk [2010.07.15 22:44:49 | 000,437,554 | ---- | C] () -- C:\Users\****\AppData\Local\dd_vcredistMSI4FC8.txt [2010.07.15 22:44:49 | 000,011,662 | ---- | C] () -- C:\Users\****\AppData\Local\dd_vcredistUI4FC8.txt [2010.07.05 23:38:57 | 000,028,150 | ---- | C] () -- C:\Users\****\AppData\Local\dd_depcheckdotnetfx30.txt [2010.07.05 23:38:53 | 000,032,214 | ---- | C] () -- C:\Users\****\AppData\Local\dd_dotnetfx3install.txt [2010.07.05 23:38:53 | 000,000,718 | ---- | C] () -- C:\Users\****\AppData\Local\dd_dotnetfx3error.txt [2010.04.04 17:37:20 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2010.04.04 17:37:20 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2010.04.04 17:37:17 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2010.04.04 17:37:17 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.02.13 17:06:11 | 000,035,840 | ---- | C] () -- C:\Windows\SysWow64\drivers\SSHDRV59.sys [2010.01.13 17:21:25 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll [2009.12.26 16:46:54 | 000,000,317 | ---- | C] () -- C:\Windows\game.ini [2009.12.04 17:38:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Nadeo.ini [2009.11.10 22:02:41 | 000,000,680 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat [2009.10.25 23:26:32 | 000,185,720 | ---- | C] () -- C:\Users\****\AppData\Local\dd_SqlPubWiz.msi2ABC.txt [2009.10.25 23:26:27 | 000,283,690 | ---- | C] () -- C:\Users\****\AppData\Local\dd_WinSDK_RefInt_x64_MSI2AAC.txt [2009.10.25 23:26:19 | 000,549,072 | ---- | C] () -- C:\Users\****\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI2A92.txt [2009.10.25 23:26:11 | 000,440,254 | ---- | C] () -- C:\Users\****\AppData\Local\dd_WinSDK_Win32Tools_x64_MSI2A77.txt [2009.10.25 23:25:49 | 005,358,706 | ---- | C] () -- C:\Users\****\AppData\Local\dd_WinSDK_Build_x64_MSI2A30.txt [2009.10.25 23:25:42 | 000,653,358 | ---- | C] () -- C:\Users\****\AppData\Local\dd_WinSDK_Tools_x64_MSI2A19.txt [2009.10.25 23:25:15 | 002,486,530 | ---- | C] () -- C:\Users\****\AppData\Local\dd_CrystalReports2007_x64_MSI29C1.txt [2009.10.25 23:24:02 | 004,634,744 | ---- | C] () -- C:\Users\****\AppData\Local\dd_CrystalReports2007_MSI28D2.txt [2009.10.25 23:23:54 | 001,222,898 | ---- | C] () -- C:\Users\****\AppData\Local\dd_RDBG_AMD64_MSI28B8.txt [2009.10.25 23:23:25 | 001,711,142 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.10.25 23:21:14 | 000,289,768 | ---- | C] () -- C:\Users\****\AppData\Local\dd_64bitEmulator_MSI26AE.txt [2009.10.25 23:20:53 | 005,144,150 | ---- | C] () -- C:\Users\****\AppData\Local\dd_WMSP_5_0_MSI2669.txt [2009.10.25 23:20:18 | 007,059,112 | ---- | C] () -- C:\Users\****\AppData\Local\dd_WMPPC_5_0_MSI25F7.txt [2009.10.25 23:20:12 | 000,730,446 | ---- | C] () -- C:\Users\****\AppData\Local\dd_SSCEDeviceRuntime_MSI25E3.txt [2009.10.25 23:20:07 | 000,313,566 | ---- | C] () -- C:\Users\****\AppData\Local\dd_SQLCEToolsForVS2007_MSI25D3.txt [2009.10.25 23:20:02 | 000,356,686 | ---- | C] () -- C:\Users\****\AppData\Local\dd_SSCERuntime_MSI25C2.txt [2009.10.25 23:19:37 | 000,843,636 | ---- | C] () -- C:\Users\****\AppData\Local\dd_VSTOR_MSI2571.txt [2009.10.25 23:19:24 | 001,046,252 | ---- | C] () -- C:\Users\****\AppData\Local\dd_NETCFSetupv35_MSI2546.txt [2009.10.25 23:19:13 | 001,012,638 | ---- | C] () -- C:\Users\****\AppData\Local\dd_NETCFSetupv2_MSI2522.txt [2009.10.25 23:10:47 | 050,904,718 | ---- | C] () -- C:\Users\****\AppData\Local\VSMsiLog1EAE.txt [2009.10.25 23:08:30 | 002,862,508 | ---- | C] () -- C:\Users\****\AppData\Local\dd_Dexplorer90_retMSI1CEF.txt [2009.10.25 23:08:24 | 000,358,650 | ---- | C] () -- C:\Users\****\AppData\Local\dd_PreReq_AMD64_MSI1CDB.txt [2009.10.25 23:08:13 | 000,838,352 | ---- | C] () -- C:\Users\****\AppData\Local\dd_VC_MinRed_MSI1CB7.txt [2009.10.25 23:07:13 | 000,317,613 | ---- | C] () -- C:\Users\****\AppData\Local\dd_depcheck_VS_PRO_90.txt [2009.10.25 23:07:04 | 000,704,096 | ---- | C] () -- C:\Users\****\AppData\Local\dd_install_vs_procore_90.txt [2009.10.25 23:07:04 | 000,011,384 | ---- | C] () -- C:\Users\****\AppData\Local\uxeventlog.txt [2009.10.25 23:07:04 | 000,000,002 | ---- | C] () -- C:\Users\****\AppData\Local\dd_error_vs_procore_90.txt [2009.10.20 20:46:36 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.10.20 20:45:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.10.05 21:34:16 | 000,000,678 | ---- | C] () -- C:\Windows\ODBC.INI [2009.09.19 23:20:47 | 000,023,888 | ---- | C] () -- C:\Users\****\AppData\Roaming\UserTile.png [2009.06.29 18:54:06 | 000,040,960 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.06.26 13:54:05 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini [2009.06.26 13:53:33 | 000,030,539 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2009.06.26 13:51:55 | 000,000,732 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps64.dat [2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\dossec.dll [2008.04.22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.04.22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.04.22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.04.22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.04.22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.04.22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008.04.22 17:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.04.22 17:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.04.22 17:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2007.12.28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI < End of report > |
|
07.09.2010, 16:57
| #6 |
| | Antimalware Doctor OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.09.2010 17:05:45 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = E:\Eigene Dateien\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 75,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 51,27 Gb Total Space | 8,50 Gb Free Space | 16,58% Space Free | Partition Type: NTFS
Drive D: | 23,26 Gb Total Space | 21,14 Gb Free Space | 90,89% Space Free | Partition Type: NTFS
Drive E: | 298,09 Gb Total Space | 18,86 Gb Free Space | 6,33% Space Free | Partition Type: NTFS
Drive F: | 3,62 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 335,35 Gb Total Space | 3,53 Gb Free Space | 1,05% Space Free | Partition Type: NTFS
Computer Name: ATHLON-7850
Current User Name: ****
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 8E DC E9 E8 17 56 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-848732423-1492607561-3796473004-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files (x86)\BitTorrent\bittorrent.exe" = D:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"D:\Program Files (x86)\BitTorrent\bittorrent.exe" = D:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05FC3006-31BD-4ED6-97E0-B2DC8EF8AFD5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{31A182DD-970E-49A7-9A45-FB9AE7B74E39}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{36248B63-2602-4845-AB09-D41BBF5513F9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{37704E4C-3033-434E-95D1-4D8080DA3CC5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4A45DEE8-83D4-43BB-AD47-1DC2D27D2F29}" = lport=445 | protocol=6 | dir=in | app=system |
"{4AF208E9-0A69-4747-98E6-F5641ABF7C02}" = rport=137 | protocol=17 | dir=out | app=system |
"{64052A13-9DC8-4E6B-85E7-DD2D562C3703}" = lport=1234 | protocol=17 | dir=in | name=petroglyph |
"{72A381DE-BAA0-4A07-93A9-C65480D2A080}" = rport=139 | protocol=6 | dir=out | app=system |
"{7404F8AB-80E3-4318-BEB0-8AD566ED6684}" = lport=139 | protocol=6 | dir=in | app=system |
"{8997BD94-F4EF-487C-A6E3-79FA57B11FEB}" = lport=138 | protocol=17 | dir=in | app=system |
"{8D0089F9-54FC-4CD6-91C0-A9459630FAB8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{90B286C3-9C0A-4634-BF14-292E5BEDCC50}" = rport=138 | protocol=17 | dir=out | app=system |
"{94139D08-62A0-4B9D-8E2B-BFB0DD1BFF11}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A5C2FD0A-C5E6-4AE8-B21F-D5BD30EB8C2D}" = lport=137 | protocol=17 | dir=in | app=system |
