Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: kazy.mekml.1 seit gerade eben

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.04.2011, 08:49   #1
xQuattrox
 
kazy.mekml.1 seit gerade eben - Standard

kazy.mekml.1 seit gerade eben



Seit gut einer stunde bin ich von oben genanntem Trojaner betroffen es kommen immer meldungen Kritischer festplattenfehler desktop ist schwarz nur papierkorb zu sehen schnellstart usw.. alles leer

habe ein wenig im forum geschaut und schonmal die logfiles mit OTL gemacht

nutze den laptop im mom im abgesicherten Modus

Dake schonmal

OTL.txt

Code:
ATTFilter
OTL logfile created on: 21.04.2011 09:30:52 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = D:\Mozilla Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,09 Gb Total Space | 13,83 Gb Free Space | 23,41% Space Free | Partition Type: NTFS
Drive D: | 226,00 Gb Total Space | 136,18 Gb Free Space | 60,26% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNG | User Name: Meier | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Mozilla Downloads\OTL.exe (OldTimer Tools)
PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\Mozilla Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (McAfee SiteAdvisor Service) --  File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SbieSvc) -- D:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (StarWindServiceAE) -- D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (SbieDrv) -- D:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (GarenaPEngine) -- C:\Users\Meier\AppData\Local\Temp\EIYFBAE.tmp ()
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: staff@hide-my-ip.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: speedtest@gotomyhelp.com:1.2.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: stealthyextension@gmail.com:0.8
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.03.25 18:41:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.03.25 18:41:01 | 000,000,000 | ---D | M]
 
[2010.07.22 11:39:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Extensions
[2011.04.20 16:21:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions
[2010.07.23 14:11:58 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.28 18:36:36 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.07.26 14:18:16 | 000,000,000 | -H-D | M] (FIFA Online Web Launcher) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\eafo3fflauncher@ea.com
[2010.08.28 13:49:49 | 000,000,000 | -H-D | M] ("Broadband Speed Test and Diagnostics") -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\speedtest@gotomyhelp.com
[2011.04.07 19:28:39 | 000,000,000 | -H-D | M] (Stealthy) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\stealthyextension@gmail.com
[2011.04.07 19:28:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\stealthyextension@gmail.com\chrome
[2009.10.28 21:30:35 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2010.08.16 13:19:32 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010.08.19 09:56:53 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.16 20:01:37 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.11 15:52:14 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.02.04 12:16:35 | 000,000,000 | ---D | M] (Hide My IP) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\STAFF@HIDE-MY-IP.COM
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MRtPNAFMRSnT] C:\ProgramData\MRtPNAFMRSnT.exe (WinTrust)
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: &Download by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6dfa23fb-b080-11df-968d-001583c2cefa}\Shell - "" = AutoRun
O33 - MountPoints2\{6dfa23fb-b080-11df-968d-001583c2cefa}\Shell\AutoRun\command - "" = F:\Set-up.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\MTInstall.exe
O33 - MountPoints2\G\Shell\directx\command - "" = G:\Redist\directx8a\dxsetup.exe
O33 - MountPoints2\G\Shell\Gamespy\command - "" = G:\Redist\GameSpy\ArcadeInstallMTYCOON108c.exe
O33 - MountPoints2\G\Shell\setup\command - "" = G:\MTInstall.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Meier^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - D:\Program Files\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - D:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: EA Core - hkey= - key= -  File not found
MsConfig - StartUpReg: NBAgent - hkey= - key= - D:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
MsConfig - StartUpReg: Pando Media Booster - hkey= - key= - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - D:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
MsConfig - StartUpReg: SandboxieControl - hkey= - key= - D:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
MsConfig - StartUpReg: Steam - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: USBToolTip - hkey= - key= - C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.mjpg - pvmjpg30.dll File not found
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.21 08:41:45 | 000,000,000 | -H-D | C] -- C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.21 08:32:28 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe
[2011.04.15 18:13:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.04.15 16:14:32 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.15 16:14:32 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.15 16:14:14 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.15 16:14:14 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.15 16:14:14 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.15 16:14:07 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.15 16:14:07 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.15 16:14:07 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.15 16:14:07 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.15 16:14:06 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.15 16:14:06 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.15 16:14:06 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.15 16:14:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.15 16:14:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.15 16:14:06 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.15 16:14:06 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.15 16:14:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.15 16:14:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.15 16:14:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.15 16:13:54 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.15 16:13:53 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.15 16:13:49 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.15 16:13:47 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.15 16:13:44 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.15 16:13:44 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.08 12:19:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acoustica MP3 To Wave Converter Plus
[2011.04.08 12:13:16 | 000,000,000 | -H-D | C] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoft
[2011.03.27 08:12:11 | 000,000,000 | -H-D | C] -- C:\Users\Meier\AppData\Local\Microsoft Games
[2011.03.23 13:19:21 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.03.23 13:19:21 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010.08.25 19:59:08 | 000,004,096 | -H-- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.21 09:15:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.21 09:11:45 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 09:11:45 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 09:11:44 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.04.21 08:54:43 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~42589960
[2011.04.21 08:54:43 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~42589960r
[2011.04.21 08:54:30 | 000,000,336 | -H-- | M] () -- C:\ProgramData\42589960
[2011.04.21 08:41:46 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~46128904
[2011.04.21 08:41:46 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~46128904r
[2011.04.21 08:41:45 | 000,000,583 | -H-- | M] () -- C:\Users\Meier\Desktop\Windows Recovery.lnk
[2011.04.21 08:41:36 | 000,000,336 | -H-- | M] () -- C:\ProgramData\46128904
[2011.04.21 08:32:28 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe
[2011.04.21 06:52:17 | 000,632,252 | -H-- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.21 06:52:17 | 000,598,900 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.21 06:52:17 | 000,127,464 | -H-- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.21 06:52:17 | 000,104,914 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.20 20:32:18 | 000,171,008 | -H-- | M] () -- C:\Users\Meier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.20 16:34:59 | 000,000,370 | -H-- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.04.15 18:32:00 | 003,810,392 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.08 12:19:07 | 000,000,777 | -H-- | M] () -- C:\Users\Public\Desktop\Acoustica MP3 To Wave Converter PLUS.lnk
[2011.04.08 12:17:05 | 000,001,032 | -H-- | M] () -- C:\Users\Meier\Desktop\DVDVideoSoft Free Studio.lnk
[2011.04.08 12:17:01 | 000,000,849 | -H-- | M] () -- C:\Users\Meier\Desktop\Free Audio Converter.lnk
[2011.04.03 12:14:09 | 000,015,008 | -H-- | M] () -- C:\Users\Meier\Desktop\OpenDocument Text (neu).odt
[2011.04.02 13:49:46 | 000,000,915 | -H-- | M] () -- C:\Users\Meier\Desktop\Free YouTube to MP3 Converter.lnk
[2011.03.27 08:39:50 | 000,000,349 | -H-- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.21 08:54:43 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~42589960
[2011.04.21 08:54:43 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~42589960r
[2011.04.21 08:54:30 | 000,000,336 | -H-- | C] () -- C:\ProgramData\42589960
[2011.04.21 08:41:46 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~46128904
[2011.04.21 08:41:46 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~46128904r
[2011.04.21 08:41:45 | 000,000,583 | -H-- | C] () -- C:\Users\Meier\Desktop\Windows Recovery.lnk
[2011.04.21 08:41:36 | 000,000,336 | -H-- | C] () -- C:\ProgramData\46128904
[2011.04.08 12:19:07 | 000,000,777 | -H-- | C] () -- C:\Users\Public\Desktop\Acoustica MP3 To Wave Converter PLUS.lnk
[2011.04.08 12:13:19 | 000,000,849 | -H-- | C] () -- C:\Users\Meier\Desktop\Free Audio Converter.lnk
[2011.04.03 11:13:59 | 000,015,008 | -H-- | C] () -- C:\Users\Meier\Desktop\OpenDocument Text (neu).odt
[2011.04.02 13:49:46 | 000,000,915 | -H-- | C] () -- C:\Users\Meier\Desktop\Free YouTube to MP3 Converter.lnk
[2011.04.02 13:17:36 | 000,000,370 | -H-- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.11.07 20:54:46 | 000,000,010 | -H-- | C] () -- C:\Windows\popcinfo.dat
[2010.10.31 15:25:58 | 000,001,666 | -H-- | C] () -- C:\Windows\Sandboxie.ini
[2010.10.25 14:48:52 | 000,000,331 | -H-- | C] () -- C:\Windows\SIERRA.INI
[2010.10.25 10:20:49 | 000,000,556 | -H-- | C] () -- C:\Windows\ODBC.INI
[2010.10.14 02:36:44 | 000,179,263 | -H-- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.09.24 21:47:43 | 000,000,069 | -H-- | C] () -- C:\Windows\NeroDigital.ini
[2010.08.25 20:30:02 | 000,439,308 | -H-- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 20:30:00 | 000,982,240 | -H-- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 20:30:00 | 000,092,356 | -H-- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 19:57:00 | 000,000,151 | -H-- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 19:52:00 | 000,208,896 | -H-- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 19:52:00 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.08.24 17:46:00 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010.08.03 15:14:30 | 000,233,472 | -H-- | C] () -- C:\Windows\System32\MafiaSetup.exe
[2010.07.26 14:20:42 | 000,139,152 | -H-- | C] () -- C:\Users\Meier\AppData\Roaming\PnkBstrK.sys
[2010.07.26 10:58:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.07.26 10:58:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.07.25 18:36:29 | 000,171,008 | -H-- | C] () -- C:\Users\Meier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.24 16:11:17 | 000,000,013 | -H-- | C] () -- C:\Users\Meier\AppData\Roaming\Update.cfg
[2010.07.23 21:15:01 | 001,970,176 | -H-- | C] () -- C:\Windows\System32\d3dx9.dll
[2010.07.22 11:38:52 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2009.08.03 00:21:54 | 000,197,912 | -H-- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009.08.03 00:21:52 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009.08.03 00:21:52 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009.07.24 05:49:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.07.24 05:20:06 | 000,307,200 | -H-- | C] () -- C:\Windows\SetDisplayResolution.exe
[2009.07.24 05:19:37 | 000,000,135 | RH-- | C] () -- C:\Windows\System32\lngEng.ini
[2009.07.24 05:19:37 | 000,000,117 | -H-- | C] () -- C:\Windows\System32\lngKor.ini
[2009.07.24 05:17:29 | 000,004,280 | -H-- | C] () -- C:\Windows\HotFixList.ini
[2009.07.24 05:17:08 | 000,073,728 | -H-- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.07.24 03:52:31 | 000,632,252 | -H-- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.24 03:52:31 | 000,290,748 | -H-- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.24 03:52:31 | 000,127,464 | -H-- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.24 03:52:31 | 000,036,916 | -H-- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.24 03:35:48 | 001,060,424 | -H-- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.07.24 03:35:40 | 000,147,456 | -H-- | C] () -- C:\Windows\System32\igfxCoIn_v1540.dll
[2009.07.24 03:35:40 | 000,147,172 | -H-- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.02.09 18:03:07 | 000,024,576 | -H-- | C] () -- C:\Windows\System32\drivers\Marker.exe
[2007.02.26 09:49:12 | 006,139,774 | -H-- | C] () -- C:\Windows\imagine digital freedom.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 003,810,392 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,598,900 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,914 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010.11.06 17:51:20 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Alawar
[2010.11.06 13:48:43 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Boomzap
[2010.07.28 14:33:16 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Canneverbe Limited
[2010.09.21 12:05:49 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Canon
[2010.09.16 20:16:01 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2010.09.11 13:43:49 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Command and Conquer 4
[2010.08.31 22:07:41 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DAEMON Tools Pro
[2011.04.08 12:13:16 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoft
[2011.04.02 13:50:02 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.24 23:31:46 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\GrabPro
[2010.08.22 16:18:53 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\ICQ
[2010.07.24 01:57:18 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\MessengerGadget
[2010.11.06 15:52:51 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\My Games
[2010.09.05 11:58:06 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Need for Speed World
[2010.08.16 13:24:03 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\OpenOffice.org
[2011.04.20 21:11:11 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Orbit
[2010.12.23 12:02:47 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Process Hacker 2
[2010.07.24 23:32:31 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\ProgSense
[2010.08.05 12:47:18 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.11.06 19:12:24 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Super-Cow
[2010.10.01 19:29:51 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Zylom
[2011.04.20 16:34:59 | 000,000,370 | -H-- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011.04.21 09:11:45 | 000,032,582 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.08.05 12:30:26 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Adobe
[2010.08.05 12:47:19 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Adobe Mini Bridge CS5
[2010.11.06 17:51:20 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Alawar
[2010.11.17 13:17:12 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\ArcSoft
[2010.07.22 12:56:35 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Avira
[2010.11.06 13:48:43 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Boomzap
[2010.07.28 14:33:16 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Canneverbe Limited
[2010.09.21 12:05:49 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Canon
[2010.09.16 20:16:01 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2010.09.11 13:43:49 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Command and Conquer 4
[2010.08.31 22:07:41 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DAEMON Tools Pro
[2010.08.03 08:46:19 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DivX
[2011.04.08 12:13:16 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoft
[2011.04.02 13:50:02 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.24 23:31:46 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\GrabPro
[2010.08.22 16:18:53 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\ICQ
[2010.10.01 19:29:51 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Identities
[2010.07.22 12:32:40 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\InstallShield
[2010.07.22 11:24:25 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Macromedia
[2006.11.02 14:37:34 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Media Center Programs
[2010.07.24 01:57:18 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\MessengerGadget
[2010.08.31 21:52:09 | 000,000,000 | --SD | M] -- C:\Users\Meier\AppData\Roaming\Microsoft
[2010.07.22 11:39:02 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Mozilla
[2010.11.06 15:52:51 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\My Games
[2010.09.05 11:58:06 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Need for Speed World
[2010.08.04 15:49:54 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Nero
[2010.08.16 13:24:03 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\OpenOffice.org
[2011.04.20 21:11:11 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Orbit
[2010.12.23 12:02:47 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Process Hacker 2
[2010.07.24 23:32:31 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\ProgSense
[2010.08.05 12:47:18 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.11.06 19:12:24 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Super-Cow
[2010.11.28 12:28:35 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\vlc
[2010.07.22 14:07:18 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\WinRAR
[2010.10.01 19:29:51 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Zylom
 
