Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 21.12.2010, 17:48   #1
Robin1995
 
Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie? - Ausrufezeichen

Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie?



Hallo Community.
Meine Frage ist, wie man einen Xwovia.exe, Xtz.exe, Xty.exe Virus entfernt ?

Ich habe mich die ganze Zeit gefragt, warum mein Laptop langsamer wurde & schaute im Task-Manager nach den Prozessen nach & dort waren Xwovia.exe, Xtz.exe, Xty.exe offen.

Beispiel:
Dazu öffnete sich die ganze Zeit der Internet Explorer mit irgendwelchen
Seiten z.B. hxxp://ad.103092804.com die ich nicht kannte, sowie wenn ich zB ein Spiel startete hat es sich selbst minimiert ?!

BITTE HELFT MIR!!!
Miniaturansicht angehängter Grafiken
Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie?-taskmanager.jpg  

Alt 21.12.2010, 18:15   #2
Robin1995
 
Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie? - Ausrufezeichen

Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie?



Hier ein Bild des Scans...
Miniaturansicht angehängter Grafiken
Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie?-malwarebytes.jpg  
__________________


Alt 21.12.2010, 18:16   #3
markusg
/// Malware-holic
 
Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie? - Standard

Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie?



Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten.
__________________
__________________

Alt 21.12.2010, 18:47   #4
Robin1995
 
Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie? - Standard

Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie?



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.12.2010 18:22:31 - Run 1
OTL by OldTimer - Version 3.2.18.0     Folder = C:\Users\Meier\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 41,25 Gb Free Space | 37,01% Space Free | Partition Type: NTFS
Drive D: | 107,90 Gb Total Space | 103,22 Gb Free Space | 95,67% Space Free | Partition Type: NTFS
 
Computer Name: MEIER-PC | User Name: Meier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Meier\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Meier\AppData\Local\Temp\Xtz.exe ()
PRC - C:\Users\Meier\AppData\Local\Temp\Xty.exe ()
PRC - C:\Windows\Xwovia.exe ()
PRC - C:\Users\Meier\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\System32\mmrtkrnl.exe (AlcaTech)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Windows\System32\svchospt.exe (FK2)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Users\Meier\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
PRC - C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe ()
PRC - C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
PRC - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
PRC - C:\Program Files\Common Files\SPBA\upeksvr.exe (UPEK Inc.)
PRC - C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
PRC - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\ACER\Mobility Center\MobilityService.exe ()
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files\Acer\Acer VCM\acp2HID.exe (Acer Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Meier\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe File not found
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (GoogleDesktopManager-080708-050100) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (IGBASVC) -- C:\Program Files\Acer\Acer Bio Protection\BASVC.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (NTIBackupSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (NTISchedulerSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (RS_Service) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86) -- C:\Windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (AlfaFF) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (UMPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NTIPPKernel) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys ()
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (APL531) -- C:\Windows\System32\drivers\ov550i.sys (Omnivision Technologies, Inc.)
DRV - (DCamUSBEMPIA) -- C:\Windows\System32\drivers\emDevice.sys (eMPIA Technology, Inc.)
DRV - (emAudio) -- C:\Windows\System32\drivers\emAudio.sys (Pinnacle Systems, Inc.)
DRV - (FiltUSBEMPIA) -- C:\Windows\System32\drivers\emFilter.sys (eMPIA Technology, Inc.)
DRV - (ScanUSBEMPIA) -- C:\Windows\System32\drivers\emScan.sys (eMPIA Technology, Inc.)
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {7b5c21e5-5882-4bc8-acce-42dd9c3c4951} - C:\Program Files\thehandiicap\tbtheh.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar
IE - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 0E E1 42 6D F6 CA 01  [binary data]
IE - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar
IE - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
IE - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000\..\URLSearchHook: {7b5c21e5-5882-4bc8-acce-42dd9c3c4951} - C:\Program Files\thehandiicap\tbtheh.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009.12.22 10:14:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.16 10:32:42 | 000,000,000 | ---D | M]
 
