| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: kazy.mekml.1 seit gerade ebenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
21.04.2011, 08:49
| #1 |
 |  kazy.mekml.1 seit gerade eben Seit gut einer stunde bin ich von oben genanntem Trojaner betroffen es kommen immer meldungen Kritischer festplattenfehler desktop ist schwarz nur papierkorb zu sehen schnellstart usw.. alles leer habe ein wenig im forum geschaut und schonmal die logfiles mit OTL gemacht nutze den laptop im mom im abgesicherten Modus Dake schonmal OTL.txt Code:
ATTFilter OTL logfile created on: 21.04.2011 09:30:52 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = D:\Mozilla Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free 6,00 Gb Paging File | 6,00 Gb Available in Paging File | 92,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 59,09 Gb Total Space | 13,83 Gb Free Space | 23,41% Space Free | Partition Type: NTFS Drive D: | 226,00 Gb Total Space | 136,18 Gb Free Space | 60,26% Space Free | Partition Type: NTFS Computer Name: SAMSUNG | User Name: Meier | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Mozilla Downloads\OTL.exe (OldTimer Tools) PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - D:\Mozilla Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (McAfee SiteAdvisor Service) -- File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SbieSvc) -- D:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG) SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (StarWindServiceAE) -- D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE () SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (SbieDrv) -- D:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.) DRV - (GarenaPEngine) -- C:\Users\Meier\AppData\Local\Temp\EIYFBAE.tmp () DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation) DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: staff@hide-my-ip.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: speedtest@gotomyhelp.com:1.2.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: stealthyextension@gmail.com:0.8 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.03.25 18:41:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.03.25 18:41:01 | 000,000,000 | ---D | M] [2010.07.22 11:39:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Extensions [2011.04.20 16:21:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions [2010.07.23 14:11:58 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.28 18:36:36 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.07.26 14:18:16 | 000,000,000 | -H-D | M] (FIFA Online Web Launcher) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\eafo3fflauncher@ea.com [2010.08.28 13:49:49 | 000,000,000 | -H-D | M] ("Broadband Speed Test and Diagnostics") -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\speedtest@gotomyhelp.com [2011.04.07 19:28:39 | 000,000,000 | -H-D | M] (Stealthy) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\stealthyextension@gmail.com [2011.04.07 19:28:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\stealthyextension@gmail.com\chrome [2009.10.28 21:30:35 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2010.08.16 13:19:32 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2010.08.19 09:56:53 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.16 20:01:37 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.11 15:52:14 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.02.04 12:16:35 | 000,000,000 | ---D | M] (Hide My IP) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\STAFF@HIDE-MY-IP.COM O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [MRtPNAFMRSnT] C:\ProgramData\MRtPNAFMRSnT.exe (WinTrust) O4 - HKCU..\Run: [PlayNC Launcher] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O8 - Extra context menu item: &Download by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube Download - C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6dfa23fb-b080-11df-968d-001583c2cefa}\Shell - "" = AutoRun O33 - MountPoints2\{6dfa23fb-b080-11df-968d-001583c2cefa}\Shell\AutoRun\command - "" = F:\Set-up.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\MTInstall.exe O33 - MountPoints2\G\Shell\directx\command - "" = G:\Redist\directx8a\dxsetup.exe O33 - MountPoints2\G\Shell\Gamespy\command - "" = G:\Redist\GameSpy\ArcadeInstallMTYCOON108c.exe O33 - MountPoints2\G\Shell\setup\command - "" = G:\MTInstall.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^Meier^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - D:\Program Files\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - D:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () MsConfig - StartUpReg: EA Core - hkey= - key= - File not found MsConfig - StartUpReg: NBAgent - hkey= - key= - D:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) MsConfig - StartUpReg: Pando Media Booster - hkey= - key= - C:\Program Files\Pando Networks\Media Booster\PMB.exe () MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - D:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) MsConfig - StartUpReg: SandboxieControl - hkey= - key= - D:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) MsConfig - StartUpReg: Steam - hkey= - key= - File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: USBToolTip - hkey= - key= - C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH) MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: vidc.mjpg - pvmjpg30.dll File not found Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011.04.21 08:41:45 | 000,000,000 | -H-D | C] -- C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery [2011.04.21 08:32:28 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe [2011.04.15 18:13:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.04.15 16:14:32 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.15 16:14:32 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.15 16:14:14 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.15 16:14:14 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.15 16:14:14 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.15 16:14:07 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.15 16:14:07 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.15 16:14:07 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.15 16:14:07 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.15 16:14:06 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.15 16:14:06 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.15 16:14:06 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.15 16:14:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.15 16:14:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.15 16:14:06 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.15 16:14:06 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.15 16:14:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.15 16:14:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.15 16:14:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.15 16:13:54 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.15 16:13:53 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.15 16:13:49 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.15 16:13:47 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.15 16:13:44 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.15 16:13:44 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.08 12:19:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acoustica MP3 To Wave Converter Plus [2011.04.08 12:13:16 | 000,000,000 | -H-D | C] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoft [2011.03.27 08:12:11 | 000,000,000 | -H-D | C] -- C:\Users\Meier\AppData\Local\Microsoft Games [2011.03.23 13:19:21 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.03.23 13:19:21 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2010.08.25 19:59:08 | 000,004,096 | -H-- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.21 09:15:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.21 09:11:45 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.21 09:11:45 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.21 09:11:44 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.04.21 08:54:43 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~42589960 [2011.04.21 08:54:43 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~42589960r [2011.04.21 08:54:30 | 000,000,336 | -H-- | M] () -- C:\ProgramData\42589960 [2011.04.21 08:41:46 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~46128904 [2011.04.21 08:41:46 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~46128904r [2011.04.21 08:41:45 | 000,000,583 | -H-- | M] () -- C:\Users\Meier\Desktop\Windows Recovery.lnk [2011.04.21 08:41:36 | 000,000,336 | -H-- | M] () -- C:\ProgramData\46128904 [2011.04.21 08:32:28 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe [2011.04.21 06:52:17 | 000,632,252 | -H-- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.21 06:52:17 | 000,598,900 | -H-- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.21 06:52:17 | 000,127,464 | -H-- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.21 06:52:17 | 000,104,914 | -H-- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.20 20:32:18 | 000,171,008 | -H-- | M] () -- C:\Users\Meier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.20 16:34:59 | 000,000,370 | -H-- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2011.04.15 18:32:00 | 003,810,392 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.08 12:19:07 | 000,000,777 | -H-- | M] () -- C:\Users\Public\Desktop\Acoustica MP3 To Wave Converter PLUS.lnk [2011.04.08 12:17:05 | 000,001,032 | -H-- | M] () -- C:\Users\Meier\Desktop\DVDVideoSoft Free Studio.lnk [2011.04.08 12:17:01 | 000,000,849 | -H-- | M] () -- C:\Users\Meier\Desktop\Free Audio Converter.lnk [2011.04.03 12:14:09 | 000,015,008 | -H-- | M] () -- C:\Users\Meier\Desktop\OpenDocument Text (neu).odt [2011.04.02 13:49:46 | 000,000,915 | -H-- | M] () -- C:\Users\Meier\Desktop\Free YouTube to MP3 Converter.lnk [2011.03.27 08:39:50 | 000,000,349 | -H-- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.21 08:54:43 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~42589960 [2011.04.21 08:54:43 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~42589960r [2011.04.21 08:54:30 | 000,000,336 | -H-- | C] () -- C:\ProgramData\42589960 [2011.04.21 08:41:46 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~46128904 [2011.04.21 08:41:46 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~46128904r [2011.04.21 08:41:45 | 000,000,583 | -H-- | C] () -- C:\Users\Meier\Desktop\Windows Recovery.lnk [2011.04.21 08:41:36 | 000,000,336 | -H-- | C] () -- C:\ProgramData\46128904 [2011.04.08 12:19:07 | 000,000,777 | -H-- | C] () -- C:\Users\Public\Desktop\Acoustica MP3 To Wave Converter PLUS.lnk [2011.04.08 12:13:19 | 000,000,849 | -H-- | C] () -- C:\Users\Meier\Desktop\Free Audio Converter.lnk [2011.04.03 11:13:59 | 000,015,008 | -H-- | C] () -- C:\Users\Meier\Desktop\OpenDocument Text (neu).odt [2011.04.02 13:49:46 | 000,000,915 | -H-- | C] () -- C:\Users\Meier\Desktop\Free YouTube to MP3 Converter.lnk [2011.04.02 13:17:36 | 000,000,370 | -H-- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.11.07 20:54:46 | 000,000,010 | -H-- | C] () -- C:\Windows\popcinfo.dat [2010.10.31 15:25:58 | 000,001,666 | -H-- | C] () -- C:\Windows\Sandboxie.ini [2010.10.25 14:48:52 | 000,000,331 | -H-- | C] () -- C:\Windows\SIERRA.INI [2010.10.25 10:20:49 | 000,000,556 | -H-- | C] () -- C:\Windows\ODBC.INI [2010.10.14 02:36:44 | 000,179,263 | -H-- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.09.24 21:47:43 | 000,000,069 | -H-- | C] () -- C:\Windows\NeroDigital.ini [2010.08.25 20:30:02 | 000,439,308 | -H-- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010.08.25 