Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.02.2011, 19:35   #1
Kerzor
 
Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab! - Standard

Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab!



Also hab heute Morgen den Laptop angeschaltet und wollte ein bisschen in facebook bis dann plötzlich eine Meldung kam von Antivira Av ... Jetzt ist mir das schonmal mit Antimalware Doctor geschehen wollte rkill downloaden jedock blockte dies Antivira Av ab hab auch versucht von nem anderem Rechner Rkill zu holn funktioniert aber i-wie nicht...Ich weiss jezt nicht weiter
Hab Vista .. falls das was ausmacht... Danke im Vorraus!!

Alt 10.02.2011, 20:00   #2
markusg
/// Malware-holic
 
Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab! - Standard

Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab!



von nem andern rechner otl laden.
dann starte in den abgesicherten modus ohne netzwerk, bei pc start mit f8 und führe dann otl aus, die logs mit dem stick auf deinen sauberen pc kopieren falls nötig.


1. nimm keinerlei reinigung selbstständig vor, sonst ist das nur störend.
2. reiche alle evtl vorhandenen scan logs mit funden nach
auch fundorte benennen.
3.
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten
__________________

__________________

Alt 10.02.2011, 20:08   #3
Kerzor
 
Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab! - Standard

Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab!



Ich hab jetzt grad keinen anderen Rechenr da :S Kann man des über E-mail schicken.. Kann zwar Otl speicher aber nach dem öffnen blockt AntiVira Av den Download ab ...
__________________

Alt 10.02.2011, 20:11   #4
markusg
/// Malware-holic
 
Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab! - Standard

Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab!



dann starte doch bitte mal im abgesichertem modus ohne netzwerk.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.02.2011, 20:31   #5
Kerzor
 
Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab! - Standard

Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab!



Ich bin jetzt nicht sicher da steht jetzt schon ne halbe ewigkeit "Manual File Scan - Getting folder structure" ... muss das so sein oder muss man den Report iwo aufrufen??O.o


Alt 10.02.2011, 20:34   #6
markusg
/// Malware-holic
 
Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab! - Standard

Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab!



scheint sich aufgehangen zu haben.
brichs mal ab.
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
bitte im abgesicherten modus starten.
__________________
--> Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab!

Alt 10.02.2011, 20:36   #7
Kerzor
 
Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab! - Standard

Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab!



Zitat:
Zitat von markusg Beitrag anzeigen
scheint sich aufgehangen zu haben.
brichs mal ab.
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
bitte im abgesicherten modus starten.
ne sry geht weiter =) bin halt n bissl ungeduldig und versteh halt net soviel davon

Alt 10.02.2011, 20:40   #8
markusg
/// Malware-holic
 
Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab! - Standard

Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab!



ok wenns weiter geht isses gut.
aber ich bin bald raus für heute, morgen früh gehts weiter wenn du magst.
so gegen 11 bin ich online.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 10.02.2011, 20:45   #9
Kerzor
 
Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab! - Standard

Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab!



Jetzt isses fertig =) is aber lang :S

OTL.Txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.02.2011 21:22:23 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Willi\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.52 Gb Total Space | 108.84 Gb Free Space | 37.99% Space Free | Partition Type: NTFS
Drive D: | 11.56 Gb Total Space | 1.39 Gb Free Space | 12.06% Space Free | Partition Type: NTFS
 
Computer Name: YAN-PC | User Name: Willi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Willi\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe (Kaspersky Lab)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Willi\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_dbc0250.dll ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()
SRV - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (vfsFPService) -- C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\stacsv.exe (IDT, Inc.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Program Files\Max_DE\tbMax_.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.88488.com
IE - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:18810
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ch/"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.67
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.3
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009.04.15 03:18:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.02 19:53:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.02.10 11:37:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.02.10 11:37:58 | 000,000,000 | ---D | M]
 
[2010.06.01 15:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willi\AppData\Roaming\mozilla\Extensions
[2010.06.01 15:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willi\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011.02.10 20:08:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willi\AppData\Roaming\mozilla\Firefox\Profiles\dk4dg9jv.default\extensions
[2010.05.27 21:18:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Willi\AppData\Roaming\mozilla\Firefox\Profiles\dk4dg9jv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.04 21:06:52 | 000,000,000 | ---D | M] (HypreCam Toolbar) -- C:\Users\Willi\AppData\Roaming\mozilla\Firefox\Profiles\dk4dg9jv.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2010.08.13 20:36:13 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Willi\AppData\Roaming\mozilla\Firefox\Profiles\dk4dg9jv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.10.02 19:05:58 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Willi\AppData\Roaming\mozilla\Firefox\Profiles\dk4dg9jv.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010.05.27 15:39:32 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\Willi\AppData\Roaming\mozilla\Firefox\Profiles\dk4dg9jv.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2011.02.10 14:06:50 | 000,000,000 | ---D | M] ("BitDefender QuickScan") -- C:\Users\Willi\AppData\Roaming\mozilla\Firefox\Profiles\dk4dg9jv.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.05.22 12:31:48 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Willi\AppData\Roaming\mozilla\Firefox\Profiles\dk4dg9jv.default\extensions\battlefieldheroespatcher@ea.com
[2010.12.17 20:01:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.10 16:19:08 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.03.02 19:53:40 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011.02.10 19:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\WILLI\PROGRAM FILES\DNA
[2010.09.24 18:55:21 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.24 18:55:21 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.24 18:55:22 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.24 18:55:22 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.24 18:55:22 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (PIPI Link Helper) - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\Users\Willi\AppData\Roaming\pipi\JfCheck.dll (PIPI Tech.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Max DE Toolbar) - {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Program Files\Max_DE\tbMax_.dll (Conduit Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HypreCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (HypreCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HypreCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Max DE Toolbar) - {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Program Files\Max_DE\tbMax_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001\..\Toolbar\WebBrowser: (HypreCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HypreCam Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001\..\Toolbar\WebBrowser: (Max DE Toolbar) - {53B7F561-E49D-4A38-BC38-0F2642CEE09C} - C:\Program Files\Max_DE\tbMax_.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe (Time Information Services Ltd.)
O4 - HKU\.DEFAULT..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001..\Run: [BitTorrent DNA] C:\Users\Willi\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001..\Run: [phoofdmn] C:\Users\Willi\AppData\Local\Temp\brduhduht\uumidttsika.exe ()
O4 - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSAP.exe (PPStream Inc)
O4 - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk = D:\PPS.tv\PPStream\PPStream.exe (PPStream Inc.)
O4 - Startup: C:\Users\Yan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: 使用快车3下载 - C:\Users\Willi\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Willi\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001\..Trusted Domains: pps.tv ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001\..Trusted Domains: ppstream.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001\..Trusted Domains: webscache.com ([]http in Trusted sites)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Users\Willi\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Willi\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
 