[2010.06.04 08:17:39 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\mozilla\Extensions
[2010.06.10 19:03:09 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\f8of02q7.default\extensions
[2010.06.10 19:02:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\f8of02q7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.10 19:02:55 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\f8of02q7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.09.02 18:09:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.09.02 18:09:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (thehandiicap Toolbar) - {7b5c21e5-5882-4bc8-acce-42dd9c3c4951} - C:\Program Files\thehandiicap\tbtheh.dll (Conduit Ltd.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (thehandiicap Toolbar) - {7b5c21e5-5882-4bc8-acce-42dd9c3c4951} - C:\Program Files\thehandiicap\tbtheh.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000\..\Toolbar\WebBrowser: (thehandiicap Toolbar) - {7B5C21E5-5882-4BC8-ACCE-42DD9C3C4951} - C:\Program Files\thehandiicap\tbtheh.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe File not found
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [Realtime Audio Engine] C:\Windows\System32\mmrtkrnl.exe (AlcaTech)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [svchospt] C:\Windows\System32\svchospt.exe (FK2)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe File not found
O4 - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000..\Run: [iowcy] c:\users\meier\appdata\local\iowcy.exe File not found
O4 - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000..\Run: [JP595IR86O] C:\Users\Meier\AppData\Local\Temp\Xty.exe ()
O4 - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000..\Run: [NtWqIVLZEWZU] C:\Users\Meier\AppData\Local\Temp\Xtz.exe ()
O4 - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -Mozilla\5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit\532.0 (KHTML, like Gecko) Chrome\3.0.195.33 Safari\532.0 - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000\..Trusted Ranges: GD ([http] in Computer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O20 - Winlogon\Notify\spba: DllName - C:\Program Files\Common Files\SPBA\homefus2.dll - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Meier\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Meier\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - Unable to read "AutoRun" value or value not present!
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{02965b60-a353-11dd-982e-001e68dc4470}\Shell\AutoRun\command - "" = G:\Menu.exe -- File not found
O33 - MountPoints2\{09b223d9-a0cf-11df-a7c7-001e68dc4470}\Shell\AutoRun\command - "" = E:\PStart.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
MsConfig - State: "bootini" - 0
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.I420 - C:\Windows\System32\emYUV.dll (Microsoft Corporation)
Drivers32: VIDC.TMB0 - C:\Windows\System32\tmbvcm32.dll ()
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.21 17:36:58 | 000,000,000 | ---D | C] -- C:\Users\Meier\AppData\Roaming\Malwarebytes
[2010.12.21 17:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.21 16:10:37 | 000,000,000 | ---D | C] -- C:\Users\Meier\Application Data
[2010.12.21 07:25:27 | 000,585,728 | ---- | C] (Progressive Networks) -- C:\Windows\System32\update.exe
[2010.12.19 23:13:16 | 000,000,000 | ---D | C] -- C:\Fraps
[2010.12.18 14:48:02 | 000,000,000 | ---D | C] -- C:\Users\Meier\AppData\Local\PunkBuster
[2010.12.18 14:47:03 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010.12.18 14:47:03 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2010.12.18 14:47:03 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2010.12.18 14:47:03 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2010.12.18 14:47:03 | 000,018,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_2.dll
[2010.12.18 14:47:02 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2010.12.18 14:47:02 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2010.12.18 14:47:02 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2010.12.18 14:47:02 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2010.12.18 14:47:02 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2010.12.18 14:47:01 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2010.12.18 14:47:01 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2010.12.18 14:47:01 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2010.12.18 14:47:00 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2010.12.18 14:47:00 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2010.12.18 14:47:00 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2010.12.18 14:46:59 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2010.12.18 14:46:59 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2010.12.18 14:46:59 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2010.12.18 14:46:59 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2010.12.18 14:46:59 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2010.12.18 14:46:55 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010.12.18 14:46:55 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2010.12.18 14:46:55 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2010.12.18 14:46:54 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2010.12.18 14:46:54 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2010.12.18 14:46:54 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2010.12.18 14:46:53 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2010.12.18 14:46:53 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2010.12.18 14:46:53 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2010.12.18 14:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2010.12.18 14:29:20 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010.12.15 09:51:56 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.15 09:51:54 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.15 09:51:54 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.15 09:51:54 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.15 09:51:50 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.15 09:51:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.15 09:51:16 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.15 09:51:15 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.12.15 09:51:15 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.15 09:51:15 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.12.15 09:51:15 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.12.15 09:51:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.12.15 09:51:14 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.12.15 09:51:14 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.15 09:51:14 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.15 09:51:14 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.12.15 09:51:14 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.12.15 09:51:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.12.15 09:51:14 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.12.15 09:51:14 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.12.15 09:51:14 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.12.15 09:51:14 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.12.15 09:51:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.12.15 09:51:12 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.15 09:51:12 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.15 09:51:12 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.14 12:52:34 | 000,000,000 | ---D | C] -- C:\Users\Meier\AppData\Roaming\NCH Swift Sound
[2010.12.09 14:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Motion
[2010.12.09 14:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\Sonic Foundry
[2010.12.09 14:32:55 | 000,000,000 | ---D | C] -- C:\Program Files\DebugMode
[2010.12.07 12:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2010.12.07 12:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2010.12.07 12:50:39 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2010.12.07 12:50:36 | 000,000,000 | ---D | C] -- C:\Users\Meier\AppData\Roaming\NCH Software
[2010.12.02 09:25:22 | 000,086,016 | ---- | C] (Beepa P/L) -- C:\Windows\System32\frapsvid.dll
[2010.12.02 04:35:18 | 004,280,320 | ---- | C] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2010.11.24 22:49:08 | 000,000,000 | ---D | C] -- C:\Users\Meier\AppData\Roaming\MPEG Streamclip
[2010.11.23 20:39:48 | 000,000,000 | ---D | C] -- C:\Users\Meier\AppData\Roaming\Sony Creative Software Inc
[2008.07.22 09:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.21 18:23:03 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.12.21 18:14:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2701837219-3951438826-2144693103-1000UA.job
[2010.12.21 18:13:08 | 000,177,080 | ---- | M] () -- C:\Users\Meier\Desktop\Malwarebytes.jpg
[2010.12.21 18:13:06 | 000,000,246 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.12.21 18:09:09 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010.12.21 17:45:40 | 000,187,707 | ---- | M] () -- C:\Users\Meier\Desktop\taskmanager.jpg
[2010.12.21 17:34:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.21 17:30:26 | 000,002,299 | ---- | M] () -- C:\Users\Meier\AppData\Roaming\acervcmtmp.ini
[2010.12.21 17:29:37 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.12.21 17:28:38 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.21 17:28:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.21 17:28:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.21 17:27:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.21 17:27:40 | 3215,847,424 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.21 17:19:45 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.12.21 16:16:39 | 000,138,160 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.12.21 16:16:30 | 000,271,200 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.12.21 16:14:26 | 000,103,736 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2010.12.21 14:41:54 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CB118B15-74A1-4FAC-8792-2F568DC0C03E}.job
[2010.12.21 14:00:45 | 000,000,422 | ---- | M] () -- C:\Windows\wininit.ini
[2010.12.21 14:00:30 | 000,002,339 | ---- | M] () -- C:\Users\Meier\Desktop\Skype.lnk
[2010.12.21 09:14:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2701837219-3951438826-2144693103-1000Core.job
[2010.12.21 08:59:29 | 069,151,557 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010.12.21 07:25:34 | 000,585,728 | ---- | M] (Progressive Networks) -- C:\Windows\System32\update.exe
[2010.12.20 20:11:20 | 000,000,783 | ---- | M] () -- C:\Windows\NTIWVEDT.INI
[2010.12.20 19:59:41 | 000,007,592 | ---- | M] () -- C:\Users\Meier\AppData\Local\d3d9caps.dat
[2010.12.20 12:25:54 | 000,199,680 | ---- | M] () -- C:\Windows\Xwovia.exe
[2010.12.19 22:50:10 | 000,218,112 | ---- | M] () -- C:\Users\Meier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.19 18:21:36 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2010.12.18 14:46:12 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) - Mehrspieler.lnk
[2010.12.18 14:45:50 | 000,022,328 | ---- | M] () -- C:\Users\Meier\AppData\Roaming\PnkBstrK.sys
[2010.12.18 14:45:23 | 000,000,319 | ---- | M] () -- C:\Windows\game.ini
[2010.12.17 06:36:27 | 000,319,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.14 10:32:55 | 424,123,544 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.12.09 14:47:05 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMP3.dll
[2010.12.02 09:25:22 | 000,086,016 | ---- | M] (Beepa P/L) -- C:\Windows\System32\frapsvid.dll
[2010.12.02 04:35:18 | 004,280,320 | ---- | M] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
 