< %APPDATA%\*.exe /s >
[2010.08.04 20:26:52 | 000,038,784 | -H-- | M] () -- C:\Users\Meier\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.11.27 14:57:02 | 000,029,926 | RH-- | M] () -- C:\Users\Meier\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
[2010.08.31 21:52:09 | 000,010,134 | RH-- | M] () -- C:\Users\Meier\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | -H-- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.02.11 10:26:18 | 000,407,576 | -H-- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.02.11 10:11:50 | 000,329,752 | -H-- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.02.11 10:11:50 | 000,329,752 | -H-- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009.02.11 10:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | -H-- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | -H-- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | -H-- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | -H-- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | -H-- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | -H-- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | -H-- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >
         

Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 21.04.2011 09:30:52 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = D:\Mozilla Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,09 Gb Total Space | 13,83 Gb Free Space | 23,41% Space Free | Partition Type: NTFS
Drive D: | 226,00 Gb Total Space | 136,18 Gb Free Space | 60,26% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNG | User Name: Meier | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\Orbitdownloader\orbitdm.exe" = D:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Program Files\Orbitdownloader\orbitnet.exe" = D:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14F3A794-E653-4742-87A0-E0D9B74A1150}" = lport=2300 | protocol=17 | dir=in | name=wolfteam port | 
"{208A00FA-10A6-4584-BDF6-B84153B8D04B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{20D028DC-E2FF-4AA2-BAE6-D57BEA8198C4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3CF4BAE3-B7A8-420C-9F33-1E3E5BE7E104}" = lport=13000 | protocol=17 | dir=in | name=hockeydash | 
"{56BBB4AF-1C79-49AD-BA89-69A78E1BA809}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5E81563F-F878-45A1-ABC2-53A78BBF2EC8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{60F82C58-B1F5-430D-B939-695ADBE7913D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7825D50A-BC25-4214-9FF6-5F5DA05758BC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{78A0BE29-B16C-4D3C-8DFD-617697596852}" = rport=139 | protocol=6 | dir=out | app=system | 
"{80CAAB0C-C66C-4B58-BB5E-ADEAAB104BE3}" = lport=49158 | protocol=6 | dir=in | name=akamai netsession interface | 
"{83C4E23B-E6B4-48FF-B3AB-F3B8C078A9DA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B5A334D3-744D-4556-9DE4-ED2280B3527D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BA9C339F-776C-48CA-8F3C-9CABA20A0AC5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C5D50928-0BDF-4E0D-A9C9-78DC6296097D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E15B5776-2905-4B62-806C-E92D836B8C14}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{E839F652-3F03-47EF-822A-87177B51B29E}" = lport=8500 | protocol=6 | dir=in | name=hockeydash | 
"{EDA4BBDD-1E33-4B4C-83ED-256B45259F11}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F11A2D0C-81E9-4DF8-A381-3F1EAA9F44FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031E18BE-36FA-46DA-955C-BEC759A44F1E}" = protocol=17 | dir=in | app=d:\program files\gamigo ag\levelr\levelr.bin | 
"{14482ABA-8BA3-45D7-AE86-B5AD8BBC91FC}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{145BCCAE-FF8C-4C68-8D62-3BFAD7B090AD}" = protocol=17 | dir=in | app=d:\program files\icq7.2\icq.exe | 
"{18918E82-3E45-42B0-B765-5BF014E12EAD}" = protocol=6 | dir=in | app=d:\program files\ogplanet\hockeydash\hockeydash.exe | 
"{28DB716E-D044-41C8-BC84-D0746782E0EF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{29DE2C06-67AF-4ECB-99CD-D144FDDE8A51}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{3D17E532-8C8A-41E9-8AC5-091711619F9F}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\alien swarm\srcds.exe | 
"{41FB5A3B-B8DB-4F89-BE04-B0C50FD174FD}" = protocol=6 | dir=in | app=d:\program files\icq7.2\icq.exe | 
"{4E64293B-AD1C-47A1-83A9-99B3BB6DE2F8}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{4FEC96A0-E32B-4EB8-ADBD-886F5D907146}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{509C77DC-CDA7-4143-8FE5-73C9AFF929E1}" = protocol=6 | dir=in | app=d:\program files\pinnacle\studio 14\programs\studio.exe | 
"{5A721190-AF02-4F9C-BFE0-4BA4C969A297}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5CAB55F0-198A-494F-A879-D1DAC471E84F}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe | 
"{625A5FCC-ABAB-47C7-9EE1-1F3B9DCE7DF2}" = protocol=17 | dir=in | app=d:\aeriagames\wolfteam-de\launcher.exe | 
"{63160B43-9B30-442C-921F-7A38C30F4E12}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\alien swarm\srcds.exe | 
"{708A77A5-9AD9-4C9C-A64F-495E9E1A351B}" = protocol=17 | dir=in | app=d:\program files\pinnacle\studio 14\programs\studio.exe | 
"{75EC1325-75C3-468B-AE34-AE7FC32CE0A3}" = protocol=17 | dir=in | app=d:\program files\ogplanet\hockeydash\hockeydash.exe | 
"{7945870D-0B0A-44D5-89C7-2D466FC1206F}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe | 
"{79739634-264F-4246-85CB-8AF22DC10AEA}" = protocol=6 | dir=in | app=d:\program files\icq7.2\icq.exe | 
"{7A9A1701-68FA-481A-9269-AF3ABA85252E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{7E062F10-FDFB-4AE7-89EB-0B020A64E833}" = protocol=6 | dir=in | app=d:\program files\pinnacle\studio 14\programs\rm.exe | 
"{7F3B7155-E63D-4C45-8D83-967F583CF909}" = protocol=6 | dir=in | app=d:\program files\pinnacle\studio 14\programs\umi.exe | 
"{8827AF14-989F-414A-BB3B-DE1FFC28085F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{90E5B175-8DDE-4517-B3C6-46821AD32383}" = protocol=17 | dir=in | app=d:\program files\icq7.2\aolload.exe | 
"{938A1A2D-A5D3-42E2-A824-3E69ACE5FD02}" = protocol=17 | dir=in | app=d:\program files\icq7.2\aolload.exe | 
"{96B2DA6E-944D-4046-8459-13BE12E2C60A}" = protocol=17 | dir=in | app=d:\program files\pinnacle\studio 14\programs\umi.exe | 
"{9953B4B4-41BC-4A60-B4D0-51A475A464DA}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{9B4FAF45-F301-4EB6-9DE1-F6295DBA383C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9CE18D3A-760D-4754-95DD-5F41135D0EE8}" = protocol=6 | dir=in | app=d:\program files\gamigo ag\levelr\levelr.bin | 
"{ABC33052-224A-49F2-B049-B86AA22C87B0}" = protocol=6 | dir=in | app=d:\program files\icq7.2\aolload.exe | 
"{AC6DDA29-085F-4E2E-9C94-3A7A9B19D86E}" = protocol=6 | dir=in | app=d:\program files\icq7.2\aolload.exe | 
"{B43C8941-CE32-4207-9358-27C1961DE26C}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{C629D4C0-D0E2-47D5-85A1-AB690BF75CD2}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{C6306FD0-9544-4525-AD7D-A567006CB5DA}" = protocol=17 | dir=in | app=d:\program files\icq7.2\aolload.exe | 
"{CEE6AA81-8DAE-4CB6-9155-A8EFF12F20E6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{D0A768C8-4813-4B16-95DE-E0B509741A6D}" = protocol=17 | dir=in | app=d:\program files\icq7.2\icq.exe | 
"{D18788D9-C34A-4C6D-9019-2FE674E1B734}" = protocol=17 | dir=in | app=d:\program files\pinnacle\studio 14\programs\rm.exe | 
"{D64072C8-B969-4D70-B509-80C5E36E3F5D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{E04A4866-9913-4593-9AC2-39B34D64186D}" = protocol=6 | dir=in | app=d:\program files\icq7.2\icq.exe | 
"{E62D4474-897C-4754-86CF-ACF4C3EF0F58}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{E95772DD-A2D3-46D0-83F6-E146AA9101A8}" = protocol=6 | dir=in | app=d:\program files\icq7.2\aolload.exe | 
"{E99363F6-9838-4A88-B24F-F17827D7BB6A}" = protocol=6 | dir=in | app=d:\aeriagames\wolfteam-de\launcher.exe | 
"{EA7CD89E-9DF4-4587-945C-7214063469EB}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{ED0F6723-DF8E-4F8D-9ED9-199A13462D46}" = protocol=17 | dir=in | app=d:\program files\icq7.2\icq.exe | 
"{F619090B-946A-453A-989F-D821D70C4C00}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F9711B46-B28B-433E-BBF6-AE0DDA226F1C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"TCP Query User{0154C858-B048-4274-BB52-4E2BED70EA39}D:\program files\garena\garena.exe" = protocol=6 | dir=in | app=d:\program files\garena\garena.exe | 
"TCP Query User{0C912525-BBD0-4D72-84B3-4D8E2F9F7D05}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{2049B93A-BC75-44D8-A749-91B1F6FBB0FC}D:\program files\ea sports\fifa online\nfe.exe" = protocol=6 | dir=in | app=d:\program files\ea sports\fifa online\nfe.exe | 
"TCP Query User{20DAB239-6877-4B28-9A7F-B6AC503BAB75}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{2B9257CA-A7A7-442E-B137-FD0483EA2322}D:\program files\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=6 | dir=in | app=d:\program files\command & conquer 4 tiberian twilight\data\cnc4.game | 
"TCP Query User{2F3C5C8D-EE19-4057-AEAE-FC3A71F28505}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"TCP Query User{4C8B99BF-8106-42CE-881E-AAEEC388D511}D:\program files\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=d:\program files\left 4 dead\left4dead.exe | 
"TCP Query User{6F1124EE-844F-41D6-B384-492B7539FE4E}D:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=d:\program files\atari\test drive unlimited\testdriveunlimited.exe | 
"TCP Query User{765D6057-E03D-4F06-A3A8-D53435162FFB}D:\aeriagames\rohan\rohanclient.exe" = protocol=6 | dir=in | app=d:\aeriagames\rohan\rohanclient.exe | 
"TCP Query User{DF306364-8A97-458B-ADA7-61BFE493432F}D:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=6 | dir=in | app=d:\aeriagames\wolfteam-de\wolfteam.bin | 
"TCP Query User{E3168FDA-A813-4D8B-820A-469E05E29203}D:\program files\steamless left4dead2 pack\left4dead2.exe" = protocol=6 | dir=in | app=d:\program files\steamless left4dead2 pack\left4dead2.exe | 
"TCP Query User{ED95F4BC-19A0-43E2-9D47-D97AB9EDA5C0}D:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=d:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{F227E3F9-3DC5-406A-BD5F-47B7980A34DB}D:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=d:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{331ADF06-E73E-427E-92B5-C5BAE3FDB54B}D:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=d:\program files\atari\test drive unlimited\testdriveunlimited.exe | 
"UDP Query User{4FD0CE6F-EF8C-46F0-9294-E1E0F27A3B2B}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{59E10071-A191-496E-9474-C24026D83D7F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{695EE8C5-EB83-490E-869B-8251A447645C}D:\program files\garena\garena.exe" = protocol=17 | dir=in | app=d:\program files\garena\garena.exe | 
"UDP Query User{6BD876F0-8478-4344-A385-087E35512EE5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{7141627E-FB5D-46FB-B374-C031D4C8AC09}D:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=17 | dir=in | app=d:\aeriagames\wolfteam-de\wolfteam.bin | 
"UDP Query User{7316A955-D8A0-47E0-A9ED-BB2D909C1A95}D:\aeriagames\rohan\rohanclient.exe" = protocol=17 | dir=in | app=d:\aeriagames\rohan\rohanclient.exe | 
"UDP Query User{7888E5C5-AE5F-4910-801C-C404E2E2777A}D:\program files\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=17 | dir=in | app=d:\program files\command & conquer 4 tiberian twilight\data\cnc4.game | 
"UDP Query User{789E9993-519A-4E23-A517-42865290795A}D:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=d:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{9B3958B9-2089-4533-A191-6A0383A95B7A}D:\program files\ea sports\fifa online\nfe.exe" = protocol=17 | dir=in | app=d:\program files\ea sports\fifa online\nfe.exe | 
"UDP Query User{9D723CFA-0C83-4FEA-B59D-D43712C1ADC0}D:\program files\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=d:\program files\left 4 dead\left4dead.exe | 
"UDP Query User{BF690DF6-727A-4984-AB2D-20010F9B7D22}D:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=d:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{E95C6208-AE70-4F61-8F64-F9D9517BED7D}D:\program files\steamless left4dead2 pack\left4dead2.exe" = protocol=17 | dir=in | app=d:\program files\steamless left4dead2 pack\left4dead2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1B3EC2E9-67E3-4D10-B1B8-BD71D7DC8930}" = Eternia LastChaos
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 22
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3832FA99-2EDD-41E0-94AD-FBF9FABAFEF9}" = Atheros WLAN Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{68CAE442-579C-4D84-AA5F-253852522ED5}" = PCTroubleshooting
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{8043219B-D2C0-4561-90AB-3F1113ED5A87}" = HERRSCHER DES OLYMP - ZEUS & HERRSCHER von ATLANTIS - POSEIDON
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{852019C5-8AF7-4ECF-BB25-79AE53FBD245}_is1" = Strassenbau Simulator 1.2.16
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B975F4A1-63B6-11D4-BFEC-005004AF2D32}" = Monopoly Tycoon
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAB2778A-31C8-43CC-98C9-FF9FE2842D55}" = Eternia LastChaos
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acoustica MP3 To Wave Converter PLUS" = Acoustica MP3 To Wave Converter PLUS
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"EAX Unified" = EAX Unified
"FLAC" = FLAC 1.2.1b (remove only)
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Audio Converter_is1" = Free Audio Converter version 2.2.16.324
"Free YouTube Download_is1" = Free YouTube Download 2.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"IsoBuster_is1" = IsoBuster 2.8
"JDownloader" = JDownloader
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"Left 4 Dead" = Left 4 Dead
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Monopoly Deluxe" = Monopoly Deluxe
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"PowerISO" = PowerISO
"PROHYBRIDR" = 2007 Microsoft Office system
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"Sandboxie" = Sandboxie 3.50
"Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         