MsConfig - StartUpFolder: C:^Users^Willi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PPS.lnk - D:\PPS.tv\PPStream\PPStream.exe - (PPStream Inc.)
MsConfig - StartUpReg: Nokia.PCSync - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe (Time Information Services Ltd.)
MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
MsConfig - StartUpReg: Raptr - hkey= - key= - C:\Program Files\Raptr\raptrstub.exe ()
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - lhacm.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IV41 - IR41_32.AX (Intel Corporation)
Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.10 17:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\FunWebProducts
[2011.02.10 15:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.02.10 15:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.02.10 14:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WillikilltVirus
[2011.02.10 14:19:27 | 000,000,000 | ---D | C] -- C:\Program Files\WillikilltVirus
[2011.02.10 14:07:24 | 000,000,000 | ---D | C] -- C:\Users\Willi\AppData\Roaming\QuickScan
[2011.01.18 17:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011.01.12 18:57:50 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.12 18:57:43 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.10 21:18:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.10 21:13:42 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.10 21:13:41 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.10 20:22:06 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.10 20:22:06 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.10 20:19:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011.02.10 20:19:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011.02.10 19:48:37 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter-Willi-Startup.job
[2011.02.10 15:40:34 | 000,007,512 | ---- | M] () -- C:\Users\Willi\AppData\Local\d3d9caps.dat
[2011.02.10 15:14:20 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.02.10 12:22:57 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.02.09 19:11:12 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Willi.job
[2011.02.07 10:46:39 | 003,621,986 | ---- | M] () -- C:\Users\Willi\Documents\broswer_cam0001.avi
[2011.02.07 10:45:06 | 004,892,142 | ---- | M] () -- C:\Users\Willi\Documents\clip0006.avi
[2011.02.07 10:42:58 | 455,168,500 | ---- | M] () -- C:\Users\Willi\Documents\clip0005.avi
[2011.02.02 17:11:53 | 000,000,663 | ---- | M] () -- C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk
[2011.02.02 17:11:52 | 000,000,647 | ---- | M] () -- C:\Users\Public\Desktop\PPStream.lnk
[2011.01.26 17:58:11 | 000,022,841 | ---- | M] () -- C:\Users\Willi\Schule Referat.odt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.02.10 20:19:44 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011.02.10 20:19:44 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011.02.10 15:14:20 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.02.07 10:46:36 | 003,621,986 | ---- | C] () -- C:\Users\Willi\Documents\broswer_cam0001.avi
[2011.02.07 10:45:04 | 004,892,142 | ---- | C] () -- C:\Users\Willi\Documents\clip0006.avi
[2011.02.07 10:40:13 | 455,168,500 | ---- | C] () -- C:\Users\Willi\Documents\clip0005.avi
[2011.02.02 17:11:53 | 000,000,663 | ---- | C] () -- C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk
[2011.01.26 17:58:10 | 000,022,841 | ---- | C] () -- C:\Users\Willi\Schule Referat.odt
[2010.10.10 16:35:06 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.10 16:33:12 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.10.06 21:14:40 | 000,000,000 | ---- | C] () -- C:\Users\Willi\AppData\Local\FnF4.txt
[2010.09.17 11:44:41 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.09.14 20:38:16 | 000,000,090 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.08.04 18:28:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.08.02 20:46:03 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.08.02 20:45:51 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.06.16 13:19:44 | 000,017,408 | ---- | C] () -- C:\Users\Willi\AppData\Local\WebpageIcons.db
[2010.06.07 12:28:26 | 000,004,608 | ---- | C] () -- C:\Users\Willi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.06 09:54:56 | 000,007,512 | ---- | C] () -- C:\Users\Willi\AppData\Local\d3d9caps.dat
[2010.05.27 14:46:24 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010.05.21 19:41:35 | 000,000,000 | ---- | C] () -- C:\Users\Willi\AppData\Local\QSwitch.txt
[2010.05.21 19:41:35 | 000,000,000 | ---- | C] () -- C:\Users\Willi\AppData\Local\DSwitch.txt
[2010.05.21 19:41:34 | 000,000,000 | ---- | C] () -- C:\Users\Willi\AppData\Local\AtStart.txt
[2010.04.10 17:20:28 | 000,000,040 | ---- | C] () -- C:\Windows\System32\Sx5363.ini
[2010.04.09 19:56:41 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.05.03 11:39:07 | 000,001,182 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.05.01 20:39:34 | 000,061,765 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009.04.15 03:18:38 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009.04.15 03:18:29 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009.04.15 03:17:57 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009.04.15 03:17:24 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009.04.15 03:16:03 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009.04.15 02:34:02 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009.03.02 08:42:00 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009.03.02 08:37:22 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009.03.02 08:35:52 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009.03.02 08:34:48 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008.12.31 13:36:16 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.11.14 14:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll
[2007.03.29 22:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2010.06.02 14:46:03 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Nokia
[2010.06.02 14:46:03 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Nokia
[2010.09.29 20:44:30 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\AF1874942E103F58C3F4BB5EE7822ABC
[2011.02.10 01:52:04 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Azureus
[2010.05.28 20:39:12 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\BITS
[2010.05.21 19:41:25 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\DigitalPersona
[2011.02.10 21:13:08 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\DNA
[2010.08.13 20:48:53 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.05.27 14:44:09 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\FlashGet
[2010.05.27 14:44:23 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\FlashGetBHO
[2010.05.28 20:42:20 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\FlashgetSetup
[2010.06.22 16:56:16 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\GetRightToGo
[2010.10.05 21:08:37 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\gtk-2.0
[2011.02.10 19:47:15 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\LimeWire
[2010.09.29 16:08:39 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\MAGIX
[2010.05.28 20:44:13 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Maxthon2
[2010.05.28 20:43:29 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\MxBoost
[2010.06.01 15:38:38 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Nokia
[2010.05.25 16:26:01 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\OpenOffice.org
[2010.06.01 15:38:27 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\PC Suite
[2010.06.19 14:44:38 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\PhotoScape
[2011.02.06 21:47:40 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\PIPI
[2011.02.10 19:52:01 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\ppstream
[2010.05.27 13:59:32 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\QQMusicUpdate
[2011.02.10 14:07:30 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\QuickScan
[2011.01.03 08:43:37 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Raptr
[2010.10.29 19:13:28 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Red Kawa
[2011.02.10 15:19:59 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\TeamViewer
[2011.01.01 01:07:22 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Teeworlds
[2010.08.04 17:27:40 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\TENCENT
[2010.08.10 10:30:35 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\TS3Client
[2010.06.07 12:23:28 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\TubeBox
[2010.07.04 12:38:21 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\WildTangent
[2010.04.07 22:45:19 | 000,000,000 | ---D | M] -- C:\Users\Yan\AppData\Roaming\AF1874942E103F58C3F4BB5EE7822ABC
[2010.03.01 21:19:27 | 000,000,000 | ---D | M] -- C:\Users\Yan\AppData\Roaming\DeepBurner
[2009.05.01 20:39:42 | 000,000,000 | ---D | M] -- C:\Users\Yan\AppData\Roaming\DigitalPersona
[2010.05.21 18:20:00 | 000,000,000 | ---D | M] -- C:\Users\Yan\AppData\Roaming\DNA
[2010.04.26 23:02:58 | 000,000,000 | ---D | M] -- C:\Users\Yan\AppData\Roaming\LimeWire
[2009.05.25 16:17:21 | 000,000,000 | ---D | M] -- C:\Users\Yan\AppData\Roaming\OpenOffice.org
[2009.08.07 14:41:14 | 000,000,000 | ---D | M] -- C:\Users\Yan\AppData\Roaming\PPStream
[2010.04.18 13:32:31 | 000,000,000 | ---D | M] -- C:\Users\Yan\AppData\Roaming\QQMusicUpdate
[2010.04.09 20:05:42 | 000,000,000 | ---D | M] -- C:\Users\Yan\AppData\Roaming\tencent
[2010.02.20 14:48:06 | 000,000,000 | ---D | M] -- C:\Users\Yan\AppData\Roaming\TS3Client
[2009.11.18 13:28:11 | 000,000,000 | ---D | M] -- C:\Users\Yan\AppData\Roaming\Unity
[2009.05.01 22:19:44 | 000,000,000 | ---D | M] -- C:\Users\Yan\AppData\Roaming\WildTangent
[2011.02.10 21:13:41 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.02.10 19:48:37 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\SLOW-PCfighter-Willi-Startup.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.05.25 16:29:49 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Adobe
[2010.09.29 20:44:30 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\AF1874942E103F58C3F4BB5EE7822ABC
[2010.05.21 19:41:59 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\ATI
[2010.10.13 20:01:27 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Avira
[2011.02.10 01:52:04 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Azureus
[2010.05.28 20:39:12 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\BITS
[2010.07.17 13:25:40 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\CyberLink
[2010.05.21 19:41:25 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\DigitalPersona
[2010.10.24 14:59:50 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\DivX
[2011.02.10 21:13:08 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\DNA
[2010.08.13 20:48:53 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.05.27 14:44:09 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\FlashGet
[2010.05.27 14:44:23 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\FlashGetBHO
[2010.05.28 20:42:20 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\FlashgetSetup
[2010.06.22 16:56:16 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\GetRightToGo
[2010.10.05 21:08:37 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\gtk-2.0
[2010.05.30 16:31:08 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\HP
[2010.05.21 19:40:10 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Identities
[2010.06.22 16:56:56 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\InstallShield
[2011.02.10 19:47:15 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\LimeWire
[2010.05.21 19:45:37 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Macromedia
[2010.05.28 11:01:19 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Macrovision
[2010.09.29 16:08:39 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\MAGIX
[2010.09.29 20:44:26 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Malwarebytes
[2010.05.28 20:44:13 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Maxthon2
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Media Center Programs
[2011.01.05 20:38:40 | 000,000,000 | --SD | M] -- C:\Users\Willi\AppData\Roaming\Microsoft
[2010.05.21 19:44:57 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Mozilla
[2010.05.28 20:43:29 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\MxBoost
[2010.06.01 15:38:38 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Nokia
[2010.05.25 16:26:01 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\OpenOffice.org
[2010.06.01 15:38:27 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\PC Suite
[2010.06.19 14:44:38 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\PhotoScape
[2011.02.06 21:47:40 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\PIPI
[2011.02.10 19:52:01 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\ppstream
[2010.05.27 13:59:32 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\QQMusicUpdate
[2011.02.10 14:07:30 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\QuickScan
[2011.01.03 08:43:37 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Raptr
[2010.08.13 20:30:23 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Real
[2010.10.29 19:13:28 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Red Kawa
[2011.02.10 01:52:08 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Skype
[2011.02.10 00:09:46 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\skypePM
[2010.08.20 19:49:58 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\teamspeak2
[2011.02.10 15:19:59 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\TeamViewer
[2011.01.01 01:07:22 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Teeworlds
[2010.08.04 17:27:40 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\TENCENT
[2010.08.10 10:30:35 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\TS3Client
[2010.06.07 12:23:28 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\TubeBox
[2010.07.04 12:38:21 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\WildTangent
[2010.08.02 16:54:00 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.10.02 19:12:20 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Willi\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2010.05.27 14:43:59 | 006,891,088 | ---- | M] (Trend Media Corporation Limited.) -- C:\Users\Willi\AppData\Roaming\FlashgetSetup\fgcn_386.exe
[2010.05.28 20:42:19 | 003,688,936 | ---- | M] () -- C:\Users\Willi\AppData\Roaming\FlashgetSetup\fgcn_7.exe
[2009.12.07 11:25:50 | 000,248,880 | ---- | M] (Flashget) -- C:\Users\Willi\AppData\Roaming\FlashgetSetup\fgmini.exe
[2010.06.01 15:45:10 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Users\Willi\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.exe
[2010.06.01 15:45:12 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Users\Willi\AppData\Roaming\LimeWire\browser\xulrunner\updater.exe
[2010.06.01 15:45:12 | 000,014,848 | ---- | M] () -- C:\Users\Willi\AppData\Roaming\LimeWire\browser\xulrunner\xpcshell.exe
[2010.06.01 15:45:12 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Users\Willi\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe
[2010.06.01 15:45:12 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Users\Willi\AppData\Roaming\LimeWire\browser\xulrunner\xpidl.exe
[2010.06.01 15:45:12 | 000,018,432 | ---- | M] () -- C:\Users\Willi\AppData\Roaming\LimeWire\browser\xulrunner\xpt_dump.exe
[2010.06.01 15:45:12 | 000,014,336 | ---- | M] () -- C:\Users\Willi\AppData\Roaming\LimeWire\browser\xulrunner\xpt_link.exe
[2010.06.01 15:45:13 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Users\Willi\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner-stub.exe
[2010.06.01 15:45:13 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Users\Willi\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner.exe
[2010.11.16 21:08:29 | 002,790,864 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Willi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2011.01.05 20:38:41 | 000,010,134 | R--- | M] () -- C:\Users\Willi\AppData\Roaming\Microsoft\Installer\{8DB77BE4-629D-458D-BD68-9F36667C2177}\_24B64F3053825A354B6578.exe
[2011.01.05 20:38:40 | 000,034,494 | R--- | M] () -- C:\Users\Willi\AppData\Roaming\Microsoft\Installer\{8DB77BE4-629D-458D-BD68-9F36667C2177}\_6FEFF9B68218417F98F549.exe
[2011.01.05 20:38:41 | 000,355,574 | R--- | M] () -- C:\Users\Willi\AppData\Roaming\Microsoft\Installer\{8DB77BE4-629D-458D-BD68-9F36667C2177}\_DBA3336452AE85F9B24284.exe
[2011.01.05 20:38:40 | 000,355,574 | R--- | M] () -- C:\Users\Willi\AppData\Roaming\Microsoft\Installer\{8DB77BE4-629D-458D-BD68-9F36667C2177}\_EAF2230D5EB27BCA31D960.exe
[2011.01.05 20:38:40 | 000,080,992 | R--- | M] () -- C:\Users\Willi\AppData\Roaming\Microsoft\Installer\{8DB77BE4-629D-458D-BD68-9F36667C2177}\_FEA01DB6B3866EEFEB53DF.exe
[2010.05.22 12:31:48 | 001,291,640 | ---- | M] (EA Digital Illusions CE AB) -- C:\Users\Willi\AppData\Roaming\Mozilla\Firefox\Profiles\dk4dg9jv.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
[2010.12.30 00:08:39 | 024,220,760 | ---- | M] () -- C:\Users\Willi\AppData\Roaming\Raptr\raptr-1.4.3-r46107-release.exe
[2010.08.10 09:23:49 | 021,266,792 | ---- | M] (Tencent Inc.) -- C:\Users\Willi\AppData\Roaming\TENCENT\QQPinyin\update\QQPinyin_Setup_33_881.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.09.18 09:49:52 | 000,061,440 | ---- | M] (TENCENT) -- C:\ChatRoom.exe
[2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.03.02 15:46:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2009.03.02 15:46:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2009.03.02 15:46:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2009.03.02 15:46:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.10 13:39:59 | 000,718,420 | ---- | M] () MD5=0CA80BD5EACFCD37BB90DE9F3F70217E -- C:\Users\Willi\Downloads\eXplorer.exe
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.07.17 09:25:08 | 000,004,608 | ---- | M] () MD5=4E791EAE743CFEF6DE9166514FBC760C -- C:\Users\Yan\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v44BF727C\Native\STUBEXE\@WINDIR@\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2010.11.12 15:15:50 | 000,254,976 | ---- | M] () MD5=976A1B76A7D2A6CB184D63CB0500E8DC -- C:\Users\Willi\AppData\Local\Temp\RarSFX1\procs\explorer.exe
[2010.11.12 15:15:50 | 000,254,976 | ---- | M] () MD5=976A1B76A7D2A6CB184D63CB0500E8DC -- C:\Users\Willi\AppData\Local\Temp\RarSFX2\procs\explorer.exe
[2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Willi\AppData\Local\Temp\RarSFX1\h\explorer.exe
[2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Willi\AppData\Local\Temp\RarSFX2\h\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2011.02.10 14:44:14 | 000,031,232 | ---- | M] () MD5=9CC544B7333C1F741765CE8AFC8B8F27 -- C:\Users\Willi\AppData\Local\Temp\RarSFX1\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2011.02.10 14:43:58 | 000,718,536 | ---- | M] () MD5=C8A0EDFB244B579E61613FB529823E35 -- C:\Users\Willi\Downloads\WiNlOgOn.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Files - Unicode (All) ==========
[2010.07.12 20:31:27 | 000,016,199 | ---- | M] ()(C:\Users\Willi\Documents\Arbeitbest?tigung Abdullah Said.odt) -- C:\Users\Willi\Documents\Arbeitbestätigung Abdullah Said.odt
[2010.07.12 20:31:26 | 000,016,199 | ---- | C] ()(C:\Users\Willi\Documents\Arbeitbest?tigung Abdullah Said.odt) -- C:\Users\Willi\Documents\Arbeitbestätigung Abdullah Said.odt
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ìú??èí?t) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ÌÚѶÈí¼þ