========== Files Created - No Company Name ==========
 
[2010.12.21 18:13:08 | 000,177,080 | ---- | C] () -- C:\Users\Meier\Desktop\Malwarebytes.jpg
[2010.12.21 17:45:40 | 000,187,707 | ---- | C] () -- C:\Users\Meier\Desktop\taskmanager.jpg
[2010.12.20 20:28:51 | 3215,847,424 | -HS- | C] () -- C:\hiberfil.sys
[2010.12.20 19:58:23 | 000,000,627 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
[2010.12.20 12:26:10 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010.12.20 12:26:09 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.12.20 12:26:02 | 000,199,680 | ---- | C] () -- C:\Windows\Xwovia.exe
[2010.12.20 12:25:58 | 000,000,246 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.12.18 18:40:01 | 000,271,200 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.12.18 14:46:12 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) - Mehrspieler.lnk
[2010.12.18 14:45:51 | 000,138,160 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.12.18 14:45:50 | 000,022,328 | ---- | C] () -- C:\Users\Meier\AppData\Roaming\PnkBstrK.sys
[2010.12.18 14:45:32 | 000,271,200 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.12.18 14:45:32 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.ex0
[2010.12.18 14:45:30 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.12.18 14:45:23 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010.11.02 20:19:50 | 000,004,900 | ---- | C] () -- C:\ProgramData\hvcatrnw.tht
[2010.11.01 13:24:46 | 000,069,632 | ---- | C] () -- C:\Windows\System32\tmbvcm32.dll
[2010.10.17 22:36:46 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.09.28 13:15:56 | 000,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL
[2010.09.28 13:15:56 | 000,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL
[2010.09.28 13:15:56 | 000,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL
[2010.09.28 13:15:56 | 000,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL
[2010.09.28 13:15:56 | 000,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL
[2010.08.05 21:43:34 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.07.22 22:02:05 | 000,124,416 | ---- | C] () -- C:\Windows\System32\dXCtrls.dll
[2010.07.22 22:02:04 | 000,544,256 | ---- | C] () -- C:\Windows\System32\janGraphics.dll
[2010.06.03 13:02:31 | 000,000,422 | ---- | C] () -- C:\Windows\wininit.ini
[2010.06.01 15:44:44 | 000,001,476 | ---- | C] () -- C:\Users\Meier\AppData\Local\RecConfig.xml
[2010.03.17 16:33:57 | 000,002,299 | ---- | C] () -- C:\Users\Meier\AppData\Roaming\acervcmtmp.ini
[2010.02.03 15:11:50 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.02.03 15:11:50 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.11.18 21:04:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.01 16:07:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.01.20 20:48:07 | 000,277,318 | ---- | C] () -- C:\Users\Meier\AppData\Local\iowcy_nav.dat
[2008.11.29 11:59:30 | 000,218,112 | ---- | C] () -- C:\Users\Meier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.20 22:05:01 | 000,000,088 | ---- | C] () -- C:\Users\Meier\AppData\Local\qcdmwa.bat
[2008.11.16 12:28:24 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2008.11.08 17:20:00 | 000,000,000 | ---- | C] () -- C:\Users\Meier\AppData\Roaming\wklnhst.dat
[2008.10.23 15:43:50 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
[2008.10.12 19:28:59 | 000,007,592 | ---- | C] () -- C:\Users\Meier\AppData\Local\d3d9caps.dat
[2008.10.12 13:07:37 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.10.12 13:07:34 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.09.22 14:12:39 | 000,006,054 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2008.09.22 14:11:38 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2008.09.22 13:54:54 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008.09.22 13:54:54 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008.07.30 11:19:21 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.07.30 03:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.07.30 03:13:17 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.07.30 02:47:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008.07.30 02:42:04 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.07.30 02:25:14 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.01.26 07:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.04.06 16:27:14 | 000,237,568 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2005.04.06 16:24:40 | 001,216,512 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2008.07.30 03:10:28 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2008.07.30 03:10:28 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2008.07.30 03:10:28 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Acer GameZone Console
[2008.07.30 03:10:28 | 000,000,000 | ---D | M] -- C:\Users\Mcx1\AppData\Roaming\Acer GameZone Console
[2008.10.09 18:13:54 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Acer
[2008.07.30 03:10:28 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Acer GameZone Console
[2010.03.09 15:16:34 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\AlcaTech
[2010.05.01 13:15:56 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Azureus
[2010.10.14 19:32:14 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Blender Foundation
[2010.09.24 22:05:20 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Datel
[2010.10.06 10:41:18 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Dropbox
[2010.05.07 18:38:51 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.02 11:13:04 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\elsterformular
[2010.08.22 10:09:30 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\GameTuts
[2010.05.01 15:53:23 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\GetRightToGo
[2010.12.11 19:31:23 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\gtk-2.0
[2010.12.21 16:14:08 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\ICQ
[2010.12.21 14:00:18 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\kikin
[2010.08.23 14:28:47 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Mael
[2010.11.02 20:20:25 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\MOVAVI
[2010.11.24 22:49:08 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\MPEG Streamclip
[2010.12.14 12:52:34 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\NCH Swift Sound
[2009.04.10 00:14:22 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Nvu
[2009.10.26 17:46:53 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Opera
[2010.02.03 15:18:57 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\PC Suite
[2010.10.02 17:28:10 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Publish Providers
[2010.02.03 15:11:34 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Samsung
[2009.04.06 19:17:29 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Screaming Bee
[2010.12.11 00:01:22 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Sony
[2010.11.23 20:39:48 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Sony Creative Software Inc
