Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Thema geschlossen
Alt 15.05.2011, 05:44   #1
Erni
 
Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt - Standard

Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt



Nun hat es auch mich erwischt.

Der Trojaner , Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt

Icons sind alle verschwunden und der Desktop schwarz

Zitat:
OTL logfile created on: 15.05.2011 01:46:18 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\erni\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 152,05 Gb Free Space | 51,01% Space Free | Partition Type: NTFS

Computer Name: SCHLEPPI | User Name: erni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.05.15 01:17:34 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\erni\Downloads\OTL.exe
PRC - [2011.05.14 22:30:25 | 000,433,664 | -H-- | M] (QNP) -- C:\ProgramData\eGJterJSMsHHPPC.exe
PRC - [2011.05.05 22:52:25 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.04.18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011.04.18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011.04.14 21:30:46 | 003,588,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgui.exe
PRC - [2011.04.14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011.03.30 11:40:06 | 000,404,296 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Virtual CD v10\System\VC10Play.exe
PRC - [2011.03.30 11:40:06 | 000,323,912 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Virtual CD v10\System\vc10tray.exe
PRC - [2011.03.30 11:40:02 | 000,144,712 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Virtual CD v10\System\VC10SecS.exe
PRC - [2011.03.28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011.03.16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011.02.10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011.02.09 05:35:14 | 001,265,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgsrmax.exe
PRC - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011.02.08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010.09.22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.12 20:43:30 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009.03.12 10:31:56 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2008.10.28 17:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008.10.28 17:42:12 | 000,181,544 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2008.05.28 16:06:02 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.12.07 07:49:02 | 000,118,870 | ---- | M] () -- C:\Program Files\Cyberlink\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2006.12.07 07:48:32 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Cyberlink\PowerCinema\PCMService.exe
PRC - [2006.11.22 10:11:36 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxctcoms.exe
PRC - [2006.10.05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2011.05.15 01:17:34 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\erni\Downloads\OTL.exe
MOD - [2010.11.04 20:51:35 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\GdiPlus.dll
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.04.18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.03.30 11:40:02 | 000,144,712 | ---- | M] (H+H Software GmbH) [Auto | Running] -- C:\Program Files\Virtual CD v10\System\VC10SecS.exe -- (VC10SecS)
SRV - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.09.27 13:18:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.03.12 10:31:56 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008.10.28 17:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.12.07 07:49:02 | 000,118,870 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006.12.07 07:49:00 | 000,274,520 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006.11.22 10:11:36 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxctcoms.exe -- (lxct_device)
SRV - [2006.10.05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2011.04.14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.04.05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.03.16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.03.01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.02.22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.02.10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.02.10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011.01.07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010.05.21 09:14:44 | 000,186,392 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\vdrv1000.sys -- (vdrv1000)
DRV - [2010.03.10 17:34:34 | 000,013,952 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HH10Help.sys -- (HH10Help.sys)
DRV - [2010.02.19 15:18:26 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.02.19 15:18:26 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.02.19 06:11:38 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.04.16 16:50:55 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ACEDRV05.sys -- (ACEDRV05)
DRV - [2009.03.05 10:14:50 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.02.17 12:19:44 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009.02.17 12:17:40 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008.11.11 12:29:22 | 000,296,704 | ---- | M] (AfaTech ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2008.11.08 11:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.06.26 06:30:50 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.02.14 15:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.07.13 13:24:45 | 000,038,400 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007.07.13 13:24:45 | 000,035,968 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2007.05.02 11:12:36 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2007.05.02 11:12:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2007.05.02 11:12:34 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2007.05.02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007.05.02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007.05.02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007.04.04 19:41:00 | 007,493,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.11.30 17:30:30 | 000,811,440 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2006.10.05 12:39:40 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005.08.17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005.08.17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005.08.17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2081150714-656436237-3114053707-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home
IE - HKU\S-1-5-21-2081150714-656436237-3114053707-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2081150714-656436237-3114053707-1000\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2081150714-656436237-3114053707-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2081150714-656436237-3114053707-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1.15 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.8.20100713041928
FF - prefs.js..extensions.foxtrick.prefs.module.YouthSkillHideUnknown.HideMaximalKeyWord.enabled: false
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=adbartrp&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011.05.14 23:44:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.05 22:52:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.05 22:52:28 | 000,000,000 | ---D | M]