20:30:00 | 000,982,240 | -H-- | C] () -- C:\Windows\System32\igkrng500.bin [2010.08.25 20:30:00 | 000,092,356 | -H-- | C] () -- C:\Windows\System32\igfcg500m.bin [2010.08.25 19:57:00 | 000,000,151 | -H-- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010.08.25 19:52:00 | 000,208,896 | -H-- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.08.25 19:52:00 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\iglhcp32.dll [2010.08.24 17:46:00 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2010.08.03 15:14:30 | 000,233,472 | -H-- | C] () -- C:\Windows\System32\MafiaSetup.exe [2010.07.26 14:20:42 | 000,139,152 | -H-- | C] () -- C:\Users\Meier\AppData\Roaming\PnkBstrK.sys [2010.07.26 10:58:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.07.26 10:58:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.07.25 18:36:29 | 000,171,008 | -H-- | C] () -- C:\Users\Meier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.24 16:11:17 | 000,000,013 | -H-- | C] () -- C:\Users\Meier\AppData\Roaming\Update.cfg [2010.07.23 21:15:01 | 001,970,176 | -H-- | C] () -- C:\Windows\System32\d3dx9.dll [2010.07.22 11:38:52 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat [2009.08.03 00:21:54 | 000,197,912 | -H-- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.08.03 00:21:52 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.08.03 00:21:52 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009.07.24 05:49:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.07.24 05:20:06 | 000,307,200 | -H-- | C] () -- C:\Windows\SetDisplayResolution.exe [2009.07.24 05:19:37 | 000,000,135 | RH-- | C] () -- C:\Windows\System32\lngEng.ini [2009.07.24 05:19:37 | 000,000,117 | -H-- | C] () -- C:\Windows\System32\lngKor.ini [2009.07.24 05:17:29 | 000,004,280 | -H-- | C] () -- C:\Windows\HotFixList.ini [2009.07.24 05:17:08 | 000,073,728 | -H-- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.07.24 03:52:31 | 000,632,252 | -H-- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.24 03:52:31 | 000,290,748 | -H-- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.24 03:52:31 | 000,127,464 | -H-- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.24 03:52:31 | 000,036,916 | -H-- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.24 03:35:48 | 001,060,424 | -H-- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2009.07.24 03:35:40 | 000,147,456 | -H-- | C] () -- C:\Windows\System32\igfxCoIn_v1540.dll [2009.07.24 03:35:40 | 000,147,172 | -H-- | C] () -- C:\Windows\System32\igfcg550.bin [2008.02.09 18:03:07 | 000,024,576 | -H-- | C] () -- C:\Windows\System32\drivers\Marker.exe [2007.02.26 09:49:12 | 006,139,774 | -H-- | C] () -- C:\Windows\imagine digital freedom.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 003,810,392 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,598,900 | -H-- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,914 | -H-- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010.11.06 17:51:20 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Alawar [2010.11.06 13:48:43 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Boomzap [2010.07.28 14:33:16 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Canneverbe Limited [2010.09.21 12:05:49 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Canon [2010.09.16 20:16:01 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2010.09.11 13:43:49 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Command and Conquer 4 [2010.08.31 22:07:41 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DAEMON Tools Pro [2011.04.08 12:13:16 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoft [2011.04.02 13:50:02 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers [2010.07.24 23:31:46 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\GrabPro [2010.08.22 16:18:53 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\ICQ [2010.07.24 01:57:18 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\MessengerGadget [2010.11.06 15:52:51 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\My Games [2010.09.05 11:58:06 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Need for Speed World [2010.08.16 13:24:03 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\OpenOffice.org [2011.04.20 21:11:11 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Orbit [2010.12.23 12:02:47 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Process Hacker 2 [2010.07.24 23:32:31 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\ProgSense [2010.08.05 12:47:18 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2010.11.06 19:12:24 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Super-Cow [2010.10.01 19:29:51 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Zylom [2011.04.20 16:34:59 | 000,000,370 | -H-- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2011.04.21 09:11:45 | 000,032,582 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.08.05 12:30:26 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Adobe [2010.08.05 12:47:19 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Adobe Mini Bridge CS5 [2010.11.06 17:51:20 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Alawar [2010.11.17 13:17:12 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\ArcSoft [2010.07.22 12:56:35 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Avira [2010.11.06 13:48:43 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Boomzap [2010.07.28 14:33:16 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Canneverbe Limited [2010.09.21 12:05:49 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Canon [2010.09.16 20:16:01 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2010.09.11 13:43:49 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Command and Conquer 4 [2010.08.31 22:07:41 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DAEMON Tools Pro [2010.08.03 08:46:19 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DivX [2011.04.08 12:13:16 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoft [2011.04.02 13:50:02 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers [2010.07.24 23:31:46 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\GrabPro [2010.08.22 16:18:53 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\ICQ [2010.10.01 19:29:51 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Identities [2010.07.22 12:32:40 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\InstallShield [2010.07.22 11:24:25 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Macromedia [2006.11.02 14:37:34 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Media Center Programs [2010.07.24 01:57:18 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\MessengerGadget [2010.08.31 21:52:09 | 000,000,000 | --SD | M] -- C:\Users\Meier\AppData\Roaming\Microsoft [2010.07.22 11:39:02 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Mozilla [2010.11.06 15:52:51 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\My Games [2010.09.05 11:58:06 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Need for Speed World [2010.08.04 15:49:54 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Nero [2010.08.16 13:24:03 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\OpenOffice.org [2011.04.20 21:11:11 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Orbit [2010.12.23 12:02:47 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Process Hacker 2 [2010.07.24 23:32:31 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\ProgSense [2010.08.05 12:47:18 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2010.11.06 19:12:24 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Super-Cow [2010.11.28 12:28:35 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\vlc [2010.07.22 14:07:18 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\WinRAR [2010.10.01 19:29:51 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Zylom < %APPDATA%\*.exe /s > [2010.08.04 20:26:52 | 000,038,784 | -H-- | M] () -- C:\Users\Meier\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010.11.27 14:57:02 | 000,029,926 | RH-- | M] () -- C:\Users\Meier\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe [2010.08.31 21:52:09 | 000,010,134 | RH-- | M] () -- C:\Users\Meier\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | -H-- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2009.02.11 10:26:18 | 000,407,576 | -H-- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.02.11 10:11:50 | 000,329,752 | -H-- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009.02.11 10:11:50 | 000,329,752 | -H-- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys [2009.02.11 10:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | -H-- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | -H-- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | -H-- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | -H-- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | -H-- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | -H-- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | -H-- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 21.04.2011 09:30:52 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Mozilla Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,09 Gb Total Space | 13,83 Gb Free Space | 23,41% Space Free | Partition Type: NTFS
Drive D: | 226,00 Gb Total Space | 136,18 Gb Free Space | 60,26% Space Free | Partition Type: NTFS
Computer Name: SAMSUNG | User Name: Meier | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\Orbitdownloader\orbitdm.exe" = D:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Program Files\Orbitdownloader\orbitnet.exe" = D:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14F3A794-E653-4742-87A0-E0D9B74A1150}" = lport=2300 | protocol=17 | dir=in | name=wolfteam port |
"{208A00FA-10A6-4584-BDF6-B84153B8D04B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{20D028DC-E2FF-4AA2-BAE6-D57BEA8198C4}" = lport=445 | protocol=6 | dir=in | app=system |
"{3CF4BAE3-B7A8-420C-9F33-1E3E5BE7E104}" = lport=13000 | protocol=17 | dir=in | name=hockeydash |
"{56BBB4AF-1C79-49AD-BA89-69A78E1BA809}" = rport=137 | protocol=17 | dir=out | app=system |
"{5E81563F-F878-45A1-ABC2-53A78BBF2EC8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{60F82C58-B1F5-430D-B939-695ADBE7913D}" = lport=137 | protocol=17 | dir=in | app=system |
"{7825D50A-BC25-4214-9FF6-5F5DA05758BC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{78A0BE29-B16C-4D3C-8DFD-617697596852}" = rport=139 | protocol=6 | dir=out | app=system |
"{80CAAB0C-C66C-4B58-BB5E-ADEAAB104BE3}" = lport=49158 | protocol=6 | dir=in | name=akamai netsession interface |
"{83C4E23B-E6B4-48FF-B3AB-F3B8C078A9DA}" = rport=138 | protocol=17 | dir=out | app=system |
"{B5A334D3-744D-4556-9DE4-ED2280B3527D}" = rport=445 | protocol=6 | dir=out | app=system |
"{BA9C339F-776C-48CA-8F3C-9CABA20A0AC5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C5D50928-0BDF-4E0D-A9C9-78DC6296097D}" = lport=139 | protocol=6 | dir=in | app=system |
"{E15B5776-2905-4B62-806C-E92D836B8C14}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{E839F652-3F03-47EF-822A-87177B51B29E}" = lport=8500 | protocol=6 | dir=in | name=hockeydash |
"{EDA4BBDD-1E33-4B4C-83ED-256B45259F11}" = lport=138 | protocol=17 | dir=in | app=system |
"{F11A2D0C-81E9-4DF8-A381-3F1EAA9F44FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031E18BE-36FA-46DA-955C-BEC759A44F1E}" = protocol=17 | dir=in | app=d:\program files\gamigo ag\levelr\levelr.bin |
"{14482ABA-8BA3-45D7-AE86-B5AD8BBC91FC}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{145BCCAE-FF8C-4C68-8D62-3BFAD7B090AD}" = protocol=17 | dir=in | app=d:\program files\icq7.2\icq.exe |
"{18918E82-3E45-42B0-B765-5BF014E12EAD}" = protocol=6 | dir=in | app=d:\program files\ogplanet\hockeydash\hockeydash.exe |