[2010.10.01 14:09:00 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\SWiSH Max3 DEU
[2010.11.04 11:18:46 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Sytexis Software
[2010.11.23 20:08:34 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\TeamViewer
[2010.12.21 14:27:43 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.21 14:41:54 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CB118B15-74A1-4FAC-8792-2F568DC0C03E}.job
[2010.12.21 18:23:03 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.12.21 18:13:06 | 000,000,246 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.12.21 18:09:09 | 000,000,286 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.10.09 18:13:54 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Acer
[2008.07.30 03:10:28 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Acer GameZone Console
[2008.10.30 19:56:25 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Adobe
[2010.03.09 15:16:34 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\AlcaTech
[2010.05.11 10:41:34 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\ArcSoft
[2010.11.04 17:05:07 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\AVS4YOU
[2010.05.01 13:15:56 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Azureus
[2010.10.14 19:32:14 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Blender Foundation
[2008.10.12 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\CyberLink
[2010.09.24 22:05:20 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Datel
[2009.09.18 16:16:15 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\DivX
[2010.10.06 10:41:18 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Dropbox
[2010.05.07 18:38:51 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.02 11:13:04 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\elsterformular
[2010.08.22 10:09:30 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\GameTuts
[2010.05.01 15:53:23 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\GetRightToGo
[2008.10.09 18:47:34 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Google
[2010.12.11 19:31:23 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\gtk-2.0
[2010.12.21 16:14:08 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\ICQ
[2008.10.09 12:27:30 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Identities
[2010.09.28 13:11:06 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\InstallShield
[2009.10.26 12:56:59 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Intel
[2010.12.21 14:00:18 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\kikin
[2008.10.09 12:28:07 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Macromedia
[2010.08.23 14:28:47 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Mael
[2010.12.21 17:36:58 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Media Center Programs
[2010.12.20 23:38:18 | 000,000,000 | --SD | M] -- C:\Users\Meier\AppData\Roaming\Microsoft
[2010.11.02 20:20:25 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\MOVAVI
[2010.06.04 08:17:39 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Mozilla
[2010.11.24 22:49:08 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\MPEG Streamclip
[2010.12.07 13:00:45 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\NCH Software
[2010.12.14 12:52:34 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\NCH Swift Sound
[2009.04.10 00:14:22 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Nvu
[2009.10.26 17:46:53 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Opera
[2010.02.03 15:18:57 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\PC Suite
[2010.10.02 17:28:10 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Publish Providers
[2009.02.07 14:30:48 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Real
[2010.02.03 15:11:34 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Samsung
[2009.04.06 19:17:29 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Screaming Bee
[2010.12.21 14:14:38 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Skype
[2010.12.21 12:05:43 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\skypePM
[2010.12.11 00:01:22 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Sony
[2010.11.23 20:39:48 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Sony Creative Software Inc
[2010.10.01 14:09:00 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\SWiSH Max3 DEU
[2010.11.04 11:18:46 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\Sytexis Software
[2009.03.13 14:19:27 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\teamspeak2
[2010.11.23 20:08:34 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\TeamViewer
[2010.08.22 10:09:01 | 000,000,000 | ---D | M] -- C:\Users\Meier\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.10.17 13:52:28 | 000,752,688 | ---- | M] () -- C:\Users\Meier\AppData\Roaming\kikin\kikin_updater_2.4.15.exe
[2010.12.21 14:00:41 | 001,166,568 | ---- | M] () -- C:\Users\Meier\AppData\Roaming\kikin\kikin_updater_2.9.1.exe
[2008.02.13 08:07:36 | 000,393,216 | ---- | M] () -- C:\Users\Meier\AppData\Roaming\NCH Software\Components\aacenc3\aacenc3.exe
[2007.11.27 08:41:32 | 000,405,504 | ---- | M] () -- C:\Users\Meier\AppData\Roaming\NCH Software\Components\mp3el2\lame.exe
[2010.02.03 15:13:34 | 000,069,632 | ---- | M] () -- C:\Users\Meier\AppData\Roaming\Samsung\New PC Studio\DriverChecker.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 21:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\Cyberlink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2010.11.04 12:21:38 | 000,004,608 | ---- | M] () MD5=EED7A4D972BB2F0F38E24159F67A08A4 -- C:\Users\Meier\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v7AC6EAFE\Native\STUBEXE\@WINDIR@\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2008.07.20 10:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\ACER\Preload\Autorun\DRV\Intel Robson RBSMDL2G\Winall\Driver\IaStor.sys
[2008.07.20 10:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.07.20 16:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\drivers\iaStor.sys
[2008.07.20 10:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7b6e77f6\iaStor.sys
[2008.04.20 17:29:38 | 000,317,464 | ---- | M] (Intel Corporation) MD5=9F1220113A3A7F4F08042C699324D073 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_18bd4575\iaStor.sys
[2008.07.20 10:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\ACER\Preload\Autorun\DRV\Intel Robson RBSMDL2G\Winall\Driver64\IaStor.sys
[2008.07.20 10:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2003.02.07 01:02:00 | 000,424,448 | ---- | M] ( Developer Express Inc.) Unable to obtain MD5 -- C:\Windows\System32\dXTList.dll
[2009.04.11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:8173A019

< End of report >
         
--- --- ---

Alt 21.12.2010, 18:48   #5
Robin1995
 
Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie? - Standard

Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie?