[2009.02.20 07:04:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\erni\AppData\Roaming\mozilla\Extensions
[2011.05.05 22:55:42 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\erni\AppData\Roaming\mozilla\Firefox\Profiles\sbb9jaeu.default\extensions
[2011.03.07 23:39:04 | 000,000,000 | -H-D | M] ("FoxTrick") -- C:\Users\erni\AppData\Roaming\mozilla\Firefox\Profiles\sbb9jaeu.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
[2009.10.10 12:46:05 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\erni\AppData\Roaming\mozilla\Firefox\Profiles\sbb9jaeu.default\extensions\moveplayer@movenetworks.com
[2010.12.30 18:16:58 | 000,000,919 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\Mozilla\Firefox\Profiles\sbb9jaeu.default\searchplugins\conduit.xml
[2010.02.19 06:12:06 | 000,002,055 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\Mozilla\Firefox\Profiles\sbb9jaeu.default\searchplugins\daemon-search.xml
[2009.11.19 12:32:38 | 000,002,118 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\Mozilla\Firefox\Profiles\sbb9jaeu.default\searchplugins\MyStart Search.xml
[2010.10.26 18:44:38 | 000,001,583 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\Mozilla\Firefox\Profiles\sbb9jaeu.default\searchplugins\web-search.xml
[2011.05.12 17:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.05.12 17:14:46 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.04.21 01:20:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.27 23:57:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.01.15 13:25:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011.05.14 23:44:24 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011.05.05 22:52:25 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.09.21 11:59:40 | 001,275,296 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\Mozilla Firefox\plugins\NpFv501.dll
[2011.05.05 22:52:27 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.04.16 18:51:19 | 000,002,191 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2011.05.05 22:52:27 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011.05.05 22:52:27 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.28 18:14:06 | 000,002,040 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchstonicde.xml
[2011.05.05 22:52:27 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.05.05 22:52:27 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.05.05 22:52:27 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.1\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.1\facemoodsTlbr.dll (facemoods.com)
O3 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.1\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VC10Player] C:\Program Files\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000..\Run: [eGJterJSMsHHPPC] C:\ProgramData\eGJterJSMsHHPPC.exe (QNP)
O4 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000..\Run: [RegistryBooster] File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\erni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0ad5015a-16b4-11df-9f36-001d9219a15a}\Shell\AutoRun\command - "" = F:\menu.exe
O33 - MountPoints2\{0ad5015c-16b4-11df-9f36-001d9219a15a}\Shell - "" = AutoRun
O33 - MountPoints2\{0ad5015c-16b4-11df-9f36-001d9219a15a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0ad5015d-16b4-11df-9f36-001d9219a15a}\Shell - "" = AutoRun
O33 - MountPoints2\{0ad5015d-16b4-11df-9f36-001d9219a15a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1a121d5e-f40d-11de-85d5-001d9219a15a}\Shell - "" = AutoRun
O33 - MountPoints2\{1a121d5e-f40d-11de-85d5-001d9219a15a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1a121d80-f40d-11de-85d5-001d9219a15a}\Shell - "" = AutoRun
O33 - MountPoints2\{1a121d80-f40d-11de-85d5-001d9219a15a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{722ce5e0-2aa0-11de-9533-001d9250fd26}\Shell\AutoRun\command - "" = E:\Menu.exe
O33 - MountPoints2\{b2b5c6e8-00b2-11df-89ce-001d9219a15a}\Shell - "" = AutoRun
O33 - MountPoints2\{b2b5c6e8-00b2-11df-89ce-001d9219a15a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b2b5c6e9-00b2-11df-89ce-001d9219a15a}\Shell - "" = AutoRun
O33 - MountPoints2\{b2b5c6e9-00b2-11df-89ce-001d9219a15a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f625ca84-1d0d-11df-aab9-001d9219a15a}\Shell - "" = AutoRun
O33 - MountPoints2\{f625ca84-1d0d-11df-aab9-001d9219a15a}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B326E1B8-707A-2952-9703-B849C271E808} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB1922BE-6FE8-011B-BF41-A24DCCB7A649} - Java (Sun)
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.ZMBV - C:\Windows\System32\zmbv.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.05.15 00:22:38 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011.05.14 23:45:48 | 000,000,000 | -H-D | C] -- C:\Users\erni\AppData\Roaming\AVG10
[2011.05.14 23:44:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011.05.14 23:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011.05.14 23:43:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\AVG10
[2011.05.14 23:43:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011.05.14 23:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011.05.14 23:38:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\MFAData
[2011.05.14 22:39:32 | 000,000,000 | -H-D | C] -- C:\Users\erni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
[2011.05.14 22:30:25 | 000,433,664 | -H-- | C] (QNP) -- C:\ProgramData\eGJterJSMsHHPPC.exe
[2011.05.14 04:26:20 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.12 17:17:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\Skype Extras
[2011.05.12 17:14:57 | 000,000,000 | -H-D | C] -- C:\Users\erni\AppData\Roaming\Skype
[2011.05.12 17:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.05.12 17:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011.05.12 17:13:56 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011.05.10 16:59:15 | 000,186,392 | ---- | C] (H+H Software GmbH) -- C:\Windows\System32\drivers\vdrv1000.sys
[2011.05.10 16:59:15 | 000,013,952 | ---- | C] (H+H Software GmbH) -- C:\Windows\System32\drivers\HH10Help.sys
[2011.05.10 16:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual CD v10
[2011.05.10 16:59:13 | 000,000,000 | --SD | C] -- C:\Users\erni\AppData\Roaming\Virtual CD v10
[2011.05.10 16:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual CD v10
[2011.05.10 16:57:43 | 000,000,000 | -H-D | C] -- C:\Users\erni\AppData\Roaming\InstallShield
[2011.04.27 12:57:54 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.04.27 12:57:54 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.04.27 12:57:08 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.04.18 23:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.04.18 23:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.04.18 23:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.04.18 23:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.04.16 18:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2011.04.15 16:02:43 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.15 16:02:43 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.15 15:56:51 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.15 15:56:50 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.15 15:56:44 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.15 15:56:30 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.15 15:56:30 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.15 15:56:30 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.15 15:56:30 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.15 15:56:29 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.15 15:56:29 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.15 15:56:21 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.15 15:56:18 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.15 15:56:18 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009.04.16 16:53:32 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCThcp.dll
[2006.11.22 10:11:38 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxctih.exe
[2006.11.22 10:11:36 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxctcoms.exe
[2006.11.22 10:11:34 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxctcfg.exe
[2006.11.06 17:37:46 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxctpmui.dll
[2006.11.06 17:35:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxctserv.dll
[2006.11.06 17:28:08 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxctcomm.dll
[2006.11.06 17:24:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxctiesc.dll
[2006.11.06 17:21:48 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxctpplc.dll
[2006.11.06 17:20:48 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxctcomc.dll
[2006.11.06 17:20:14 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxctprox.dll
[2006.11.06 17:12:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxctinpa.dll
[2006.11.06 17:11:58 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxctusb1.dll
[2006.11.06 17:07:04 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcthbn3.dll
[2006.07.13 19:16:42 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxctlmpm.dll