"{A81BF3C9-0E56-4A40-B7B4-501BFC48377A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C6743B6D-9450-40F6-8962-655F96611E19}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C9717468-D32E-4D4D-B054-F7115AB262A8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F41E8A2F-4CBB-455B-A77E-0AD1BFF754E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F821F713-6625-4D3E-AB1E-92368820C20F}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A4CC85C-42C3-41C8-9AE2-FDED26FFB5D9}" = protocol=6 | dir=in | app=e:\program files (x86)\cyanide\pro cycling manager - season 2010\autorun\exe\autorun.exe |
"{0FA1EA28-EEF9-4E0D-B820-019A26D89820}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\gamecenter\gamecenter.exe |
"{18840098-2D14-446B-A23D-C3F19F6ADAB1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{292E3EF4-C26A-417F-99C9-02E6B2A3087B}" = protocol=6 | dir=in | app=d:\program files (x86)\bittorrent\bittorrent.exe |
"{2FECC7A5-B37E-48E6-9E47-A0BBDA4BE1A9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{35AAC081-57CF-4C82-8E03-448BFB3D2DA1}" = protocol=6 | dir=in | app=e:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{3F0E1289-D65C-4884-BC6F-0234F1F291E9}" = protocol=6 | dir=in | app=e:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{402E6125-4103-4F75-8907-D2A2BE4E7F54}" = protocol=17 | dir=in | app=e:\program files (x86)\cyanide\pro cycling manager - season 2010\autorun\exe\autorun.exe |
"{444E682D-535F-4791-AACA-BA9BCBAF0963}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{45083FDA-F008-4680-8E37-ACF6917BA8BA}" = protocol=6 | dir=in | app=e:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat |
"{50CBFAF3-972C-4550-A4E0-1C234CEF1AD8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{55ADD3C0-5DE0-4B2C-8A58-207A06B1B119}" = protocol=17 | dir=in | app=e:\games\company of heroes\relicdownloader\relicdownloader.exe |
"{5A018111-DF52-4EEA-B765-C8DAF70EDC99}" = protocol=17 | dir=in | app=e:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{657BF08F-CE36-4A8F-8BAC-8DAA7618E92A}" = protocol=17 | dir=in | app=e:\program files (x86)\cyanide\pro cycling manager - season 2010\pcm.exe |
"{657E84EC-7F9B-4602-9A00-7292347177E2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{79FACD4D-1592-49A1-B5CF-3F65D5C7656B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7B903DE0-9A04-448F-86F6-336FB19E0A9C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{81913966-8B2C-46F9-866D-3F2661F6B8EC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{8E9860E3-1E80-494F-9D04-9BBF14BA7401}" = protocol=6 | dir=in | app=e:\games\company of heroes\reliccoh.exe |
"{90216396-F907-4791-B933-B0271F85E3E5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{9C4C6E76-3C31-4F22-B806-C365D5C0D23F}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\gamecenter\gamecenter.exe |
"{A268A10B-F75C-4D27-AB70-876F89E9A7F6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{A4950AAE-802B-4397-B3DF-7D2EF1277109}" = protocol=17 | dir=in | app=e:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat |
"{AA8707F7-6433-4BDC-B252-CBAF32A00B2C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AC1B719B-ADAB-4314-A2E3-926BBD2E766A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AEED6B8B-E690-44DD-88ED-9DB8C93A898B}" = protocol=17 | dir=in | app=e:\program files (x86)\cyanide\gamecenter\gamecenter.exe |
"{B53BD742-9907-4A17-87E0-A6E9DBDF005C}" = protocol=17 | dir=in | app=d:\program files (x86)\bittorrent\bittorrent.exe |
"{B72972BF-230C-4355-990E-E957BC2C6CC2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B852876E-F7C3-4A58-BA7D-1BC5557C4E53}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C010ED65-8076-4F35-B02E-F6EDD92B66F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D4594CCA-1052-4E0F-B372-D9D1C3CA6526}" = protocol=6 | dir=in | app=e:\program files (x86)\cyanide\gamecenter\gamecenter.exe |
"{DBF6ED67-0B0C-4DB8-8384-E8E7A8EF6B2F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DD657584-CF54-4D2C-80A6-ACF7E5B25885}" = protocol=17 | dir=in | app=e:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{E6D256C3-A8BB-48D8-9435-435CD8C2A9E4}" = protocol=6 | dir=in | app=e:\games\company of heroes\relicdownloader\relicdownloader.exe |
"{ECDAD317-27B5-4D9C-8DD2-48863CDCF466}" = protocol=17 | dir=in | app=e:\games\company of heroes\reliccoh.exe |
"{F5292442-8558-44FF-B6C8-13F2143CB548}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FC570D61-AEAC-4624-9948-4F3D0B0F372B}" = protocol=6 | dir=in | app=e:\program files (x86)\cyanide\pro cycling manager - season 2010\pcm.exe |
"{FCE18654-9BD5-438E-82DC-339E55416C25}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"TCP Query User{0134B6AE-AB5E-4B51-BB98-923BE61EDEC7}E:\westwood\renegade\game.exe" = protocol=6 | dir=in | app=e:\westwood\renegade\game.exe |
"TCP Query User{0492DBA2-F3DC-4F45-84EF-99C86B0E16DB}E:\games\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=e:\games\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{0B137A20-ECB4-48EE-8F36-0946CF192BB3}E:\program files (x86)\microsoft games\freelancer\exe\freelancer.exe" = protocol=6 | dir=in | app=e:\program files (x86)\microsoft games\freelancer\exe\freelancer.exe |
"TCP Query User{12D04790-CC76-4460-A071-9A15D2ABEF55}E:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=e:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{1C1B525C-4C79-4F88-813E-E1EB8D62377C}E:\program files (x86)\the guild 2 - renaissance\guildii.exe" = protocol=6 | dir=in | app=e:\program files (x86)\the guild 2 - renaissance\guildii.exe |
"TCP Query User{23EA80D5-6487-4947-B8CA-A6A3FCEEFC80}E:\lan\counter-strike 1.6\cstrike.exe" = protocol=6 | dir=in | app=e:\lan\counter-strike 1.6\cstrike.exe |
"TCP Query User{26AFEECD-331D-4D43-9F44-B4815456929E}E:\program files (x86)\ea sports\fifa 09\fifa09.exe" = protocol=6 | dir=in | app=e:\program files (x86)\ea sports\fifa 09\fifa09.exe |
"TCP Query User{30A6B053-FDA8-44E0-A8F2-29B923AFE7FC}E:\games\cyanide\radsport manager pro 2006\pcm.exe" = protocol=6 | dir=in | app=e:\games\cyanide\radsport manager pro 2006\pcm.exe |
"TCP Query User{323E95C2-6473-466E-808B-75E20EB0BAD4}E:\program files (x86)\ea sports\fussball manager 10\manager10.exe" = protocol=6 | dir=in | app=e:\program files (x86)\ea sports\fussball manager 10\manager10.exe |
"TCP Query User{37D95BD6-CE3C-4097-8129-A89A6213D607}D:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=d:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{38021462-1914-4A0F-BA05-714B83048153}E:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=e:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{3C819699-28CE-49C4-96EA-D1C0C30FDA05}E:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=e:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{401B1EA9-8805-4485-83D1-2296FA7A1BCD}D:\program files (x86)\rtw - multicampaign\cbserv.exe" = protocol=6 | dir=in | app=d:\program files (x86)\rtw - multicampaign\cbserv.exe |
"TCP Query User{58F3BBD4-6073-494A-B4E4-8DDA64698976}D:\program files (x86)\rtw - multicampaign\cbclient.exe" = protocol=6 | dir=in | app=d:\program files (x86)\rtw - multicampaign\cbclient.exe |
"TCP Query User{6FEABBD5-9215-4E9E-B6BE-13D4FE4D23F1}E:\games\cc zero\game.dat" = protocol=6 | dir=in | app=e:\games\cc zero\game.dat |
"TCP Query User{7172E1D4-3F50-4BB9-A374-74A4E99BC847}E:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=e:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{7F6A5018-1D57-4B22-97F2-663E2C4A247A}E:\program files (x86)\ea games\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=e:\program files (x86)\ea games\battlefield vietnam\bfvietnam.exe |
"TCP Query User{81417E28-621E-4E37-9B96-59470131EBA5}E:\games\lucasarts\star wars empire at war\gamedata\sweaw.exe" = protocol=6 | dir=in | app=e:\games\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"TCP Query User{8800CAF6-207D-4C09-BE27-55F0003A7A1D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{901D215F-5A31-4383-AA0A-EBC48F2568CA}D:\xampp\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=d:\xampp\xampp\mysql\bin\mysqld.exe |
"TCP Query User{94BA4BD4-BD8D-490F-9DAC-6CD865970F40}D:\xampp\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=d:\xampp\xampp\mercurymail\mercury.exe |
"TCP Query User{AB23C88F-C28B-44BB-805A-EED5D69E5174}D:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=d:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{AEA82897-D0FF-4B9A-9963-8AB8FA041FA9}E:\program files (x86)\cyanide\radsport manager pro 2006\pcm.exe" = protocol=6 | dir=in | app=e:\program files (x86)\cyanide\radsport manager pro 2006\pcm.exe |