Zu oft gepostet. Sorry!


Geändert von Robin1995 (21.12.2010 um 18:54 Uhr) Grund: Viel zu oft gepostet!

Alt 21.12.2010, 18:49   #6
Robin1995
 
Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie? - Ausrufezeichen

Extras.Txt



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 21.12.2010 18:22:31 - Run 1
OTL by OldTimer - Version 3.2.18.0     Folder = C:\Users\Meier\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 41,25 Gb Free Space | 37,01% Space Free | Partition Type: NTFS
Drive D: | 107,90 Gb Total Space | 103,22 Gb Free Space | 95,67% Space Free | Partition Type: NTFS
 
Computer Name: MEIER-PC | User Name: Meier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2701837219-3951438826-2144693103-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Meier\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{060C71D0-CE20-427F-8236-51243B9C3C5D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0FD1135E-C94A-4DE2-831F-4919CC028717}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{1553F0CD-FB8C-48EF-9A37-3E09F73652AE}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2738C22A-2A16-438E-A2F6-4F32A358E18A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{27DE857B-0E67-4046-B357-52E0060502D7}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{2C6F80C0-9C59-49DE-9390-8F78FB3A2B8D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{364E3E6E-F0C7-4ABB-ADD0-653FC5EFBB35}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{38248AC1-3DE8-44CB-A8CF-67D4A4B43B68}" = rport=138 | protocol=17 | dir=out | app=system | 
"{44F857E6-8C71-4301-B9EE-6C07CC1714D9}" = lport=137 | protocol=17 | dir=in | app=system | 
"{531678EB-708F-4E7E-AB69-66DE15E1CB49}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{59A5E22E-070A-4806-AEC9-49C47309251C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5FBE7932-EBA7-4835-9CE2-B21AB3A93F11}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{610C09A1-E750-4330-AE68-FFF9E3682F62}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{67EBE346-4EA1-4746-BCB8-6E273569D794}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{68C6F3C4-B5AD-4CD9-B458-81C02267B2BC}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{6985091F-40F3-4EE6-9DA1-388799C69F2A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6FDB9F78-5E33-4034-BCD3-9FCEC3F95753}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7227C76A-1771-469E-94F0-3D37B39A96F8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{75050B04-1940-4D33-90AC-D69E60BB9EEF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{80431A09-97A7-41F1-B6DF-3B9A2E6AF35F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{876C0874-6339-47D8-9E46-71C5143FC14C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8DBEA511-6EB0-4BBC-9E05-89C79E4B7180}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8EED48AB-6305-4FF5-9006-668C1C8E1B32}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A0612ECF-159F-4DF4-8AA4-91E895D96F40}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A6CA58BD-9C7D-425F-B9D2-C5A0648EDAD2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A845F42C-0A95-45BB-B251-0D30FBCE6565}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B5B10385-11DC-4AC8-BAAE-2BA666CACB99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B6A59E0F-CA9C-43DD-B855-63C410612716}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CAD810B7-BC82-4611-AB5E-A98E590CE409}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{CE1F1B85-7A53-4658-B39A-069AD611C03A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D0CCA3A1-8CAE-4D00-9FB9-8F0D7B5FD0CF}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{DBCC5FF2-FE1F-4B2B-B8CF-F78E4A204D4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DCE1460B-ED75-4BB6-A009-319BFEA81BD3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{DE92A5C0-7B01-4C8F-B7DE-207CF59F28AB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E6B35F1F-BB97-4657-88B6-912BFBE67074}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E91C7A6F-48C7-4ADA-8311-08283DE466B4}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{EC936008-DEA6-4D1D-B42C-FD49350D4182}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{ED15D999-FA5C-49BC-968A-3CD4C912AD4A}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{ED58429B-6521-4089-8D8A-75B55D9B17FC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F08CED98-07BF-48C2-BBC1-C894E3F3374D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F2418B7B-D4B5-47E5-995B-64D28FF3C03B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FC7D992C-C040-4050-9767-796B3A842C29}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033F13A4-9553-4758-9DE9-598D32971384}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{05F7BC6E-14F4-40F5-A451-BEF43ADA7A95}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{0759962A-4305-454D-87C5-4F6742FE7CCF}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{07A2CB76-91BA-4846-8013-B426F4E0899C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{18399885-71ED-47A6-8743-C999FAD315F9}" = protocol=6 | dir=in | app=c:\users\meier\appdata\roaming\dropbox\bin\dropbox.exe | 
"{19B65C77-B04F-4FA6-AE31-BFBECD3D844E}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{1CC16BBA-1779-4BF3-B3AB-A73217D2F3A9}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"{1D1D925C-DEB6-4B4A-900D-3B62FAC207BE}" = protocol=17 | dir=in | app=c:\program files\vogel verlag\fahren lernen\vogel.fahrenlernenmax.exe | 