< End of report >
         
--- --- ---

Extra.Txt :OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10.02.2011 21:22:23 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Willi\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.52 Gb Total Space | 108.84 Gb Free Space | 37.99% Space Free | Partition Type: NTFS
Drive D: | 11.56 Gb Total Space | 1.39 Gb Free Space | 12.06% Space Free | Partition Type: NTFS
 
Computer Name: YAN-PC | User Name: Willi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-1187208032-1780851946-1698382015-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSí???μ?êó
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS í????ó?ù?÷
"C:\Program Files\Gameforge4D\AirRivals_DE\Launcher.atm" = C:\Program Files\Gameforge4D\AirRivals_DE\Launcher.atm:Enabled:GameExe2 -- ()
"C:\Program Files\Gameforge4D\AirRivals_DE\Res-Voip\SCVoIP.exe" = C:\Program Files\Gameforge4D\AirRivals_DE\Res-Voip\SCVoIP.exe:Enabled:GameVoIP -- (Masang Soft)
"C:\pipi\fgcn_386.exe" = C:\pipi\fgcn_386.exe:*:Enabled:fg_ol_silent
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3
"C:\Users\Willi\AppData\Roaming\FlashgetSetup\fgmini.exe" = C:\Users\Willi\AppData\Roaming\FlashgetSetup\fgmini.exe:*:Enabled:fg_ol_silent -- (Flashget)
"C:\Program Files\Mozilla Firefox\Launcher.atm" = C:\Program Files\Mozilla Firefox\Launcher.atm:Enabled:GameExe2
"C:\Program Files\Mozilla Firefox\Res-Voip\SCVoIP.exe" = C:\Program Files\Mozilla Firefox\Res-Voip\SCVoIP.exe:Enabled:GameVoIP
"C:\Program Files\Subagames\ACE Online\Launcher.atm" = C:\Program Files\Subagames\ACE Online\Launcher.atm:Enabled:GameExe2 -- ()
"C:\Program Files\Subagames\ACE Online\Res-Voip\SCVoIP.exe" = C:\Program Files\Subagames\ACE Online\Res-Voip\SCVoIP.exe:Enabled:GameVoIP -- (Masang Soft)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4010906A-C7B0-40F0-B650-2C60FDC12D9C}" = lport=49174 | protocol=6 | dir=in | name=akamai netsession interface | 
"{78F0D4FB-BDE0-438B-B17B-7C98457B405B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{D58C447B-BF46-4E81-8AB8-8386A661C6F9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E63AD0E4-D97D-4C54-802F-F7651BC2C4BD}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{067A6828-4990-4CD2-82E5-E0EE309C32DC}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{0846820C-A1D7-459B-ABEC-F91FE39ED876}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqimedownload.exe | 
"{08C4FFD2-D5FC-4E15-A064-AC87B67BAF6A}" = protocol=17 | dir=in | app=c:\program files\tencent\qq\bin\qq.exe | 
"{0A2E469C-3352-45D3-98A1-8EC806EBF639}" = protocol=6 | dir=in | app=c:\pipi\jfcachemgr.exe | 
"{0AE5C8FC-41DF-4487-B78F-F480C33A69F0}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqimeregdict.exe | 
"{0C32CFC5-4E91-42DA-8B7B-6EF8275C1703}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpymblog.exe | 
"{0CED10B6-8DF7-42F1-8B17-121F10952159}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpyliveup.exe | 
"{0E115D19-57FB-4A8A-BEE3-3CDC33B0C879}" = protocol=17 | dir=in | app=c:\pipi\pipiplayer.exe | 
"{0E75D50E-A25C-47AA-B6C4-5911620EC5DE}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqimeregskin.exe | 
"{130DE049-6F66-42B7-A609-9A205FAC2E5D}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{14CA785D-54A3-4CB2-8D78-E36EC3BAAF42}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqimedownload.exe | 
"{1706CE0B-08F1-4517-938F-A1935B8DCFED}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe | 
"{176E0737-9102-43F3-8499-DDEA3C78CC09}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpydict.exe | 
"{17C6DE2E-3F51-44F9-B365-1458F39B7C64}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpymblog.exe | 
"{19F712F3-2180-4331-9D92-7926298D895D}" = protocol=6 | dir=in | app=c:\pipi\kmliveupdate.exe | 
"{1AE4F63E-8FBB-4E1A-886B-1D9D5D8091C2}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpydict.exe | 
"{1FB402B4-75F9-4F13-8545-ABFC74871D91}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{21B5FBA1-A91C-4F1F-99A0-1DF897E5DAFE}" = protocol=6 | dir=in | app=d:\pps.tv\ppstream\ppstream.exe | 
"{23D774DF-1BC2-481D-97CB-786B5B13F20A}" = protocol=17 | dir=in | app=c:\pipi\httpdownload.exe | 
"{25E5F533-E183-4A8D-970E-59932E4FAB20}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe | 
"{2854670C-FEB6-4D4C-9E43-C1C76D7A3EAB}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpyliveup.exe | 
"{297D8362-D14F-4D97-9AEF-AFC151F58302}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2D81B1B5-C1B5-4193-8F86-3E070DEEEA4B}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqimedownload.exe | 
"{2DEF891C-537D-4357-98D1-3F1CA7A11C56}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpyliveup.exe | 
"{30F71AFB-B6AD-4A82-A5BF-9E1253419FEA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{31F53DE6-D994-4E81-9D49-736B43F18719}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{321337A2-159F-4DD8-B7F9-4E9E0EE2820C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{3271E994-BFC3-4F74-AE64-B31D9ECC4E36}" = protocol=17 | dir=in | app=c:\pipi\kmliveupdate.exe | 
"{32BA6FB3-258F-420F-80F8-9DE41D87853D}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpylevel.exe | 
"{35DA6EC5-D6A5-41EC-A290-88666F885AE9}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battleforge\bootstrapper.exe | 
"{35F4FD65-69A7-402C-88C1-0AB85805F10E}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqimeregdict.exe | 
"{3746152F-B0EC-4CD5-92F3-556D872A6DC5}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpyconfig.exe | 
"{399820AF-AFA7-477D-8809-0595E8612D58}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpylevel.exe | 
"{3A92FE48-CA2C-404D-859A-024A3B6B3B60}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqimeregskin.exe | 
"{41C485C1-F681-4968-B13C-BB53857CBAEE}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqimeregskin.exe | 
"{48A6123A-8506-4D6D-8C76-6C25BD076299}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qpservice.exe | 
"{4E48CD01-78DB-461B-B6C4-8AF915AA22D0}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpylevel.exe | 
"{537FCD7E-FBF4-4877-8948-0D744521A925}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpylevel.exe | 
"{555B4CF3-4F7D-449D-856B-D8C6B052C14B}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpyconfig.exe | 
"{591E3CFA-31C8-462B-94FA-FAB96FF734C2}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{5C44FB6C-5CA9-467C-B936-FB5FBB5A1D87}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
"{5C6F395F-B0D7-43C8-82A4-DCE143588715}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe | 
"{5E1F126F-13CA-4CD3-B311-6BCAC0C70186}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqimeregskin.exe | 
"{6069836B-F64A-4DA5-A5B0-C7E2BB7C8820}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpydict.exe | 
"{62A54108-3DC2-4676-A621-A36E661C9F71}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe | 
"{635D55E2-2C88-49FB-9BD8-07754661FBF7}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpyliveup.exe | 
"{63FDDE66-781B-4F6D-B51B-2974992E2020}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpyconfig.exe | 
"{64C52ED2-6B7D-4B71-9F47-5A804C1F27B3}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qp.exe | 
"{65212CC9-37EC-4C7E-9BA8-1BC7E4596F79}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpymblog.exe | 
"{654CA827-34FD-4CA5-A326-14261D613EE6}" = protocol=17 | dir=in | app=d:\pps.tv\ppstream\ppsap.exe | 
"{69488D7B-926C-4D48-AE69-3E3848684960}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{69D28469-7E6A-4D59-8AD5-95FE345E7A1D}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpyconfig.exe | 
"{6B4D0264-4DC9-4646-BFAE-A83FF48947AC}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
"{7110F07D-490D-4FAE-9594-C823344BDF77}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpymblog.exe | 
"{742F5185-0AE9-4635-A2A1-9068ABF78C26}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe | 
"{75600B97-8EC0-4532-808E-977817F2DA09}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpyliveup.exe | 
"{7EF9C0DD-91BB-4938-ACDF-4AFB79AD24D2}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqimeregskin.exe | 
"{7FC61D57-5A3B-4B2C-BF32-C30846564E18}" = protocol=6 | dir=in | app=c:\pipi\pipiplayer.exe | 
"{8143C05A-E665-48D0-9DC9-9D6ECCA4BE58}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqimedownload.exe | 
"{81C1A731-9D20-48E3-AA4B-238CD671B682}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpydict.exe | 
"{83E26F6C-DFB7-4D97-806E-BEA7B6BD444E}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqimeregskin.exe | 
"{849875C5-DFBD-43BB-B028-FAC0D0F6FC5D}" = protocol=6 | dir=in | app=c:\program files\tencent\qq\bin\qq.exe | 
"{85ACBEB5-9989-4FAF-A82F-40B03249FDE8}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
"{85CDCD2E-8FA4-46B3-887F-5D681FF6EB17}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{8B97577F-5443-4CC4-AD5E-375387A04108}" = protocol=6 | dir=in | app=d:\pps.tv\ppsgame\ppsgame.exe | 
"{8C2404D2-BF86-40DD-ACE1-801C872DB3D3}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqimedownload.exe | 
"{8CBB4D86-F952-4634-B1B0-ADFC216B52D0}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{8D86FB7D-57E5-49B9-9422-EBBFC157D338}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe | 
"{93AD6CC9-EE0E-4B6B-A227-C34DE528BF2B}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpylevel.exe | 
"{94C08DFC-7336-4FC6-8463-B9BAC75F2625}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{98D2B047-D01C-4B86-BBA0-8140EF41AC83}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe | 