"TCP Query User{B99F38B5-AD50-4F80-863D-45FAA8CD7679}D:\xampp\xampp\filezillaftp\filezilla server.exe" = protocol=6 | dir=in | app=d:\xampp\xampp\filezillaftp\filezilla server.exe |
"TCP Query User{BF98E78E-2C80-4355-B118-D26F0FB483BB}D:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{C84A6059-0EAC-42DD-A2A2-3EB81AFE30C9}E:\games\fifa10\fifa10.exe" = protocol=6 | dir=in | app=e:\games\fifa10\fifa10.exe |
"TCP Query User{C85B32E7-C018-4D87-BB21-DF066167C7C1}D:\xampp\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=d:\xampp\xampp\apache\bin\httpd.exe |
"TCP Query User{CB81E7AF-BB24-4B5B-8CCE-044DE3A6A5D1}E:\games\cc zero\game.dat" = protocol=6 | dir=in | app=e:\games\cc zero\game.dat |
"TCP Query User{D4AAD6EE-1B0F-4376-AA8C-77E98CBAEB57}E:\program files (x86)\ea games\battlefield vietnam\bfvietnam_w32ded.exe" = protocol=6 | dir=in | app=e:\program files (x86)\ea games\battlefield vietnam\bfvietnam_w32ded.exe |
"TCP Query User{D783CA39-BB45-458C-9466-B56232A77AEE}E:\programme\activision\rome - total war\rometw.exe" = protocol=6 | dir=in | app=e:\programme\activision\rome - total war\rometw.exe |
"TCP Query User{E2FBA748-C69C-4652-85CE-72BA759E1598}E:\lan\counter-strike 1.6\cstrike.exe" = protocol=6 | dir=in | app=e:\lan\counter-strike 1.6\cstrike.exe |
"TCP Query User{E53BD1F4-6806-4285-A31C-6456A5CE10C6}E:\lan\counter-strike 1.6\hlds.exe" = protocol=6 | dir=in | app=e:\lan\counter-strike 1.6\hlds.exe |
"TCP Query User{E7DB19AE-CD96-4DFF-B05B-222452E0268E}E:\program files (x86)\steamless left4dead2 pack\left4dead2.exe" = protocol=6 | dir=in | app=e:\program files (x86)\steamless left4dead2 pack\left4dead2.exe |
"TCP Query User{EA104E5E-7433-4FD8-B6E2-A38E21796FEC}E:\games\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=e:\games\company of heroes\reliccoh.exe |
"TCP Query User{EB9F0A64-9B42-4089-B679-6E8458B227CF}E:\games\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=e:\games\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{EBEF04F7-A492-46F4-A547-70757FEFE1A3}C:\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"TCP Query User{EDC9E447-0430-4F5E-853E-6774C0EAEF58}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{EE4F0846-8EE1-4E7A-B57F-1B6041303420}C:\users\****\appdata\local\temp\ffb92f6be0ce4855894768dbd45a8ef7\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\local\temp\ffb92f6be0ce4855894768dbd45a8ef7\relicdownloader.exe |
"TCP Query User{F70CBFF6-3AB7-4CA9-9179-27D6BE448482}D:\program files (x86)\packet tracer 5.1\bin\packettracer5.exe" = protocol=6 | dir=in | app=d:\program files (x86)\packet tracer 5.1\bin\packettracer5.exe |
"TCP Query User{FB2C5B0E-507C-42E7-BEB5-CD38F43BF175}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{0C3AD1C5-4379-496E-A539-57C69C9BF6B1}E:\games\cc zero\game.dat" = protocol=17 | dir=in | app=e:\games\cc zero\game.dat |
"UDP Query User{0CEA0BC2-25B6-4702-86F1-26D6F64FBD62}E:\westwood\renegade\game.exe" = protocol=17 | dir=in | app=e:\westwood\renegade\game.exe |
"UDP Query User{15106A15-1CAF-4C18-9034-9B6D2880B906}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{17F1269E-DB25-427D-B0FB-8B4E24DF58F1}E:\games\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=e:\games\company of heroes\reliccoh.exe |
"UDP Query User{1E1BCF21-F4F1-450F-8797-24AE1000CAB3}E:\games\lucasarts\star wars empire at war\gamedata\sweaw.exe" = protocol=17 | dir=in | app=e:\games\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"UDP Query User{1E6C649D-0D9D-451C-8799-4022E13135B4}E:\games\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=e:\games\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{227590D9-16A6-4250-BE4B-F5C3D323181D}D:\program files (x86)\rtw - multicampaign\cbserv.exe" = protocol=17 | dir=in | app=d:\program files (x86)\rtw - multicampaign\cbserv.exe |
"UDP Query User{24A7284F-2DA9-4638-B014-04F52B3314C8}E:\program files (x86)\ea games\battlefield vietnam\bfvietnam_w32ded.exe" = protocol=17 | dir=in | app=e:\program files (x86)\ea games\battlefield vietnam\bfvietnam_w32ded.exe |
"UDP Query User{2B140E3C-245E-4236-98E1-B2B6457B7130}E:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=e:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{2FEC4B15-BA64-456B-A45A-8A291CBA4005}D:\xampp\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=d:\xampp\xampp\apache\bin\httpd.exe |
"UDP Query User{36529E83-8141-4F14-AB90-083E9471FEFF}E:\lan\counter-strike 1.6\cstrike.exe" = protocol=17 | dir=in | app=e:\lan\counter-strike 1.6\cstrike.exe |
"UDP Query User{373E17FC-666A-4467-8573-4ADAE91D9955}E:\lan\counter-strike 1.6\cstrike.exe" = protocol=17 | dir=in | app=e:\lan\counter-strike 1.6\cstrike.exe |
"UDP Query User{37949095-9374-4A7E-863A-D6FDF2312F31}E:\program files (x86)\the guild 2 - renaissance\guildii.exe" = protocol=17 | dir=in | app=e:\program files (x86)\the guild 2 - renaissance\guildii.exe |
"UDP Query User{42620FF3-FEEB-48C2-A62B-4BEF7ECFB0F5}E:\program files (x86)\ea sports\fifa 09\fifa09.exe" = protocol=17 | dir=in | app=e:\program files (x86)\ea sports\fifa 09\fifa09.exe |
"UDP Query User{4C73680B-B254-415F-8A8A-398ABDE910E9}E:\lan\counter-strike 1.6\hlds.exe" = protocol=17 | dir=in | app=e:\lan\counter-strike 1.6\hlds.exe |
"UDP Query User{598BA399-B3F3-4365-A1A9-D2C3C9213F91}E:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=e:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{65BC17F1-0509-4289-BBFC-4709AC44CCFA}D:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=d:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{6A57434F-136A-4569-A5CD-998485C9F144}E:\games\cc zero\game.dat" = protocol=17 | dir=in | app=e:\games\cc zero\game.dat |
"UDP Query User{7EAB9E4C-DD67-4F0E-8115-61372E490B9D}D:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{806ED18D-FA7F-4C74-B0EE-4D2BEB191B34}D:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=d:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{85D08002-B773-43A1-8C2F-0AA9BE054D73}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{8D7821B2-355F-4477-AB46-B74E39479A5F}E:\programme\activision\rome - total war\rometw.exe" = protocol=17 | dir=in | app=e:\programme\activision\rome - total war\rometw.exe |
"UDP Query User{8F9A5BC5-7BC0-4905-AE33-DD2797822B6C}E:\program files (x86)\microsoft games\freelancer\exe\freelancer.exe" = protocol=17 | dir=in | app=e:\program files (x86)\microsoft games\freelancer\exe\freelancer.exe |
"UDP Query User{90AD333B-7ACA-4277-B63E-7F46C9C522E6}D:\xampp\xampp\filezillaftp\filezilla server.exe" = protocol=17 | dir=in | app=d:\xampp\xampp\filezillaftp\filezilla server.exe |
"UDP Query User{9216F7BA-E209-4F7E-86CC-0CF512C32EB6}D:\program files (x86)\rtw - multicampaign\cbclient.exe" = protocol=17 | dir=in | app=d:\program files (x86)\rtw - multicampaign\cbclient.exe |
"UDP Query User{94632E2D-2661-44F3-8D38-2E7142456D3D}E:\program files (x86)\ea games\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=e:\program files (x86)\ea games\battlefield vietnam\bfvietnam.exe |
"UDP Query User{9D3F2B28-3425-4FA7-A596-71A8459E0F94}E:\program files (x86)\ea sports\fussball manager 10\manager10.exe" = protocol=17 | dir=in | app=e:\program files (x86)\ea sports\fussball manager 10\manager10.exe |
"UDP Query User{A654E2C4-A074-4397-B38B-25D970E976E7}D:\xampp\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=d:\xampp\xampp\mercurymail\mercury.exe |
"UDP Query User{B0D5E8F5-B72D-4FD3-847D-F2B2A4372177}E:\program files (x86)\cyanide\radsport manager pro 2006\pcm.exe" = protocol=17 | dir=in | app=e:\program files (x86)\cyanide\radsport manager pro 2006\pcm.exe |
"UDP Query User{BFBC236E-4A59-4CF4-ACBE-34FA6FDA3B5A}E:\games\cyanide\radsport manager pro 2006\pcm.exe" = protocol=17 | dir=in | app=e:\games\cyanide\radsport manager pro 2006\pcm.exe |
"UDP Query User{C1FBCE68-8BD0-4E87-BBDE-90AE7B7064A4}E:\games\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=e:\games\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{CAB14B0C-B929-4249-A860-800A4C6DC2E4}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{D3EEF7B3-9F02-4546-A63D-8783749EC8DA}D:\xampp\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=d:\xampp\xampp\mysql\bin\mysqld.exe |