"{2BBC3EB7-EE27-4F0E-8566-4A5F16A65A66}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{2C903089-F57F-4886-B64D-A6F27445EA97}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{35256D80-2314-431E-83BB-7A6684520C56}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3673E242-38DB-415C-81CD-F767E62534FE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{36799A24-5DCD-492A-938B-4ECA6852700E}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{384D1E62-B624-449B-A0C3-DAA47AD96C1E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{38569785-821F-44C5-88AC-034023866014}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe | 
"{39F76AB8-C1FA-42A8-AE36-B2EE2FC410EB}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{3CAD725D-7027-44BF-8646-E81EEF1D80DE}" = protocol=6 | dir=in | app=c:\program files\vogel verlag\fahren lernen\vogel.fahrenlernenmax.exe | 
"{3D534A3C-B230-46D3-B457-357A31EAF7C2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{406BD8CA-247B-4A58-957C-47E17556DEA9}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe | 
"{41C7A069-4BB6-4057-A1E5-322493548646}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{448C8B2F-4F43-42C5-A85C-6C17DDEA0E53}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{44BC3AD0-4DA0-4010-A0AE-4DBDA74B08A6}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{4AE31A94-74FC-43F2-A5B1-4BC985849AF4}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{564A72E0-10FE-412C-A492-E3F492145988}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{5D20293E-A87C-42F3-A461-AE95604910EE}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{612E1D7D-084D-4A90-B90D-781060D4B6CE}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{653A222F-9547-4562-81CC-22F6A8285984}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{691D3A83-FB4F-4435-AC6C-5BA2647823AD}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{71C7EB0C-485F-4CAD-ADB3-48DE9531755A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{7BD65B90-A3F1-4D8C-9E90-4999B8EBA804}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{80B9C663-7EBA-43D7-818C-391354B609BF}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{83205AD7-24D3-44E2-9739-03E8411025BB}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{875BAB91-B68C-46CC-B62C-265D3AC2C6D9}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{87E6207B-5D94-47C3-BC5A-4DA0519A9C92}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{882B6BAD-3EAA-4527-9C9B-5724A2F223AC}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{8F16A8EE-5EE4-44AE-9C55-8089ABCE3BC3}" = protocol=17 | dir=in | app=c:\program files\vogel verlag\fahren lernen\vogel.fahrenlernenmax.exe | 
"{916E7258-B216-4325-BDFB-8D0B0E40F918}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{93077698-C3D4-46A9-AA43-4EABAAF191F1}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{970E2153-184F-482B-9B86-B46EAE130CBB}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{988C4913-E5D7-49D1-B711-A11B75EBC3F9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{98F29545-B24E-4719-BB61-72777B2814C8}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{A17ADB0C-EE84-4084-9A17-380929E4C994}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{A49129BC-E11E-4B64-B888-E9E9ECEA00A6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{A938086C-3639-48AF-BEC9-8D4959B01D9B}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{AF2406A0-B621-4F5A-B52B-44C7C32EE929}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{B3D45A7D-8AD2-4E2C-8D15-B27610520A8F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{BEEEEE1F-50B1-48DF-B05F-7ACE0E6D17B3}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{BEF83065-98E2-492A-9DFC-54858ABCF613}" = protocol=6 | dir=in | app=c:\program files\vogel verlag\fahren lernen\vogel.fahrenlernenmax.exe | 
"{C6E9B91D-5C63-4637-A40B-36BBE8960B43}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{C70237DB-55FC-4DD0-8FF2-171D06CC9EEA}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{D1FBF790-ECB7-4C3E-8277-0084EC74D0AC}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{D688EDD4-9FC9-4FC7-A9EA-BFE493CD796C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{D9277855-0A29-4403-87C3-88B0F208C0D7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{DAEFA468-39BB-4B10-B13A-16905D7217D5}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{DAF5DC56-FBCA-4B04-8636-53F0BE0F9015}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{E20DF9B6-F50E-4C30-8A82-10B89E9FA9A4}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{E89D2C96-2BC3-44A1-B7A0-A9C9F2342B20}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | 
"{EDEEC82B-FD5E-4988-B802-13D08B43B24C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EF763527-270D-443B-A7FB-45CFD877172A}" = protocol=17 | dir=in | app=c:\users\meier\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F379E883-67C7-49F2-8958-99E77B830FD4}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{F97AEDBB-0278-412F-83E1-A00620B72602}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{FAD269BE-48DB-4344-864A-3778E5DF94E5}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{FCAA20DE-4473-4FFC-8052-50E9A2EA1F74}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{02FCF3C6-0068-4D9B-A42B-582446088CC8}C:\world of warcraft\wow-2.4.2.8278-to-2.4.3.8606-dede-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-2.4.2.8278-to-2.4.3.8606-dede-downloader.exe | 
"TCP Query User{22E1A2C7-7716-493D-99A3-339005CADCC8}C:\users\meier\appdata\local\microsoft\windows\temporary internet files\content.ie5\jswwl4ne\sro_l4_full_client_downloader[1].exe" = protocol=6 | dir=in | app=c:\users\meier\appdata\local\microsoft\windows\temporary internet files\content.ie5\jswwl4ne\sro_l4_full_client_downloader[1].exe | 