========== Files - Modified Within 30 Days ==========

[2011.05.15 01:48:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.15 01:04:24 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.15 01:04:24 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.15 01:04:24 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.15 01:04:24 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.15 00:58:27 | 002,375,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.05.15 00:57:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.15 00:57:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.15 00:57:45 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.15 00:57:40 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011.05.15 00:57:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.15 00:57:07 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.15 00:55:33 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.05.14 23:46:56 | 115,024,133 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011.05.14 22:39:33 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~42000120r
[2011.05.14 22:39:33 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~42000120
[2011.05.14 22:39:32 | 000,000,601 | -H-- | M] () -- C:\Users\erni\Desktop\Windows Vista Recovery.lnk
[2011.05.14 22:39:29 | 000,000,336 | -H-- | M] () -- C:\ProgramData\42000120
[2011.05.14 22:39:28 | 000,378,880 | -H-- | M] () -- C:\ProgramData\42000120.exe
[2011.05.14 22:34:08 | 000,005,843 | -H-- | M] () -- C:\Users\erni\AppData\Local\vffmndl_navps.dat
[2011.05.14 22:33:33 | 000,003,505 | -H-- | M] () -- C:\Users\erni\AppData\Local\vffmndl.dat
[2011.05.14 22:30:25 | 000,433,664 | -H-- | M] (QNP) -- C:\ProgramData\eGJterJSMsHHPPC.exe
[2011.05.14 11:18:27 | 000,173,296 | -H-- | M] () -- C:\Users\erni\Documents\europapokal.gif
[2011.05.14 04:26:21 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.14 04:25:56 | 000,000,089 | -H-- | M] () -- C:\Users\erni\AppData\Local\hxjazld.bat
[2011.05.14 04:25:36 | 000,012,978 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\nvModes.001
[2011.05.11 02:43:21 | 000,237,753 | -H-- | M] () -- C:\Users\erni\AppData\Local\vffmndl_nav.dat
[2011.05.09 11:53:49 | 000,012,978 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\nvModes.dat
[2011.05.09 11:53:41 | 000,007,592 | -H-- | M] () -- C:\Users\erni\AppData\Local\d3d9caps.dat
[2011.05.04 01:25:20 | 000,017,408 | -H-- | M] () -- C:\Users\erni\AppData\Local\WebpageIcons.db
[2011.04.19 14:01:11 | 000,166,063 | -H-- | M] () -- C:\Users\erni\Documents\Grafik1.JPG
[2011.04.17 23:00:30 | 001,158,253 | -H-- | M] () -- C:\Users\erni\Documents\Refine_Anleitung_EH_Serie_2009.pdf
[2011.04.17 16:24:59 | 000,100,864 | -H-- | M] () -- C:\Users\erni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.17 15:47:54 | 000,033,754 | -H-- | M] () -- C:\Users\erni\Documents\Eheringe.jpg