"UDP Query User{E23A0AAD-980C-4DE2-A166-F8B9D5A8C97B}C:\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dna\btdna.exe |
"UDP Query User{E41AC13F-B164-4811-A2E4-1287C80CBBE5}C:\users\****\appdata\local\temp\ffb92f6be0ce4855894768dbd45a8ef7\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\local\temp\ffb92f6be0ce4855894768dbd45a8ef7\relicdownloader.exe |
"UDP Query User{E5097750-F502-4AD8-8F12-8B83E2054067}E:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=e:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{F3B7C79A-C580-4038-89EC-7BE46D3EF20D}E:\games\fifa10\fifa10.exe" = protocol=17 | dir=in | app=e:\games\fifa10\fifa10.exe |
"UDP Query User{F40A2184-CEAC-45D8-B62E-8BA2055466D6}E:\program files (x86)\steamless left4dead2 pack\left4dead2.exe" = protocol=17 | dir=in | app=e:\program files (x86)\steamless left4dead2 pack\left4dead2.exe |
"UDP Query User{F439CEC5-8817-46DD-81C7-75D39630A3C8}E:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=e:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{FBBC090B-3432-4FB0-AAD3-ACEFD588DAE7}D:\program files (x86)\packet tracer 5.1\bin\packettracer5.exe" = protocol=17 | dir=in | app=d:\program files (x86)\packet tracer 5.1\bin\packettracer5.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{A6034EB0-BEC6-4FC5-9B18-1DA8441CA9D9}" = Microsoft SQL Server Management Studio Express
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BAE72B35-821F-6780-18C5-BE4EBDF8DC7A}" = ATI Catalyst Install Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
"{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
"{F7561C47-6327-E6A5-3B57-756FA920CEF3}" = ccc-utility64
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{11AE6807-50D2-4F59-82B3-2C3E695E94C2}" = NVIDIA PhysX v8.05.26
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{259BDEFB-DCE0-990E-6C65-EA6DCAF1C604}" = Catalyst Control Center HydraVision Full
"{262296A3-87A4-4614-CBF1-E04455694390}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java(TM) 6 Update 13
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 17
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{4411E4C3-C60F-B094-0E1F-C6E73311A9EA}" = Catalyst Control Center InstallProxy
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51123D42-6B9C-4B93-900C-29F9EC5963C9}" = NETGEAR WG111T 108Mbps Wireless USB2.0 Adapter
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5E7AFD67-97C1-E310-CDC4-9F1547E1677C}" = Catalyst Control Center Graphics Previews Vista
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74A84478-70A5-4F7A-966C-FA2771FF91A5}_is1" = Patch v4.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{827B97A9-B347-4110-9F89-37AF2B758F94}" = NHL™ 09
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A92C93-C5F2-128A-532A-B7C295450476}" = Catalyst Control Center Graphics Full Existing
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EA950F9-4CC6-35FC-BB9A-761298DE9ADC}" = Catalyst Control Center Graphics Full New
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_VISPROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9B4B3428-7640-400E-9B96-22243568E296}" = Catalyst Control Center Graphics Previews Common
"{A111CF27-5082-6499-17D3-7FDA158206EF}" = ccc-core-static
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}" = Microsoft Game Studios Common Redistributables Pack 1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D5C36070-143F-489D-FB5A-903940D42325}" = Catalyst Control Center Core Implementation
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E77C580F-E2C8-23C7-350E-F3317D1C4A8A}" = CCC Help English
"{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}" = Microsoft Flight Simulator X Service Pack 2
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{THEGUILDREN-0010-2010-300520102330}_is1" = The Guild 2 - Renaissance
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ask Toolbar_is1" = Ask Toolbar
"Aspell" = Aspell Data
"Aspell6-Dictionary-de" = Aspell 0.6 Dictionary (Language: de)
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"Company of Heroes" = Company of Heroes
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Die Gilde - Gaukler, Gruften und Geschütze" = Die Gilde - Gaukler, Gruften und Geschütze
"Die Gilde 2 - Die Seeräuber der Hanse" = Die Gilde 2 - Die Seeräuber der Hanse
"Die Gilde Addon Update v. 2.06 " = Die Gilde Addon Update v. 2.06
"Die Gilde Update v1.04a" = Die Gilde Update v1.04a
"DivX Setup.divx.com" = DivX-Setup
"EADM" = EA Download Manager
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"FileZilla Client" = FileZilla Client 3.2.7.1
"Freelancer 1.0" = Freelancer
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"GameCenter_is1" = GameCenter 1.3.0.5
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"Java Media Framework 2.1.1a" = Java Media Framework 2.1.1a
"Java MP3 PlugIn" = Java MP3 PlugIn
"LyX" = LyX 1.6.4-1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"MiKTeX 2.7" = MiKTeX 2.7
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"NSS" = Norton Security Scan
"Packet Tracer 5.1_is1" = Packet Tracer 5.1
"Pro Cycling Manager 2010_is1" = Tour de France 2010 - Der offizielle Radsport-Manager Version 1
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SP1_F535B2CF-C9BB-4162-B03A-02D6971F32CC" = Microsoft Flight Simulator X Service Pack 1
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack
"TeleTeachingTool" = TeleTeachingTool
"The Guild 2 - Renaissance_is1" = The Guild 2 - Renaissance
"TheGuild2" = Die Gilde 2
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"VISPROR" = Microsoft Office Visio Professional 2007
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.1
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FM10 Stadien Österreich" = FM10 Stadien Österreich
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
lg |
|
07.09.2010, 19:03
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antimalware Doctor Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
MOD - C:\Users\****\AppData\Local\Temp\msllhsjn.dll ()
DRV:64bit: - (SSHDRV59) -- C:\Windows\SysNative\drivers\SSHDRV59.sys File not found
DRV - (SSHDRV59) -- C:\Windows\SysWOW64\drivers\SSHDRV59.sys ()
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT1351351&SearchSource=13"
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [nxasocewrm.exe] C:\Users\****\AppData\Local\Temp\nxasocewrm.exe ()
O4 - HKCU..\Run: [byivqr] C:\Users\****\AppData\Local\Temp\msllhsjn.DLL ()
O32 - AutoRun File - [2008.01.21 22:00:00 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{231d01ce-6e17-11de-af5e-00248c40c75f}\Shell\AutoRun\command - "" = H:\
O33 - MountPoints2\{231d01ce-6e17-11de-af5e-00248c40c75f}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM
O33 - MountPoints2\{2e53f36b-6278-11de-864b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2e53f36b-6278-11de-864b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{3a11e93e-a94d-11df-9142-f92f51994443}\Shell - "" = AutoRun
O33 - MountPoints2\{3a11e93e-a94d-11df-9142-f92f51994443}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found
O33 - MountPoints2\{97882528-8838-11df-a800-b819468a5c58}\Shell - "" = AutoRun
O33 - MountPoints2\{97882528-8838-11df-a800-b819468a5c58}\Shell\AutoRun\command - "" = H:\Launcher.exe -- File not found
O33 - MountPoints2\{a4d4d077-6252-11de-8006-00248c40c75f}\Shell - "" = AutoRun
O33 - MountPoints2\{a4d4d077-6252-11de-8006-00248c40c75f}\Shell\AutoRun\command - "" = G:\Installer.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
[2010.09.07 13:01:44 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Windows Server
[2010.09.07 13:01:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\49B403C00339D9F911D0257CF39FD721
:Files
C:\Users\****\AppData\Local\Temp\msllhsjn.dll
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ --> Welcher Virenscanner? --> Programme richtig installieren --> Backup mit DriveSnapshot --> Das TB unterstützen |
|
07.09.2010, 19:32
| #8 |
| | Antimalware Doctor Hier die Ausgabe: Code:
ATTFilter All processes killed
========== OTL ==========
Service SSHDRV59 stopped successfully!