"{28DB716E-D044-41C8-BC84-D0746782E0EF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{29DE2C06-67AF-4ECB-99CD-D144FDDE8A51}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3D17E532-8C8A-41E9-8AC5-091711619F9F}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{41FB5A3B-B8DB-4F89-BE04-B0C50FD174FD}" = protocol=6 | dir=in | app=d:\program files\icq7.2\icq.exe |
"{4E64293B-AD1C-47A1-83A9-99B3BB6DE2F8}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4FEC96A0-E32B-4EB8-ADBD-886F5D907146}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{509C77DC-CDA7-4143-8FE5-73C9AFF929E1}" = protocol=6 | dir=in | app=d:\program files\pinnacle\studio 14\programs\studio.exe |
"{5A721190-AF02-4F9C-BFE0-4BA4C969A297}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5CAB55F0-198A-494F-A879-D1DAC471E84F}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe |
"{625A5FCC-ABAB-47C7-9EE1-1F3B9DCE7DF2}" = protocol=17 | dir=in | app=d:\aeriagames\wolfteam-de\launcher.exe |
"{63160B43-9B30-442C-921F-7A38C30F4E12}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{708A77A5-9AD9-4C9C-A64F-495E9E1A351B}" = protocol=17 | dir=in | app=d:\program files\pinnacle\studio 14\programs\studio.exe |
"{75EC1325-75C3-468B-AE34-AE7FC32CE0A3}" = protocol=17 | dir=in | app=d:\program files\ogplanet\hockeydash\hockeydash.exe |
"{7945870D-0B0A-44D5-89C7-2D466FC1206F}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe |
"{79739634-264F-4246-85CB-8AF22DC10AEA}" = protocol=6 | dir=in | app=d:\program files\icq7.2\icq.exe |
"{7A9A1701-68FA-481A-9269-AF3ABA85252E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7E062F10-FDFB-4AE7-89EB-0B020A64E833}" = protocol=6 | dir=in | app=d:\program files\pinnacle\studio 14\programs\rm.exe |
"{7F3B7155-E63D-4C45-8D83-967F583CF909}" = protocol=6 | dir=in | app=d:\program files\pinnacle\studio 14\programs\umi.exe |
"{8827AF14-989F-414A-BB3B-DE1FFC28085F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{90E5B175-8DDE-4517-B3C6-46821AD32383}" = protocol=17 | dir=in | app=d:\program files\icq7.2\aolload.exe |
"{938A1A2D-A5D3-42E2-A824-3E69ACE5FD02}" = protocol=17 | dir=in | app=d:\program files\icq7.2\aolload.exe |
"{96B2DA6E-944D-4046-8459-13BE12E2C60A}" = protocol=17 | dir=in | app=d:\program files\pinnacle\studio 14\programs\umi.exe |
"{9953B4B4-41BC-4A60-B4D0-51A475A464DA}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9B4FAF45-F301-4EB6-9DE1-F6295DBA383C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9CE18D3A-760D-4754-95DD-5F41135D0EE8}" = protocol=6 | dir=in | app=d:\program files\gamigo ag\levelr\levelr.bin |
"{ABC33052-224A-49F2-B049-B86AA22C87B0}" = protocol=6 | dir=in | app=d:\program files\icq7.2\aolload.exe |
"{AC6DDA29-085F-4E2E-9C94-3A7A9B19D86E}" = protocol=6 | dir=in | app=d:\program files\icq7.2\aolload.exe |
"{B43C8941-CE32-4207-9358-27C1961DE26C}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C629D4C0-D0E2-47D5-85A1-AB690BF75CD2}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C6306FD0-9544-4525-AD7D-A567006CB5DA}" = protocol=17 | dir=in | app=d:\program files\icq7.2\aolload.exe |
"{CEE6AA81-8DAE-4CB6-9155-A8EFF12F20E6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D0A768C8-4813-4B16-95DE-E0B509741A6D}" = protocol=17 | dir=in | app=d:\program files\icq7.2\icq.exe |
"{D18788D9-C34A-4C6D-9019-2FE674E1B734}" = protocol=17 | dir=in | app=d:\program files\pinnacle\studio 14\programs\rm.exe |
"{D64072C8-B969-4D70-B509-80C5E36E3F5D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{E04A4866-9913-4593-9AC2-39B34D64186D}" = protocol=6 | dir=in | app=d:\program files\icq7.2\icq.exe |
"{E62D4474-897C-4754-86CF-ACF4C3EF0F58}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E95772DD-A2D3-46D0-83F6-E146AA9101A8}" = protocol=6 | dir=in | app=d:\program files\icq7.2\aolload.exe |
"{E99363F6-9838-4A88-B24F-F17827D7BB6A}" = protocol=6 | dir=in | app=d:\aeriagames\wolfteam-de\launcher.exe |
"{EA7CD89E-9DF4-4587-945C-7214063469EB}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{ED0F6723-DF8E-4F8D-9ED9-199A13462D46}" = protocol=17 | dir=in | app=d:\program files\icq7.2\icq.exe |
"{F619090B-946A-453A-989F-D821D70C4C00}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F9711B46-B28B-433E-BBF6-AE0DDA226F1C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"TCP Query User{0154C858-B048-4274-BB52-4E2BED70EA39}D:\program files\garena\garena.exe" = protocol=6 | dir=in | app=d:\program files\garena\garena.exe |
"TCP Query User{0C912525-BBD0-4D72-84B3-4D8E2F9F7D05}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{2049B93A-BC75-44D8-A749-91B1F6FBB0FC}D:\program files\ea sports\fifa online\nfe.exe" = protocol=6 | dir=in | app=d:\program files\ea sports\fifa online\nfe.exe |
"TCP Query User{20DAB239-6877-4B28-9A7F-B6AC503BAB75}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{2B9257CA-A7A7-442E-B137-FD0483EA2322}D:\program files\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=6 | dir=in | app=d:\program files\command & conquer 4 tiberian twilight\data\cnc4.game |
"TCP Query User{2F3C5C8D-EE19-4057-AEAE-FC3A71F28505}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{4C8B99BF-8106-42CE-881E-AAEEC388D511}D:\program files\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=d:\program files\left 4 dead\left4dead.exe |
"TCP Query User{6F1124EE-844F-41D6-B384-492B7539FE4E}D:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=d:\program files\atari\test drive unlimited\testdriveunlimited.exe |
"TCP Query User{765D6057-E03D-4F06-A3A8-D53435162FFB}D:\aeriagames\rohan\rohanclient.exe" = protocol=6 | dir=in | app=d:\aeriagames\rohan\rohanclient.exe |
"TCP Query User{DF306364-8A97-458B-ADA7-61BFE493432F}D:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=6 | dir=in | app=d:\aeriagames\wolfteam-de\wolfteam.bin |
"TCP Query User{E3168FDA-A813-4D8B-820A-469E05E29203}D:\program files\steamless left4dead2 pack\left4dead2.exe" = protocol=6 | dir=in | app=d:\program files\steamless left4dead2 pack\left4dead2.exe |
"TCP Query User{ED95F4BC-19A0-43E2-9D47-D97AB9EDA5C0}D:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=d:\program files\electronic arts\eadm\core.exe |
"TCP Query User{F227E3F9-3DC5-406A-BD5F-47B7980A34DB}D:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=d:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{331ADF06-E73E-427E-92B5-C5BAE3FDB54B}D:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=d:\program files\atari\test drive unlimited\testdriveunlimited.exe |
"UDP Query User{4FD0CE6F-EF8C-46F0-9294-E1E0F27A3B2B}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{59E10071-A191-496E-9474-C24026D83D7F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{695EE8C5-EB83-490E-869B-8251A447645C}D:\program files\garena\garena.exe" = protocol=17 | dir=in | app=d:\program files\garena\garena.exe |
"UDP Query User{6BD876F0-8478-4344-A385-087E35512EE5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{7141627E-FB5D-46FB-B374-C031D4C8AC09}D:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=17 | dir=in | app=d:\aeriagames\wolfteam-de\wolfteam.bin |
"UDP Query User{7316A955-D8A0-47E0-A9ED-BB2D909C1A95}D:\aeriagames\rohan\rohanclient.exe" = protocol=17 | dir=in | app=d:\aeriagames\rohan\rohanclient.exe |
"UDP Query User{7888E5C5-AE5F-4910-801C-C404E2E2777A}D:\program files\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=17 | dir=in | app=d:\program files\command & conquer 4 tiberian twilight\data\cnc4.game |
"UDP Query User{789E9993-519A-4E23-A517-42865290795A}D:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=d:\program files\electronic arts\eadm\core.exe |
"UDP Query User{9B3958B9-2089-4533-A191-6A0383A95B7A}D:\program files\ea sports\fifa online\nfe.exe" = protocol=17 | dir=in | app=d:\program files\ea sports\fifa online\nfe.exe |
"UDP Query User{9D723CFA-0C83-4FEA-B59D-D43712C1ADC0}D:\program files\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=d:\program files\left 4 dead\left4dead.exe |
"UDP Query User{BF690DF6-727A-4984-AB2D-20010F9B7D22}D:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=d:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{E95C6208-AE70-4F61-8F64-F9D9517BED7D}D:\program files\steamless left4dead2 pack\left4dead2.exe" = protocol=17 | dir=in | app=d:\program files\steamless left4dead2 pack\left4dead2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1B3EC2E9-67E3-4D10-B1B8-BD71D7DC8930}" = Eternia LastChaos
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 22
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3832FA99-2EDD-41E0-94AD-FBF9FABAFEF9}" = Atheros WLAN Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{68CAE442-579C-4D84-AA5F-253852522ED5}" = PCTroubleshooting
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{8043219B-D2C0-4561-90AB-3F1113ED5A87}" = HERRSCHER DES OLYMP - ZEUS & HERRSCHER von ATLANTIS - POSEIDON
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{852019C5-8AF7-4ECF-BB25-79AE53FBD245}_is1" = Strassenbau Simulator 1.2.16
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B975F4A1-63B6-11D4-BFEC-005004AF2D32}" = Monopoly Tycoon
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAB2778A-31C8-43CC-98C9-FF9FE2842D55}" = Eternia LastChaos
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acoustica MP3 To Wave Converter PLUS" = Acoustica MP3 To Wave Converter PLUS
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"EAX Unified" = EAX Unified
"FLAC" = FLAC 1.2.1b (remove only)
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Audio Converter_is1" = Free Audio Converter version 2.2.16.324
"Free YouTube Download_is1" = Free YouTube Download 2.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"IsoBuster_is1" = IsoBuster 2.8
"JDownloader" = JDownloader
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"Left 4 Dead" = Left 4 Dead
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Monopoly Deluxe" = Monopoly Deluxe
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"PowerISO" = PowerISO
"PROHYBRIDR" = 2007 Microsoft Office system
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"Sandboxie" = Sandboxie 3.50
"Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
21.04.2011, 10:20
| #2 | |||
| /// Helfer-Team    | kazy.mekml.1 seit gerade eben Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Zitat:
Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Fixen mit OTL
Code:
ATTFilter :OTL
[2011.04.21 08:32:28 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe
[2011.04.21 08:54:43 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~42589960
[2011.04.21 08:54:43 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~42589960r
[2011.04.21 08:54:30 | 000,000,336 | -H-- | M] () -- C:\ProgramData\42589960
[2011.04.21 08:41:46 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~46128904
[2011.04.21 08:41:46 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~46128904r
[2011.04.21 08:41:45 | 000,000,583 | -H-- | M] () -- C:\Users\Meier\Desktop\Windows Recovery.lnk
[2011.04.21 08:41:36 | 000,000,336 | -H-- | M] () -- C:\ProgramData\46128904
[2010.07.25 18:36:29 | 000,171,008 | -H-- | C] () -- C:\Users\Meier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
:Commands
[purity]
[emptytemp]
► Kannst Du den Rechner im normalen Modus starten? 2. Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
3. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool Ccleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein 4. Erneut ein OTL-Log erstellen und posten:-> OTL-Anleitung Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußCoverflow
__________________ |
|
21.04.2011, 11:53
| #3 |
| | kazy.mekml.1 seit gerade eben so habe mal die schritte befolgt
__________________1. die logfile nach dem OTL Fix Code:
ATTFilter All processes killed
========== OTL ==========
C:\ProgramData\MRtPNAFMRSnT.exe moved successfully.