Alt 21.04.2011, 10:20   #2
kira
/// Helfer-Team
 
kazy.mekml.1 seit gerade eben - Standard

kazy.mekml.1 seit gerade eben



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems
Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
[2011.04.21 08:32:28 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe
[2011.04.21 08:54:43 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~42589960
[2011.04.21 08:54:43 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~42589960r
[2011.04.21 08:54:30 | 000,000,336 | -H-- | M] () -- C:\ProgramData\42589960
[2011.04.21 08:41:46 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~46128904
[2011.04.21 08:41:46 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~46128904r
[2011.04.21 08:41:45 | 000,000,583 | -H-- | M] () -- C:\Users\Meier\Desktop\Windows Recovery.lnk
[2011.04.21 08:41:36 | 000,000,336 | -H-- | M] () -- C:\ProgramData\46128904
[2010.07.25 18:36:29 | 000,171,008 | -H-- | C] () -- C:\Users\Meier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

Kannst Du den Rechner im normalen Modus starten?

2.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

4.
Erneut ein OTL-Log erstellen und posten:-> OTL-Anleitung

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
Coverflow
__________________

__________________

Alt 21.04.2011, 11:53   #3
xQuattrox
 
kazy.mekml.1 seit gerade eben - Standard

kazy.mekml.1 seit gerade eben



so habe mal die schritte befolgt

1. die logfile nach dem OTL Fix

Code:
ATTFilter
All processes killed
========== OTL ==========
C:\ProgramData\MRtPNAFMRSnT.exe moved successfully.
C:\ProgramData\~42589960 moved successfully.
C:\ProgramData\~42589960r moved successfully.
C:\ProgramData\42589960 moved successfully.
C:\ProgramData\~46128904 moved successfully.
C:\ProgramData\~46128904r moved successfully.
C:\Users\Meier\Desktop\Windows Recovery.lnk moved successfully.
C:\ProgramData\46128904 moved successfully.
C:\Users\Meier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Meier
->Temp folder emptied: 2039556687 bytes
->Temporary Internet Files folder emptied: 52310758 bytes
->Java cache emptied: 15277899 bytes
->FireFox cache emptied: 122729510 bytes
->Flash cache emptied: 192360 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3103210 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 44816246 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.173,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04212011_122647

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

2. Malewarebytes LOG

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6412

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

21.04.2011 12:43:07
mbam-log-2011-04-21 (12-43-07).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 155575
Laufzeit: 5 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