"{98EE3C97-2AE5-49CD-9A3E-058CB66DFBBC}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe | 
"{99B472E5-2406-4628-AC6F-D3A8D8A018C8}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqimeregdict.exe | 
"{A10C6760-5751-418B-A20D-7F073BA4EEFC}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpyliveup.exe | 
"{A1195B5F-78C7-43A0-9EA5-FAB5F085D5BD}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpydict.exe | 
"{A290DCEC-8E82-4265-B2B8-69DD3F28E30C}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{A326EB08-19BE-45F8-BA79-88016A3BC4B2}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpymblog.exe | 
"{A53DA7ED-966B-4497-844F-EBC6D8BB455D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{A55467A4-F9EB-4914-98B3-29D59B92AB1E}" = protocol=17 | dir=in | app=d:\pps.tv\ppsgame\ppsgame.exe | 
"{A9203AA8-A190-4084-B755-5A38F66A7923}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqimeregdict.exe | 
"{B49D6D5D-3BF5-4363-A032-3C081BAE58AC}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{B62591DF-7958-4558-9DD5-7C2946562FBC}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe | 
"{B6886D9E-A4DA-4EF8-9EF0-FD15D435C5F7}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqimedownload.exe | 
"{BB4732FB-4542-422B-980C-B3772038AF07}" = protocol=17 | dir=in | app=c:\pipi\jfcachemgr.exe | 
"{BB535861-A899-4074-80ED-8E514C9C182C}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
"{BBF861EE-94EF-465B-BDF3-7A27980C2DD2}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battleforge\battleforge.exe | 
"{BDA07AD8-2EF4-4E9F-8BDE-5DD32742C6C4}" = protocol=6 | dir=in | app=d:\pps.tv\ppstream\ppsap.exe | 
"{BEA3411B-B211-459F-B5A8-EB1F48DD2D48}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{C46A7B3E-0812-4240-A9FF-1F9E2B0A8E3C}" = protocol=6 | dir=in | app=c:\pipi\httpdownload.exe | 
"{C95D13AF-E9A7-407B-88A8-52C27EFB1D8E}" = protocol=17 | dir=in | app=d:\pps.tv\ppstream\ppstream.exe | 
"{CE1E4EAC-A65A-4C79-9491-AFFF7B759496}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{CF4B775D-2E64-4B1B-BE52-18BA0138476C}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpyconfig.exe | 
"{D336D615-A789-4BB7-AB8C-16B3FC1842AD}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battleforge\bootstrapper.exe | 
"{D63789C7-85D5-45D6-B03B-0CB2438C3978}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqimeregdict.exe | 
"{D6B9B042-57B9-410B-B7D9-491A0778FDAB}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpyconfig.exe | 
"{D9EE0C54-5AF9-4EF3-ABDB-F980139CD9DF}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{DAEF6050-F5E8-47DB-805B-5F2622FF0570}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpylevel.exe | 
"{DBC6E58D-57AB-489D-BF30-FC4F5C0E928B}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{E02C1EAD-5EB5-4B9C-8587-62DA8B4009B6}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpymblog.exe | 
"{E20833CA-553C-4B6D-BFAE-B74AE2EFEAD6}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{E37FD278-16D6-460B-984A-3CB814784673}" = protocol=6 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqimeregdict.exe | 
"{E9D2C4F3-A01F-4AEE-84BC-7BE5A63C6B9F}" = protocol=17 | dir=in | app=c:\program files\tencent\qqpinyin\3.3.881.400\qqpydict.exe | 
"{F296A68E-0F37-4903-B4DB-9FAAD1994244}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | 
"{F55D41B6-F942-40A2-AB54-AE6FF674B57D}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battleforge\battleforge.exe | 
"TCP Query User{1019057C-4B25-402D-9C35-38BE4B4E924C}C:\program files\valve\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\valve\counter-strike source\hl2.exe | 
"TCP Query User{1EF0162D-7868-4AAA-9E16-9F49D803FD8E}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{312DC4E5-0AF8-4899-9C6F-B01393E207FC}C:\users\yan\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\yan\program files\dna\btdna.exe | 
"TCP Query User{31F21D02-C06C-475E-A958-3B4D964E8901}C:\program files\tencent\qqmusic\qqmusic.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qqmusic\qqmusic.exe | 
"TCP Query User{3A52A0B9-ABED-4C93-BE0B-C5CFAA039EB2}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{3BC61276-16E4-498B-B920-DA4DB93F5E86}C:\program files\alaplaya\s4league\s4client.exe" = protocol=6 | dir=in | app=c:\program files\alaplaya\s4league\s4client.exe | 
"TCP Query User{475BA1BC-D6A9-48E8-AFA3-463A0BD91982}C:\users\yan\appdata\local\temp\khvcol.exe" = protocol=6 | dir=in | app=c:\users\yan\appdata\local\temp\khvcol.exe | 
"TCP Query User{6D9674FE-0299-47CD-82DD-560BEC3A3C78}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | 
"TCP Query User{7A47AE37-6E70-42FC-A34D-AAD490D191A9}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{861E5484-48F6-4E9D-8516-D45EB808EFBE}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe | 
"TCP Query User{B60DF4D2-2E4E-4AE2-9EA0-3BA5DC325694}C:\users\willi\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\willi\program files\dna\btdna.exe | 
"TCP Query User{B9DC1E4F-752D-4DBF-BB40-9868E8B70EAF}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{BA9A9BF9-3959-4F16-BE3D-BFD14A996758}C:\users\yan\appdata\local\temp\qqmusicinstall.exe" = protocol=6 | dir=in | app=c:\users\yan\appdata\local\temp\qqmusicinstall.exe | 
"TCP Query User{C1568648-4FDA-41FD-AB96-26E803B44FF6}C:\users\yan\appdata\local\temp\nrktcvy.exe" = protocol=6 | dir=in | app=c:\users\yan\appdata\local\temp\nrktcvy.exe | 
"TCP Query User{C3CCF0BF-0840-4A64-A516-451C90472071}C:\pipi\fgcn_386.exe" = protocol=6 | dir=in | app=c:\pipi\fgcn_386.exe | 
"TCP Query User{C8F96BFC-6B5C-4418-8304-BADDCA215224}C:\program files\ppstream\ppstream.exe" = protocol=6 | dir=in | app=c:\program files\ppstream\ppstream.exe | 
"TCP Query User{CF007199-E93F-4D18-9F5A-B24B201CC028}C:\program files\badu\dance\chathall.exe" = protocol=6 | dir=in | app=c:\program files\badu\dance\chathall.exe | 
"TCP Query User{CF22CF7B-BB82-4296-AB36-84C6451E15C5}C:\users\willi\appdata\roaming\flashgetsetup\fgmini.exe" = protocol=6 | dir=in | app=c:\users\willi\appdata\roaming\flashgetsetup\fgmini.exe | 
"TCP Query User{D492F533-70B1-4734-ACA0-69DD79A0A609}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\german\setup.exe | 
"TCP Query User{D98DE891-AE64-49DE-BEF0-BDE29A280B41}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{DDE6F5D4-9F67-44A2-8765-258B927FCB4D}C:\program files\tencent\qq\bin\auclt.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qq\bin\auclt.exe | 
"TCP Query User{E2BA54E5-A8A2-4243-B976-F2D629BA2216}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{FC9A3229-A8DB-47D1-82DF-BCD7FCFE66B0}C:\program files\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files\flashget network\flashget 3\flashget3.exe | 
"UDP Query User{0D80BAEF-0D90-46CD-92AF-4B6BCDF2C548}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe | 
"UDP Query User{1BD367F0-1344-4C3F-B974-0F126BDB6D58}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{32D5E803-64BA-4C82-9B3D-5274C395E43E}C:\program files\tencent\qqmusic\qqmusic.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qqmusic\qqmusic.exe | 
"UDP Query User{43851A13-3C16-4AB1-88FE-C6F8860E6128}C:\users\yan\appdata\local\temp\khvcol.exe" = protocol=17 | dir=in | app=c:\users\yan\appdata\local\temp\khvcol.exe | 
"UDP Query User{45650023-21E0-4B93-B1DF-AA7CB5E3E389}C:\program files\valve\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\valve\counter-strike source\hl2.exe | 
"UDP Query User{46D3B4B3-97A2-4183-A938-23AB418C0C21}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\german\setup.exe | 
"UDP Query User{5781BC58-B4B9-43D2-9E20-45177EC96E3E}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"UDP Query User{5A7472F9-C320-4C0B-968B-BF6409EFF57D}C:\users\yan\appdata\local\temp\qqmusicinstall.exe" = protocol=17 | dir=in | app=c:\users\yan\appdata\local\temp\qqmusicinstall.exe | 
"UDP Query User{85ED7B79-769F-4BB2-AFA6-E78C7663DFE6}C:\users\yan\appdata\local\temp\nrktcvy.exe" = protocol=17 | dir=in | app=c:\users\yan\appdata\local\temp\nrktcvy.exe | 
"UDP Query User{8F97936C-F395-483F-AE55-8C95F3E6E87C}C:\program files\tencent\qq\bin\auclt.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qq\bin\auclt.exe | 
"UDP Query User{97E77490-96D6-4DA1-9FA6-7556CF914D42}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{A1D23443-CE66-4DB4-9770-444008D05DB5}C:\pipi\fgcn_386.exe" = protocol=17 | dir=in | app=c:\pipi\fgcn_386.exe | 
"UDP Query User{A6B5CB05-DF16-4E3B-9452-75FCAEB9D684}C:\program files\badu\dance\chathall.exe" = protocol=17 | dir=in | app=c:\program files\badu\dance\chathall.exe | 
"UDP Query User{AA22B0CE-285F-47D6-84FC-AC393B38202D}C:\program files\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files\flashget network\flashget 3\flashget3.exe | 
"UDP Query User{B4760975-3C7B-4A2F-931B-7A9F09BEBAED}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{B4ECC2BA-D9C1-4FA5-A5EE-B3C000F8952B}C:\users\willi\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\willi\program files\dna\btdna.exe | 
"UDP Query User{BA0ECFF5-E76A-45A8-8C83-6BF2552A7560}C:\program files\ppstream\ppstream.exe" = protocol=17 | dir=in | app=c:\program files\ppstream\ppstream.exe | 
"UDP Query User{C1CEAD57-1981-4AB5-A6D1-C8290C9B8C53}C:\program files\alaplaya\s4league\s4client.exe" = protocol=17 | dir=in | app=c:\program files\alaplaya\s4league\s4client.exe | 
"UDP Query User{DEDF92A3-493D-4709-81E5-C536F3FFF1DF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{EB17FF0F-94A2-4052-A712-401E19C34DF3}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | 