"TCP Query User{42810F83-7428-40EA-B22F-24B7CC3CDF37}C:\users\meier\appdata\local\microsoft\windows\temporary internet files\content.ie5\859bhvpv\sro_l4_full_client_downloader[1].exe" = protocol=6 | dir=in | app=c:\users\meier\appdata\local\microsoft\windows\temporary internet files\content.ie5\859bhvpv\sro_l4_full_client_downloader[1].exe | 
"TCP Query User{44EBF1ED-F5BE-4D99-B4BC-9FC6182063E1}D:\world of warcraft\wow-2.4.2.8278-to-2.4.3.8606-dede-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\wow-2.4.2.8278-to-2.4.3.8606-dede-downloader.exe | 
"TCP Query User{4C35E409-0B3E-4650-8428-4B735D329D1B}C:\program files\ea games\battlefield 1942 multiplayer demo\bf1942demo.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942 multiplayer demo\bf1942demo.exe | 
"TCP Query User{58CC30B0-BB12-4B8B-9910-32D3F54EB4D1}C:\program files\sony\vegas pro 9.0\vegsrv90.exe" = protocol=6 | dir=in | app=c:\program files\sony\vegas pro 9.0\vegsrv90.exe | 
"TCP Query User{59906CE3-63C8-4DF7-A3D8-937A68485C58}C:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{93C3DCAB-966A-4FCD-BAAD-70C558096B77}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
"TCP Query User{A7A233B2-E76A-4B79-95A9-12849995687A}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe | 
"TCP Query User{BD5A9191-41C0-49A9-9FCC-AFEB7B8BE3BB}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{C00A9C81-0D4D-4117-8693-916ED9FC4FD5}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{C924AFA0-1734-4919-9F31-DF8ACD1264B7}C:\users\meier\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\meier\appdata\local\google\chrome\application\chrome.exe | 
"TCP Query User{DFC5031B-77AC-4558-94F9-10BDEBC60AC9}C:\program files\ea games\medal of honor allied assault breakthrough demo\moh_breakthrough_demo.exe" = protocol=6 | dir=in | app=c:\program files\ea games\medal of honor allied assault breakthrough demo\moh_breakthrough_demo.exe | 
"TCP Query User{EB33644C-2FC3-462A-814A-81BBDEB302E7}D:\world of warcraft\wow-2.4.2-dede-downloader.exe" = protocol=6 | dir=in | app=d:\world of warcraft\wow-2.4.2-dede-downloader.exe | 
"UDP Query User{0048B08F-C1A6-47E5-AFCF-A5FEE296DD40}C:\world of warcraft\wow-2.4.2.8278-to-2.4.3.8606-dede-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-2.4.2.8278-to-2.4.3.8606-dede-downloader.exe | 
"UDP Query User{0C855DAA-387A-45EB-AE49-77E917F31042}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{184A6E8E-A3CB-4704-A6A5-2B1DCE8A2076}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
"UDP Query User{29335C32-2B56-4F79-8ABB-4F2A456DF032}D:\world of warcraft\wow-2.4.2.8278-to-2.4.3.8606-dede-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\wow-2.4.2.8278-to-2.4.3.8606-dede-downloader.exe | 
"UDP Query User{50DC03EB-8D4E-467C-805F-9B26F8CBA318}D:\world of warcraft\wow-2.4.2-dede-downloader.exe" = protocol=17 | dir=in | app=d:\world of warcraft\wow-2.4.2-dede-downloader.exe | 
"UDP Query User{561FDD07-8A92-4372-BE50-47BD48422A73}C:\users\meier\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\meier\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{566FD81A-9BE5-47D5-93C2-644BC3779374}C:\program files\ea games\battlefield 1942 multiplayer demo\bf1942demo.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942 multiplayer demo\bf1942demo.exe | 
"UDP Query User{672A4C9C-C6BE-4A91-84CE-1126B77BD8A3}C:\program files\sony\vegas pro 9.0\vegsrv90.exe" = protocol=17 | dir=in | app=c:\program files\sony\vegas pro 9.0\vegsrv90.exe | 
"UDP Query User{81913F3A-EA20-44F3-B971-9F5357C24CEA}C:\program files\ea games\medal of honor allied assault breakthrough demo\moh_breakthrough_demo.exe" = protocol=17 | dir=in | app=c:\program files\ea games\medal of honor allied assault breakthrough demo\moh_breakthrough_demo.exe | 
"UDP Query User{AC377032-9699-40BB-B89D-6EAD94A75A99}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe | 
"UDP Query User{BA131BCA-240B-46A4-8B3F-EB141434DBB3}C:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{C0E720D5-AA76-4A5B-8C36-02ACB61DAA93}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{CE894313-39F4-4FF6-8A19-F4EC1FE6F6F7}C:\users\meier\appdata\local\microsoft\windows\temporary internet files\content.ie5\jswwl4ne\sro_l4_full_client_downloader[1].exe" = protocol=17 | dir=in | app=c:\users\meier\appdata\local\microsoft\windows\temporary internet files\content.ie5\jswwl4ne\sro_l4_full_client_downloader[1].exe | 
"UDP Query User{EC9A0925-7B58-435B-A4F6-943E20612C4B}C:\users\meier\appdata\local\microsoft\windows\temporary internet files\content.ie5\859bhvpv\sro_l4_full_client_downloader[1].exe" = protocol=17 | dir=in | app=c:\users\meier\appdata\local\microsoft\windows\temporary internet files\content.ie5\859bhvpv\sro_l4_full_client_downloader[1].exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2085F05D-24C5-4E27-B7B4-A51DE890FFC9}" = Opera 10.00
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C8CDDCF-D09A-11DF-8BB6-0013D3D69929}" = Vegas Pro 10.0
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B566EFE-DC1D-471F-93DD-84832663F140}" = OVT Scanner X86
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BDBA9828-200B-43A0-AB4F-82DABEE64F94}_is1" = LPS 2009v 3.0 USB
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{ECCD28B2-8798-4D16-8126-625D728294A1}" = SPBA 5.8
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12345_is1" = WeGame Client Beta 2.1.9
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Acer Acer Bio Protection 6.0.00.17" = Acer Bio Protection