========== Files Created - No Company Name ==========

[2011.05.14 23:46:56 | 115,024,133 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011.05.14 22:39:33 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~42000120r
[2011.05.14 22:39:33 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~42000120
[2011.05.14 22:39:32 | 000,000,601 | -H-- | C] () -- C:\Users\erni\Desktop\Windows Vista Recovery.lnk
[2011.05.14 22:39:29 | 000,000,336 | -H-- | C] () -- C:\ProgramData\42000120
[2011.05.14 22:39:28 | 000,378,880 | -H-- | C] () -- C:\ProgramData\42000120.exe
[2011.05.14 11:18:27 | 000,173,296 | -H-- | C] () -- C:\Users\erni\Documents\europapokal.gif
[2011.05.05 22:52:30 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.04.17 23:00:29 | 001,158,253 | -H-- | C] () -- C:\Users\erni\Documents\Refine_Anleitung_EH_Serie_2009.pdf
[2011.04.17 21:11:02 | 000,166,063 | -H-- | C] () -- C:\Users\erni\Documents\Grafik1.JPG
[2011.04.17 15:47:53 | 000,033,754 | -H-- | C] () -- C:\Users\erni\Documents\Eheringe.jpg
[2011.04.04 13:33:40 | 000,237,753 | -H-- | C] () -- C:\Users\erni\AppData\Local\vffmndl_nav.dat
[2011.04.04 13:33:40 | 000,005,843 | -H-- | C] () -- C:\Users\erni\AppData\Local\vffmndl_navps.dat
[2011.04.04 13:33:40 | 000,003,505 | -H-- | C] () -- C:\Users\erni\AppData\Local\vffmndl.dat
[2011.01.09 20:22:00 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe
[2011.01.09 20:22:00 | 000,000,850 | ---- | C] () -- C:\Windows\unins000.dat
[2010.12.24 01:20:45 | 000,001,302 | -H-- | C] () -- C:\ProgramData\ss.ini
[2010.12.16 00:23:41 | 000,000,089 | -H-- | C] () -- C:\Users\erni\AppData\Local\hxjazld.bat
[2010.12.15 12:30:37 | 000,006,654 | -H-- | C] () -- C:\Users\erni\AppData\Local\vmemdsj_navps.dat
[2010.12.15 12:30:36 | 000,231,868 | -H-- | C] () -- C:\Users\erni\AppData\Local\vmemdsj_nav.dat
[2010.12.15 12:30:36 | 000,003,450 | -H-- | C] () -- C:\Users\erni\AppData\Local\vmemdsj.dat
[2010.07.02 22:17:42 | 000,017,408 | -H-- | C] () -- C:\Users\erni\AppData\Local\WebpageIcons.db
[2010.04.09 22:08:26 | 000,094,208 | ---- | C] () -- C:\Windows\System32\zmbv.dll
[2010.02.19 15:18:26 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.02.19 15:18:26 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.02.03 16:26:23 | 000,000,772 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.01.05 06:57:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.29 01:46:27 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009.12.29 01:46:27 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.12.16 04:16:57 | 000,000,089 | -H-- | C] () -- C:\Users\erni\AppData\Local\dpetav.bat
[2009.10.13 19:13:55 | 000,000,000 | -H-- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.10.13 19:02:21 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.09.30 13:39:29 | 000,004,096 | -H-- | C] () -- C:\Users\erni\AppData\Local\keyfile3.drm
[2009.08.04 22:37:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.04 22:37:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.05.02 14:55:35 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.04.16 16:53:32 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCTinst.dll
[2009.03.12 14:07:27 | 000,000,088 | -H-- | C] () -- C:\Users\erni\AppData\Local\aaqoceo.bat
[2009.03.01 23:19:41 | 000,007,592 | -H-- | C] () -- C:\Users\erni\AppData\Local\d3d9caps.dat
[2009.02.19 17:40:10 | 000,100,864 | -H-- | C] () -- C:\Users\erni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.19 15:56:43 | 000,000,714 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.02.19 15:47:05 | 000,039,095 | ---- | C] () -- C:\Windows\iccsigs.dat
[2009.02.19 15:47:04 | 000,112,688 | ---- | C] () -- C:\Windows\System32\shw32.dll
[2009.02.19 13:44:07 | 000,000,479 | ---- | C] () -- C:\Windows\eReg.dat
[2009.02.19 12:00:38 | 000,012,978 | -H-- | C] () -- C:\Users\erni\AppData\Roaming\nvModes.001
[2009.02.19 11:49:36 | 000,012,978 | -H-- | C] () -- C:\Users\erni\AppData\Roaming\nvModes.dat
[2008.11.11 12:29:00 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2008.11.11 12:21:12 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.11.07 12:28:15 | 000,551,048 | ---- | C] () -- C:\Windows\System32\fsvk.exe.exe
[2008.07.23 12:22:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.01.21 09:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.16 03:56:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\lxctgrd.dll
[2006.11.07 12:30:48 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxctcoin.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 002,375,424 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.08.14 17:17:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxctcaps.dll