3. Ccleaner LOG

Code:
ATTFilter
2007 Microsoft Office system	Microsoft Corporation	22.07.2010	491MB	12.0.6425.1000
Acoustica MP3 To Wave Converter PLUS	Acoustica, Inc.	07.04.2011	5,09MB	2.5
Adobe AIR	Adobe Systems Inc.	03.08.2010	30,7MB	1.5.3.9120
Adobe Community Help	Adobe Systems Incorporated	03.08.2010	2,52MB	3.0.0.400
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	03.10.2010		10.1.85.3
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	02.10.2010		10.1.85.3
Adobe Media Player	Adobe Systems Incorporated	03.08.2010	2,70MB	1.8
Adobe Photoshop CS5	Adobe Systems Incorporated	03.08.2010	1.559MB	12.0
Adobe Reader 9.4.0 - Deutsch	Adobe Systems Incorporated	13.11.2010	164,1MB	9.4.0
Adobe Shockwave Player 11.5	Adobe Systems, Inc.	07.10.2010	8,67MB	11.5.8.612
Adobe SVG Viewer 3.0		24.10.2010	4,78MB	 3.0
ArcSoft PhotoStudio 5.5	ArcSoft	20.09.2010	25,2MB	
Atheros WLAN Client	WLAN	23.07.2009	1,27MB	14.00.0000
Avira AntiVir Personal - Free Antivirus	Avira GmbH	17.03.2011	105,6MB	10.0.0.635
BatteryLifeExtender	Samsung	23.07.2009	4,71MB	1.0.0
Canon MP Navigator EX 2.0		20.09.2010	69,5MB	
Canon Utilities Solution Menu		20.09.2010	1,93MB	
CanoScan LiDE 200 Scanner Driver		20.09.2010		
CCleaner	Piriform	20.04.2011	3,60MB	3.05
Cheat Engine 5.6.1	Dark Byte	08.12.2010	15,6MB	
CyberLink YouCam	CyberLink Corp.	10.09.2009	78,1MB	2.0.2706
DHTML Editing Component	Microsoft Corporation	02.10.2010	0,45MB	6.02.0001
DivX-Setup	DivX, Inc. 	28.07.2010	2,12MB	1.0.2.23
Easy Battery Manager	Samsung	23.07.2009	5,59MB	3.2.1.7
Easy Display Manager	Samsung Electronics Co., Ltd.	23.07.2009	14,0MB	2.3
Easy Network Manager	Samsung	23.07.2009	19,1MB	4.0.2
Easy SpeedUp Manager		23.07.2009	3,68MB	2.0.2.6
EAX Unified		02.08.2010	8,00KB	
Eternia LastChaos	Eternia Games	04.01.2011	2.636MB	2.0.0
FLAC 1.2.1b (remove only)	Xiph.org	18.02.2011	0,98MB	1.2.1b
Fraps (remove only)		22.07.2010	1.890MB	
Free Audio CD Burner version 1.4.7	DVDVideoSoft Limited.	01.04.2011	3,11MB	
Free Audio Converter version 2.2.16.324	DVDVideoSoft Limited.	07.04.2011	7,79MB	
Free YouTube Download 2.8	DVDVideoSoft Limited.	27.07.2010	3,24MB	
Free YouTube to MP3 Converter version 3.9.35.324	DVDVideoSoft Limited.	01.04.2011	3,52MB	
HERRSCHER DES OLYMP - ZEUS & HERRSCHER von ATLANTIS - POSEIDON		24.10.2010	12,0MB	
ICQ7.2	ICQ	26.07.2010	46,9MB	7.2
imagine digital freedom - Samsung	Samsung Electronics Co. Ltd.,	23.07.2009	7,50MB	1.0.2.2
Inkjet Printer/Scanner Extended Survey Program		20.09.2010	0,95MB	
Intel(R) Graphics Media Accelerator Driver	Intel Corporation	23.07.2009		
Intel® Matrix Storage Manager	Intel Corporation	23.07.2009	4,80MB	
IsoBuster 2.8	Smart Projects	28.07.2010	10,4MB	2.8
Java(TM) 6 Update 22	Sun Microsystems, Inc.	15.08.2010	293MB	6.0.220
JDownloader	AppWork UG (haftungsbeschränkt)	30.07.2010	56,0MB	0.89
Knoll Light Factory EZ Studio		26.11.2010		
Left 4 Dead	Valve	30.07.2010	4,17MB	
Magic Bullet Looks Studio		26.11.2010		
Malwarebytes' Anti-Malware	Malwarebytes Corporation	20.04.2011	4,80MB	
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	22.07.2010	37,0MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	21.07.2010	37,0MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	01.11.2010	120,3MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	01.11.2010	24,5MB	4.0.30319
Microsoft Games for Windows - LIVE	Microsoft Corporation	16.11.2010	6,01MB	3.4.54.0
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	16.11.2010	31,3MB	3.4.18.0
Microsoft Office 2003 Web Components	Microsoft Corporation	15.09.2010	21,7MB	11.0.8003.0
Microsoft Office 2007 Primary Interop Assemblies	Microsoft Corporation	14.04.2011	7,23MB	12.0.4518.1014
Microsoft Office Small Business Connectivity Components	Microsoft Corporation	10.09.2009	0,15MB	2.0.7024.0
Microsoft Office Suite Activation Assistant	Microsoft Corporation	10.09.2009	8,37MB	2.9
Microsoft Primary Interoperability Assemblies 2005	Microsoft Corporation	03.08.2010	7,77MB	8.0.50727.42
Microsoft SQL Server Native Client	Microsoft Corporation	10.09.2009	2,60MB	9.00.3042.00
Microsoft SQL Server VSS Writer	Microsoft Corporation	10.09.2009	0,69MB	9.00.3042.00
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	26.07.2010	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	30.08.2010	0,41MB	8.0.59193
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	23.09.2010	1,41MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	23.07.2009	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	21.07.2010	0,58MB	9.0.30729.4148
Microsoft WSE 3.0 Runtime	Microsoft Corp.	30.08.2010	0,92MB	3.0.5305.0
Monopoly Deluxe	Zylom Games	30.09.2010	20,3MB	1.0.0
Monopoly Tycoon		05.10.2010	3,21MB	
Mozilla Firefox (3.6.16)	Mozilla	24.03.2011	32,7MB	3.6.16 (de)
MSXML 4.0 SP2 (KB927978)	Microsoft Corporation	04.08.2010	34,00KB	4.20.9841.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	04.08.2010	34,00KB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	04.08.2010	1,34MB	4.20.9876.0
NCsoft Launcher	NCsoft	21.07.2010	11,5MB	1.5.7000
Nero BackItUp 10	Nero AG	03.08.2010	107,6MB	5.4.11600.19.100
Nero Burning ROM 10	Nero AG	03.08.2010	162,3MB	10.0.11100.10.100
Nero BurnRights 10	Nero AG	03.08.2010	6,42MB	4.0.11000.12.100
Nero CoverDesigner 10	Nero AG	03.08.2010	77,1MB	5.0.10900.11.100
Nero DiscCopy Gadget 10	Nero AG	03.08.2010	35,4MB	3.0.10700.9.100
Nero DiscSpeed 10	Nero AG	03.08.2010	7,47MB	6.0.10800.7.100
Nero Express 10	Nero AG	03.08.2010	159,5MB	10.0.11000.10.100
Nero InfoTool 10	Nero AG	03.08.2010	8,07MB	7.0.10800.8.100
Nero MediaHub 10	Nero AG	03.08.2010	158,0MB	1.0.13400.11.100
Nero Multimedia Suite 10	Nero AG	03.08.2010	1.369MB	10.0.13100
Nero Recode 10	Nero AG	03.08.2010	80,0MB	4.6.10900.4.100
Nero RescueAgent 10	Nero AG	03.08.2010	6,83MB	3.0.10900.9.100
Nero SoundTrax 10	Nero AG	03.08.2010	95,6MB	4.6.10600.2.100
Nero StartSmart 10	Nero AG	03.08.2010	110,2MB	10.0.11200.12.100
Nero Update	Nero AG	03.08.2010	1,42MB	1.0.0017
Nero Vision 10	Nero AG	03.08.2010	214MB	7.0.11100.8.100
Nero WaveEditor 10	Nero AG	03.08.2010	76,6MB	5.6.10600.2.100
NVIDIA PhysX	NVIDIA Corporation	28.07.2010	120,1MB	9.09.0814
OpenAL		28.07.2010	0,77MB	
OpenOffice.org 3.2	OpenOffice.org	15.08.2010	370MB	3.2.9483
Orbit Downloader	www.orbitdownloader.com	16.03.2011	13,0MB	
Pando Media Booster	Pando Networks Inc.	07.09.2010	6,70MB	2.3.4.1
PCTroubleshooting	Samsung Electronics Co.,LTD.	10.09.2009	1,93MB	2.0.0.4
Pinnacle Studio 14	Pinnacle Systems	26.11.2010	2.030MB	14.0.0.7255
Pinnacle Studio Ultimate Collection Plugins	Pinnacle Systems	26.11.2010	167,8MB	14.0.0.7255
Pinnacle Video Treiber	Pinnacle Systems	26.11.2010	4,96MB	12.1.0.030
PowerISO	PowerISO Computing, Inc.	30.08.2010	3,93MB	4.7
Realtek 8136 8168 8169 Ethernet Driver	Realtek	23.07.2009	2,07MB	1.00.0004
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	23.07.2009	10,5MB	6.0.1.5837
Red Giant ToonIt Studio		26.11.2010		
Samsung Magic Doctor	Samsung Electronics Co., LTD	23.07.2009	15,8MB	5.0
Samsung Recovery Solution III	Samsung	23.07.2009	43,0MB	3.0.0.9
Samsung Update Plus	Samsung Electronics Co., Ltd.	23.07.2009	7,85MB	2.0
Sandboxie 3.50		30.10.2010	2,84MB	
Steamless Left4Dead2 Pack	Steamless	31.07.2010	7.271MB	1.0
Strassenbau Simulator 1.2.16	UIG GmbH	10.08.2010	502MB	
Synaptics Pointing Device Driver	Synaptics	23.07.2009	14,0MB	11.1.3.2
System Requirements Lab		02.08.2010	1,59MB	
System Requirements Lab CYRI	Husdawg, LLC	17.09.2010	0,50MB	4.3.1.0
Trapcode 3DStroke Studio		26.11.2010		
Trapcode Particular Studio		26.11.2010		
Trapcode Shine Studio		26.11.2010		
Turbo Lister 2	eBay Inc.	02.10.2010	82,5MB	2.00.0000
Uninstall 1.0.0.1		07.04.2011	30,8MB	
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)	Microsoft Corporation	10.09.2009	25,1MB	9.00.3042.00
User Guide		23.07.2009	141,6MB	1.0
VirtualCloneDrive	Elaborate Bytes	30.08.2010	2,31MB	
VLC media player 1.1.5	VideoLAN	22.11.2010	84,5MB	1.1.5
Windows Live Essentials	Microsoft Corporation	21.07.2010	43,9MB	14.0.8117.0416
Windows Live ID Sign-in Assistant	Microsoft Corporation	16.11.2010	4,69MB	6.500.3165.0
Windows Live-Uploadtool	Microsoft Corporation	21.07.2010	0,22MB	14.0.8014.1029
WinRAR		21.07.2010	3,79MB
         
4. OTL Log

OTL.txt
Code:
ATTFilter
OTL logfile created on: 21.04.2011 12:45:21 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = D:\Mozilla Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,09 Gb Total Space | 12,60 Gb Free Space | 21,33% Space Free | Partition Type: NTFS
Drive D: | 226,00 Gb Total Space | 136,17 Gb Free Space | 60,25% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNG | User Name: Meier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.21 09:22:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Mozilla Downloads\OTL.exe
PRC - [2011.03.25 18:40:59 | 000,912,344 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.03.18 12:23:21 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.12.10 10:57:11 | 000,435,368 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avscan.exe
PRC - [2010.11.03 09:51:01 | 000,135,336 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.03 09:50:59 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.18 00:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) -- D:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2010.04.20 14:26:44 | 000,300,912 | -H-- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2010.03.25 14:39:22 | 000,490,280 | -H-- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009.05.28 08:06:56 | 000,548,864 | -H-- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009.05.15 08:47:58 | 000,692,224 | -H-- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.12.10 09:07:52 | 000,352,256 | -H-- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008.08.26 02:59:54 | 000,045,056 | -H-- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2008.01.22 19:35:52 | 000,103,808 | -H-- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.21 09:22:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Mozilla Downloads\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (McAfee SiteAdvisor Service)
SRV - [2011.03.18 12:23:21 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.03 09:51:01 | 000,135,336 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.10.18 00:42:38 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- D:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010.06.07 12:22:00 | 003,549,224 | -H-- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010.03.25 14:39:22 | 000,490,280 | -H-- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.02.19 13:37:14 | 000,517,096 | -H-- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2008.01.22 19:35:52 | 000,103,808 | -H-- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.18 12:23:21 | 000,137,656 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.23 10:09:58 | 000,061,960 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.18 00:42:34 | 000,124,648 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- D:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010.09.29 10:09:04 | 000,436,792 | -H-- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.04.12 10:44:34 | 000,059,388 | -H-- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009.05.11 10:12:49 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.04 16:35:00 | 000,163,328 | -H-- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.04.22 11:27:12 | 001,129,472 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.01.21 04:23:20 | 002,225,664 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.14 02:11:54 | 000,013,312 | -H-- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2006.11.02 09:41:50 | 000,983,552 | -H-- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:30:53 | 000,045,056 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005.09.23 23:18:32 | 000,171,520 | -H-- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: staff@hide-my-ip.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: speedtest@gotomyhelp.com:1.2.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: stealthyextension@gmail.com:0.8
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011.03.25 18:41:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011.03.25 18:41:01 | 000,000,000 | ---D | M]
 