Service SSHDRV59 deleted successfully!
File C:\Windows\SysNative\drivers\SSHDRV59.sys File not found not found.
Error: No service named SSHDRV59 was found to stop!
Service\Driver key SSHDRV59 not found.
C:\Windows\SysWOW64\drivers\SSHDRV59.sys moved successfully.
Prefs.js: "Softonic Deutsch Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Softonic Deutsch Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.conduit.com/?ctid=CT1351351&SearchSource=13" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
File C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll not found.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nxasocewrm.exe deleted successfully.
C:\Users\Hubsi\AppData\Local\Temp\nxasocewrm.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\byivqr deleted successfully.
File move failed. C:\Users\Hubsi\AppData\Local\Temp\msllhsjn.dll scheduled to be moved on reboot.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{231d01ce-6e17-11de-af5e-00248c40c75f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{231d01ce-6e17-11de-af5e-00248c40c75f}\ not found.
File H:\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{231d01ce-6e17-11de-af5e-00248c40c75f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{231d01ce-6e17-11de-af5e-00248c40c75f}\ not found.
File rundll32.exe .\desktop.dll,InstallM not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e53f36b-6278-11de-864b-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e53f36b-6278-11de-864b-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e53f36b-6278-11de-864b-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e53f36b-6278-11de-864b-806e6f6e6963}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a11e93e-a94d-11df-9142-f92f51994443}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a11e93e-a94d-11df-9142-f92f51994443}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a11e93e-a94d-11df-9142-f92f51994443}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a11e93e-a94d-11df-9142-f92f51994443}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97882528-8838-11df-a800-b819468a5c58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97882528-8838-11df-a800-b819468a5c58}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97882528-8838-11df-a800-b819468a5c58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97882528-8838-11df-a800-b819468a5c58}\ not found.
File H:\Launcher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4d4d077-6252-11de-8006-00248c40c75f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4d4d077-6252-11de-8006-00248c40c75f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4d4d077-6252-11de-8006-00248c40c75f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4d4d077-6252-11de-8006-00248c40c75f}\ not found.
File G:\Installer.EXE not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
C:\Users\Hubsi\AppData\Local\Windows Server folder moved successfully.
C:\Users\Hubsi\AppData\Roaming\49B403C00339D9F911D0257CF39FD721 folder moved successfully.
========== FILES ==========
File move failed. C:\Users\Hubsi\AppData\Local\Temp\msllhsjn.dll scheduled to be moved on reboot.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 57482 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Hubsi
->Temp folder emptied: 1041352 bytes
->Temporary Internet Files folder emptied: 62792818 bytes
->Java cache emptied: 95560376 bytes
->FireFox cache emptied: 45586162 bytes
->Google Chrome cache emptied: 8252187 bytes
->Flash cache emptied: 7484 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 203,00 mb
OTL by OldTimer - Version 3.2.11.0 log created on 09072010_202537
Files\Folders moved on Reboot...
C:\Users\Hubsi\AppData\Local\Temp\msllhsjn.dll moved successfully.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
07.09.2010, 19:37
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antimalware Doctor CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Welcher Virenscanner? --> Programme richtig installieren --> Backup mit DriveSnapshot --> Das TB unterstützen |
|
07.09.2010, 19:49
| #10 |
| | Antimalware Doctor leider kam dabei nur die OTL.txt Datei raus hier is sie: Code:
ATTFilter OTL logfile created on: 07.09.2010 20:40:22 - Run 2 OTL by OldTimer - Version 3.2.11.0 Folder = E:\Eigene Dateien\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 80,00% Memory free 16,00 Gb Paging File | 14,00 Gb Available in Paging File | 90,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 51,27 Gb Total Space | 6,46 Gb Free Space | 12,60% Space Free | Partition Type: NTFS Drive D: | 23,26 Gb Total Space | 21,14 Gb Free Space | 90,89% Space Free | Partition Type: NTFS Drive E: | 298,09 Gb Total Space | 18,86 Gb Free Space | 6,33% Space Free | Partition Type: NTFS Drive F: | 3,62 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ATHLON-7850 Current User Name: Hubsi Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Minimal Quick Scan ========== Processes (SafeList) ========== PRC - E:\Eigene Dateien\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Windows\SysWOW64\PnkBstrB.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - D:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - D:\Program Files (x86)\ASUS\AI Suite\Q-Button\QButton.exe () PRC - C:\Program Files (x86)\ASUS\AASP\1.00.82\aaCenter.exe () PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe () PRC - D:\Program Files (x86)\NETGEAR\WG111T\wlan111t.exe (NETGEAR) ========== Modules (SafeList) ========== MOD - E:\Eigene Dateien\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (PnkBstrB) -- C:\Windows\SysNative\PnkBstrB.exe File not found SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found SRV:64bit: - (appdrvrem01) -- C:\Windows\SysNative\appdrvrem01.exe (Protection Technology) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation) SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (MSSQLSERVER) SQL Server (MSSQLSERVER) -- D:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found DRV:64bit: - (appdrv01) Application Driver (01) -- C:\Windows\SysNative\Drivers\appdrv01.sys (Protection Technology) DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys () DRV:64bit: - (acedrv07) -- C:\Windows\SysNative\drivers\acedrv07.sys () DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys () DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.) DRV:64bit: - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\Windows\SysNative\drivers\sfsync04.sys (Protection Technology (StarForce)) DRV:64bit: - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\Windows\SysNative\drivers\sfdrv01a.sys (Protection Technology (StarForce)) DRV:64bit: - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\SysNative\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV:64bit: - (xnacc) -- C:\Windows\SysNative\DRIVERS\xnacc.sys (Microsoft Corporation) DRV:64bit: - (WG111T) -- C:\Windows\SysNative\DRIVERS\WG111Tvx.sys (Atheros Communications, Inc.) DRV:64bit: - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfvfs02.sys (Protection Technology (StarForce)) DRV:64bit: - (PCAMp50a64) -- C:\Windows\SysNative\Drivers\PCAMp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV:64bit: - (PCASp50a64) -- C:\Windows\SysNative\Drivers\PCASp50a64.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys () DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV:64bit: - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\SysNative\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (prohlp02) -- C:\Windows\System32\drivers\prohlp02.sys (Protection Technology) DRV - (prodrv06) -- C:\Windows\System32\drivers\prodrv06.sys (Protection Technology) DRV - (sfhlp01) -- C:\Windows\System32\drivers\sfhlp01.sys (Protection Technology) DRV - (prosync1) -- C:\Windows\System32\drivers\prosync1.sys (Protection Technology) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.laola1.at/hxxp://www.google.at/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1351351 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.7.2.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2010.09.02 12:54:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.02 12:54:09 | 000,000,000 | ---D | M] [2009.10.05 21:40:35 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Mozilla\Extensions [2009.06.30 23:17:02 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Mozilla\Firefox\extensions [2009.06.30 23:17:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hubsi\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2010.09.07 17:28:07 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Mozilla\Firefox\Profiles\jsjqa5a1.default\extensions [2010.08.06 19:16:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hubsi\AppData\Roaming\Mozilla\Firefox\Profiles\jsjqa5a1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.30 19:17:03 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\Hubsi\AppData\Roaming\Mozilla\Firefox\Profiles\jsjqa5a1.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} [2010.08.06 19:16:05 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Mozilla\Firefox\Profiles\jsjqa5a1.default\extensions\DTToolbar@toolbarnet.com [2009.10.06 17:03:36 | 000,000,894 | ---- | M] () -- C:\Users\Hubsi\AppData\Roaming\Mozilla\Firefox\Profiles\jsjqa5a1.default\searchplugins\conduit.xml [2009.12.06 14:38:59 | 000,002,055 | ---- | M] () -- C:\Users\Hubsi\AppData\Roaming\Mozilla\Firefox\Profiles\jsjqa5a1.default\searchplugins\daemon-search.xml O1 HOSTS File: ([2010.09.07 20:26:19 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Ai Nap] D:\Program Files (x86)\ASUS\AI Suite\Q-Button\QButton.exe () O4 - HKLM..