C:\ProgramData\~42589960 moved successfully.
C:\ProgramData\~42589960r moved successfully.
C:\ProgramData\42589960 moved successfully.
C:\ProgramData\~46128904 moved successfully.
C:\ProgramData\~46128904r moved successfully.
C:\Users\Meier\Desktop\Windows Recovery.lnk moved successfully.
C:\ProgramData\46128904 moved successfully.
C:\Users\Meier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Meier
->Temp folder emptied: 2039556687 bytes
->Temporary Internet Files folder emptied: 52310758 bytes
->Java cache emptied: 15277899 bytes
->FireFox cache emptied: 122729510 bytes
->Flash cache emptied: 192360 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3103210 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 44816246 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 2.173,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04212011_122647
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
2. Malewarebytes LOG Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6412
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048
21.04.2011 12:43:07
mbam-log-2011-04-21 (12-43-07).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 155575
Laufzeit: 5 Minute(n), 38 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
3. Ccleaner LOG Code:
ATTFilter 2007 Microsoft Office system Microsoft Corporation 22.07.2010 491MB 12.0.6425.1000
Acoustica MP3 To Wave Converter PLUS Acoustica, Inc. 07.04.2011 5,09MB 2.5
Adobe AIR Adobe Systems Inc. 03.08.2010 30,7MB 1.5.3.9120
Adobe Community Help Adobe Systems Incorporated 03.08.2010 2,52MB 3.0.0.400
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 03.10.2010 10.1.85.3
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 02.10.2010 10.1.85.3
Adobe Media Player Adobe Systems Incorporated 03.08.2010 2,70MB 1.8
Adobe Photoshop CS5 Adobe Systems Incorporated 03.08.2010 1.559MB 12.0
Adobe Reader 9.4.0 - Deutsch Adobe Systems Incorporated 13.11.2010 164,1MB 9.4.0
Adobe Shockwave Player 11.5 Adobe Systems, Inc. 07.10.2010 8,67MB 11.5.8.612
Adobe SVG Viewer 3.0 24.10.2010 4,78MB 3.0
ArcSoft PhotoStudio 5.5 ArcSoft 20.09.2010 25,2MB
Atheros WLAN Client WLAN 23.07.2009 1,27MB 14.00.0000
Avira AntiVir Personal - Free Antivirus Avira GmbH 17.03.2011 105,6MB 10.0.0.635
BatteryLifeExtender Samsung 23.07.2009 4,71MB 1.0.0
Canon MP Navigator EX 2.0 20.09.2010 69,5MB
Canon Utilities Solution Menu 20.09.2010 1,93MB
CanoScan LiDE 200 Scanner Driver 20.09.2010
CCleaner Piriform 20.04.2011 3,60MB 3.05
Cheat Engine 5.6.1 Dark Byte 08.12.2010 15,6MB
CyberLink YouCam CyberLink Corp. 10.09.2009 78,1MB 2.0.2706
DHTML Editing Component Microsoft Corporation 02.10.2010 0,45MB 6.02.0001
DivX-Setup DivX, Inc. 28.07.2010 2,12MB 1.0.2.23
Easy Battery Manager Samsung 23.07.2009 5,59MB 3.2.1.7
Easy Display Manager Samsung Electronics Co., Ltd. 23.07.2009 14,0MB 2.3
Easy Network Manager Samsung 23.07.2009 19,1MB 4.0.2
Easy SpeedUp Manager 23.07.2009 3,68MB 2.0.2.6
EAX Unified 02.08.2010 8,00KB
Eternia LastChaos Eternia Games 04.01.2011 2.636MB 2.0.0
FLAC 1.2.1b (remove only) Xiph.org 18.02.2011 0,98MB 1.2.1b
Fraps (remove only) 22.07.2010 1.890MB
Free Audio CD Burner version 1.4.7 DVDVideoSoft Limited. 01.04.2011 3,11MB
Free Audio Converter version 2.2.16.324 DVDVideoSoft Limited. 07.04.2011 7,79MB
Free YouTube Download 2.8 DVDVideoSoft Limited. 27.07.2010 3,24MB
Free YouTube to MP3 Converter version 3.9.35.324 DVDVideoSoft Limited. 01.04.2011 3,52MB
HERRSCHER DES OLYMP - ZEUS & HERRSCHER von ATLANTIS - POSEIDON 24.10.2010 12,0MB
ICQ7.2 ICQ 26.07.2010 46,9MB 7.2
imagine digital freedom - Samsung Samsung Electronics Co. Ltd., 23.07.2009 7,50MB 1.0.2.2
Inkjet Printer/Scanner Extended Survey Program 20.09.2010 0,95MB
Intel(R) Graphics Media Accelerator Driver Intel Corporation 23.07.2009
Intel® Matrix Storage Manager Intel Corporation 23.07.2009 4,80MB
IsoBuster 2.8 Smart Projects 28.07.2010 10,4MB 2.8
Java(TM) 6 Update 22 Sun Microsystems, Inc. 15.08.2010 293MB 6.0.220
JDownloader AppWork UG (haftungsbeschränkt) 30.07.2010 56,0MB 0.89
Knoll Light Factory EZ Studio 26.11.2010
Left 4 Dead Valve 30.07.2010 4,17MB
Magic Bullet Looks Studio 26.11.2010
Malwarebytes' Anti-Malware Malwarebytes Corporation 20.04.2011 4,80MB
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 22.07.2010 37,0MB
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 21.07.2010 37,0MB
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 01.11.2010 120,3MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 01.11.2010 24,5MB 4.0.30319
Microsoft Games for Windows - LIVE Microsoft Corporation 16.11.2010 6,01MB 3.4.54.0
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 16.11.2010 31,3MB 3.4.18.0
Microsoft Office 2003 Web Components Microsoft Corporation 15.09.2010 21,7MB 11.0.8003.0
Microsoft Office 2007 Primary Interop Assemblies Microsoft Corporation 14.04.2011 7,23MB 12.0.4518.1014
Microsoft Office Small Business Connectivity Components Microsoft Corporation 10.09.2009 0,15MB 2.0.7024.0
Microsoft Office Suite Activation Assistant Microsoft Corporation 10.09.2009 8,37MB 2.9
Microsoft Primary Interoperability Assemblies 2005 Microsoft Corporation 03.08.2010 7,77MB 8.0.50727.42
Microsoft SQL Server Native Client Microsoft Corporation 10.09.2009 2,60MB 9.00.3042.00
Microsoft SQL Server VSS Writer Microsoft Corporation 10.09.2009 0,69MB 9.00.3042.00
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 26.07.2010 0,25MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 30.08.2010 0,41MB 8.0.59193
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 23.09.2010 1,41MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 23.07.2009 0,58MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 21.07.2010 0,58MB 9.0.30729.4148
Microsoft WSE 3.0 Runtime Microsoft Corp. 30.08.2010 0,92MB 3.0.5305.0
Monopoly Deluxe Zylom Games 30.09.2010 20,3MB 1.0.0
Monopoly Tycoon 05.10.2010 3,21MB
Mozilla Firefox (3.6.16) Mozilla 24.03.2011 32,7MB 3.6.16 (de)
MSXML 4.0 SP2 (KB927978) Microsoft Corporation 04.08.2010 34,00KB 4.20.9841.0
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 04.08.2010 34,00KB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 04.08.2010 1,34MB 4.20.9876.0
NCsoft Launcher NCsoft 21.07.2010 11,5MB 1.5.7000
Nero BackItUp 10 Nero AG 03.08.2010 107,6MB 5.4.11600.19.100
Nero Burning ROM 10 Nero AG 03.08.2010 162,3MB 10.0.11100.10.100
Nero BurnRights 10 Nero AG 03.08.2010 6,42MB 4.0.11000.12.100
Nero CoverDesigner 10 Nero AG 03.08.2010 77,1MB 5.0.10900.11.100
Nero DiscCopy Gadget 10 Nero AG 03.08.2010 35,4MB 3.0.10700.9.100
Nero DiscSpeed 10 Nero AG 03.08.2010 7,47MB 6.0.10800.7.100
Nero Express 10 Nero AG 03.08.2010 159,5MB 10.0.11000.10.100
Nero InfoTool 10 Nero AG 03.08.2010 8,07MB 7.0.10800.8.100
Nero MediaHub 10 Nero AG 03.08.2010 158,0MB 1.0.13400.11.100
Nero Multimedia Suite 10 Nero AG 03.08.2010 1.369MB 10.0.13100
Nero Recode 10 Nero AG 03.08.2010 80,0MB 4.6.10900.4.100
Nero RescueAgent 10 Nero AG 03.08.2010 6,83MB 3.0.10900.9.100
Nero SoundTrax 10 Nero AG 03.08.2010 95,6MB 4.6.10600.2.100
Nero StartSmart 10 Nero AG 03.08.2010 110,2MB 10.0.11200.12.100
Nero Update Nero AG 03.08.2010 1,42MB 1.0.0017
Nero Vision 10 Nero AG 03.08.2010 214MB 7.0.11100.8.100
Nero WaveEditor 10 Nero AG 03.08.2010 76,6MB 5.6.10600.2.100
NVIDIA PhysX NVIDIA Corporation 28.07.2010 120,1MB 9.09.0814
OpenAL 28.07.2010 0,77MB
OpenOffice.org 3.2 OpenOffice.org 15.08.2010 370MB 3.2.9483
Orbit Downloader www.orbitdownloader.com 16.03.2011 13,0MB
Pando Media Booster Pando Networks Inc. 07.09.2010 6,70MB 2.3.4.1
PCTroubleshooting Samsung Electronics Co.,LTD. 10.09.2009 1,93MB 2.0.0.4
Pinnacle Studio 14 Pinnacle Systems 26.11.2010 2.030MB 14.0.0.7255
Pinnacle Studio Ultimate Collection Plugins Pinnacle Systems 26.11.2010 167,8MB 14.0.0.7255
Pinnacle Video Treiber Pinnacle Systems 26.11.2010 4,96MB 12.1.0.030
PowerISO PowerISO Computing, Inc. 30.08.2010 3,93MB 4.7
Realtek 8136 8168 8169 Ethernet Driver Realtek 23.07.2009 2,07MB 1.00.0004
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 23.07.2009 10,5MB 6.0.1.5837
Red Giant ToonIt Studio 26.11.2010
Samsung Magic Doctor Samsung Electronics Co., LTD 23.07.2009 15,8MB 5.0
Samsung Recovery Solution III Samsung 23.07.2009 43,0MB 3.0.0.9
Samsung Update Plus Samsung Electronics Co., Ltd. 23.07.2009 7,85MB 2.0
Sandboxie 3.50 30.10.2010 2,84MB
Steamless Left4Dead2 Pack Steamless 31.07.2010 7.271MB 1.0
Strassenbau Simulator 1.2.16 UIG GmbH 10.08.2010 502MB
Synaptics Pointing Device Driver Synaptics 23.07.2009 14,0MB 11.1.3.2
System Requirements Lab 02.08.2010 1,59MB
System Requirements Lab CYRI Husdawg, LLC 17.09.2010 0,50MB 4.3.1.0
Trapcode 3DStroke Studio 26.11.2010
Trapcode Particular Studio 26.11.2010
Trapcode Shine Studio 26.11.2010
Turbo Lister 2 eBay Inc. 02.10.2010 82,5MB 2.00.0000
Uninstall 1.0.0.1 07.04.2011 30,8MB
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) Microsoft Corporation 10.09.2009 25,1MB 9.00.3042.00