[2006.08.08 15:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxctdrs.dll
[2006.05.03 14:31:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxctcnv4.dll
[2006.04.25 03:11:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxctvs.dll
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1999.04.30 00:00:00 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010.04.21 17:13:25 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\AppLauncher
[2011.05.14 23:45:48 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\AVG10
[2010.02.19 15:10:16 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\DAEMON Tools Lite
[2010.12.23 21:32:41 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.09 20:22:00 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Flatcast
[2009.05.07 18:26:59 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\gtk-2.0
[2009.05.07 18:10:48 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Inkscape
[2010.12.16 00:19:45 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\IrfanView
[2010.12.23 23:37:29 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Mp3tag
[2010.12.24 01:08:42 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\MusicBrainz
[2009.12.29 01:50:28 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\PC Suite
[2009.12.29 01:45:58 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Samsung
[2009.02.19 16:51:48 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Simple Star
[2010.02.19 15:56:35 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Ubisoft
[2011.05.10 17:01:15 | 000,000,000 | --SD | M] -- C:\Users\erni\AppData\Roaming\Virtual CD v10
[2011.05.15 00:57:40 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2011.05.15 00:55:36 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.03.15 15:13:04 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Adobe
[2010.04.21 17:13:25 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\AppLauncher
[2010.12.23 21:21:18 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Apple Computer
[2011.05.14 23:45:48 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\AVG10
[2009.06.11 16:38:52 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Corel
[2009.02.19 11:44:45 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\CyberLink
[2010.02.19 15:10:16 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\DAEMON Tools Lite
[2010.12.23 21:32:41 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.09 20:22:00 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Flatcast
[2009.05.07 18:26:59 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\gtk-2.0
[2009.02.19 11:30:30 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Identities
[2009.05.07 18:10:48 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Inkscape
[2011.05.10 16:57:43 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\InstallShield
[2010.12.16 00:19:45 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\IrfanView
[2009.02.19 12:58:19 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Macromedia
[2006.11.02 14:37:34 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Media Center Programs
[2010.11.26 06:17:41 | 000,000,000 | --SD | M] -- C:\Users\erni\AppData\Roaming\Microsoft
[2009.02.19 15:53:31 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Microsoft Web Folders
[2009.02.20 07:04:39 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Mozilla
[2010.10.24 11:48:54 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Mozilla-Cache
[2010.12.23 23:37:29 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Mp3tag
[2010.12.24 01:08:42 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\MusicBrainz
[2009.02.19 16:51:48 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Nero
[2009.12.29 01:50:28 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\PC Suite
[2009.12.29 01:45:58 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Samsung
[2009.02.19 16:51:48 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Simple Star
[2011.05.14 11:23:45 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Skype
[2011.05.14 11:23:16 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\skypePM
[2010.02.19 15:56:35 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Ubisoft
[2011.05.10 17:01:15 | 000,000,000 | --SD | M] -- C:\Users\erni\AppData\Roaming\Virtual CD v10
[2009.02.21 19:12:15 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\WinRAR
[2009.04.10 21:21:28 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Yahoo!