[2010.07.22 11:39:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Extensions
[2011.04.20 16:21:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions
[2010.07.23 14:11:58 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.28 18:36:36 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.07.26 14:18:16 | 000,000,000 | -H-D | M] (FIFA Online Web Launcher) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\eafo3fflauncher@ea.com
[2010.08.28 13:49:49 | 000,000,000 | -H-D | M] ("Broadband Speed Test and Diagnostics") -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\speedtest@gotomyhelp.com
[2011.04.07 19:28:39 | 000,000,000 | -H-D | M] (Stealthy) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\stealthyextension@gmail.com
[2011.04.07 19:28:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Meier\AppData\Roaming\mozilla\Firefox\Profiles\xqn0fvlg.default\extensions\stealthyextension@gmail.com\chrome
[2009.10.28 21:30:35 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2010.08.16 13:19:32 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010.08.19 09:56:53 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.16 20:01:37 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.11 15:52:14 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.02.04 12:16:35 | 000,000,000 | ---D | M] (Hide My IP) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\STAFF@HIDE-MY-IP.COM
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MRtPNAFMRSnT]  File not found
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: &Download by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - D:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6dfa23fb-b080-11df-968d-001583c2cefa}\Shell - "" = AutoRun
O33 - MountPoints2\{6dfa23fb-b080-11df-968d-001583c2cefa}\Shell\AutoRun\command - "" = F:\Set-up.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\MTInstall.exe
O33 - MountPoints2\G\Shell\directx\command - "" = G:\Redist\directx8a\dxsetup.exe
O33 - MountPoints2\G\Shell\Gamespy\command - "" = G:\Redist\GameSpy\ArcadeInstallMTYCOON108c.exe
O33 - MountPoints2\G\Shell\setup\command - "" = G:\MTInstall.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.21 11:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.04.21 11:26:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.04.21 09:55:01 | 000,000,000 | -H-D | C] -- C:\Users\Meier\AppData\Roaming\Malwarebytes
[2011.04.21 09:54:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.21 09:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.21 09:54:10 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\Meier\Desktop\OTL.exe
[2011.04.21 09:39:33 | 007,734,208 | -H-- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Meier\Desktop\mbam-setup.exe
[2011.04.21 08:41:45 | 000,000,000 | -H-D | C] -- C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.15 18:13:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.04.15 16:14:32 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.15 16:14:32 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.15 16:14:14 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.15 16:14:14 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.15 16:14:14 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.15 16:14:07 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.15 16:14:07 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.15 16:14:07 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.15 16:14:07 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.15 16:14:06 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.15 16:14:06 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.15 16:14:06 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.15 16:14:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.15 16:14:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.15 16:14:06 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.15 16:14:06 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.15 16:14:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.15 16:14:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.15 16:14:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.15 16:13:54 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.15 16:13:53 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.15 16:13:49 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.15 16:13:47 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.15 16:13:44 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.15 16:13:44 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.08 12:19:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acoustica MP3 To Wave Converter Plus
[2011.04.08 12:13:16 | 000,000,000 | -H-D | C] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoft
[2011.03.27 08:12:11 | 000,000,000 | -H-D | C] -- C:\Users\Meier\AppData\Local\Microsoft Games
[2011.03.23 13:19:21 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.03.23 13:19:21 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010.08.25 19:59:08 | 000,004,096 | -H-- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.21 12:28:37 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 12:28:37 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 12:28:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.21 12:28:30 | 3150,565,376 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.21 11:26:32 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.04.21 11:06:29 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.04.21 09:54:52 | 000,000,704 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.21 09:39:22 | 007,734,208 | -H-- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Meier\Desktop\mbam-setup.exe
[2011.04.21 09:22:30 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\Meier\Desktop\OTL.exe
[2011.04.21 06:52:17 | 000,632,252 | -H-- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.21 06:52:17 | 000,598,900 | -H-- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.21 06:52:17 | 000,127,464 | -H-- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.21 06:52:17 | 000,104,914 | -H-- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.20 16:34:59 | 000,000,370 | -H-- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.04.15 18:32:00 | 003,810,392 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.08 12:19:07 | 000,000,777 | -H-- | M] () -- C:\Users\Public\Desktop\Acoustica MP3 To Wave Converter PLUS.lnk
[2011.04.08 12:17:05 | 000,001,032 | -H-- | M] () -- C:\Users\Meier\Desktop\DVDVideoSoft Free Studio.lnk
[2011.04.08 12:17:01 | 000,000,849 | -H-- | M] () -- C:\Users\Meier\Desktop\Free Audio Converter.lnk
[2011.04.03 12:14:09 | 000,015,008 | -H-- | M] () -- C:\Users\Meier\Desktop\OpenDocument Text (neu).odt
[2011.04.02 13:49:46 | 000,000,915 | -H-- | M] () -- C:\Users\Meier\Desktop\Free YouTube to MP3 Converter.lnk
[2011.03.27 08:39:50 | 000,000,349 | -H-- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.21 12:28:30 | 3150,565,376 | -HS- | C] () -- C:\hiberfil.sys
[2011.04.21 11:26:32 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.04.21 09:54:52 | 000,000,704 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.08 12:19:07 | 000,000,777 | -H-- | C] () -- C:\Users\Public\Desktop\Acoustica MP3 To Wave Converter PLUS.lnk
[2011.04.08 12:13:19 | 000,000,849 | -H-- | C] () -- C:\Users\Meier\Desktop\Free Audio Converter.lnk
[2011.04.03 11:13:59 | 000,015,008 | -H-- | C] () -- C:\Users\Meier\Desktop\OpenDocument Text (neu).odt
[2011.04.02 13:49:46 | 000,000,915 | -H-- | C] () -- C:\Users\Meier\Desktop\Free YouTube to MP3 Converter.lnk
[2011.04.02 13:17:36 | 000,000,370 | -H-- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.11.07 20:54:46 | 000,000,010 | -H-- | C] () -- C:\Windows\popcinfo.dat
[2010.10.31 15:25:58 | 000,001,666 | -H-- | C] () -- C:\Windows\Sandboxie.ini
[2010.10.25 14:48:52 | 000,000,331 | -H-- | C] () -- C:\Windows\SIERRA.INI
[2010.10.25 10:20:49 | 000,000,556 | -H-- | C] () -- C:\Windows\ODBC.INI
[2010.10.14 02:36:44 | 000,179,263 | -H-- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.09.24 21:47:43 | 000,000,069 | -H-- | C] () -- C:\Windows\NeroDigital.ini
[2010.08.25 20:30:02 | 000,439,308 | -H-- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 20:30:00 | 000,982,240 | -H-- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 20:30:00 | 000,092,356 | -H-- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 19:57:00 | 000,000,151 | -H-- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 19:52:00 | 000,208,896 | -H-- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 19:52:00 | 000,143,360 | -H-- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.08.24 17:46:00 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010.08.03 15:14:30 | 000,233,472 | -H-- | C] () -- C:\Windows\System32\MafiaSetup.exe
[2010.07.26 14:20:42 | 000,139,152 | -H-- | C] () -- C:\Users\Meier\AppData\Roaming\PnkBstrK.sys
[2010.07.26 10:58:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.07.26 10:58:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.07.24 16:11:17 | 000,000,013 | -H-- | C] () -- C:\Users\Meier\AppData\Roaming\Update.cfg
[2010.07.23 21:15:01 | 001,970,176 | -H-- | C] () -- C:\Windows\System32\d3dx9.dll
[2010.07.22 11:38:52 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2009.08.03 00:21:54 | 000,197,912 | -H-- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009.08.03 00:21:54 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009.08.03 00:21:52 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009.08.03 00:21:52 | 000,058,648 | -H-- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009.07.24 05:49:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.07.24 05:20:06 | 000,307,200 | -H-- | C] () -- C:\Windows\SetDisplayResolution.exe
[2009.07.24 05:19:37 | 000,000,135 | RH-- | C] () -- C:\Windows\System32\lngEng.ini
[2009.07.24 05:19:37 | 000,000,117 | -H-- | C] () -- C:\Windows\System32\lngKor.ini
[2009.07.24 05:17:29 | 000,004,280 | -H-- | C] () -- C:\Windows\HotFixList.ini
[2009.07.24 05:17:08 | 000,073,728 | -H-- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.07.24 03:52:31 | 000,632,252 | -H-- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.24 03:52:31 | 000,290,748 | -H-- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.24 03:52:31 | 000,127,464 | -H-- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.24 03:52:31 | 000,036,916 | -H-- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.24 03:35:48 | 001,060,424 | -H-- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.07.24 03:35:40 | 000,147,456 | -H-- | C] () -- C:\Windows\System32\igfxCoIn_v1540.dll
[2009.07.24 03:35:40 | 000,147,172 | -H-- | C] () -- C:\Windows\System32\igfcg550.bin
[2008.02.09 18:03:07 | 000,024,576 | -H-- | C] () -- C:\Windows\System32\drivers\Marker.exe
[2007.02.26 09:49:12 | 006,139,774 | -H-- | C] () -- C:\Windows\imagine digital freedom.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 003,810,392 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,598,900 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,914 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010.11.06 17:51:20 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Alawar
[2010.11.06 13:48:43 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Boomzap
[2010.07.28 14:33:16 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Canneverbe Limited
[2010.09.21 12:05:49 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Canon
[2010.09.16 20:16:01 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2010.09.11 13:43:49 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Command and Conquer 4
[2010.08.31 22:07:41 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DAEMON Tools Pro
[2011.04.08 12:13:16 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoft
[2011.04.02 13:50:02 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.24 23:31:46 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\GrabPro
[2010.08.22 16:18:53 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\ICQ
[2010.07.24 01:57:18 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\MessengerGadget
[2010.11.06 15:52:51 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\My Games
[2010.09.05 11:58:06 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Need for Speed World
[2010.08.16 13:24:03 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\OpenOffice.org
[2011.04.20 21:11:11 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Orbit
[2010.12.23 12:02:47 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Process Hacker 2
[2010.07.24 23:32:31 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\ProgSense
[2010.08.05 12:47:18 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.11.06 19:12:24 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Super-Cow
[2010.10.01 19:29:51 | 000,000,000 | -H-D | M] -- C:\Users\Meier\AppData\Roaming\Zylom
[2011.04.20 16:34:59 | 000,000,370 | -H-- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011.04.21 11:06:29 | 000,032,582 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 21.04.2011 12:45:21 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = D:\Mozilla Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,09 Gb Total Space | 12,60 Gb Free Space | 21,33% Space Free | Partition Type: NTFS
Drive D: | 226,00 Gb Total Space | 136,17 Gb Free Space | 60,25% Space Free | Partition Type: NTFS
 