\Run: [Cpu Level Up help] D:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [QFan Help] D:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe () O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [AlcoholAutomount] D:\Program Files (x86)\Alcohol Soft\Alcohol 52\axcmd.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [DAEMON Tools Pro Agent] E:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKCU..\Run: [RGSC] E:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-416053540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe (Virtools WebPlayer Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138 O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found O18:64bit: - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - Reg Error: Key error. File not found O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - Reg Error: Key error. File not found O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - Reg Error: Key error. File not found O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found O18:64bit: - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - Reg Error: Key error. File not found O18:64bit: - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - Reg Error: Key error. File not found O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.) O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.) O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.) O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img33.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img33.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.01.21 22:00:00 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ UDF ] O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: WudfPf - Driver SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.VP60 - C:\Windows\SysWow64\vp6vfw.dll (EA.com/On2.com) Drivers32: vidc.VP61 - C:\Windows\SysWow64\vp6vfw.dll (EA.com/On2.com) Drivers32: vidc.VP62 - C:\Windows\SysWow64\vp6vfw.dll (EA.com/On2.com) Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 90 Days ========== [2010.09.07 16:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro [2010.09.07 16:07:13 | 000,000,000 | ---D | C] -- C:\rsit [2010.09.07 14:13:53 | 000,574,976 | ---- | C] (OldTimer Tools) -- E:\Eigene Dateien\Desktop\OTL.exe [2010.09.07 14:12:05 | 003,427,248 | ---- | C] (Piriform Ltd) -- E:\Eigene Dateien\Desktop\ccsetup235.exe [2010.09.07 13:38:10 | 000,000,000 | ---D | C] -- C:\Users\Hubsi\AppData\Roaming\Malwarebytes [2010.09.07 13:38:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.09.07 13:38:02 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.09.07 13:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.07 13:36:29 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- E:\Eigene Dateien\Desktop\mbam-setup.exe [2010.09.06 16:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2010.09.03 23:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2010.09.03 23:36:22 | 000,000,000 | ---D | C] -- C:\Users\Hubsi\AppData\Local\{7148F0A6-6813-11D6-A77B-00B0D0142040} [2010.09.02 12:55:47 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.09.02 12:55:46 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.09.02 12:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2010.09.02 12:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010.09.02 12:51:02 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.09.02 12:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2010.08.30 21:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2010.08.30 21:47:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64 [2010.08.30 21:47:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan [2010.08.30 21:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2010.08.30 21:47:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0207030.022 [2010.08.30 21:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2010.08.30 21:47:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2010.08.30 19:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs [2010.08.25 21:27:01 | 000,000,000 | ---D | C] -- C:\Users\Hubsi\AppData\Roaming\The Creative Assembly [2010.08.25 17:42:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Design Science [2010.08.17 13:42:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Guild 2 - Renaissance [2010.08.06 19:24:16 | 000,000,000 | ---D | C] -- C:\Programme\DivX [2010.08.06 19:22:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX [2010.08.06 19:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.08.03 20:02:29 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Documents\German Truck Simulator [2010.07.20 18:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2010.07.19 19:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TmForever [2010.07.06 16:56:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2010.07.06 16:53:51 | 000,000,000 | ---D | C] -- C:\Users\Hubsi\AppData\Roaming\Dev-Cpp [2010.07.05 23:55:43 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Documents\Games for Windows - LIVE Demos [2010.07.05 23:52:09 | 000,000,000 | ---D | C] -- C:\Users\Hubsi\AppData\Local\Fallout3 [2010.07.05 17:10:00 | 003,854,000 | ---- | C] (Protection Technology) -- C:\Windows\SysNative\drivers\appdrv01.sys [2010.07.05 17:09:59 | 000,551,896 | ---- | C] (Protection Technology) -- C:\Windows\SysNative\appdrvrem01.exe [2010.07.05 15:29:42 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Documents\Pro Cycling Manager 2010 [2010.07.05 15:29:42 | 000,000,000 | ---D | C] -- C:\Users\Hubsi\AppData\Roaming\Pro Cycling Manager 2010 [2010.07.05 13:59:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyanide [2010.07.05 11:18:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hannes Converter [2010.07.04 20:08:44 | 000,000,000 | ---D | C] -- C:\Windows\NKCCDViewerSetting [2010.06.22 21:34:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2010.06.12 21:15:28 | 000,000,000 | ---D | C] -- C:\Users\Hubsi\AppData\Roaming\skypePM [2010.06.12 21:13:17 | 000,000,000 | ---D | C] -- C:\Users\Hubsi\AppData\Roaming\Skype [2010.06.12 21:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2010.06.12 21:12:54 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2010.06.12 21:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\SysWow64\Interop.SHDocVw.dll ========== Files - Modified Within 90 Days ========== [2010.09.07 20:40:22 | 003,932,160 | -HS- | M] () -- C:\Users\Hubsi\ntuser.dat [2010.09.07 20:28:12 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.07 20:28:12 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.07 20:28:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.07 20:28:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.07 20:27:00 | 000,524,288 | -HS- | M] () -- C:\Users\Hubsi\ntuser.dat{3d2c20cc-ad21-11df-96f2-ecdfeb6a9557}.TMContainer00000000000000000001.regtrans-ms [2010.09.07 20:27:00 | 000,065,536 | -HS- | M] () -- C:\Users\Hubsi\ntuser.dat{3d2c20cc-ad21-11df-96f2-ecdfeb6a9557}.TM.blf [2010.09.07 20:26:57 | 003,849,807 | -H-- | M] () -- C:\Users\Hubsi\AppData\Local\IconCache.db [2010.09.07 18:36:11 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4C930AB4-14B1-4E60-A93F-1FEE84B26496}.job [2010.09.07 17:34:28 | 000,182,272 | ---- | M] () -- E:\Eigene Dateien\Desktop\Danke für deine Hilfe.doc [2010.09.07 16:06:10 | 000,339,991 | ---- | M] () -- E:\Eigene Dateien\Desktop\RSIT.exe [2010.09.07 16:03:28 | 000,000,388 | ---- | M] () -- E:\Eigene Dateien\Documents\cc_20100907_160325.reg [2010.09.07 16:02:57 | 000,010,612 | ---- | M] () -- E:\Eigene Dateien\Documents\cc_20100907_160254.reg [2010.09.07 16:02:37 | 000,165,202 | ---- | M] () -- E:\Eigene Dateien\Documents\cc_20100907_160225.reg [2010.09.07 15:51:29 | 000,000,669 | ---- | M] () -- E:\Eigene Dateien\Desktop\CCleaner.lnk [2010.09.07 14:13:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Eigene Dateien\Desktop\OTL.exe [2010.09.07 14:12:15 | 003,427,248 | ---- | M] (Piriform Ltd) -- E:\Eigene Dateien\Desktop\ccsetup235.exe [2010.09.07 13:47:34 | 000,363,520 | ---- | M] () -- E:\Eigene Dateien\Desktop\iExplore.exe [2010.09.07 13:45:44 | 000,363,520 | ---- | M] () -- E:\Eigene Dateien\Desktop\rkill.com [2010.09.07 13:38:05 | 000,000,643 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.07 13:36:40 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- E:\Eigene Dateien\Desktop\mbam-setup.exe [2010.09.07 13:02:01 | 000,000,150 | ---- | M] () -- C:\Windows\SysWow64\3356018.BAT [2010.09.07 13:01:36 | 000,007,488 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg [2010.09.06 16:54:55 | 000,000,498 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Hubsi.job [2010.09.05 15:19:11 | 000,001,629 | ---- | M] () -- E:\Eigene Dateien\Desktop\DivX Movies.lnk [2010.09.05 15:19:06 | 000,000,993 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010.09.04 21:11:00 | 000,000,905 | ---- | M] () -- E:\Eigene Dateien\Desktop\SteamLess Left4Dead2.lnk [2010.09.04 14:28:50 | 000,009,466 | ---- | M] () -- C:\Windows\SysWow64\sound.mod [2010.09.02 16:05:12 | 000,040,960 | ---- | M] () -- C:\Users\Hubsi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.02 12:56:14 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.09.02 12:53:42 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.08.31 20:58:26 | 001,711,142 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.08.31 20:58:26 | 000,715,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.08.31 20:58:26 | 000,683,522 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.08.31 20:58:26 | 000,158,740 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.08.31 20:58:26 | 000,136,982 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.08.30 21:47:13 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NSSx64\0207030.022\isolate.ini [2010.08.30 19:48:40 