User Guide 23.07.2009 141,6MB 1.0
VirtualCloneDrive Elaborate Bytes 30.08.2010 2,31MB
VLC media player 1.1.5 VideoLAN 22.11.2010 84,5MB 1.1.5
Windows Live Essentials Microsoft Corporation 21.07.2010 43,9MB 14.0.8117.0416
Windows Live ID Sign-in Assistant Microsoft Corporation 16.11.2010 4,69MB 6.500.3165.0
Windows Live-Uploadtool Microsoft Corporation 21.07.2010 0,22MB 14.0.8014.1029
WinRAR 21.07.2010 3,79MB
OTL.txt Code:
ATTFilter OTL logfile created on: 21.04.2011 12:45:21 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = D:\Mozilla Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19048) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 59,09 Gb Total Space | 12,60 Gb Free Space | 21,33% Space Free | Partition Type: NTFS Drive D: | 226,00 Gb Total Space | 136,17 Gb Free Space | 60,25% Space Free | Partition Type: NTFS Computer Name: SAMSUNG | User Name: Meier | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.21 09:22:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Mozilla Downloads\OTL.exe PRC - [2011.03.25 18:40:59 | 000,912,344 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011.03.18 12:23:21 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.12.10 10:57:11 | 000,435,368 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avscan.exe PRC - [2010.11.03 09:51:01 | 000,135,336 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.03 09:50:59 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.10.18 00:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) -- D:\Program Files\Sandboxie\SbieSvc.exe PRC - [2010.04.20 14:26:44 | 000,300,912 | -H-- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe PRC - [2010.03.25 14:39:22 | 000,490,280 | -H-- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2009.05.28 08:06:56 | 000,548,864 | -H-- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009.05.15 08:47:58 | 000,692,224 | -H-- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.12.10 09:07:52 | 000,352,256 | -H-- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe PRC - [2008.08.26 02:59:54 | 000,045,056 | -H-- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe PRC - [2008.01.22 19:35:52 | 000,103,808 | -H-- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe ========== Modules (SafeList) ========== MOD - [2011.04.21 09:22:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Mozilla Downloads\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (McAfee SiteAdvisor Service) SRV - [2011.03.18 12:23:21 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.03 09:51:01 | 000,135,336 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.10.18 00:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- D:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2010.06.07 12:22:00 | 003,549,224 | -H-- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2010.03.25 14:39:22 | 000,490,280 | -H-- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.02.19 13:37:14 | 000,517,096 | -H-- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2008.01.22 19:35:52 | 000,103,808 | -H-- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.03.18 12:23:21 | 000,137,656 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.23 10:09:58 | 000,061,960 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.10.18 00:42:34 | 000,124,648 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- D:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2010.09.29 10:09:04 | 000,436,792 | -H-- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.04.12 10:44:34 | 000,059,388 | -H-- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2009.05.11 10:12:49 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.05.04 16:35:00 | 000,163,328 | -H-- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2009.04.22 11:27:12 | 001,129,472 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.01.21 04:23:20 | 002,225,664 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2006.11.14 02:11:54 | 000,013,312 | -H-- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO) DRV - [2006.11.02 09:41:50 | 000,983,552 | -H-- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 09:30:53 | 000,045,056 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2005.09.23 23:18:32 | 000,171,520 | -H-- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: staff@hide-my-ip.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: speedtest@gotomyhelp.com:1.2.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: stealthyextension@gmail.com:0.8 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.03.25 18:41:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.03.25 18:41:01 | 000,000,000 | ---D | M] [2010.07.22 11:39:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Extensions [2011.04.20 16:21:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions [2010.07.23 14:11:58 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.28 18:36:36 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.07.26 14:18:16 | 000,000,000 | -H-D | M] (FIFA Online Web Launcher) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\eafo3fflauncher@ea.com [2010.08.28 13:49:49 | 000,000,000 | -H-D | M] ("Broadband Speed Test and Diagnostics") -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\speedtest@gotomyhelp.com [2011.04.07 19:28:39 | 000,000,000 | -H-D | M] (Stealthy) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\stealthyextension@gmail.com [2011.04.07 19:28:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\stealthyextension@gmail.com\chrome [2009.10.28 21:30:35 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2010.08.16 13:19:32 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [2010.08.19 09:56:53 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.16 20:01:37 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.11 15:52:14 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.02.04 12:16:35 | 000,000,000 | ---D | M] (Hide My IP) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\STAFF@HIDE-MY-IP.COM O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [MRtPNAFMRSnT] File not found O4 - HKCU..\Run: [PlayNC Launcher] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: &Download by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube Download - C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6dfa23fb-b080-11df-968d-001583c2cefa}\Shell - "" = AutoRun O33 - MountPoints2\{6dfa23fb-b080-11df-968d-001583c2cefa}\Shell\AutoRun\command - "" = F:\Set-up.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\MTInstall.exe O33 - MountPoints2\G\Shell\directx\command - "" = G:\Redist\directx8a\dxsetup.exe O33 - MountPoints2\G\Shell\Gamespy\command - "" = G:\Redist\GameSpy\ArcadeInstallMTYCOON108c.exe O33 - MountPoints2\G\Shell\setup\command - "" = G:\MTInstall.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.21 11:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.04.21 11:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.04.21 09:55:01 | 000,000,000 | -H-D | C] -- C:\Users\Meier\AppData\Roaming\Malwarebytes [2011.04.21 09:54:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.21 09:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.21 09:54:10 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\Meier\Desktop\OTL.exe [2011.04.21 09:39:33 | 007,734,208 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\Meier\Desktop\mbam-setup.exe [2011.04.21 08:41:45 | 000,000,000 | -H-D | C] -- C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery [2011.04.15 18:13:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.04.15 16:14:32 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.15 16:14:32 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.15 16:14:14 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.15 16:14:14 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.15 16:14:14 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.15 16:14:07 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.15 16:14:07 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.15 16:14:07 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.15 16:14:07 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.15 16:14:06 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.15 16:14:06 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.15 16:14:06 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.15 16:14:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.15 16:14:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.15 16:14:06 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.15 16:14:06 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.15 16:14:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.15 16:14:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.15 16:14:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.15 16:13:54 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.15 16:13:53 