Computer Name: SAMSUNG | User Name: Meier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\Orbitdownloader\orbitdm.exe" = D:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Program Files\Orbitdownloader\orbitnet.exe" = D:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14F3A794-E653-4742-87A0-E0D9B74A1150}" = lport=2300 | protocol=17 | dir=in | name=wolfteam port | 
"{208A00FA-10A6-4584-BDF6-B84153B8D04B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{20D028DC-E2FF-4AA2-BAE6-D57BEA8198C4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3CF4BAE3-B7A8-420C-9F33-1E3E5BE7E104}" = lport=13000 | protocol=17 | dir=in | name=hockeydash | 
"{56BBB4AF-1C79-49AD-BA89-69A78E1BA809}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5E81563F-F878-45A1-ABC2-53A78BBF2EC8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{60F82C58-B1F5-430D-B939-695ADBE7913D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7825D50A-BC25-4214-9FF6-5F5DA05758BC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{78A0BE29-B16C-4D3C-8DFD-617697596852}" = rport=139 | protocol=6 | dir=out | app=system | 
"{80CAAB0C-C66C-4B58-BB5E-ADEAAB104BE3}" = lport=49158 | protocol=6 | dir=in | name=akamai netsession interface | 
"{83C4E23B-E6B4-48FF-B3AB-F3B8C078A9DA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B5A334D3-744D-4556-9DE4-ED2280B3527D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BA9C339F-776C-48CA-8F3C-9CABA20A0AC5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C5D50928-0BDF-4E0D-A9C9-78DC6296097D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E15B5776-2905-4B62-806C-E92D836B8C14}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{E839F652-3F03-47EF-822A-87177B51B29E}" = lport=8500 | protocol=6 | dir=in | name=hockeydash | 
"{EDA4BBDD-1E33-4B4C-83ED-256B45259F11}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F11A2D0C-81E9-4DF8-A381-3F1EAA9F44FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031E18BE-36FA-46DA-955C-BEC759A44F1E}" = protocol=17 | dir=in | app=d:\program files\gamigo ag\levelr\levelr.bin | 
"{14482ABA-8BA3-45D7-AE86-B5AD8BBC91FC}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{145BCCAE-FF8C-4C68-8D62-3BFAD7B090AD}" = protocol=17 | dir=in | app=d:\program files\icq7.2\icq.exe | 
"{18918E82-3E45-42B0-B765-5BF014E12EAD}" = protocol=6 | dir=in | app=d:\program files\ogplanet\hockeydash\hockeydash.exe | 
"{28DB716E-D044-41C8-BC84-D0746782E0EF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{29DE2C06-67AF-4ECB-99CD-D144FDDE8A51}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{3D17E532-8C8A-41E9-8AC5-091711619F9F}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\alien swarm\srcds.exe | 
"{41FB5A3B-B8DB-4F89-BE04-B0C50FD174FD}" = protocol=6 | dir=in | app=d:\program files\icq7.2\icq.exe | 
"{4E64293B-AD1C-47A1-83A9-99B3BB6DE2F8}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{4FEC96A0-E32B-4EB8-ADBD-886F5D907146}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{509C77DC-CDA7-4143-8FE5-73C9AFF929E1}" = protocol=6 | dir=in | app=d:\program files\pinnacle\studio 14\programs\studio.exe | 
"{5A721190-AF02-4F9C-BFE0-4BA4C969A297}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5CAB55F0-198A-494F-A879-D1DAC471E84F}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe | 
"{625A5FCC-ABAB-47C7-9EE1-1F3B9DCE7DF2}" = protocol=17 | dir=in | app=d:\aeriagames\wolfteam-de\launcher.exe | 
"{63160B43-9B30-442C-921F-7A38C30F4E12}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\alien swarm\srcds.exe | 
"{708A77A5-9AD9-4C9C-A64F-495E9E1A351B}" = protocol=17 | dir=in | app=d:\program files\pinnacle\studio 14\programs\studio.exe | 
"{75EC1325-75C3-468B-AE34-AE7FC32CE0A3}" = protocol=17 | dir=in | app=d:\program files\ogplanet\hockeydash\hockeydash.exe | 
"{7945870D-0B0A-44D5-89C7-2D466FC1206F}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe | 
"{79739634-264F-4246-85CB-8AF22DC10AEA}" = protocol=6 | dir=in | app=d:\program files\icq7.2\icq.exe | 
"{7A9A1701-68FA-481A-9269-AF3ABA85252E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{7E062F10-FDFB-4AE7-89EB-0B020A64E833}" = protocol=6 | dir=in | app=d:\program files\pinnacle\studio 14\programs\rm.exe | 
"{7F3B7155-E63D-4C45-8D83-967F583CF909}" = protocol=6 | dir=in | app=d:\program files\pinnacle\studio 14\programs\umi.exe | 
"{8827AF14-989F-414A-BB3B-DE1FFC28085F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{90E5B175-8DDE-4517-B3C6-46821AD32383}" = protocol=17 | dir=in | app=d:\program files\icq7.2\aolload.exe | 
"{938A1A2D-A5D3-42E2-A824-3E69ACE5FD02}" = protocol=17 | dir=in | app=d:\program files\icq7.2\aolload.exe | 
"{96B2DA6E-944D-4046-8459-13BE12E2C60A}" = protocol=17 | dir=in | app=d:\program files\pinnacle\studio 14\programs\umi.exe | 
"{9953B4B4-41BC-4A60-B4D0-51A475A464DA}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{9B4FAF45-F301-4EB6-9DE1-F6295DBA383C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9CE18D3A-760D-4754-95DD-5F41135D0EE8}" = protocol=6 | dir=in | app=d:\program files\gamigo ag\levelr\levelr.bin | 
"{ABC33052-224A-49F2-B049-B86AA22C87B0}" = protocol=6 | dir=in | app=d:\program files\icq7.2\aolload.exe | 
"{AC6DDA29-085F-4E2E-9C94-3A7A9B19D86E}" = protocol=6 | dir=in | app=d:\program files\icq7.2\aolload.exe | 
"{B43C8941-CE32-4207-9358-27C1961DE26C}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{C629D4C0-D0E2-47D5-85A1-AB690BF75CD2}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{C6306FD0-9544-4525-AD7D-A567006CB5DA}" = protocol=17 | dir=in | app=d:\program files\icq7.2\aolload.exe | 
"{CEE6AA81-8DAE-4CB6-9155-A8EFF12F20E6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{D0A768C8-4813-4B16-95DE-E0B509741A6D}" = protocol=17 | dir=in | app=d:\program files\icq7.2\icq.exe | 
"{D18788D9-C34A-4C6D-9019-2FE674E1B734}" = protocol=17 | dir=in | app=d:\program files\pinnacle\studio 14\programs\rm.exe | 
"{D64072C8-B969-4D70-B509-80C5E36E3F5D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{E04A4866-9913-4593-9AC2-39B34D64186D}" = protocol=6 | dir=in | app=d:\program files\icq7.2\icq.exe | 
"{E62D4474-897C-4754-86CF-ACF4C3EF0F58}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{E95772DD-A2D3-46D0-83F6-E146AA9101A8}" = protocol=6 | dir=in | app=d:\program files\icq7.2\aolload.exe | 
"{E99363F6-9838-4A88-B24F-F17827D7BB6A}" = protocol=6 | dir=in | app=d:\aeriagames\wolfteam-de\launcher.exe | 
"{EA7CD89E-9DF4-4587-945C-7214063469EB}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{ED0F6723-DF8E-4F8D-9ED9-199A13462D46}" = protocol=17 | dir=in | app=d:\program files\icq7.2\icq.exe | 
"{F619090B-946A-453A-989F-D821D70C4C00}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F9711B46-B28B-433E-BBF6-AE0DDA226F1C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"TCP Query User{0154C858-B048-4274-BB52-4E2BED70EA39}D:\program files\garena\garena.exe" = protocol=6 | dir=in | app=d:\program files\garena\garena.exe | 
"TCP Query User{0C912525-BBD0-4D72-84B3-4D8E2F9F7D05}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{2049B93A-BC75-44D8-A749-91B1F6FBB0FC}D:\program files\ea sports\fifa online\nfe.exe" = protocol=6 | dir=in | app=d:\program files\ea sports\fifa online\nfe.exe | 
"TCP Query User{20DAB239-6877-4B28-9A7F-B6AC503BAB75}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{2B9257CA-A7A7-442E-B137-FD0483EA2322}D:\program files\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=6 | dir=in | app=d:\program files\command & conquer 4 tiberian twilight\data\cnc4.game | 
"TCP Query User{2F3C5C8D-EE19-4057-AEAE-FC3A71F28505}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"TCP Query User{4C8B99BF-8106-42CE-881E-AAEEC388D511}D:\program files\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=d:\program files\left 4 dead\left4dead.exe | 
"TCP Query User{6F1124EE-844F-41D6-B384-492B7539FE4E}D:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=d:\program files\atari\test drive unlimited\testdriveunlimited.exe | 
"TCP Query User{765D6057-E03D-4F06-A3A8-D53435162FFB}D:\aeriagames\rohan\rohanclient.exe" = protocol=6 | dir=in | app=d:\aeriagames\rohan\rohanclient.exe | 
"TCP Query User{DF306364-8A97-458B-ADA7-61BFE493432F}D:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=6 | dir=in | app=d:\aeriagames\wolfteam-de\wolfteam.bin | 
"TCP Query User{E3168FDA-A813-4D8B-820A-469E05E29203}D:\program files\steamless left4dead2 pack\left4dead2.exe" = protocol=6 | dir=in | app=d:\program files\steamless left4dead2 pack\left4dead2.exe | 
"TCP Query User{ED95F4BC-19A0-43E2-9D47-D97AB9EDA5C0}D:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=d:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{F227E3F9-3DC5-406A-BD5F-47B7980A34DB}D:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=d:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{331ADF06-E73E-427E-92B5-C5BAE3FDB54B}D:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=d:\program files\atari\test drive unlimited\testdriveunlimited.exe | 
"UDP Query User{4FD0CE6F-EF8C-46F0-9294-E1E0F27A3B2B}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{59E10071-A191-496E-9474-C24026D83D7F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{695EE8C5-EB83-490E-869B-8251A447645C}D:\program files\garena\garena.exe" = protocol=17 | dir=in | app=d:\program files\garena\garena.exe | 
"UDP Query User{6BD876F0-8478-4344-A385-087E35512EE5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{7141627E-FB5D-46FB-B374-C031D4C8AC09}D:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=17 | dir=in | app=d:\aeriagames\wolfteam-de\wolfteam.bin | 
"UDP Query User{7316A955-D8A0-47E0-A9ED-BB2D909C1A95}D:\aeriagames\rohan\rohanclient.exe" = protocol=17 | dir=in | app=d:\aeriagames\rohan\rohanclient.exe | 
"UDP Query User{7888E5C5-AE5F-4910-801C-C404E2E2777A}D:\program files\command & conquer 4 tiberian twilight\data\cnc4.game" = protocol=17 | dir=in | app=d:\program files\command & conquer 4 tiberian twilight\data\cnc4.game | 
"UDP Query User{789E9993-519A-4E23-A517-42865290795A}D:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=d:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{9B3958B9-2089-4533-A191-6A0383A95B7A}D:\program files\ea sports\fifa online\nfe.exe" = protocol=17 | dir=in | app=d:\program files\ea sports\fifa online\nfe.exe | 
"UDP Query User{9D723CFA-0C83-4FEA-B59D-D43712C1ADC0}D:\program files\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=d:\program files\left 4 dead\left4dead.exe | 
"UDP Query User{BF690DF6-727A-4984-AB2D-20010F9B7D22}D:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=d:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{E95C6208-AE70-4F61-8F64-F9D9517BED7D}D:\program files\steamless left4dead2 pack\left4dead2.exe" = protocol=17 | dir=in | app=d:\program files\steamless left4dead2 pack\left4dead2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807" = CanoScan LiDE 200 Scanner Driver
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1B3EC2E9-67E3-4D10-B1B8-BD71D7DC8930}" = Eternia LastChaos
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 22
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3832FA99-2EDD-41E0-94AD-FBF9FABAFEF9}" = Atheros WLAN Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{68CAE442-579C-4D84-AA5F-253852522ED5}" = PCTroubleshooting
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{8043219B-D2C0-4561-90AB-3F1113ED5A87}" = HERRSCHER DES OLYMP - ZEUS & HERRSCHER von ATLANTIS - POSEIDON
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{852019C5-8AF7-4ECF-BB25-79AE53FBD245}_is1" = Strassenbau Simulator 1.2.16
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B975F4A1-63B6-11D4-BFEC-005004AF2D32}" = Monopoly Tycoon
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAB2778A-31C8-43CC-98C9-FF9FE2842D55}" = Eternia LastChaos
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acoustica MP3 To Wave Converter PLUS" = Acoustica MP3 To Wave Converter PLUS
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Setup.divx.com" = DivX-Setup
"EAX Unified" = EAX Unified
"FLAC" = FLAC 1.2.1b (remove only)
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Audio Converter_is1" = Free Audio Converter version 2.2.16.324
"Free YouTube Download_is1" = Free YouTube Download 2.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"IsoBuster_is1" = IsoBuster 2.8
"JDownloader" = JDownloader
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"Left 4 Dead" = Left 4 Dead
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Monopoly Deluxe" = Monopoly Deluxe
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"PowerISO" = PowerISO
"PROHYBRIDR" = 2007 Microsoft Office system
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"Sandboxie" = Sandboxie 3.50
"Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
__________________

Alt 21.04.2011, 14:15   #4
kira
/// Helfer-Team
 
kazy.mekml.1 seit gerade eben - Standard

kazy.mekml.1 seit gerade eben



1.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java Version 6 Update 24 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

2.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

3.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

4.
- "Link:-> ESET Online Scanner
>>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.► [Sicherheit] Autorun Funktion für mehr Sicherheit auf allen Laufwerken deaktivieren /Avira Support Forum

-> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch

- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"

Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen

► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 21.04.2011, 19:51   #5
xQuattrox
 
kazy.mekml.1 seit gerade eben - Standard

kazy.mekml.1 seit gerade eben



1.
ok habs gelöscht und via offline setup neu aufgesetzt

2.
update gemacht

3.
SUPERAntiSpyware Log
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/21/2011 at 06:20 PM

Application Version : 4.50.1002

Core Rules Database Version : 6885
Trace Rules Database Version: 4697

Scan type       : Complete Scan
Total Scan Time : 01:03:03

Memory items scanned      : 653
Memory threats detected   : 0
Registry items scanned    : 8854
Registry threats detected : 0
File items scanned        : 41246
File threats detected     : 16

Adware.Tracking Cookie
	C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@p380t1s3658947.kronos.bravenetmedia[1].txt
	C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@atdmt[2].txt
	C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@e-2dj6wfk4gnd5oho.stats.esomniture[1].txt
	C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@www.counter[3].txt
	C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@www.counter[7].txt
	C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@www.counter[4].txt
	C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@www.counter[1].txt
	C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@www.counter[5].txt
	C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@www.counter[2].txt
	C:\Users\Meier\AppData\Roaming\Microsoft\Windows\Cookies\meier@www.counter[6].txt

Trojan.Agent/Gen-HackPatch
	C:\PROGRAM FILES\ETERNIAGAMES\ETERNIA LASTCHAOS EP2\BIN\LASTCHAOSPATCH.EXE
	C:\PROGRAM FILES\ETERNIAGAMES\ETERNIA LASTCHAOS EP2\BIN - KOPIE\LASTCHAOSPATCH.EXE
	D:\AERIAGAMES\LASTCHAOSUSA\BIN\LAST.CHAOS-PATCH.EXE
	D:\MOZILLA DOWNLOADS\LASTCHAOSPATCH\LASTCHAOSPATCH.EXE
	D:\PROGRAM FILES\ETERNIA GAMES\ETERNIA LASTCHAOS\BIN\LASTCHAOSPATCH.EXE
	D:\PROGRAM FILES\ETERNIA GAMES\ETERNIA LASTCHAOS\BIN - KOPIE\LASTCHAOSPATCH.EXE
         
4.
ESET Log

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=db34a3d4cde7e944b8cc1c4ac608f765
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-21 05:46:27
# local_time=2011-04-21 07:46:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 94 340381 39938313 118926 0
# compatibility_mode=5892 16776573 100 100 198399 140934185 0 0
# compatibility_mode=8192 67108863 100 0 2156 2156 0 0
# scanned=367311
# found=0
# cleaned=0
# scan_time=6530
         
so hoffe das hilft weiter


Der momentane zustand ist nicht wirklich besser immernoch keine desktopsymbole keiner schnellstartsymbole unter start ist auch nichts
festplatte C wird auch nicht angezeigt es sei den man stellt es in den ordner optionen um (versteckte datein anzeigen) dann sind die ordner etc. leicht transparent zu sehen

lediglich die medlungen mit defekter festplatte tauchen im mom nicht auf


Alt 21.04.2011, 21:05   #6
kira
/// Helfer-Team
 
kazy.mekml.1 seit gerade eben - Standard

kazy.mekml.1 seit gerade eben



  • Lade Dir Unhide.exe (http://filepony.de/download-unhide/) (by Grinler) herunter und speichere auf deinem Desktop
    für Windows 7 und Vista mit Rechtsklick als Administrator ausführen
  • Doppelklick auf das Unhide.exe Icon auf dem Desktop - Alles braucht seine Zeit, also ein bisschen Geduld
<Achtung!>: Wenn Dateien etc, die absichtlich von Dir verborgen waren, also unter eigenschaften versteckt eingestellt hast, musst Du wieder auszublenden, nachdem das Tool ausgeführt wird.