< %APPDATA%\*.exe /s >
[2009.08.10 19:36:16 | 007,344,128 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\AppLauncher\AppLauncher.exe
[2010.04.21 17:13:25 | 000,667,648 | -H-- | M] (TODO: <Company name>) -- C:\Users\erni\AppData\Roaming\AppLauncher\Data Recovery.exe
[2010.04.21 17:13:25 | 002,695,168 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\AppLauncher\DataSync.exe
[2010.04.21 17:13:25 | 001,294,336 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\AppLauncher\LOCK.exe
[2010.04.21 17:13:25 | 000,770,048 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\AppLauncher\MakeBootable.exe
[2010.04.21 17:13:25 | 000,561,152 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\AppLauncher\PCLock.exe
[2010.04.21 17:13:25 | 000,208,896 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\AppLauncher\Reset.exe
[2010.04.21 17:13:25 | 000,462,848 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\AppLauncher\SecretZip.exe
[2008.05.29 08:03:08 | 000,037,176 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2009.12.29 01:57:20 | 000,069,632 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\Samsung\New PC Studio\DriverChecker.exe
[2010.06.17 20:57:28 | 032,501,760 | -H-- | M] (Samsung Electronics Co., Ltd. ) -- C:\Users\erni\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe

< %SYSTEMDRIVE%\*.exe >
[2008.04.11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: AGP440.SYS >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTOR.SYS >
[2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\OemDrv\IaStor.sys
[2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\drivers\IaStor.sys
[2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7b6e77f6\iaStor.sys
[2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_649e6da2\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USER32.DLL >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

< MD5 for: USERINIT.EXE >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.02.19 06:11:38 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 04:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2008.01.21 04:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

< End of report >

Alt 15.05.2011, 11:12   #2
markusg
/// Malware-holic
 
Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt - Standard

Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt



• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
O4 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000..\Run: [eGJterJSMsHHPPC] C:\ProgramData\eGJterJSMsHHPPC.exe (QNP)
[2011.05.14 22:39:32 | 000,000,000 | -H-D | C] -- C:\Users\erni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
[2011.05.14 22:39:33 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~42000120r
[2011.05.14 22:39:33 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~42000120
[2011.05.14 22:39:32 | 000,000,601 | -H-- | M] () -- C:\Users\erni\Desktop\Windows Vista Recovery.lnk
[2011.05.14 22:39:29 | 000,000,336 | -H-- | M] () -- C:\ProgramData\42000120
[2011.05.14 22:39:28 | 000,378,880 | -H-- | M] () -- C:\ProgramData\42000120.exe
[2011.05.14 04:25:56 | 000,000,089 | -H-- | M] () -- C:\Users\erni\AppData\Local\hxjazld.bat
:Files
C:\ProgramData\eGJterJSMsHHPPC.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.


lade unhide:
http://www.trojaner-board.de/54791-a...ner-board.html
__________________

__________________

Alt 15.05.2011, 16:39   #3
Erni
 
Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt - Standard

Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt



OTL-Editor

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.05.2011 01:46:18 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\erni\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 152,05 Gb Free Space | 51,01% Space Free | Partition Type: NTFS
 
Computer Name: SCHLEPPI | User Name: erni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.15 01:17:34 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\erni\Downloads\OTL.exe
PRC - [2011.05.14 22:30:25 | 000,433,664 | -H-- | M] (QNP) -- C:\ProgramData\eGJterJSMsHHPPC.exe
PRC - [2011.05.05 22:52:25 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.04.18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011.04.18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011.04.14 21:30:46 | 003,588,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgui.exe
PRC - [2011.04.14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011.03.30 11:40:06 | 000,404,296 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Virtual CD v10\System\VC10Play.exe
PRC - [2011.03.30 11:40:06 | 000,323,912 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Virtual CD v10\System\vc10tray.exe
PRC - [2011.03.30 11:40:02 | 000,144,712 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Virtual CD v10\System\VC10SecS.exe
PRC - [2011.03.28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011.03.16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011.02.10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011.02.09 05:35:14 | 001,265,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgsrmax.exe
PRC - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011.02.08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010.09.22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.12 20:43:30 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2009.03.12 10:31:56 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2008.10.28 17:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008.10.28 17:42:12 | 000,181,544 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2008.05.28 16:06:02 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.12.07 07:49:02 | 000,118,870 | ---- | M] () -- C:\Program Files\Cyberlink\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2006.12.07 07:48:32 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Cyberlink\PowerCinema\PCMService.exe
PRC - [2006.11.22 10:11:36 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxctcoms.exe
PRC - [2006.10.05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.15 01:17:34 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\erni\Downloads\OTL.exe
MOD - [2010.11.04 20:51:35 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\GdiPlus.dll
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.04.18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.03.30 11:40:02 | 000,144,712 | ---- | M] (H+H Software GmbH) [Auto | Running] -- C:\Program Files\Virtual CD v10\System\VC10SecS.exe -- (VC10SecS)
SRV - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.09.27 13:18:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.03.12 10:31:56 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008.10.28 17:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.12.07 07:49:02 | 000,118,870 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006.12.07 07:49:00 | 000,274,520 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006.11.22 10:11:36 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxctcoms.exe -- (lxct_device)
SRV - [2006.10.05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.04.14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.04.05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.03.16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.03.01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.02.22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.02.10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.02.10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011.01.07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010.05.21 09:14:44 | 000,186,392 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\vdrv1000.sys -- (vdrv1000)
DRV - [2010.03.10 17:34:34 | 000,013,952 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HH10Help.sys -- (HH10Help.sys)
DRV - [2010.02.19 15:18:26 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.02.19 15:18:26 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.02.19 06:11:38 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.04.16 16:50:55 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ACEDRV05.sys -- (ACEDRV05)
DRV - [2009.03.05 10:14:50 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.02.17 12:19:44 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009.02.17 12:17:40 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008.11.11 12:29:22 | 000,296,704 | ---- | M] (AfaTech                  ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2008.11.08 11:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.06.26 06:30:50 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.02.14 15:56:02 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.07.13 13:24:45 | 000,038,400 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007.07.13 13:24:45 | 000,035,968 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2007.05.02 11:12:36 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2007.05.02 11:12:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2007.05.02 11:12:34 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2007.05.02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007.05.02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007.05.02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2007.04.04 19:41:00 | 007,493,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.11.30 17:30:30 | 000,811,440 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2006.10.05 12:39:40 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005.08.17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005.08.17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005.08.17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2081150714-656436237-3114053707-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home
IE - HKU\S-1-5-21-2081150714-656436237-3114053707-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2081150714-656436237-3114053707-1000\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2081150714-656436237-3114053707-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2081150714-656436237-3114053707-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1.15 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.8.20100713041928
FF - prefs.js..extensions.foxtrick.prefs.module.YouthSkillHideUnknown.HideMaximalKeyWord.enabled: false
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=adbartrp&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011.05.14 23:44:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.05 22:52:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.05 22:52:28 | 000,000,000 | ---D | M]
 