AAU 6.0.00.17
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AMCap" = AMCap
"AVG8Uninstall" = AVG 8.5
"avi2divx_is1" = avi2divx
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ElsterFormular  ***unknown variable buildnummer***" = ElsterFormular 
"GameSpy Arcade" = GameSpy Arcade
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"kikin Plugin (NO23 Edition)" = kikin Plugin (NO23 Edition) 1.11
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"OVT Scanner" = Uninstall OVT Scanner
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"qcdmwa" = Favorit
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"thehandiicap Toolbar" = thehandiicap Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XviD" = XviD MPEG-4 Codec
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2701837219-3951438826-2144693103-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---

Geändert von Robin1995 (21.12.2010 um 18:52 Uhr) Grund: W

Alt 21.12.2010, 19:05   #7
markusg
/// Malware-holic
 
Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie? - Standard

Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie?



• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
PRC - C:\Users\Meier\AppData\Local\Temp\Xtz.exe ()
PRC - C:\Users\Meier\AppData\Local\Temp\Xty.exe ()
PRC - C:\Windows\Xwovia.exe ()
PRC - C:\Windows\System32\svchospt.exe (FK2)
O4 - HKLM..\Run: [svchospt] C:\Windows\System32\svchospt.exe (FK2)
O4 - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000..\Run: [JP595IR86O] C:\Users\Meier\AppData\Local\Temp\Xty.exe ()
O4 - HKU\S-1-5-21-2701837219-3951438826-2144693103-1000..\Run: [NtWqIVLZEWZU] C:\Users\Meier\AppData\Local\Temp\Xtz.exe ()
[2010.12.21 07:25:27 | 000,585,728 | ---- | C] (Progressive Networks) -- C:\Windows\System32\update.exe
[2010.12.21 18:23:03 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.12.21 18:13:06 | 000,000,246 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.12.21 18:09:09 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010.12.20 12:25:54 | 000,199,680 | ---- | M] () -- C:\Windows\Xwovia.exe

:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort posten.


öffne mein computer, c: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
lade das archiv in unserem upload channel hoch.
http://www.trojaner-board.de/54791-a...ner-board.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.12.2010, 19:17   #8
Robin1995
 
Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie? - Ausrufezeichen

Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie?



Meldung: Programm funktioniert nicht mehr

und dass Programm schließte ...!

Ich probier es noch einmal.

Alt 21.12.2010, 19:31   #9
markusg
/// Malware-holic
 
Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie? - Standard

Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie?



ok gib bescheid obs geklappt hatt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.12.2010, 19:45   #10
Robin1995
 
Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie? - Standard

Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie?



Ok. Es hat funktioniert, aber es hat sich vor dem Neustart und nach dem Neustart nichts geöffnet.

Alt 21.12.2010, 19:54   #11
markusg
/// Malware-holic
 
Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie? - Standard

Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie?



ok dann lad mal bitte wie beschrieben den ordner moved files gepackt hoch, dann sehe ich obs geklappt hatt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.12.2010, 19:56   #12
Robin1995
 
Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie? - Standard

Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie?



Moved Files ? Also nach dem Fix und dem Neustart hat sich nichts geöffnet.

Alt 21.12.2010, 19:58   #13
markusg
/// Malware-holic
 
Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie? - Standard

Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie?



der ordner wird auf c erstellt, das steht aber schon alles in dem post in dem ich dir die anweisung für den fix geschrieben hab, bitte lesen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.12.2010, 20:07   #14
Robin1995
 
Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie? - Standard

Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie?



Soll ich den ganzen Ordner hochladen ? Also den kompletten Moved Files oder nur die verdächtigen Dateien,d.h. Xty und Xtz ?!

Alt 21.12.2010, 20:10   #15
markusg
/// Malware-holic
 
Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie? - Standard

Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie?



den ordner moved files packen und hochladen bitte. also den kompletten :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie?
.com, entfern, entfernt, explorer, frage, helft, inter, interne, internet, internet explorer, langsamer, laptop, minimiert, prozesse, prozessen, starte, task-manager, trojaner virus hilfe, virus, virus entfernt, warum



Ähnliche Themen: Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie?


  1. 337 Games Virus entfernt
    Log-Analyse und Auswertung - 19.09.2014 (7)
  2. HulaToo Virus entfernt?
    Log-Analyse und Auswertung - 12.05.2014 (9)
  3. QS06 Virus entfernt?
    Log-Analyse und Auswertung - 19.10.2013 (5)
  4. GVU-Virus vollständig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 20.07.2013 (18)
  5. Virus mit Combofix entfernt
    Plagegeister aller Art und deren Bekämpfung - 07.06.2013 (17)
  6. BKA Virus entfernt - OTL Logfile
    Log-Analyse und Auswertung - 05.03.2013 (15)
  7. Wurde der Virus endgültig entfernt?
    Log-Analyse und Auswertung - 18.02.2013 (3)
  8. Hab ich diesen Virus nun entfernt?
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (2)
  9. Ukash - BKA - Virus erfolgreich entfernt ?!
    Log-Analyse und Auswertung - 25.01.2012 (1)
  10. JS/ Redirector.B Virus entfernt?
    Log-Analyse und Auswertung - 18.01.2012 (2)
  11. Microsoft Recovery Virus - Virus entfernt, aber Daten bleiben "unsichtbar"
    Log-Analyse und Auswertung - 28.04.2011 (5)
  12. ICQ-Virus entfernt?
    Plagegeister aller Art und deren Bekämpfung - 17.06.2010 (21)
  13. ICQ Virus erfolgreich entfernt ?
    Plagegeister aller Art und deren Bekämpfung - 04.06.2010 (2)
  14. Virus vollständig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 15.03.2010 (1)
  15. Facebook-Virus wirklich entfernt?
    Log-Analyse und Auswertung - 04.01.2010 (1)
  16. Virus entfernt vollständig?
    Plagegeister aller Art und deren Bekämpfung - 21.10.2009 (6)
  17. Wie entfernt man W32.Chir.B Virus?
    Plagegeister aller Art und deren Bekämpfung - 26.05.2008 (1)

Zum Thema Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie? - Hallo Community. Meine Frage ist, wie man einen Xwovia.exe, Xtz.exe, Xty.exe Virus entfernt ? Ich habe mich die ganze Zeit gefragt, warum mein Laptop langsamer wurde & schaute im Task-Manager - Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie?...
Archiv
Du betrachtest: Virus: Xwovia.exe , Xtz.exe, Xty.exe ? Wie entfernt man sie? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.