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.15 16:13:49 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.15 16:13:47 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.15 16:13:44 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.15 16:13:44 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.08 12:19:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acoustica MP3 To Wave Converter Plus [2011.04.08 12:13:16 | 000,000,000 | -H-D | C] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoft [2011.03.27 08:12:11 | 000,000,000 | -H-D | C] -- C:\Users\Meier\AppData\Local\Microsoft Games [2011.03.23 13:19:21 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2011.03.23 13:19:21 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2010.08.25 19:59:08 | 000,004,096 | -H-- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.21 12:28:37 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.21 12:28:37 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.21 12:28:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.21 12:28:30 | 3150,565,376 | -HS- | M] () -- C:\hiberfil.sys [2011.04.21 11:26:32 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.04.21 11:06:29 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.04.21 09:54:52 | 000,000,704 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.21 09:39:22 | 007,734,208 | -H-- | M] (Malwarebytes Corporation ) -- C:\Users\Meier\Desktop\mbam-setup.exe [2011.04.21 09:22:30 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\Meier\Desktop\OTL.exe [2011.04.21 06:52:17 | 000,632,252 | -H-- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.21 06:52:17 | 000,598,900 | -H-- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.21 06:52:17 | 000,127,464 | -H-- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.21 06:52:17 | 000,104,914 | -H-- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.20 16:34:59 | 000,000,370 | -H-- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2011.04.15 18:32:00 | 003,810,392 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.08 12:19:07 | 000,000,777 | -H-- | M] () -- C:\Users\Public\Desktop\Acoustica MP3 To Wave Converter PLUS.lnk [2011.04.08 12:17:05 | 000,001,032 | -H-- | M] () -- C:\Users\Meier\Desktop\DVDVideoSoft Free Studio.lnk [2011.04.08 12:17:01 | 000,000,849 | -H-- | M] () -- C:\Users\Meier\Desktop\Free Audio Converter.lnk [2011.04.03 12:14:09 | 000,015,008 | -H-- | M] () -- C:\Users\Meier\Desktop\OpenDocument Text (neu).odt [2011.04.02 13:49:46 | 000,000,915 | -H-- | M] () -- C:\Users\Meier\Desktop\Free YouTube to MP3 Converter.lnk [2011.03.27 08:39:50 | 000,000,349 | -H-- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.21 12:28:30 | 3150,565,376 | -HS- | C] () -- C:\hiberfil.sys [2011.04.21 11:26:32 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.04.21 09:54:52 | 000,000,704 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.08 12:19:07 | 000,000,777 | -H-- | C] () -- C:\Users\Public\Desktop\Acoustica MP3 To Wave Converter PLUS.lnk [2011.04.08 12:13:19 | 000,000,849 | -H-- | C] () -- C:\Users\Meier\Desktop\Free Audio Converter.lnk [2011.04.03 11:13:59 | 000,015,008 | -H-- | C] () -- C:\Users\Meier\Desktop\OpenDocument Text (neu).odt [2011.04.02 13:49:46 | 000,000,915 | -H-- | C] () -- C:\Users\Meier\Desktop\Free YouTube to MP3 Converter.lnk [2011.04.02 13:17:36 | 000,000,370 | -H-- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.11.07 20:54:46 | 000,000,010 | -H-- | C] () -- C:\Windows\popcinfo.dat [2010.10.31 15:25:58 | 000,001,666 | -H-- | C] () -- C:\Windows\Sandboxie.ini [2010.10.25 14:48:52 | 000,000,331 | -H-- | C] () -- C:\Windows\SIERRA.INI [2010.10.25 10:20:49 | 000,000,556 | -H-- | C] () -- C:\Windows\ODBC.INI [2010.10.14 02:36:44 | 000,179,263 | -H-- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.09.24 21:47:43 | 000,000,069 | -H-- | C] () -- C:\Windows\NeroDigital.ini [2010.08.25 20:30:02 | 000,439,308 | -H-- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010.08.25 20:30:00 | 000,982,240 | -H-- | C] () -- C:\Windows\System32\igkrng500.bin [2010.08.25 20:30:00 | 000,092,356 | -H-- | C] () -- C:\Windows\System32\igfcg500m.bin [2010.08.25 19:57:00 | 000,000,151 | -H-- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010.08.25 19:52:00 | 000,208,896 | -H-- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.08.25 19:52:00 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\iglhcp32.dll [2010.08.24 17:46:00 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2010.08.03 15:14:30 | 000,233,472 | -H-- | C] () -- C:\Windows\System32\MafiaSetup.exe [2010.07.26 14:20:42 | 000,139,152 | -H-- | C] () -- C:\Users\Meier\AppData\Roaming\PnkBstrK.sys [2010.07.26 10:58:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.07.26 10:58:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.07.24 16:11:17 | 000,000,013 | -H-- | C] () -- C:\Users\Meier\AppData\Roaming\Update.cfg [2010.07.23 21:15:01 | 001,970,176 | -H-- | C] () -- C:\Windows\System32\d3dx9.dll [2010.07.22 11:38:52 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat [2009.08.03 00:21:54 | 000,197,912 | -H-- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.08.03 00:21:52 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.08.03 00:21:52 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009.07.24 05:49:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.07.24 05:20:06 | 000,307,200 | -H-- | C] () -- C:\Windows\SetDisplayResolution.exe [2009.07.24 05:19:37 | 000,000,135 | RH-- | C] () -- C:\Windows\System32\lngEng.ini [2009.07.24 05:19:37 | 000,000,117 | -H-- | C] () -- C:\Windows\System32\lngKor.ini [2009.07.24 05:17:29 | 000,004,280 | -H-- | C] () -- C:\Windows\HotFixList.ini [2009.07.24 05:17:08 | 000,073,728 | -H-- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.07.24 03:52:31 | 000,632,252 | -H-- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.24 03:52:31 | 000,290,748 | -H-- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.24 03:52:31 | 000,127,464 | -H-- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.24 03:52:31 | 000,036,916 | -H-- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.24 03:35:48 | 001,060,424 | -H-- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2009.07.24 03:35:40 | 000,147,456 | -H-- | C] () -- C:\Windows\System32\igfxCoIn_v1540.dll [2009.07.24 03:35:40 | 000,147,172 | -H-- | C] () -- C:\Windows\System32\igfcg550.bin [2008.02.09 18:03:07 | 000,024,576 | -H-- | C] () -- C:\Windows\System32\drivers\Marker.exe [2007.02.26 09:49:12 | 006,139,774 | -H-- | C] () -- C:\Windows\imagine digital freedom.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 003,810,392 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,598,900 | -H-- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,914 | -H-- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010.11.06 17:51:20 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Alawar [2010.11.06 13:48:43 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Boomzap [2010.07.28 14:33:16 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Canneverbe Limited [2010.09.21 12:05:49 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Canon [2010.09.16 20:16:01 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2010.09.11 13:43:49 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Command and Conquer 4 [2010.08.31 22:07:41 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DAEMON Tools Pro [2011.04.08 12:13:16 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoft [2011.04.02 13:50:02 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers [2010.07.24 23:31:46 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\GrabPro [2010.08.22 16:18:53 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\ICQ [2010.07.24 01:57:18 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\MessengerGadget [2010.11.06 15:52:51 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\My Games [2010.09.05 11:58:06 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Need for Speed World [2010.08.16 13:24:03 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\OpenOffice.org [2011.04.20 21:11:11 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Orbit [2010.12.23 12:02:47 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Process Hacker 2 [2010.07.24 23:32:31 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\ProgSense [2010.08.05 12:47:18 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2010.11.06 19:12:24 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Super-Cow [2010.10.01 19:29:51 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Zylom [2011.04.20 16:34:59 | 000,000,370 | -H-- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2011.04.21 11:06:29 | 000,032,582 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.04.2011 12:45:21 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Mozilla Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,09 Gb Total Space | 12,60 Gb Free Space | 21,33% Space Free | Partition Type: NTFS