"UDP Query User{EDFD9257-2454-471A-8DE2-0BC4E9A6CCBD}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{F3FB68BC-FC17-4625-83D4-1BB48ED5EE03}C:\users\willi\appdata\roaming\flashgetsetup\fgmini.exe" = protocol=17 | dir=in | app=c:\users\willi\appdata\roaming\flashgetsetup\fgmini.exe | 
"UDP Query User{F66F1F7D-3378-4DB7-A3C7-79176AD61546}C:\users\yan\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\yan\program files\dna\btdna.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}" = 腾讯QQ2010
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0C7F8FBE-435C-34D2-6813-2A632AAC0C92}" = Catalyst Control Center Localization Greek
"{0E1F58B6-39BF-23FC-B4E5-3A2B4A0FADEB}" = CCC Help Turkish
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{0EEF3E07-3971-5080-2A3F-910691DA1135}" = Catalyst Control Center Graphics Previews Vista
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{114C14EE-652A-5EF6-59B8-3E5B33D6A4DF}" = Catalyst Control Center Graphics Full New
"{116C3B09-ADE0-1B8B-2F9F-C8B09A89F9AA}" = CCC Help Thai
"{12C11B2C-00F3-AF06-94D4-1AAF70616507}" = Catalyst Control Center Graphics Light
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1EC09CDB-0674-B3D6-FCB1-7B3CE2BFF3E8}" = Catalyst Control Center Localization Danish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20AB57C7-FED7-4394-8166-A409DEA20253}" = TubeBox!
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{255C206B-4776-1D14-9EDD-2F9458847739}" = ccc-core-static
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2979CB15-D6DF-4AA1-ADE0-9B83786C2357}" = SLOW-PCfighter
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34CFF761-7AD1-7C1A-4513-79B3E2F54290}" = CCC Help Greek
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{36E90C09-EB23-4EAC-8B47-12C0CA5DBD3A}" = HP User Guides 0126
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A6F3C3C-A83C-34D5-F80A-4FDA2FBBFE2F}" = Catalyst Control Center Localization Chinese Standard
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3DFA31F1-4747-60E4-6CA9-0060CFB99E30}" = CCC Help Spanish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{4198AAE5-A938-B0A0-9AD2-95C2F23ED677}" = Catalyst Control Center Localization Italian
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{46345EA6-1608-2E99-B47F-D83725A5C4D9}" = CCC Help Hungarian
"{46ACB9C1-6109-088B-931F-B7A5CE735504}" = CCC Help Italian
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{51B8CA01-3E68-9993-E6F3-7F8982A0F600}" = CCC Help Finnish
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5AFEABF5-7411-4C29-9FA9-71ABE880662D}" = Nokia PC Suite
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{650A275F-75B8-B71E-4C9D-04E952A63E5F}" = Catalyst Control Center Graphics Previews Common
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6756A967-2904-DE46-3265-4BB80B934904}" = Catalyst Control Center Localization Chinese Traditional
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{735DAC68-3FF4-2895-83A2-DBF135AB9F44}" = CCC Help German
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8DAD42E6-BBE7-C12B-C78D-8AC8C87F4055}" = Catalyst Control Center Localization German
"{8DB77BE4-629D-458D-BD68-9F36667C2177}" = TubeBox!
"{90EF242A-A2ED-FBBD-2F1F-A159DB0DDAC3}" = CCC Help Chinese Traditional
"{9198CC8F-8B08-6F7B-BF7D-A6594526B5DF}" = Catalyst Control Center Localization Hungarian
"{93DD8BC9-ADD5-D20B-22B5-1526E45CB6C8}" = CCC Help French
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{99AF6670-F557-F4D3-3069-AE62DA675A70}" = Catalyst Control Center Localization French
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B88930B-A7E7-03E5-1313-BED90FCCF72C}" = CCC Help Swedish
"{9DCD625E-B0C1-47EA-B905-6108279623F8}" = DigitalPersona Personal 4.0
"{9F19486B-B187-5A51-189F-FCCEBBB70E2E}" = Catalyst Control Center Localization Dutch
"{A019B329-BFA8-3F59-6F80-6A3714104CE9}" = CCC Help English
"{A107F928-EED3-28FC-857F-ED33FEDBA02A}" = Catalyst Control Center Localization Korean
"{A15B2786-6F7E-0B96-A222-141202F9CECC}" = CCC Help Japanese
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5D5CC36-6A42-6FB6-882F-90C6262C8DCA}" = CCC Help Korean
"{A7AC8E69-01FF-494E-9A2C-423B82CEA604}" = HP MediaSmart SmartMenu
"{A84EF2EA-FA7E-495C-9581-933496C9B9E9}}_is1" = ACE Online EP3-3 2.3.0.9 Full
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9359BA2-B496-8E14-EDA9-923DBE8913CB}" = Catalyst Control Center Localization Thai
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min
"{B3D11644-94AB-17E7-D9CF-52EF943D9F52}" = Catalyst Control Center Localization Spanish
"{B46AC30C-22D2-4610-B041-1DA7BB29EB57}" = HP Photosmart All-In-One Software 9.0
"{B4B199E3-4D33-4F08-688A-9BCE5920AAF6}" = Catalyst Control Center Localization Japanese
"{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext
"{BAFFEF7F-08B3-45b3-B215-418175C4E9DD}" = c5200_Help
"{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BDDB0932-2C7F-ABB3-ED54-6F045EEF14F7}" = Catalyst Control Center Localization Swedish
"{C2E52B6F-E4F1-B9D6-D671-D7E2FC60C7C0}" = CCC Help Chinese Standard
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C3BB5992-04BD-5A27-A8A5-5D976DF8E743}" = ATI Catalyst Install Manager
"{C3FF7E4A-01B4-4303-A1A4-47E8F24082F2}" = S4 League_EU
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C58AED82-0DD9-DF4B-1CE7-F7EE9B1BBB83}" = CCC Help Danish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C61D8EF2-D9BF-B36F-4887-ADE39C924F3F}" = Catalyst Control Center Localization Polish
"{C708333C-B1B9-43be-B797-49FEC7A8D15B}" = C5200
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C7D02E19-07F2-8EE5-7C18-1617A656AF74}" = Catalyst Control Center Localization Turkish
"{C91CC841-7B39-9454-4A16-91C7FF300EC8}" = CCC Help Portuguese
"{CAAAB039-95E4-6F1C-36CC-2E6005E2540D}" = ccc-utility
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE60D4C0-86A7-52C8-7C8A-AFD2E99A1790}" = Catalyst Control Center Graphics Full Existing
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1E03284-66FD-4292-8239-504CEC5B0CC3}" = C5200_doccd
"{D6EA6018-0F5B-E4CC-C930-990412BED306}" = Catalyst Control Center Localization Czech
"{D80D6A7D-A6AA-019A-12D8-CA58F76FA313}" = Skins
"{DB7DE91F-AC23-7A23-B1A7-6FD3A05534E2}" = CCC Help Czech
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DFC21203-E063-A351-8027-F5D43162539D}" = CCC Help Norwegian
"{E0FE7850-04F8-D01A-971F-C7B00F8D003A}" = Catalyst Control Center Localization Russian
"{E18407AE-614D-5B0B-9C38-5A1853E8AB5D}" = Catalyst Control Center Core Implementation
"{E1B2BA63-4023-B582-0D88-ABB528E281D9}" = Catalyst Control Center InstallProxy
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E651B083-2904-8342-5C27-39800B39E03B}" = CCC Help Polish
"{E6695454-03CD-146E-4A10-75FCB5AFE3FB}" = Catalyst Control Center Localization Finnish
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{E9D045D8-E31E-E3D6-004D-9AD4EE6C2747}" = CCC Help Russian
"{E9EEB277-B66C-9A72-9CF0-90AC7BFC2095}" = Catalyst Control Center Localization Norwegian
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F65B8208-5221-43D9-AA12-DDEA64EC4AF6}" = Validity Sensors software
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F98DF01D-F1C3-3878-FCE6-F749729A8949}" = CCC Help Dutch
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FDBA2850-0054-7733-527B-A6286D639345}" = Catalyst Control Center Localization Portuguese
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7DE39862CC26DCE2446838AAF7CD5C163F835A57" = Windows-Treiberpaket - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0)
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AirRivals_DE_is1" = AirRivals_DE 1.0.0.35
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows-Treiberpaket - Nokia Modem  (03/05/2008 3.7)
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"CSS FULL DZ [Oct 15 2007]" = CSS FULL DZ [Oct 15 2007] v18.1
"Derivative Rivals 1.3.2.69" = Derivative Rivals 1.3.2.69
"Derivative Rivals 1.3.3.12" = Derivative Rivals 1.3.3.12
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows-Treiberpaket - Nokia Modem  (03/13/2008 6.86.0.1)
"Game Booster_is1" = Game Booster
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"HyperCam 2" = HyperCam 2
"HypreCam Toolbar" = HypreCam Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"LimeWire" = LimeWire 5.4.8
"MAGIX Music Maker 16 Download-Version D" = MAGIX Music Maker 16 Download-Version
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Max_DE Toolbar" = Max_DE Toolbar
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.5.16)" = Mozilla Firefox (3.5.16)
"Neffy" = Neffy 1,3,29,0
"Nokia PC Suite" = Nokia PC Suite
"NSS" = Norton Security Scan
"PPSGame" = PPS游戏 V1.0.1.298
"PPStream" = PPStream V2.7.0.1210 Final
"PS3 Video 9" = PS3 Video 9 6
"QQ拼音输入法" = QQ拼音输入法3.3
"Raptr" = Raptr
"RealPlayer 12.0" = RealPlayer
"SLOW-PCfighter" = SLOW-PCfighter
"Steam App 550" = Left 4 Dead 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 5" = TeamViewer 5
"Uninstall_is1" = Uninstall 1.0.0.1
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WildTangent hp Master Uninstall" = My HP Games
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WolfTeam" = WolfTeam
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1187208032-1780851946-1698382015-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.07.2010 05:58:13 | Computer Name = Yan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.07.2010 05:58:17 | Computer Name = Yan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1321, Zeitstempel
 0x49772d0a, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3,  Prozess-ID 0x9dc, Anwendungsstartzeit
 01cb1903d83224d2.
 