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.08.30 19:37:25 | 000,001,710 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.08.25 18:24:58 | 000,086,416 | ---- | M] () -- C:\Users\Hubsi\AppData\Local\GDIPFONTCACHEV1.DAT [2010.08.25 18:23:33 | 000,346,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.08.21 17:15:50 | 000,524,288 | -HS- | M] () -- C:\Users\Hubsi\ntuser.dat{3d2c20cc-ad21-11df-96f2-ecdfeb6a9557}.TMContainer00000000000000000002.regtrans-ms [2010.08.21 00:12:56 | 000,524,288 | -HS- | M] () -- C:\Users\Hubsi\ntuser.dat{a2c5f669-7fb3-11df-97a7-a712ea30c652}.TMContainer00000000000000000001.regtrans-ms [2010.08.21 00:12:56 | 000,065,536 | -HS- | M] () -- C:\Users\Hubsi\ntuser.dat{a2c5f669-7fb3-11df-97a7-a712ea30c652}.TM.blf [2010.08.20 23:14:38 | 000,000,680 | ---- | M] () -- C:\Users\Hubsi\AppData\Local\d3d9caps.dat [2010.08.16 22:00:06 | 000,000,253 | ---- | M] () -- C:\Windows\win.ini [2010.08.16 19:29:35 | 001,689,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.08.16 19:24:02 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk [2010.07.07 21:30:08 | 000,002,415 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010.07.05 17:10:00 | 003,854,000 | ---- | M] (Protection Technology) -- C:\Windows\SysNative\drivers\appdrv01.sys [2010.07.05 17:09:59 | 000,551,896 | ---- | M] (Protection Technology) -- C:\Windows\SysNative\appdrvrem01.exe [2010.07.05 15:22:36 | 000,828,912 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2010.06.24 22:53:56 | 000,524,288 | -HS- | M] () -- C:\Users\Hubsi\ntuser.dat{a2c5f669-7fb3-11df-97a7-a712ea30c652}.TMContainer00000000000000000002.regtrans-ms [2010.06.23 23:12:32 | 000,524,288 | -HS- | M] () -- C:\Users\Hubsi\ntuser.dat{1c9b76a1-e0c9-11de-8148-880cc9d72d66}.TMContainer00000000000000000001.regtrans-ms [2010.06.23 23:12:32 | 000,065,536 | -HS- | M] () -- C:\Users\Hubsi\ntuser.dat{1c9b76a1-e0c9-11de-8148-880cc9d72d66}.TM.blf [2010.06.12 21:15:29 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat ========== Files Created - No Company Name ========== [2010.09.07 17:34:24 | 000,182,272 | ---- | C] () -- E:\Eigene Dateien\Desktop\Danke für deine Hilfe.doc [2010.09.07 16:06:09 | 000,339,991 | ---- | C] () -- E:\Eigene Dateien\Desktop\RSIT.exe [2010.09.07 16:03:26 | 000,000,388 | ---- | C] () -- E:\Eigene Dateien\Documents\cc_20100907_160325.reg [2010.09.07 16:02:55 | 000,010,612 | ---- | C] () -- E:\Eigene Dateien\Documents\cc_20100907_160254.reg [2010.09.07 16:02:28 | 000,165,202 | ---- | C] () -- E:\Eigene Dateien\Documents\cc_20100907_160225.reg [2010.09.07 15:51:29 | 000,000,669 | ---- | C] () -- E:\Eigene Dateien\Desktop\CCleaner.lnk [2010.09.07 13:47:33 | 000,363,520 | ---- | C] () -- E:\Eigene Dateien\Desktop\iExplore.exe [2010.09.07 13:45:42 | 000,363,520 | ---- | C] () -- E:\Eigene Dateien\Desktop\rkill.com [2010.09.07 13:38:05 | 000,000,643 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.07 13:02:01 | 000,000,150 | ---- | C] () -- C:\Windows\SysWow64\3356018.BAT [2010.09.05 15:19:06 | 000,000,993 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010.09.04 21:11:00 | 000,000,905 | ---- | C] () -- E:\Eigene Dateien\Desktop\SteamLess Left4Dead2.lnk [2010.09.03 22:27:34 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\jmmpa.dll [2010.09.03 22:27:34 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\jsound.dll [2010.09.03 22:27:34 | 000,282,624 | ---- | C] () -- C:\Windows\SysWow64\jmh261.dll [2010.09.03 22:27:34 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\jmvh263.dll [2010.09.03 22:27:34 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\jmjpeg.dll [2010.09.03 22:27:34 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\jmh263enc.dll [2010.09.03 22:27:34 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\jmg723.dll [2010.09.03 22:27:34 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\jmmpegv.dll [2010.09.03 22:27:34 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\jmutil.dll [2010.09.03 22:27:34 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\jmgsm.dll [2010.09.03 22:27:34 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\jmam.dll [2010.09.03 22:27:34 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\jmcvid.dll [2010.09.03 22:27:34 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\jmacm.dll [2010.09.03 22:27:34 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\jmvfw.dll [2010.09.03 22:27:34 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\jmdaud.dll [2010.09.03 22:27:34 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\jmvcm.dll [2010.09.03 22:27:34 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\jmgdi.dll [2010.09.03 22:27:34 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\jmddraw.dll [2010.09.03 22:27:34 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\jmfjawt.dll [2010.09.03 22:27:34 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\jmmci.dll [2010.09.03 22:27:34 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\jmdaudc.dll [2010.09.02 12:56:14 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.09.02 12:53:42 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.08.30 21:47:16 | 000,000,498 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Hubsi.job [2010.08.30 21:47:13 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0207030.022\isolate.ini [2010.08.30 19:48:40 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.08.30 19:36:52 | 000,001,629 | ---- | C] () -- E:\Eigene Dateien\Desktop\DivX Movies.lnk [2010.08.26 00:21:10 | 000,009,466 | ---- | C] () -- C:\Windows\SysWow64\sound.mod [2010.08.21 14:48:08 | 000,524,288 | -HS- | C] () -- C:\Users\Hubsi\ntuser.dat{3d2c20cc-ad21-11df-96f2-ecdfeb6a9557}.TMContainer00000000000000000002.regtrans-ms [2010.08.21 14:48:08 | 000,524,288 | -HS- | C] () -- C:\Users\Hubsi\ntuser.dat{3d2c20cc-ad21-11df-96f2-ecdfeb6a9557}.TMContainer00000000000000000001.regtrans-ms [2010.08.21 14:48:08 | 000,065,536 | -HS- | C] () -- C:\Users\Hubsi\ntuser.dat{3d2c20cc-ad21-11df-96f2-ecdfeb6a9557}.TM.blf [2010.08.16 19:24:02 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Pro.lnk [2010.07.15 22:44:49 | 000,437,554 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_vcredistMSI4FC8.txt [2010.07.15 22:44:49 | 000,011,662 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_vcredistUI4FC8.txt [2010.07.05 23:38:57 | 000,028,150 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_depcheckdotnetfx30.txt [2010.07.05 23:38:53 | 000,032,214 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_dotnetfx3install.txt [2010.07.05 23:38:53 | 000,000,718 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_dotnetfx3error.txt [2010.06.24 19:13:37 | 000,524,288 | -HS- | C] () -- C:\Users\Hubsi\ntuser.dat{a2c5f669-7fb3-11df-97a7-a712ea30c652}.TMContainer00000000000000000002.regtrans-ms [2010.06.24 19:13:37 | 000,524,288 | -HS- | C] () -- C:\Users\Hubsi\ntuser.dat{a2c5f669-7fb3-11df-97a7-a712ea30c652}.TMContainer00000000000000000001.regtrans-ms [2010.06.24 19:13:37 | 000,065,536 | -HS- | C] () -- C:\Users\Hubsi\ntuser.dat{a2c5f669-7fb3-11df-97a7-a712ea30c652}.TM.blf [2010.06.12 21:15:29 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.06.12 21:12:55 | 000,002,415 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2010.04.04 17:37:20 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2010.04.04 17:37:20 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2010.04.04 17:37:17 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2010.04.04 17:37:17 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.01.13 17:21:25 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll [2009.12.26 16:46:54 | 000,000,317 | ---- | C] () -- C:\Windows\game.ini [2009.12.04 17:38:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Nadeo.ini [2009.11.10 22:02:41 | 000,000,680 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\d3d9caps.dat [2009.10.25 23:26:32 | 000,185,720 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_SqlPubWiz.msi2ABC.txt [2009.10.25 23:26:27 | 000,283,690 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_WinSDK_RefInt_x64_MSI2AAC.txt [2009.10.25 23:26:19 | 000,549,072 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_WinSDK_NetFxTools_x64_MSI2A92.txt [2009.10.25 23:26:11 | 000,440,254 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_WinSDK_Win32Tools_x64_MSI2A77.txt [2009.10.25 23:25:49 | 005,358,706 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_WinSDK_Build_x64_MSI2A30.txt [2009.10.25 23:25:42 | 000,653,358 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_WinSDK_Tools_x64_MSI2A19.txt [2009.10.25 23:25:15 | 002,486,530 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_CrystalReports2007_x64_MSI29C1.txt [2009.10.25 23:24:02 | 004,634,744 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_CrystalReports2007_MSI28D2.txt [2009.10.25 23:23:54 | 001,222,898 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_RDBG_AMD64_MSI28B8.txt [2009.10.25 23:23:25 | 001,711,142 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.10.25 23:21:14 | 000,289,768 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_64bitEmulator_MSI26AE.txt [2009.10.25 23:20:53 | 005,144,150 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_WMSP_5_0_MSI2669.txt [2009.10.25 23:20:18 | 007,059,112 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_WMPPC_5_0_MSI25F7.txt [2009.10.25 23:20:12 | 000,730,446 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_SSCEDeviceRuntime_MSI25E3.txt [2009.10.25 23:20:07 | 000,313,566 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_SQLCEToolsForVS2007_MSI25D3.txt [2009.10.25 23:20:02 | 000,356,686 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_SSCERuntime_MSI25C2.txt [2009.10.25 