Drive D: | 226,00 Gb Total Space | 136,17 Gb Free Space | 60,25% Space Free | Partition Type: NTFS
Computer Name: SAMSUNG | User Name: Meier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\Orbitdownloader\orbitdm.exe" = D:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Program Files\Orbitdownloader\orbitnet.exe" = D:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14F3A794-E653-4742-87A0-E0D9B74A1150}" = lport=2300 | protocol=17 | dir=in | name=wolfteam port |
"{208A00FA-10A6-4584-BDF6-B84153B8D04B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{20D028DC-E2FF-4AA2-BAE6-D57BEA8198C4}" = lport=445 | protocol=6 | dir=in | app=system |
"{3CF4BAE3-B7A8-420C-9F33-1E3E5BE7E104}" = lport=13000 | protocol=17 | dir=in | name=hockeydash |
"{56BBB4AF-1C79-49AD-BA89-69A78E1BA809}" = rport=137 | protocol=17 | dir=out | app=system |
"{5E81563F-F878-45A1-ABC2-53A78BBF2EC8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{60F82C58-B1F5-430D-B939-695ADBE7913D}" = lport=137 | protocol=17 | dir=in | app=system |
"{7825D50A-BC25-4214-9FF6-5F5DA05758BC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{78A0BE29-B16C-4D3C-8DFD-617697596852}" = rport=139 | protocol=6 | dir=out | app=system |
"{80CAAB0C-C66C-4B58-BB5E-ADEAAB104BE3}" = lport=49158 | protocol=6 | dir=in | name=akamai netsession interface |
"{83C4E23B-E6B4-48FF-B3AB-F3B8C078A9DA}" = rport=138 | protocol=17 | dir=out | app=system |
"{B5A334D3-744D-4556-9DE4-ED2280B3527D}" = rport=445 | protocol=6 | dir=out | app=system |
"{BA9C339F-776C-48CA-8F3C-9CABA20A0AC5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C5D50928-0BDF-4E0D-A9C9-78DC6296097D}" = lport=139 | protocol=6 | dir=in | app=system |
"{E15B5776-2905-4B62-806C-E92D836B8C14}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{E839F652-3F03-47EF-822A-87177B51B29E}" = lport=8500 | protocol=6 | dir=in | name=hockeydash |
"{EDA4BBDD-1E33-4B4C-83ED-256B45259F11}" = lport=138 | protocol=17 | dir=in | app=system |
"{F11A2D0C-81E9-4DF8-A381-3F1EAA9F44FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031E18BE-36FA-46DA-955C-BEC759A44F1E}" = protocol=17 | dir=in | app=d:\program files\gamigo ag\levelr\levelr.bin |
"{14482ABA-8BA3-45D7-AE86-B5AD8BBC91FC}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{145BCCAE-FF8C-4C68-8D62-3BFAD7B090AD}" = protocol=17 | dir=in | app=d:\program files\icq7.2\icq.exe |
"{18918E82-3E45-42B0-B765-5BF014E12EAD}" = protocol=6 | dir=in | app=d:\program files\ogplanet\hockeydash\hockeydash.exe |
"{28DB716E-D044-41C8-BC84-D0746782E0EF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{29DE2C06-67AF-4ECB-99CD-D144FDDE8A51}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3D17E532-8C8A-41E9-8AC5-091711619F9F}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{41FB5A3B-B8DB-4F89-BE04-B0C50FD174FD}" = protocol=6 | dir=in | app=d:\program files\icq7.2\icq.exe |
"{4E64293B-AD1C-47A1-83A9-99B3BB6DE2F8}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4FEC96A0-E32B-4EB8-ADBD-886F5D907146}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{509C77DC-CDA7-4143-8FE5-73C9AFF929E1}" = protocol=6 | dir=in | app=d:\program files\pinnacle\studio 14\programs\studio.exe |
"{5A721190-AF02-4F9C-BFE0-4BA4C969A297}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5CAB55F0-198A-494F-A879-D1DAC471E84F}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe |
"{625A5FCC-ABAB-47C7-9EE1-1F3B9DCE7DF2}" = protocol=17 | dir=in | app=d:\aeriagames\wolfteam-de\launcher.exe |
"{63160B43-9B30-442C-921F-7A38C30F4E12}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\alien swarm\srcds.exe |
"{708A77A5-9AD9-4C9C-A64F-495E9E1A351B}" = protocol=17 | dir=in | app=d:\program files\pinnacle\studio 14\programs\studio.exe |
"{75EC1325-75C3-468B-AE34-AE7FC32CE0A3}" = protocol=17 | dir=in | app=d:\program files\ogplanet\hockeydash\hockeydash.exe |
"{7945870D-0B0A-44D5-89C7-2D466FC1206F}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe |
"{79739634-264F-4246-85CB-8AF22DC10AEA}" = protocol=6 | dir=in | app=d:\program files\icq7.2\icq.exe |
"{7A9A1701-68FA-481A-9269-AF3ABA85252E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7E062F10-FDFB-4AE7-89EB-0B020A64E833}" = protocol=6 | dir=in | app=d:\program files\pinnacle\studio 14\programs\rm.exe |
"{7F3B7155-E63D-4C45-8D83-967F583CF909}" = protocol=6 | dir=in | app=d:\program files\pinnacle\studio 14\programs\umi.exe |
"{8827AF14-989F-414A-BB3B-DE1FFC28085F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{90E5B175-8DDE-4517-B3C6-46821AD32383}" = protocol=17 | dir=in | app=d:\program files\icq7.2\aolload.exe |
"{938A1A2D-A5D3-42E2-A824-3E69ACE5FD02}" = protocol=17 | dir=in | app=d:\program files\icq7.2\aolload.exe |
"{96B2DA6E-944D-4046-8459-13BE12E2C60A}" = protocol=17 | dir=in | app=d:\program files\pinnacle\studio 14\programs\umi.exe |
"{9953B4B4-41BC-4A60-B4D0-51A475A464DA}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9B4FAF45-F301-4EB6-9DE1-F6295DBA383C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9CE18D3A-760D-4754-95DD-5F41135D0EE8}" = protocol=6 | dir=in | app=d:\program files\gamigo ag\levelr\levelr.bin |
"{ABC33052-224A-49F2-B049-B86AA22C87B0}" = protocol=6 | dir=in | app=d:\program files\icq7.2\aolload.exe |
"{AC6DDA29-085F-4E2E-9C94-3A7A9B19D86E}" = protocol=6 | dir=in | app=d:\program files\icq7.2\aolload.exe |
"{B43C8941-CE32-4207-9358-27C1961DE26C}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C629D4C0-D0E2-47D5-85A1-AB690BF75CD2}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C6306FD0-9544-4525-AD7D-A567006CB5DA}" = protocol=17 | dir=in | app=d:\program files\icq7.2\aolload.exe |
"{CEE6AA81-8DAE-4CB6-9155-A8EFF12F20E6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D0A768C8-4813-4B16-95DE-E0B509741A6D}" = protocol=17 | dir=in | app=d:\program files\icq7.2\icq.exe |
"{D18788D9-C34A-4C6D-9019-2FE674E1B734}" = protocol=17 | dir=in | app=d:\program files\pinnacle\studio 14\programs\rm.exe |
"{D64072C8-B969-4D70-B509-80C5E36E3F5D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{E04A4866-9913-4593-9AC2-39B34D64186D}" = protocol=6 | dir=in | app=d:\program files\icq7.2\icq.exe |
"{E62D4474-897C-4754-86CF-ACF4C3EF0F58}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E95772DD-A2D3-46D0-83F6-E146AA9101A8}" = protocol=6 | dir=in | app=d:\program files\icq7.2\aolload.exe |
"{E99363F6-9838-4A88-B24F-F17827D7BB6A}" = protocol=6 | dir=in | app=d:\aeriagames\wolfteam-de\launcher.exe |
"{EA7CD89E-9DF4-4587-945C-7214063469EB}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{ED0F6723-DF8E-4F8D-9ED9-199A13462D46}" = protocol=17 | dir=in | app=d:\program files\icq7.2\icq.exe |
"{F619090B-946A-453A-989F-D821D70C4C00}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F9711B46-B28B-433E-BBF6-AE0DDA226F1C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"TCP Query User{0154C858-B048-4274-BB52-4E2BED70EA39}D:\program files\garena\garena.exe" = protocol=6 | dir=in | app=d:\program files\garena\garena.exe |
"TCP Query User{0C912525-BBD0-4D72-84B3-4D8E2F9F7D05}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{2049B93A-BC75-44D8-A749-91B1F6FBB0FC}D:\program files\ea sports\fifa online\nfe.exe" = protocol=6 | dir=in | app=d:\program files\ea sports\fifa online\nfe.exe |
"TCP Query User{20DAB239-6877-4B28-9A7F-B6AC503BAB75}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{2B9257CA-A7A7-442E-B137-FD0483EA2322}D:\program files\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=6 | dir=in | app=d:\program files\command & conquer 4 tiberian twilight\data\cnc4.game |
"TCP Query User{2F3C5C8D-EE19-4057-AEAE-FC3A71F28505}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{4C8B99BF-8106-42CE-881E-AAEEC388D511}D:\program files\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=d:\program files\left 4 dead\left4dead.exe |
"TCP Query User{6F1124EE-844F-41D6-B384-492B7539FE4E}D:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=d:\program files\atari\test drive unlimited\testdriveunlimited.exe |
"TCP Query User{765D6057-E03D-4F06-A3A8-D53435162FFB}D:\aeriagames\rohan\rohanclient.exe" = protocol=6 | dir=in | app=d:\aeriagames\rohan\rohanclient.exe |
"TCP Query User{DF306364-8A97-458B-ADA7-61BFE493432F}D:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=6 | dir=in | app=d:\aeriagames\wolfteam-de\wolfteam.bin |
"TCP Query User{E3168FDA-A813-4D8B-820A-469E05E29203}D:\program files\steamless left4dead2 pack\left4dead2.exe" = protocol=6 | dir=in | app=d:\program files\steamless left4dead2 pack\left4dead2.exe |
"TCP Query User{ED95F4BC-19A0-43E2-9D47-D97AB9EDA5C0}D:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=d:\program files\electronic arts\eadm\core.exe |