Error - 01.07.2010 10:08:24 | Computer Name = Yan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.07.2010 10:08:42 | Computer Name = Yan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1321, Zeitstempel
 0x49772d0a, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3,  Prozess-ID 0x9a4, Anwendungsstartzeit
 01cb1926cc2ba0b6.
 
Error - 01.07.2010 11:02:07 | Computer Name = Yan-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 01.07.2010 11:03:17 | Computer Name = Yan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.07.2010 11:07:15 | Computer Name = Yan-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.07.2010 11:07:18 | Computer Name = Yan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung TVAgent.exe, Version 2.1.1.1321, Zeitstempel
 0x49772d0a, fehlerhaftes Modul MFC71.DLL, Version 7.10.3077.0, Zeitstempel 0x3e77fdfd,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0002a3a3,  Prozess-ID 0x980, Anwendungsstartzeit
 01cb192f06b92f0b.
 
Error - 01.07.2010 11:58:48 | Computer Name = Yan-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe_Pml Driver HPZ12, Version 6.0.6001.18000,
 Zeitstempel 0x47918b89, fehlerhaftes Modul hpzipm12.dll, Version 12.1.1.54, Zeitstempel
 0x4551ba01, Ausnahmecode 0xc0000005, Fehleroffset 0x000040b0,  Prozess-ID 0xcd4, 
Anwendungsstartzeit 01cb192f08e7135b.
 
Error - 01.07.2010 12:56:59 | Computer Name = Yan-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6001.18470 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. überprüfen Sie den Problemverlauf im Applet
 "L?sungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 1844  Anfangszeit: 01cb19384639818b  Zeitpunkt
 der Beendigung: 16
 
[ DigitalPersona Pro Events ]
Error - 01.05.2009 16:33:34 | Computer Name = Yan-PC | Source = DigitalPersona Pro | ID = 17827841
Description = Eins-zu-eins-Fingerabdruckvergleich fehlgeschlagen.
 
[ System Events ]
Error - 16.07.2010 08:18:15 | Computer Name = Yan-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description = 
 
Error - 16.07.2010 16:51:42 | Computer Name = Yan-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 17.07.2010 05:21:38 | Computer Name = Yan-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 17.07.2010 05:22:16 | Computer Name = Yan-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 17.07.2010 05:22:57 | Computer Name = Yan-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.07.2010 05:22:57 | Computer Name = Yan-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 17.07.2010 05:24:19 | Computer Name = Yan-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 17.07.2010 05:41:34 | Computer Name = Yan-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description = 
 
Error - 17.07.2010 05:41:45 | Computer Name = Yan-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description = 
 
Error - 17.07.2010 05:46:17 | Computer Name = Yan-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
 
< End of report >
         
--- --- ---

Alt 10.02.2011, 20:47   #10
Kerzor
 
Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab! - Standard

Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab!



OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.02.2011 21:22:23 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Willi\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.52 Gb Total Space | 108.84 Gb Free Space | 37.99% Space Free | Partition Type: NTFS
Drive D: | 11.56 Gb Total Space | 1.39 Gb Free Space | 12.06% Space Free | Partition Type: NTFS
 
Computer Name: YAN-PC | User Name: Willi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Willi\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe (Kaspersky Lab)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Willi\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_dbc0250.dll ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()
SRV - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (TVCapSvc) TV Background Capture Service (TVBCS) -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe ()
SRV - (TVSched) TV Task Scheduler (TVTS) -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe ()
SRV - (vfsFPService) -- C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\stacsv.exe (IDT, Inc.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Program Files\Max_DE\tbMax_.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.88488.com
IE - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:18810
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ch/"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.67
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.3
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2009.04.15 03:18:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.02 19:53:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.02.10 11:37:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.02.10 11:37:58 | 000,000,000 | ---D | M]
 
[2010.06.01 15:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willi\AppData\Roaming\mozilla\Extensions
[2010.06.01 15:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willi\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011.02.10 20:08:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willi\AppData\Roaming\mozilla\Firefox\Profiles\dk4dg9jv.default\extensions
[2010.05.27 21:18:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Willi\AppData\Roaming\mozilla\Firefox\Profiles\dk4dg9jv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.04 21:06:52 | 000,000,000 | ---D | M] (HypreCam Toolbar) -- C:\Users\Willi\AppData\Roaming\mozilla\Firefox\Profiles\dk4dg9jv.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2010.08.13 20:36:13 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Willi\AppData\Roaming\mozilla\Firefox\Profiles\dk4dg9jv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.10.02 19:05:58 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Willi\AppData\Roaming\mozilla\Firefox\Profiles\dk4dg9jv.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010.05.27 15:39:32 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\Willi\AppData\Roaming\mozilla\Firefox\Profiles\dk4dg9jv.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2011.02.10 14:06:50 | 000,000,000 | ---D | M] ("BitDefender QuickScan") -- C:\Users\Willi\AppData\Roaming\mozilla\Firefox\Profiles\dk4dg9jv.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.05.22 12:31:48 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Willi\AppData\Roaming\mozilla\Firefox\Profiles\dk4dg9jv.default\extensions\battlefieldheroespatcher@ea.com
[2010.12.17 20:01:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.10 16:19:08 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.03.02 19:53:40 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011.02.10 19:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\WILLI\PROGRAM FILES\DNA
[2010.09.24 18:55:21 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.24 18:55:21 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.24 18:55:22 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.24 18:55:22 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.24 18:55:22 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (PIPI Link Helper) - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\Users\Willi\AppData\Roaming\pipi\JfCheck.dll (PIPI Tech.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Max DE Toolbar) - {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Program Files\Max_DE\tbMax_.dll (Conduit Ltd.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HypreCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (HypreCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HypreCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Max DE Toolbar) - {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Program Files\Max_DE\tbMax_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001\..\Toolbar\WebBrowser: (HypreCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HypreCam Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001\..\Toolbar\WebBrowser: (Max DE Toolbar) - {53B7F561-E49D-4A38-BC38-0F2642CEE09C} - C:\Program Files\Max_DE\tbMax_.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe (Time Information Services Ltd.)
O4 - HKU\.DEFAULT..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001..\Run: [BitTorrent DNA] C:\Users\Willi\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001..\Run: [phoofdmn] C:\Users\Willi\AppData\Local\Temp\brduhduht\uumidttsika.exe ()
O4 - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001..\Run: [PPS Accelerator] D:\PPS.tv\PPStream\PPSAP.exe (PPStream Inc)
O4 - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk = D:\PPS.tv\PPStream\PPStream.exe (PPStream Inc.)
O4 - Startup: C:\Users\Yan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: 使用快车3下载 - C:\Users\Willi\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Willi\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001\..Trusted Domains: pps.tv ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001\..Trusted Domains: ppstream.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001\..Trusted Domains: webscache.com ([]http in Trusted sites)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Users\Willi\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Willi\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
 