► wie verhält sich den dein System? berichte erneut
__________________
--> kazy.mekml.1 seit gerade eben

Alt 22.04.2011, 06:23   #7
xQuattrox
 
kazy.mekml.1 seit gerade eben - Standard

kazy.mekml.1 seit gerade eben



Hallo,

nach dem ausführen von Unhide sind nun wieder alle symbole unter Start sowie auf dem Desktop zu sehen

Laptop läuft im mom stabil nur ein wenig träge wie ich finde

ist der trojaner denn nun vom system entfernt ?

Alt 22.04.2011, 07:26   #8
kira
/// Helfer-Team
 
kazy.mekml.1 seit gerade eben - Standard

kazy.mekml.1 seit gerade eben



1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst

2.
Zitat:
**Vor dem Löschen temporärer Dateien sollte man unbedingt alle Anwendungen beenden!
**Der Temp Ordner,ist für temporäre Dateien,also der Inhalt kann man ohne weiteres löschen.- Dateien, die noch in Benutzung sind,nicht löschbar.
Temp Ordner leeren (Inhalt markieren und löschen): **lösche nur den Inhalt der Ordner, nicht die Ordner selbst!
♦ Also öffne das Startmenü und gibst ein: %TEMP%
♦ Alle Dateien die du dort siehst, kannst du in der Regel bedenkenlos löschen.

In Zukunft kannst Du die ganze Prozedur schneller erledigen:
CCleaner als Admin starten => gehe auf den Button links oben "Cleaner", setze Häkchen unter Reiter "Windows" (alle außer "Eingabefeld Verlauf" und bei "Erweitert" nur ein Häkchen bei "Alte Prefetchdaten" und "Benutzerdefinierte Dateien und Ordner").
Einstellungen => Benutzerdefiniert => Zu bereinigende Dateien und Ordner => Ordner hinzufügen =>
Anstelle von <DeinBenutzername> trägst Du den Namen ein, mit dem Du bei Vista eingeloggt bist.
C:\Users\<DeinBenutzername>\AppData\Local\Temp\*.*
C:\Users\Default\AppData\Local\Temp\*.*
C:\Windows\Temp\*.*

3.
Öffne CCleaner
  • "Cleaner"-->"Analysieren"-->Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"--> "Fehler beheben"-->"Alle beheben"
  • Starte dein System neu auf

4.
Ändere deine Passworte und Zugangsdaten! - von einem sauberen System aus
- Alle Passwörter, die auf dem kompromittierten System verwendet wurden (also z.B. Login-, Mail- oder Website-Passwörter, aber auch die PIN für das Online-Banking) sofort ändern (► am besten von einem anderen, nicht-infizierten Rechner aus! )
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

5.
Zitat:
Zitat von xQuattrox Beitrag anzeigen
Laptop läuft im mom stabil nur ein wenig träge wie ich finde
Folgendes:
XP, Vista und Windows 7 legen beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz, Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird
Ausserdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen müssen jetzt entfernt werden!
Zitat:
Nicht mehr benötigte Wiederherstellungspunkte wieder entfernen lassen:

1. Klicken Sie auf Start – Alle Programme – Zubehör – Systemprogramme – Datenträgerbereinigung.
2. Wählen Sie Ihr Systemlaufwerk (im Normalfall „C:“) aus und klicken Sie auf OK.
3. Klicken Sie auf das Register Weitere Optionen.
4. Im Abschnitt Systemwiederherstellung klicken Sie auf die Schaltfläche Bereinigen….
5. Bestätigen Sie das Löschen mit einem Klick auf Ja bzw. unter Vista auf Löschen.
6. Klicken Sie auf OK, um die Datenträgerbereinigung zu starten.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Geändert von kira (22.04.2011 um 07:39 Uhr)

Alt 22.04.2011, 08:02   #9
xQuattrox
 
kazy.mekml.1 seit gerade eben - Standard

kazy.mekml.1 seit gerade eben



ok das habe ich gemacht würde jetzt nicht sagen das es merklich besser ist aber das wird sich denke ich noch zeigen

nur bekomme ich vom internet explorer immer eine meldung das ein script nicht mehr ausgeführt werden kann

und im Mozilla den ich eig. nur verwende ist alles fett geschrieben und in foren erkennt man kein unterschied zwischen gelesenen und ungelesenen themen


und gibt es programme die ich mir installieren sollte um mich ein wenig besser schützen zu können?

Alt 22.04.2011, 09:04   #10
kira
/// Helfer-Team
 
kazy.mekml.1 seit gerade eben - Standard

kazy.mekml.1 seit gerade eben



Ich empfehle dir noch dein System auf Rootkits untersuchen:

1.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird GMER beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

2.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
  • Downloade die MBR.exe von Gmer und
    kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
    Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
  • Start => ausführen => cmd (da reinschreiben) => OK
    es öffnet sich eine Eingabeaufforderung.

    Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
  • Nach dem Prompt (>_) folgenden

    aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
    Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

    Code:
    ATTFilter
    mbr.exe -t > C:\mbr.log & C:\mbr.log
             
    (Enter drücken)
  • Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
    Bitte kopiere den Inhalt hier in Deinen Thread.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 22.04.2011, 11:31   #11
xQuattrox
 
kazy.mekml.1 seit gerade eben - Standard

kazy.mekml.1 seit gerade eben



1.
GMER Log

Code:
ATTFilter
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-22 12:29:25
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1
Running: mwlmh7ng.exe; Driver: C:\Users\Meier\AppData\Local\Temp\pxrdypoc.sys


---- System - GMER 1.0.15 ----

SSDT            \??\D:\Program Files\SupeAntiSpyware\SASKUTIL.SYS                                                                                                                     ZwTerminateProcess [0x8F2E5620]

INT 0x62        ?                                                                                                                                                                     86C2ECC8
INT 0x72        ?                                                                                                                                                                     86C2ECC8
INT 0x92        ?                                                                                                                                                                     86C2ECC8
INT 0xA2        ?                                                                                                                                                                     86C2ECC8
INT 0xB2        ?                                                                                                                                                                     84A04CC8
INT 0xB2        ?                                                                                                                                                                     86C2ECC8
INT 0xB2        ?                                                                                                                                                                     86C2ECC8
INT 0xB2        ?                                                                                                                                                                     86C2ECC8
INT 0xB2        ?                                                                                                                                                                     84A04CC8

Code            AADA8BFC                                                                                                                                                              ZwTraceEvent
Code            AADA8BFB                                                                                                                                                              NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!NtTraceEvent                                                                                                                                             82081F64 5 Bytes  JMP AADA8C00 
.text           ntoskrnl.exe!KeInsertQueue + 811                                                                                                                                      820B3E08 4 Bytes  [20, 56, 2E, 8F]
PAGE            ntoskrnl.exe!NtRequestPort + 2                                                                                                                                        82208B0B 5 Bytes  JMP AADA8CA0 
PAGE            ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 2                                                                                                                            82260E94 5 Bytes  JMP AADA8DE0 
PAGE            ntoskrnl.exe!NtRequestWaitReplyPort + 2                                                                                                                               82263EE9 5 Bytes  JMP AADA8D40 
?               System32\drivers\uukqw.sys                                                                                                                                            Das System kann den angegebenen Pfad nicht finden. !
.text           sptd.sys                                                                                                                                                              8A24D000 32 Bytes  [06, 01, 02, 82, 60, 6F, 01, ...]
.text           sptd.sys                                                                                                                                                              8A24D024 4 Bytes  [D2, C3, 37, 8A]
.text           sptd.sys                                                                                                                                                              8A24D02C 48 Bytes  [B2, 82, 24, 82, AE, CB, 1E, ...]
.text           sptd.sys                                                                                                                                                              8A24D05D 359 Bytes  [B9, 08, 82, B4, DE, 06, 82, ...]
.text           sptd.sys                                                                                                                                                              8A24D1C5 15 Bytes  [FD, 0A, 82, 58, 1D, 0C, 82, ...]
.text           ...                                                                                                                                                                   
.sptd2          C:\Windows\System32\Drivers\sptd.sys                                                                                                                                  entry point in ".sptd2" section [0x8A344D38]
?               C:\Windows\System32\Drivers\sptd.sys                                                                                                                                  Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text           USBPORT.SYS!DllUnload                                                                                                                                                 9021041B 5 Bytes  JMP 86C2E1D8 
.text           win32k.sys!EngTransparentBlt + 8C05                                                                                                                                   99102409 5 Bytes  JMP AADA8980 
.text           win32k.sys!XFORMOBJ_iGetXform + 455E                                                                                                                                  9910FEF1 5 Bytes  JMP AADA85C0 
.text           win32k.sys!XFORMOBJ_iGetXform + 70D9                                                                                                                                  99112A6C 5 Bytes  JMP AADA8700 
.text           win32k.sys!EngGradientFill + 60DE                                                                                                                                     99153371 5 Bytes  JMP AADA88E0 
.text           win32k.sys!EngMulDiv + 4D3C                                                                                                                                           99159CAB 5 Bytes  JMP AADA8660 
.text           win32k.sys!EngMulDiv + 8C27                                                                                                                                           9915DB96 5 Bytes  JMP AADA8520 
.text           win32k.sys!EngStrokePath + 5FF                                                                                                                                        99166FFC 5 Bytes  JMP AADA8A20 
.text           win32k.sys!EngAlphaBlend + 8893                                                                                                                                       9917E2C0 5 Bytes  JMP AADA83E0 
.text           win32k.sys!EngAlphaBlend + 9B1D                                                                                                                                       9917F54A 5 Bytes  JMP AADA8480 
.text           win32k.sys!STROBJ_vEnumStart + 4728                                                                                                                                   99196B49 5 Bytes  JMP AADA8AC0 
.text           win32k.sys!CLIPOBJ_bEnum + 24A                                                                                                                                        991BA904 5 Bytes  JMP AADA8840 
.text           win32k.sys!EngLineTo + A0F                                                                                                                                            991DD707 5 Bytes  JMP AADA87A0 
.text           win32k.sys!EngLineTo + DCED                                                                                                                                           991EA9E5 5 Bytes  JMP AADA8B60 

---- User code sections - GMER 1.0.15 ----

.text           D:\Program Files\Mozilla Firefox\firefox.exe[1660] ntdll.dll!LdrLoadDll                                                                                               774B93A8 5 Bytes  JMP 001C13F0 D:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text           D:\Program Files\Mozilla Firefox\firefox.exe[1660] WS2_32.dll!closesocket                                                                                             7717330C 5 Bytes  JMP 008B000A 
.text           D:\Program Files\Mozilla Firefox\firefox.exe[1660] WS2_32.dll!connect                                                                                                 771740D9 5 Bytes  JMP 008A000A 
.text           D:\Program Files\Mozilla Firefox\firefox.exe[1660] WS2_32.dll!getaddrinfo                                                                                             7717418A 5 Bytes  JMP 008E000A 
.text           D:\Program Files\Mozilla Firefox\firefox.exe[1660] WS2_32.dll!send                                                                                                    7717659B 5 Bytes  JMP 008C000A 
.text           D:\Program Files\Mozilla Firefox\firefox.exe[1660] WS2_32.dll!gethostbyname                                                                                           771862D4 5 Bytes  JMP 008D000A 
.text           C:\Windows\Explorer.EXE[2096] WININET.dll!HttpAddRequestHeadersA                                                                                                      76FCCF4E 5 Bytes  JMP 008918D5 
.text           C:\Windows\Explorer.EXE[2096] WININET.dll!HttpAddRequestHeadersW                                                                                                      76FCFE49 5 Bytes  JMP 00891A9D 
.text           D:\Program Files\Mozilla Firefox\plugin-container.exe[2692] USER32.dll!TrackPopupMenu                                                                                 75C514F3 5 Bytes  JMP 68542024 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                                                                 849FE308
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                                                                             [8A24EFE0] \SystemRoot\System32\Drivers\sptd.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong]                                                                                             [8A24E574] \SystemRoot\System32\Drivers\sptd.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                                                                              [8A24E0C0] \SystemRoot\System32\Drivers\sptd.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                                                                      [8A24F1BC] \SystemRoot\System32\Drivers\sptd.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                                                                                             [8A24E2A4] \SystemRoot\System32\Drivers\sptd.sys
IAT             \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                                                                       [8A24E362] \SystemRoot\System32\Drivers\sptd.sys
IAT             \SystemRoot\system32\drivers\ataport.SYS[ntoskrnl.exe!DbgBreakPoint]                                                                                                  849FF308
IAT             \SystemRoot\system32\drivers\PCIIDEX.SYS[ntoskrnl.exe!DbgBreakPoint]                                                                                                  84A07308
IAT             \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                                                                  86C2E308
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                                                                    [8A263312] \SystemRoot\System32\Drivers\sptd.sys
IAT             \SystemRoot\system32\DRIVERS\storport.sys[ntoskrnl.exe!DbgBreakPoint]                                                                                                 86DC4308