"TCP Query User{F227E3F9-3DC5-406A-BD5F-47B7980A34DB}D:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=d:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{331ADF06-E73E-427E-92B5-C5BAE3FDB54B}D:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=d:\program files\atari\test drive unlimited\testdriveunlimited.exe |
"UDP Query User{4FD0CE6F-EF8C-46F0-9294-E1E0F27A3B2B}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{59E10071-A191-496E-9474-C24026D83D7F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{695EE8C5-EB83-490E-869B-8251A447645C}D:\program files\garena\garena.exe" = protocol=17 | dir=in | app=d:\program files\garena\garena.exe |
"UDP Query User{6BD876F0-8478-4344-A385-087E35512EE5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{7141627E-FB5D-46FB-B374-C031D4C8AC09}D:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=17 | dir=in | app=d:\aeriagames\wolfteam-de\wolfteam.bin |
"UDP Query User{7316A955-D8A0-47E0-A9ED-BB2D909C1A95}D:\aeriagames\rohan\rohanclient.exe" = protocol=17 | dir=in | app=d:\aeriagames\rohan\rohanclient.exe |
"UDP Query User{7888E5C5-AE5F-4910-801C-C404E2E2777A}D:\program files\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=17 | dir=in | app=d:\program files\command & conquer 4 tiberian twilight\data\cnc4.game |
"UDP Query User{789E9993-519A-4E23-A517-42865290795A}D:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=d:\program files\electronic arts\eadm\core.exe |
"UDP Query User{9B3958B9-2089-4533-A191-6A0383A95B7A}D:\program files\ea sports\fifa online\nfe.exe" = protocol=17 | dir=in | app=d:\program files\ea sports\fifa online\nfe.exe |
"UDP Query User{9D723CFA-0C83-4FEA-B59D-D43712C1ADC0}D:\program files\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=d:\program files\left 4 dead\left4dead.exe |
"UDP Query User{BF690DF6-727A-4984-AB2D-20010F9B7D22}D:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=d:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{E95C6208-AE70-4F61-8F64-F9D9517BED7D}D:\program files\steamless left4dead2 pack\left4dead2.exe" = protocol=17 | dir=in | app=d:\program files\steamless left4dead2 pack\left4dead2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1B3EC2E9-67E3-4D10-B1B8-BD71D7DC8930}" = Eternia LastChaos
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 22
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3832FA99-2EDD-41E0-94AD-FBF9FABAFEF9}" = Atheros WLAN Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{68CAE442-579C-4D84-AA5F-253852522ED5}" = PCTroubleshooting
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{8043219B-D2C0-4561-90AB-3F1113ED5A87}" = HERRSCHER DES OLYMP - ZEUS & HERRSCHER von ATLANTIS - POSEIDON
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{852019C5-8AF7-4ECF-BB25-79AE53FBD245}_is1" = Strassenbau Simulator 1.2.16
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B975F4A1-63B6-11D4-BFEC-005004AF2D32}" = Monopoly Tycoon
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAB2778A-31C8-43CC-98C9-FF9FE2842D55}" = Eternia LastChaos
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acoustica MP3 To Wave Converter PLUS" = Acoustica MP3 To Wave Converter PLUS
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"EAX Unified" = EAX Unified
"FLAC" = FLAC 1.2.1b (remove only)
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Audio Converter_is1" = Free Audio Converter version 2.2.16.324
"Free YouTube Download_is1" = Free YouTube Download 2.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"IsoBuster_is1" = IsoBuster 2.8
"JDownloader" = JDownloader
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"Left 4 Dead" = Left 4 Dead
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Monopoly Deluxe" = Monopoly Deluxe
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"PowerISO" = PowerISO
"PROHYBRIDR" = 2007 Microsoft Office system
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"Sandboxie" = Sandboxie 3.50
"Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
21.04.2011, 14:15
| #4 |
| /// Helfer-Team | kazy.mekml.1 seit gerade eben 1. Deine Javaversion ist nicht aktuell! Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen: → Systemsteuerung → Software → deinstallieren... → Rechner neu aufstarten → Downloade nun die Offline-Version von Java Version 6 Update 24 von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! 2. Adobe Reader aktualisieren : - Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus") Adobe Reader Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..." 3.
4. - "Link:-> ESET Online Scanner >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.► [Sicherheit] Autorun Funktion für mehr Sicherheit auf allen Laufwerken deaktivieren /Avira Support Forum -> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch - folgendes bitte anhaken > "Remove found threads" und "Scan archives" - die Scanergebnis als *.txt Dateien speichern) - meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt" Vor dem Scan Einstellungen im Internet Explorer: - "Extras→ Internetoptionen→ Sicherheit": - alles auf Standardstufe stellen - Active X erlauben - um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen ► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
21.04.2011, 19:51
| #5 |
| | kazy.mekml.1 seit gerade eben 1. ok habs gelöscht und via offline setup neu aufgesetzt 2. update gemacht 3. SUPERAntiSpyware Log Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 04/21/2011 at 06:20 PM
Application Version : 4.50.1002
Core Rules Database Version : 6885
Trace Rules Database Version: 4697
Scan type : Complete Scan
Total Scan Time : 01:03:03
Memory items scanned : 653
Memory threats detected : 0
Registry items scanned : 8854
Registry threats detected : 0
File items scanned : 41246
File threats detected : 16
Adware.Tracking Cookie
C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@p380t1s3658947.kronos.bravenetmedia[1].txt
C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@atdmt[2].txt
C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@e-2dj6wfk4gnd5oho.stats.esomniture[1].txt
C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@www.counter[3].txt
C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@www.counter[7].txt
C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@www.counter[4].txt
C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@www.counter[1].txt
C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@www.counter[5].txt
C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@www.counter[2].txt
C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@www.counter[6].txt
Trojan.Agent/Gen-HackPatch
C:\PROGRAM FILES\ETERNIAGAMES\ETERNIA LASTCHAOS EP2\BIN\LASTCHAOSPATCH.EXE
C:\PROGRAM FILES\ETERNIAGAMES\ETERNIA LASTCHAOS EP2\BIN - KOPIE\LASTCHAOSPATCH.EXE
D:\AERIAGAMES\LASTCHAOSUSA\BIN\LAST.CHAOS-PATCH.EXE
D:\MOZILLA DOWNLOADS\LASTCHAOSPATCH\LASTCHAOSPATCH.EXE
D:\PROGRAM FILES\ETERNIA GAMES\ETERNIA LASTCHAOS\BIN\LASTCHAOSPATCH.EXE
D:\PROGRAM FILES\ETERNIA GAMES\ETERNIA LASTCHAOS\BIN - KOPIE\LASTCHAOSPATCH.EXE
ESET Log Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=db34a3d4cde7e944b8cc1c4ac608f765
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-21 05:46:27
# local_time=2011-04-21 07:46:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 340381 39938313 118926 0
# compatibility_mode=5892 16776573 100 100 198399 140934185 0 0
# compatibility_mode=8192 67108863 100 0 2156 2156 0 0
# scanned=367311
# found=0
# cleaned=0
# scan_time=6530
Der momentane zustand ist nicht wirklich besser immernoch keine desktopsymbole keiner schnellstartsymbole unter start ist auch nichts festplatte C wird auch nicht angezeigt es sei den man stellt es in den ordner optionen um (versteckte datein anzeigen) dann sind die ordner etc. leicht transparent zu sehen lediglich die medlungen mit defekter festplatte tauchen im mom nicht auf |
|
21.04.2011, 21:05
| #6 |
| /// Helfer-Team | kazy.mekml.1 seit gerade eben
► wie verhält sich den dein System? berichte erneut
__________________ --> kazy.mekml.1 seit gerade eben |
|
22.04.2011, 06:23
| #7 |
| | kazy.mekml.1 seit gerade eben Hallo, nach dem ausführen von Unhide sind nun wieder alle symbole unter Start sowie auf dem Desktop zu sehen Laptop läuft im mom stabil nur ein wenig träge wie ich finde ist der trojaner denn nun vom system entfernt ? |
|
| Themen zu kazy.mekml.1 seit gerade eben |
| 4d36e972-e325-11ce-bfc1-08002be10318, ad-aware, akamai, autorun, avgntflt.sys, avira, bho, c:\windows\system32\rundll32.exe, canon, converter, desktop, diagnostics, disabletaskmgr, document, downloader, excel, fehler, festplatte, festplattenfehler, firefox, home, iastor.sys, iexplore.exe, jdownloader, kazy.mekml.1, kritischer festplattenfehler, location, microsoft office 2003, microsoft office word, mozilla, mp3, nvstor.sys, office 2007, oldtimer, otl.exe, pando media booster, plug-in, poweriso, realtek, registry, saver, scan, sched.exe, security update, siteadvisor, software, speedtest, sptd.sys, start menu, svchost.exe, trojaner, usb, vista, wrapper |
.
Hybrid-Darstellung