MsConfig - StartUpFolder: C:^Users^Willi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PPS.lnk - D:\PPS.tv\PPStream\PPStream.exe - (PPStream Inc.)
MsConfig - StartUpReg: Nokia.PCSync - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe (Time Information Services Ltd.)
MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe (Nokia)
MsConfig - StartUpReg: Raptr - hkey= - key= - C:\Program Files\Raptr\raptrstub.exe ()
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - lhacm.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IV41 - IR41_32.AX (Intel Corporation)
Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.10 17:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\FunWebProducts
[2011.02.10 15:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.02.10 15:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.02.10 14:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WillikilltVirus
[2011.02.10 14:19:27 | 000,000,000 | ---D | C] -- C:\Program Files\WillikilltVirus
[2011.02.10 14:07:24 | 000,000,000 | ---D | C] -- C:\Users\Willi\AppData\Roaming\QuickScan
[2011.01.18 17:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011.01.12 18:57:50 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.01.12 18:57:43 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.10 21:18:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.10 21:13:42 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.10 21:13:41 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.10 20:22:06 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.10 20:22:06 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.10 20:19:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011.02.10 20:19:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011.02.10 19:48:37 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter-Willi-Startup.job
[2011.02.10 15:40:34 | 000,007,512 | ---- | M] () -- C:\Users\Willi\AppData\Local\d3d9caps.dat
[2011.02.10 15:14:20 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.02.10 12:22:57 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.02.09 19:11:12 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Willi.job
[2011.02.07 10:46:39 | 003,621,986 | ---- | M] () -- C:\Users\Willi\Documents\broswer_cam0001.avi
[2011.02.07 10:45:06 | 004,892,142 | ---- | M] () -- C:\Users\Willi\Documents\clip0006.avi
[2011.02.07 10:42:58 | 455,168,500 | ---- | M] () -- C:\Users\Willi\Documents\clip0005.avi
[2011.02.02 17:11:53 | 000,000,663 | ---- | M] () -- C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk
[2011.02.02 17:11:52 | 000,000,647 | ---- | M] () -- C:\Users\Public\Desktop\PPStream.lnk
[2011.01.26 17:58:11 | 000,022,841 | ---- | M] () -- C:\Users\Willi\Schule Referat.odt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.02.10 20:19:44 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011.02.10 20:19:44 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011.02.10 15:14:20 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.02.07 10:46:36 | 003,621,986 | ---- | C] () -- C:\Users\Willi\Documents\broswer_cam0001.avi
[2011.02.07 10:45:04 | 004,892,142 | ---- | C] () -- C:\Users\Willi\Documents\clip0006.avi
[2011.02.07 10:40:13 | 455,168,500 | ---- | C] () -- C:\Users\Willi\Documents\clip0005.avi
[2011.02.02 17:11:53 | 000,000,663 | ---- | C] () -- C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk
[2011.01.26 17:58:10 | 000,022,841 | ---- | C] () -- C:\Users\Willi\Schule Referat.odt
[2010.10.10 16:35:06 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.10 16:33:12 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.10.06 21:14:40 | 000,000,000 | ---- | C] () -- C:\Users\Willi\AppData\Local\FnF4.txt
[2010.09.17 11:44:41 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.09.14 20:38:16 | 000,000,090 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.08.04 18:28:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.08.02 20:46:03 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.08.02 20:45:51 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.06.16 13:19:44 | 000,017,408 | ---- | C] () -- C:\Users\Willi\AppData\Local\WebpageIcons.db
[2010.06.07 12:28:26 | 000,004,608 | ---- | C] () -- C:\Users\Willi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.06 09:54:56 | 000,007,512 | ---- | C] () -- C:\Users\Willi\AppData\Local\d3d9caps.dat
[2010.05.27 14:46:24 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010.05.21 19:41:35 | 000,000,000 | ---- | C] () -- C:\Users\Willi\AppData\Local\QSwitch.txt
[2010.05.21 19:41:35 | 000,000,000 | ---- | C] () -- C:\Users\Willi\AppData\Local\DSwitch.txt
[2010.05.21 19:41:34 | 000,000,000 | ---- | C] () -- C:\Users\Willi\AppData\Local\AtStart.txt
[2010.04.10 17:20:28 | 000,000,040 | ---- | C] () -- C:\Windows\System32\Sx5363.ini
[2010.04.09 19:56:41 | 000,018,760 | ---- | C] () -- C:\Windows\System32\QQVistaHelper.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.05.03 11:39:07 | 000,001,182 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.05.01 20:39:34 | 000,061,765 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009.04.15 03:18:38 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009.04.15 03:18:29 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009.04.15 03:17:57 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009.04.15 03:17:24 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009.04.15 03:16:03 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009.04.15 02:34:02 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009.03.02 08:42:00 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009.03.02 08:37:22 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009.03.02 08:35:52 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009.03.02 08:34:48 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008.12.31 13:36:16 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.11.14 14:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll
[2007.03.29 22:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2010.06.02 14:46:03 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Nokia
[2010.06.02 14:46:03 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Nokia
[2010.09.29 20:44:30 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\AF1874942E103F58C3F4BB5EE7822ABC
[2011.02.10 01:52:04 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Azureus
[2010.05.28 20:39:12 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\BITS
[2010.05.21 19:41:25 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\DigitalPersona
[2011.02.10 21:13:08 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\DNA
[2010.08.13 20:48:53 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.05.27 14:44:09 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\FlashGet
[2010.05.27 14:44:23 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\FlashGetBHO
[2010.05.28 20:42:20 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\FlashgetSetup
[2010.06.22 16:56:16 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\GetRightToGo
[2010.10.05 21:08:37 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\gtk-2.0
[2011.02.10 19:47:15 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\LimeWire
[2010.09.29 16:08:39 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\MAGIX
[2010.05.28 20:44:13 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Maxthon2
[2010.05.28 20:43:29 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\MxBoost
[2010.06.01 15:38:38 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Nokia
[2010.05.25 16:26:01 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\OpenOffice.org
[2010.06.01 15:38:27 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\PC Suite
[2010.06.19 14:44:38 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\PhotoScape
[2011.02.06 21:47:40 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\PIPI
[2011.02.10 19:52:01 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\ppstream
[2010.05.27 13:59:32 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\QQMusicUpdate
[2011.02.10 14:07:30 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\QuickScan
[2011.01.03 08:43:37 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Raptr
[2010.10.29 19:13:28 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Red Kawa
[2011.02.10 15:19:59 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\TeamViewer
[2011.01.01 01:07:22 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Teeworlds
[2010.08.04 17:27:40 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\TENCENT
[2010.08.10 10:30:35 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\TS3Client
[2010.06.07 12:23:28 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\TubeBox
[2010.07.04 12:38:21 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\WildTangent
[2010.04.07 22:45:19 | 000,000,000 | ---D | M] -- C:\Users\Yan\AppData\Roaming\AF1874942E103F58C3F4BB5EE7822ABC
[2010.03.01 21:19:27 | 000,000,000 | ---D | M] -- C:\Users\Yan\AppData\Roaming\DeepBurner
[2009.05.01 20:39:42 | 000,000,000 | ---D | M] -- C:\Users\Yan\AppData\Roaming\DigitalPersona
[2010.05.21 18:20:00 | 000,000,000 | ---D | M] -- C:\Users\Yan\AppData\Roaming\DNA
[2010.04.26 23:02:58 | 000,000,000 | ---D | M] -- C:\Users\Yan\AppData\Roaming\LimeWire
[2009.05.25 16:17:21 | 000,000,000 | ---D | M] -- C:\Users\Yan\AppData\Roaming\OpenOffice.org
[2009.08.07 14:41:14 | 000,000,000 | ---D | M] -- C:\Users\Yan\AppData\Roaming\PPStream
[2010.04.18 13:32:31 | 000,000,000 | ---D | M] -- C:\Users\Yan\AppData\Roaming\QQMusicUpdate
[2010.04.09 20:05:42 | 000,000,000 | ---D | M] -- C:\Users\Yan\AppData\Roaming\tencent
[2010.02.20 14:48:06 | 000,000,000 | ---D | M] -- C:\Users\Yan\AppData\Roaming\TS3Client
[2009.11.18 13:28:11 | 000,000,000 | ---D | M] -- C:\Users\Yan\AppData\Roaming\Unity
[2009.05.01 22:19:44 | 000,000,000 | ---D | M] -- C:\Users\Yan\AppData\Roaming\WildTangent
[2011.02.10 21:13:41 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.02.10 19:48:37 | 000,000,356 | ---- | M] () -- C:\Windows\Tasks\SLOW-PCfighter-Willi-Startup.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.05.25 16:29:49 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Adobe
[2010.09.29 20:44:30 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\AF1874942E103F58C3F4BB5EE7822ABC
[2010.05.21 19:41:59 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\ATI
[2010.10.13 20:01:27 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Avira
[2011.02.10 01:52:04 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Azureus
[2010.05.28 20:39:12 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\BITS
[2010.07.17 13:25:40 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\CyberLink
[2010.05.21 19:41:25 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\DigitalPersona
[2010.10.24 14:59:50 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\DivX
[2011.02.10 21:13:08 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\DNA
[2010.08.13 20:48:53 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.05.27 14:44:09 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\FlashGet
[2010.05.27 14:44:23 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\FlashGetBHO
[2010.05.28 20:42:20 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\FlashgetSetup
[2010.06.22 16:56:16 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\GetRightToGo
[2010.10.05 21:08:37 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\gtk-2.0
[2010.05.30 16:31:08 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\HP
[2010.05.21 19:40:10 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Identities
[2010.06.22 16:56:56 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\InstallShield
[2011.02.10 19:47:15 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\LimeWire
[2010.05.21 19:45:37 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Macromedia
[2010.05.28 11:01:19 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Macrovision
[2010.09.29 16:08:39 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\MAGIX
[2010.09.29 20:44:26 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Malwarebytes
[2010.05.28 20:44:13 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Maxthon2
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Media Center Programs
[2011.01.05 20:38:40 | 000,000,000 | --SD | M] -- C:\Users\Willi\AppData\Roaming\Microsoft
[2010.05.21 19:44:57 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Mozilla
[2010.05.28 20:43:29 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\MxBoost
[2010.06.01 15:38:38 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Nokia
[2010.05.25 16:26:01 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\OpenOffice.org
[2010.06.01 15:38:27 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\PC Suite
[2010.06.19 14:44:38 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\PhotoScape
[2011.02.06 21:47:40 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\PIPI
[2011.02.10 19:52:01 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\ppstream
[2010.05.27 13:59:32 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\QQMusicUpdate
[2011.02.10 14:07:30 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\QuickScan
[2011.01.03 08:43:37 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Raptr
[2010.08.13 20:30:23 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Real
[2010.10.29 19:13:28 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Red Kawa
[2011.02.10 01:52:08 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Skype
[2011.02.10 00:09:46 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\skypePM
[2010.08.20 19:49:58 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\teamspeak2
[2011.02.10 15:19:59 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\TeamViewer
[2011.01.01 01:07:22 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\Teeworlds
[2010.08.04 17:27:40 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\TENCENT
[2010.08.10 10:30:35 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\TS3Client
[2010.06.07 12:23:28 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\TubeBox
[2010.07.04 12:38:21 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\WildTangent
[2010.08.02 16:54:00 | 000,000,000 | ---D | M] -- C:\Users\Willi\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.10.02 19:12:20 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Willi\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2010.05.27 14:43:59 | 006,891,088 | ---- | M] (Trend Media Corporation Limited.) -- C:\Users\Willi\AppData\Roaming\FlashgetSetup\fgcn_386.exe
[2010.05.28 20:42:19 | 003,688,936 | ---- | M] () -- C:\Users\Willi\AppData\Roaming\FlashgetSetup\fgcn_7.exe
[2009.12.07 11:25:50 | 000,248,880 | ---- | M] (Flashget) -- C:\Users\Willi\AppData\Roaming\FlashgetSetup\fgmini.exe
[2010.06.01 15:45:10 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Users\Willi\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.exe
[2010.06.01 15:45:12 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Users\Willi\AppData\Roaming\LimeWire\browser\xulrunner\updater.exe
[2010.06.01 15:45:12 | 000,014,848 | ---- | M] () -- C:\Users\Willi\AppData\Roaming\LimeWire\browser\xulrunner\xpcshell.exe
[2010.06.01 15:45:12 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Users\Willi\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe
[2010.06.01 15:45:12 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Users\Willi\AppData\Roaming\LimeWire\browser\xulrunner\xpidl.exe
[2010.06.01 15:45:12 | 000,018,432 | ---- | M] () -- C:\Users\Willi\AppData\Roaming\LimeWire\browser\xulrunner\xpt_dump.exe
[2010.06.01 15:45:12 | 000,014,336 | ---- | M] () -- C:\Users\Willi\AppData\Roaming\LimeWire\browser\xulrunner\xpt_link.exe
[2010.06.01 15:45:13 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Users\Willi\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner-stub.exe
[2010.06.01 15:45:13 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Users\Willi\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner.exe
[2010.11.16 21:08:29 | 002,790,864 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Willi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2011.01.05 20:38:41 | 000,010,134 | R--- | M] () -- C:\Users\Willi\AppData\Roaming\Microsoft\Installer\{8DB77BE4-629D-458D-BD68-9F36667C2177}\_24B64F3053825A354B6578.exe
[2011.01.05 20:38:40 | 000,034,494 | R--- | M] () -- C:\Users\Willi\AppData\Roaming\Microsoft\Installer\{8DB77BE4-629D-458D-BD68-9F36667C2177}\_6FEFF9B68218417F98F549.exe
[2011.01.05 20:38:41 | 000,355,574 | R--- | M] () -- C:\Users\Willi\AppData\Roaming\Microsoft\Installer\{8DB77BE4-629D-458D-BD68-9F36667C2177}\_DBA3336452AE85F9B24284.exe
[2011.01.05 20:38:40 | 000,355,574 | R--- | M] () -- C:\Users\Willi\AppData\Roaming\Microsoft\Installer\{8DB77BE4-629D-458D-BD68-9F36667C2177}\_EAF2230D5EB27BCA31D960.exe
[2011.01.05 20:38:40 | 000,080,992 | R--- | M] () -- C:\Users\Willi\AppData\Roaming\Microsoft\Installer\{8DB77BE4-629D-458D-BD68-9F36667C2177}\_FEA01DB6B3866EEFEB53DF.exe
[2010.05.22 12:31:48 | 001,291,640 | ---- | M] (EA Digital Illusions CE AB) -- C:\Users\Willi\AppData\Roaming\Mozilla\Firefox\Profiles\dk4dg9jv.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
[2010.12.30 00:08:39 | 024,220,760 | ---- | M] () -- C:\Users\Willi\AppData\Roaming\Raptr\raptr-1.4.3-r46107-release.exe
[2010.08.10 09:23:49 | 021,266,792 | ---- | M] (Tencent Inc.) -- C:\Users\Willi\AppData\Roaming\TENCENT\QQPinyin\update\QQPinyin_Setup_33_881.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.09.18 09:49:52 | 000,061,440 | ---- | M] (TENCENT) -- C:\ChatRoom.exe
[2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.03.02 15:46:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2009.03.02 15:46:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2009.03.02 15:46:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2009.03.02 15:46:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.10 13:39:59 | 000,718,420 | ---- | M] () MD5=0CA80BD5EACFCD37BB90DE9F3F70217E -- C:\Users\Willi\Downloads\eXplorer.exe
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.07.17 09:25:08 | 000,004,608 | ---- | M] () MD5=4E791EAE743CFEF6DE9166514FBC760C -- C:\Users\Yan\AppData\Local\Xenocode\ApplianceCaches\GameCamV2.exe_v44BF727C\Native\STUBEXE\@WINDIR@\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2010.11.12 15:15:50 | 000,254,976 | ---- | M] () MD5=976A1B76A7D2A6CB184D63CB0500E8DC -- C:\Users\Willi\AppData\Local\Temp\RarSFX1\procs\explorer.exe
[2010.11.12 15:15:50 | 000,254,976 | ---- | M] () MD5=976A1B76A7D2A6CB184D63CB0500E8DC -- C:\Users\Willi\AppData\Local\Temp\RarSFX2\procs\explorer.exe
[2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Willi\AppData\Local\Temp\RarSFX1\h\explorer.exe
[2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Willi\AppData\Local\Temp\RarSFX2\h\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2011.02.10 14:44:14 | 000,031,232 | ---- | M] () MD5=9CC544B7333C1F741765CE8AFC8B8F27 -- C:\Users\Willi\AppData\Local\Temp\RarSFX1\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2011.02.10 14:43:58 | 000,718,536 | ---- | M] () MD5=C8A0EDFB244B579E61613FB529823E35 -- C:\Users\Willi\Downloads\WiNlOgOn.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Files - Unicode (All) ==========
[2010.07.12 20:31:27 | 000,016,199 | ---- | M] ()(C:\Users\Willi\Documents\Arbeitbest?tigung Abdullah Said.odt) -- C:\Users\Willi\Documents\Arbeitbestätigung Abdullah Said.odt
[2010.07.12 20:31:26 | 000,016,199 | ---- | C] ()(C:\Users\Willi\Documents\Arbeitbest?tigung Abdullah Said.odt) -- C:\Users\Willi\Documents\Arbeitbestätigung Abdullah Said.odt
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ìú??èí?t) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ÌÚѶÈí¼þ