[2009.02.20 07:04:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\erni\AppData\Roaming\mozilla\Extensions
[2011.05.05 22:55:42 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\erni\AppData\Roaming\mozilla\Firefox\Profiles\sbb9jaeu.default\extensions
[2011.03.07 23:39:04 | 000,000,000 | -H-D | M] ("FoxTrick") -- C:\Users\erni\AppData\Roaming\mozilla\Firefox\Profiles\sbb9jaeu.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
[2009.10.10 12:46:05 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\erni\AppData\Roaming\mozilla\Firefox\Profiles\sbb9jaeu.default\extensions\moveplayer@movenetworks.com
[2010.12.30 18:16:58 | 000,000,919 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\Mozilla\Firefox\Profiles\sbb9jaeu.default\searchplugins\conduit.xml
[2010.02.19 06:12:06 | 000,002,055 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\Mozilla\Firefox\Profiles\sbb9jaeu.default\searchplugins\daemon-search.xml
[2009.11.19 12:32:38 | 000,002,118 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\Mozilla\Firefox\Profiles\sbb9jaeu.default\searchplugins\MyStart Search.xml
[2010.10.26 18:44:38 | 000,001,583 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\Mozilla\Firefox\Profiles\sbb9jaeu.default\searchplugins\web-search.xml
[2011.05.12 17:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.05.12 17:14:46 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.04.21 01:20:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.27 23:57:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.01.15 13:25:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011.05.14 23:44:24 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011.05.05 22:52:25 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.09.21 11:59:40 | 001,275,296 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\Mozilla Firefox\plugins\NpFv501.dll
[2011.05.05 22:52:27 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.04.16 18:51:19 | 000,002,191 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2011.05.05 22:52:27 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011.05.05 22:52:27 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.28 18:14:06 | 000,002,040 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchstonicde.xml
[2011.05.05 22:52:27 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.05.05 22:52:27 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.05.05 22:52:27 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.1\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.1\facemoodsTlbr.dll (facemoods.com)
O3 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.1\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VC10Player] C:\Program Files\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000..\Run: [eGJterJSMsHHPPC] C:\ProgramData\eGJterJSMsHHPPC.exe (QNP)
O4 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000..\Run: [RegistryBooster]  File not found
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\erni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0ad5015a-16b4-11df-9f36-001d9219a15a}\Shell\AutoRun\command - "" = F:\menu.exe
O33 - MountPoints2\{0ad5015c-16b4-11df-9f36-001d9219a15a}\Shell - "" = AutoRun
O33 - MountPoints2\{0ad5015c-16b4-11df-9f36-001d9219a15a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0ad5015d-16b4-11df-9f36-001d9219a15a}\Shell - "" = AutoRun
O33 - MountPoints2\{0ad5015d-16b4-11df-9f36-001d9219a15a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1a121d5e-f40d-11de-85d5-001d9219a15a}\Shell - "" = AutoRun
O33 - MountPoints2\{1a121d5e-f40d-11de-85d5-001d9219a15a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{1a121d80-f40d-11de-85d5-001d9219a15a}\Shell - "" = AutoRun
O33 - MountPoints2\{1a121d80-f40d-11de-85d5-001d9219a15a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{722ce5e0-2aa0-11de-9533-001d9250fd26}\Shell\AutoRun\command - "" = E:\Menu.exe
O33 - MountPoints2\{b2b5c6e8-00b2-11df-89ce-001d9219a15a}\Shell - "" = AutoRun
O33 - MountPoints2\{b2b5c6e8-00b2-11df-89ce-001d9219a15a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b2b5c6e9-00b2-11df-89ce-001d9219a15a}\Shell - "" = AutoRun
O33 - MountPoints2\{b2b5c6e9-00b2-11df-89ce-001d9219a15a}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f625ca84-1d0d-11df-aab9-001d9219a15a}\Shell - "" = AutoRun
O33 - MountPoints2\{f625ca84-1d0d-11df-aab9-001d9219a15a}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B326E1B8-707A-2952-9703-B849C271E808} - 
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB1922BE-6FE8-011B-BF41-A24DCCB7A649} - Java (Sun)
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp -  File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.ZMBV - C:\Windows\System32\zmbv.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.15 00:22:38 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011.05.14 23:45:48 | 000,000,000 | -H-D | C] -- C:\Users\erni\AppData\Roaming\AVG10
[2011.05.14 23:44:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011.05.14 23:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011.05.14 23:43:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\AVG10
[2011.05.14 23:43:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011.05.14 23:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011.05.14 23:38:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\MFAData