23:19:37 | 000,843,636 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_VSTOR_MSI2571.txt [2009.10.25 23:19:24 | 001,046,252 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_NETCFSetupv35_MSI2546.txt [2009.10.25 23:19:13 | 001,012,638 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_NETCFSetupv2_MSI2522.txt [2009.10.25 23:10:47 | 050,904,718 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\VSMsiLog1EAE.txt [2009.10.25 23:08:30 | 002,862,508 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_Dexplorer90_retMSI1CEF.txt [2009.10.25 23:08:24 | 000,358,650 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_PreReq_AMD64_MSI1CDB.txt [2009.10.25 23:08:13 | 000,838,352 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_VC_MinRed_MSI1CB7.txt [2009.10.25 23:07:13 | 000,317,613 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_depcheck_VS_PRO_90.txt [2009.10.25 23:07:04 | 000,704,096 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_install_vs_procore_90.txt [2009.10.25 23:07:04 | 000,011,384 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\uxeventlog.txt [2009.10.25 23:07:04 | 000,000,002 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\dd_error_vs_procore_90.txt [2009.10.20 20:46:36 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.10.20 20:45:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.10.05 21:34:16 | 000,000,678 | ---- | C] () -- C:\Windows\ODBC.INI [2009.09.19 23:20:47 | 000,023,888 | ---- | C] () -- C:\Users\Hubsi\AppData\Roaming\UserTile.png [2009.06.29 18:54:06 | 000,040,960 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.06.26 13:54:05 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini [2009.06.26 13:53:33 | 000,030,539 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2009.06.26 13:51:55 | 000,000,732 | ---- | C] () -- C:\Users\Hubsi\AppData\Local\d3d9caps64.dat [2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\dossec.dll [2008.04.22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.04.22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.04.22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.04.22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.04.22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.04.22 17:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008.04.22 17:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.04.22 17:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.04.22 17:03:14 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2007.12.28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI ========== LOP Check ========== [2009.07.01 20:02:56 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Atari [2010.08.26 01:16:09 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\BitTorrent [2009.12.06 14:42:41 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\DAEMON Tools Lite [2010.02.13 18:14:00 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\DAEMON Tools Pro [2010.07.06 17:02:54 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Dev-Cpp [2010.03.08 19:00:09 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\FileZilla [2010.01.25 21:30:57 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\GetRightToGo [2009.07.07 20:14:06 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Leadertech [2009.10.18 15:53:57 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\lyx16 [2010.04.07 19:26:41 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien [2009.09.19 23:20:47 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\PeerNetworking [2009.10.03 18:34:16 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Petroglyph [2010.07.22 21:34:05 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Pro Cycling Manager 2010 [2010.01.06 15:34:51 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\ProtectDisc [2010.02.14 19:40:03 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\TeamViewer [2010.08.24 19:42:09 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\temp [2010.08.25 21:27:01 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\The Creative Assembly [2010.06.22 21:44:27 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Ubisoft [2010.01.31 13:18:03 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\uTorrent [2010.09.07 20:27:01 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.09.07 18:36:11 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4C930AB4-14B1-4E60-A93F-1FEE84B26496}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.06.26 14:10:44 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Adobe [2010.05.11 13:34:29 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Apple Computer [2009.07.01 20:02:56 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Atari [2009.06.27 12:56:22 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\ATI [2010.08.26 01:16:09 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\BitTorrent [2009.12.06 14:42:41 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\DAEMON Tools Lite [2010.02.13 18:14:00 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\DAEMON Tools Pro [2010.07.06 17:02:54 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Dev-Cpp [2010.08.07 13:04:43 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\DivX [2009.12.13 21:53:16 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\dvdcss [2010.03.08 19:00:09 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\FileZilla [2010.01.25 21:30:57 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\GetRightToGo [2009.06.26 13:52:10 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Identities [2010.02.20 21:22:55 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\InstallShield [2009.07.07 20:14:06 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Leadertech [2009.10.18 15:53:57 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\lyx16 [2009.06.26 14:04:16 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Macromedia [2010.09.07 13:38:10 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Malwarebytes [2006.11.02 17:07:25 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Media Center Programs [2010.04.07 19:26:41 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien [2010.09.01 15:25:07 | 000,000,000 | --SD | M] -- C:\Users\Hubsi\AppData\Roaming\Microsoft [2010.04.14 22:30:28 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Move Networks [2009.10.05 21:40:35 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Mozilla [2009.09.19 23:20:47 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\PeerNetworking [2009.10.03 18:34:16 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Petroglyph [2010.07.22 21:34:05 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Pro Cycling Manager 2010 [2010.01.06 15:34:51 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\ProtectDisc [2009.07.07 20:18:55 | 000,000,000 | RH-D | M] -- C:\Users\Hubsi\AppData\Roaming\SecuROM [2010.09.07 17:38:09 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Skype [2010.08.01 20:22:08 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\skypePM [2010.02.14 19:40:03 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\TeamViewer [2010.08.24 19:42:09 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\temp [2010.08.25 21:27:01 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\The Creative Assembly [2010.06.22 21:44:27 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\Ubisoft [2010.01.31 13:18:03 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\uTorrent [2010.09.03 21:31:31 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\vlc [2009.06.26 14:16:14 | 000,000,000 | ---D | M] -- C:\Users\Hubsi\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2009.06.27 12:50:42 | 000,010,134 | R--- | M] () -- C:\Users\Hubsi\AppData\Roaming\Microsoft\Installer\{4411E4C3-C60F-B094-0E1F-C6E73311A9EA}\ARPPRODUCTICON.exe [2009.07.20 00:46:05 | 000,010,134 | R--- | M] () -- C:\Users\Hubsi\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2010.04.14 22:30:28 | 000,144,053 | ---- | M] () -- C:\Users\Hubsi\AppData\Roaming\Move Networks\uninstall.exe [2010.02.11 21:31:38 | 000,097,216 | ---- | M] () -- C:\Users\Hubsi\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < MD5 for: ATAPI.SYS > [2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.01.21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll < MD5 for: NVSTOR.SYS > [2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008.01.21 04:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll [2008.01.21 04:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll [2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll [2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll [2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll [2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe [2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe [2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
08.09.2010, 12:12
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Antimalware Doctor Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ --> Welcher Virenscanner? --> Programme richtig installieren --> Backup mit DriveSnapshot --> Das TB unterstützen |
|
09.09.2010, 22:56
| #12 |
| | Antimalware Doctor hi hier die Ausgabe AntiMalware: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4580
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943
09.09.2010 14:42:33
mbam-log-2010-09-09 (14-42-33).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 586500
Laufzeit: 1 Stunde(n), 20 Minute(n), 15 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
das sicherheitscenter lässt sih nicht starten und seit dem Mailware Doctor stürzt der Explorer öfters ab und startet dann gleich wieder neu. lg |
|
Textbox.
.