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                                                84A081F8

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                                               Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device          \Driver\usbuhci \Device\USBPDO-0                                                                                                                                      86D301F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                                                                      86D301F8
Device          \Driver\PCI_PNP2641 \Device\00000052                                                                                                                                  sptd.sys
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                                                                      86D301F8
Device          \Driver\usbehci \Device\USBPDO-3                                                                                                                                      86D311F8
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                                                                      86D301F8
Device          \Driver\usbuhci \Device\USBPDO-5                                                                                                                                      86D301F8
Device          \Driver\usbuhci \Device\USBPDO-6                                                                                                                                      86D301F8
Device          \Driver\usbehci \Device\USBPDO-7                                                                                                                                      86D311F8
Device          \Driver\cdrom \Device\CdRom0                                                                                                                                          86D171F8
Device          \Driver\iaStor \Device\Ide\iaStor0                                                                                                                                    [8A4FB0B0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                                                                         [8A4FB0B0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-1                                                                                                                         [8A4FB0B0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\netbt \Device\NetBT_Tcpip_{1EC98896-78ED-4597-BA74-794DF4FD3DD7}                                                                                              87B441F8
Device          \Driver\cdrom \Device\CdRom1                                                                                                                                          86D171F8
Device          \Driver\netbt \Device\NetBt_Wins_Export                                                                                                                               87B441F8
Device          \Driver\Smb \Device\NetbiosSmb                                                                                                                                        876501F8
Device          \Driver\iScsiPrt \Device\RaidPort0                                                                                                                                    86E071F8
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                                                                      86D301F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                                                                      86D301F8
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                                                                      86D301F8
Device          \Driver\netbt \Device\NetBT_Tcpip_{F7126855-9BB3-4492-9373-105E0C664B65}                                                                                              87B441F8
Device          \Driver\usbehci \Device\USBFDO-3                                                                                                                                      86D311F8
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                                                                      86D301F8
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                                                                      86D301F8
Device          \Driver\usbuhci \Device\USBFDO-6                                                                                                                                      86D301F8
Device          \Driver\usbehci \Device\USBFDO-7                                                                                                                                      86D311F8
Device          \Driver\VClone \Device\Scsi\VClone1                                                                                                                                   86DBF1F8
Device          \Driver\VClone \Device\Scsi\VClone1Port2Path0Target0Lun0                                                                                                              86DBF1F8
Device          \Driver\arnwall8 \Device\Scsi\arnwall81                                                                                                                               86DEB430
Device          \FileSystem\cdfs \Cdfs                                                                                                                                                86CB11F8

---- Threads - GMER 1.0.15 ----

Thread          System [4:324]                                                                                                                                                        86AF2E7A
Thread          System [4:328]                                                                                                                                                        86AF5008

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583c2cefa                                                                                           
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                                                                    771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                                                                    285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                                                                    1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                                                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                                   D:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                   0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                0x44 0xC1 0xB5 0x1B ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                                                                             
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                                          0xA0 0x02 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001583c2cefa (not active ControlSet)                                                                       
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                                                  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                                       D:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                       0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                    0x44 0xC1 0xB5 0x1B ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)                                                         
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                                              0xA0 0x02 0x00 0x00 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Users\Public\Documents\Pinnacle\Content\MotionTitles\-Looks\Standard\01 \x2013 Soft Shadow Looks.ixLook  1
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                                                                     
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                                                                      Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b                                                    0xE2 0x63 0x26 0xF1 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                                                                     
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                                                                      Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b                                                    0x71 0x3B 0x04 0x66 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                                                                     
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                                                                      Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016                                                    0x25 0xDA 0xEC 0x7E ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                                                                     
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                                                                      Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48                                                    0x86 0x8C 0x21 0x01 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                                                                     
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                                                                      Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472                                                    0xCD 0x44 0xCD 0xB9 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                                                                     
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                                                                      Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d                                                    0xB0 0x18 0xED 0xA7 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                                                                     
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                                                                      Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b                                                    0x31 0x77 0xE1 0xBA ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                                                                     
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                                                                      Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d                                                    0x01 0x3A 0x48 0xFC ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                                                                     
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                                                                      Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3                                                    0xF6 0x0F 0x4E 0x58 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                                                                     
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                                                                      Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b                                                    0x3D 0xCE 0xEA 0x26 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                                                                     
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                                                                      Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6                                                    0xF8 0x31 0x0F 0xA9 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                                                                     
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                                                                      Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                                                                    C:\Windows\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2                                                    0x05 0x73 0x21 0xDD ...

---- Files - GMER 1.0.15 ----

File            C:\Users\Meier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55WCRVI2\down[1]                                                                  3414 bytes
File            C:\Users\Meier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55WCRVI2\errorPageStrings[1]                                                      2148 bytes
File            C:\Users\Meier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5WLSII13\dnserrordiagoff_webOC[1]                                                 6914 bytes
File            C:\Users\Meier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5WLSII13\background_gradient[1]                                                   453 bytes
File            C:\Users\Meier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8C99BA5N\httpErrorPagesScripts[2]                                                 8601 bytes
File            C:\Users\Meier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8C99BA5N\info_48[1]                                                               6993 bytes
File            C:\Users\Meier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1HWIOU6\ErrorPageTemplate[1]                                                     2168 bytes
File            C:\Users\Meier\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1HWIOU6\bullet[1]                                                                3169 bytes

---- EOF - GMER 1.0.15 ----
         

2.
MBR Log
Code:
ATTFilter
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 Disk: SAMSUNG_ rev.2AC1 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86AEE1ED]<< 
1 nt!IofCallDriver[0x8208C11B] -> \Device\Harddisk0\DR0[0x85F33270]
3 CLASSPNP[0x8AAAA8B3] -> nt!IofCallDriver[0x8208C11B] -> \Device\Ide\IAAStorageDevice-1[0x853BC028]
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi -> 0x84a051f8
\Driver\iaStor -> 0x86aee1ed
user & kernel MBR OK 
Warning: possible MBR rootkit infection !
         

Alt 22.04.2011, 22:44   #12
kira
/// Helfer-Team
 
kazy.mekml.1 seit gerade eben - Standard

kazy.mekml.1 seit gerade eben



TDSSKiller von Kaspersky
  • Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
  • Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
  • Starte die TDSSKiller.exe durch Doppelklick.
  • Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
    Bestätige das ggfs. mit Y(es).
    Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
  • Poste mir den Inhalt von C:\TDSSKiller<random>.txt hier in den Thread.
Hier findest Du eine ausführlichere Anleitung.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 23.04.2011, 08:10   #13
xQuattrox
 
kazy.mekml.1 seit gerade eben - Standard

kazy.mekml.1 seit gerade eben



Das Programm TDSSKiller will bei mir nicht starten habe es direkt auf dem desktop entpackt es ist nicht in einem Ordner sonder direkt auf dem Desktop

wenn ich doppelklick mache erscheint für den bruchteil einer sekunde das lade symbol am mauszieger aber es passiert nichts

das selbe wenn ich als Administrator ausführen wähle

es startet nicht

Alt 23.04.2011, 21:22   #14
kira
/// Helfer-Team
 
kazy.mekml.1 seit gerade eben - Standard

kazy.mekml.1 seit gerade eben



Rechtsklick auf das Tool TDSSKiller -> als Administrator ausführen
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 24.04.2011, 06:14   #15
xQuattrox
 
kazy.mekml.1 seit gerade eben - Standard

kazy.mekml.1 seit gerade eben



ich schrieb ja schon das das auch leider nicht hilft


kann ich mein Mozilla und mein IE auch noch irgendwie prüfen weil irgendwie scheint da auch was zu sein

wenn ich links anklicke werde ich manchmal zu ganz anderen seiten geleitet und vom IE kommt immer ein Scriptfehler

Antwort

Themen zu kazy.mekml.1 seit gerade eben
4d36e972-e325-11ce-bfc1-08002be10318, ad-aware, akamai, autorun, avgntflt.sys, avira, bho, c:\windows\system32\rundll32.exe, canon, converter, desktop, diagnostics, disabletaskmgr, document, downloader, excel, fehler, festplatte, festplattenfehler, firefox, home, iastor.sys, iexplore.exe, jdownloader, kazy.mekml.1, kritischer festplattenfehler, location, microsoft office 2003, microsoft office word, mozilla, mp3, nvstor.sys, office 2007, oldtimer, otl.exe, pando media booster, plug-in, poweriso, realtek, registry, saver, scan, sched.exe, security update, siteadvisor, software, speedtest, sptd.sys, start menu, svchost.exe, trojaner, usb, vista, wrapper



Ähnliche Themen: kazy.mekml.1 seit gerade eben


  1. Ständiges Aufhängen des PC's und seit eben dauerd aufploppende Infos PC Problemen
    Plagegeister aller Art und deren Bekämpfung - 01.08.2013 (7)
  2. gvu 2.11 seit eben, otl.txt vorhanden
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (9)
  3. Pieco-Höchtöner am Board summt seit eben ständig - was ist da los??
    Netzwerk und Hardware - 15.04.2012 (5)
  4. AW: Pieco-Höchtöner am Board summt seit eben ständig - was ist da los??
    Mülltonne - 12.04.2012 (0)
  5. TR/Kazy.mekml.1 ; 'TR/FakeSysdef.A.621 ; 'TR/Kazy.22847'..
    Log-Analyse und Auswertung - 15.05.2011 (33)
  6. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 06.05.2011 (1)
  7. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 05.05.2011 (26)
  8. Kazy.mekml.1 seit 21.04.11 auf meinem Rechnechr
    Log-Analyse und Auswertung - 01.05.2011 (27)
  9. TR/Kazy.mekml.1 ... SOS
    Plagegeister aller Art und deren Bekämpfung - 30.04.2011 (34)
  10. Kazy.mekml.1 seit gestern abend
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (26)
  11. Trojaner Kazy.mekml.1 seit gestern - Daten weg, PC fährt immer runter
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (13)
  12. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 26.04.2011 (3)
  13. Osterei: TR/Kazy.mekml.1 und TR/Kazy.20364
    Log-Analyse und Auswertung - 25.04.2011 (1)
  14. Trojaner kazy.mekml.1 seit 20.04.
    Log-Analyse und Auswertung - 23.04.2011 (3)
  15. "TR/Kazy.mekml.1" auch bei mir seit heute
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (17)
  16. Internet seit eben total langsam
    Log-Analyse und Auswertung - 09.12.2008 (6)
  17. hilfe, hab seit gerade den W32.spybot.worm. wie bekomm ich den weg?
    Plagegeister aller Art und deren Bekämpfung - 18.06.2004 (2)

Zum Thema kazy.mekml.1 seit gerade eben - Seit gut einer stunde bin ich von oben genanntem Trojaner betroffen es kommen immer meldungen Kritischer festplattenfehler desktop ist schwarz nur papierkorb zu sehen schnellstart usw.. alles leer habe ein - kazy.mekml.1 seit gerade eben...
Archiv
Du betrachtest: kazy.mekml.1 seit gerade eben auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.