< End of report >
         
--- --- ---

Alt 11.02.2011, 10:45   #11
markusg
/// Malware-holic
 
Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab! - Standard

Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab!



• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
O4 - HKU\S-1-5-21-1187208032-1780851946-1698382015-1001..\Run: [phoofdmn] C:\Users\Willi\AppData\Local\Temp\brduhduht\uumidttsika.exe ()

:Files
C:\Users\Willi\AppData\Local\Temp\brduhduht
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[resethosts]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
pc sollte im normalen modus starten.
öffne bitte, auch wenn du ihn nicht verwenden solltest, den internet explorer, dort extras internetoptionen lanverbindung.
dann gehe zu proxy server.
dort den eintrag löschen. und auf
keinen proxy verwenden einstellen bzw den haken bei proxy server raus nehmen.
öffne computer, c: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
lade das archiv in unserem upload channel hoch.
http://www.trojaner-board.de/54791-a...ner-board.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.02.2011, 11:43   #12
Kerzor
 
Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab! - Standard

Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab!



All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1187208032-1780851946-1698382015-1001\Software\Microsoft\Windows\CurrentVersion\Run\\phoofdmn deleted successfully.
C:\Users\Willi\AppData\Local\Temp\brduhduht\uumidttsika.exe moved successfully.
========== FILES ==========
C:\Users\Willi\AppData\Local\Temp\brduhduht folder moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: TEMP

User: Willi
->Flash cache emptied: 3004613 bytes

User: Yan
->Flash cache emptied: 215259 bytes

Total Flash Files Cleaned = 3.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 48 bytes
->Temporary Internet Files folder emptied: 175156 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 268 bytes

User: Willi
->Temp folder emptied: 947461523 bytes
->Temporary Internet Files folder emptied: 94767738 bytes
->Java cache emptied: 19380195 bytes
->FireFox cache emptied: 65512362 bytes
->Google Chrome cache emptied: 343805968 bytes
->Flash cache emptied: 0 bytes

User: Yan
->Temp folder emptied: 241085348 bytes
->Temporary Internet Files folder emptied: 64512007 bytes
->Java cache emptied: 83515205 bytes
->FireFox cache emptied: 55500242 bytes
->Google Chrome cache emptied: 6231364 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16642117480 bytes
RecycleBin emptied: 6972311236 bytes

Total Files Cleaned = 24'353.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.20.6 log created on 02112011_122551

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 11.02.2011, 12:13   #13
markusg
/// Malware-holic
 
Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab! - Standard

Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab!



startet er wieder im normalen modus?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.02.2011, 13:27   #14
Kerzor
 
Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab! - Standard

Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab!



Ja... hat im normalen Modus gestartet

Alt 11.02.2011, 13:48   #15
markusg
/// Malware-holic
 
Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab! - Standard

Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab!



na das ist doch schon mal was.

download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab!
anderem, antimalware, antimalware doctor, antivira av, block, blockt, doctor, downloaden, downloads, eingefangen, facebook, funktionier, funktioniert, gefangen, gen, heute, jegliche, laptop, meldung, morgen, plötzlich, rechner, schonmal, versuch, versucht, vista



Ähnliche Themen: Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab!


  1. Hab ich jetzt Geld verloren? Trojaner eingefangen?
    Log-Analyse und Auswertung - 13.12.2014 (13)
  2. snap.do eingefangen-was jetzt?
    Log-Analyse und Auswertung - 27.07.2013 (9)
  3. Snap.do eingefangen - adwcleaner ausgeführt - jetzt systemlook Logfile
    Log-Analyse und Auswertung - 07.05.2013 (4)
  4. Antivira Fehlercode 0x80070424
    Log-Analyse und Auswertung - 05.02.2013 (1)
  5. Bei Downloads 8 Trojaner eingefangen - "Siredef-Downloader-FakeMS-0Access-Ransom FGen
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (3)
  6. FakeAlert eingefangen - und jetzt
    Plagegeister aller Art und deren Bekämpfung - 05.04.2012 (21)
  7. Antivira Fund TR/Sirefef.BP.1
    Plagegeister aller Art und deren Bekämpfung - 08.03.2012 (2)
  8. Kido eingefangen und versucht zu entfernen. Ist mein Rechner jetzt sauber ?
    Log-Analyse und Auswertung - 14.11.2011 (65)
  9. Trojaner fakesysdef.506 eingefangen - jetzt beseitigt oder nicht?
    Plagegeister aller Art und deren Bekämpfung - 11.10.2011 (21)
  10. AntiVira AV entgültig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 21.02.2011 (37)
  11. Antivira AV Maleware probleme Wer kann helfen
    Log-Analyse und Auswertung - 12.02.2011 (3)
  12. AntiVira Av entfernen
    Anleitungen, FAQs & Links - 09.02.2011 (2)
  13. Trojaner eingefangen, weiß nicht ob System jetzt sauber...
    Plagegeister aller Art und deren Bekämpfung - 03.05.2010 (23)
  14. firewall(ZA) blockt downloads!
    Antiviren-, Firewall- und andere Schutzprogramme - 25.10.2007 (7)
  15. Optix Pro eingefangen und jetzt will er nicht mehr weg
    Plagegeister aller Art und deren Bekämpfung - 11.07.2005 (9)
  16. Crazywinnings eingefangen, was jetzt???
    Log-Analyse und Auswertung - 04.01.2005 (16)

Zum Thema Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab! - Also hab heute Morgen den Laptop angeschaltet und wollte ein bisschen in facebook bis dann plötzlich eine Meldung kam von Antivira Av ... Jetzt ist mir das schonmal mit Antimalware - Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab!...
Archiv
Du betrachtest: Hab mir Antivira Av eingefangen und blockt jetzt jegliche downloads ab! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.