[2011.05.14 22:39:32 | 000,000,000 | -H-D | C] -- C:\Users\erni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
[2011.05.14 22:30:25 | 000,433,664 | -H-- | C] (QNP) -- C:\ProgramData\eGJterJSMsHHPPC.exe
[2011.05.14 04:26:20 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.12 17:17:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\Skype Extras
[2011.05.12 17:14:57 | 000,000,000 | -H-D | C] -- C:\Users\erni\AppData\Roaming\Skype
[2011.05.12 17:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.05.12 17:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011.05.12 17:13:56 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011.05.10 16:59:15 | 000,186,392 | ---- | C] (H+H Software GmbH) -- C:\Windows\System32\drivers\vdrv1000.sys
[2011.05.10 16:59:15 | 000,013,952 | ---- | C] (H+H Software GmbH) -- C:\Windows\System32\drivers\HH10Help.sys
[2011.05.10 16:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual CD v10
[2011.05.10 16:59:13 | 000,000,000 | --SD | C] -- C:\Users\erni\AppData\Roaming\Virtual CD v10
[2011.05.10 16:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual CD v10
[2011.05.10 16:57:43 | 000,000,000 | -H-D | C] -- C:\Users\erni\AppData\Roaming\InstallShield
[2011.04.27 12:57:54 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.04.27 12:57:54 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.04.27 12:57:08 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.04.18 23:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.04.18 23:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.04.18 23:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.04.18 23:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.04.16 18:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2011.04.15 16:02:43 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.15 16:02:43 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.15 15:56:51 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.15 15:56:50 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.15 15:56:44 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.15 15:56:30 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.15 15:56:30 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.15 15:56:30 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.15 15:56:30 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.15 15:56:29 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.15 15:56:29 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.15 15:56:21 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.15 15:56:18 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.15 15:56:18 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009.04.16 16:53:32 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCThcp.dll
[2006.11.22 10:11:38 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxctih.exe
[2006.11.22 10:11:36 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxctcoms.exe
[2006.11.22 10:11:34 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxctcfg.exe
[2006.11.06 17:37:46 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxctpmui.dll
[2006.11.06 17:35:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxctserv.dll
[2006.11.06 17:28:08 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxctcomm.dll
[2006.11.06 17:24:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxctiesc.dll
[2006.11.06 17:21:48 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxctpplc.dll
[2006.11.06 17:20:48 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxctcomc.dll
[2006.11.06 17:20:14 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxctprox.dll
[2006.11.06 17:12:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxctinpa.dll
[2006.11.06 17:11:58 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxctusb1.dll
[2006.11.06 17:07:04 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcthbn3.dll
[2006.07.13 19:16:42 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxctlmpm.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.15 01:48:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.15 01:04:24 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.15 01:04:24 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.15 01:04:24 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.15 01:04:24 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.15 00:58:27 | 002,375,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.05.15 00:57:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.15 00:57:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.15 00:57:45 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.15 00:57:40 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011.05.15 00:57:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.15 00:57:07 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.15 00:55:33 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.05.14 23:46:56 | 115,024,133 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011.05.14 22:39:33 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~42000120r
[2011.05.14 22:39:33 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~42000120
[2011.05.14 22:39:32 | 000,000,601 | -H-- | M] () -- C:\Users\erni\Desktop\Windows Vista Recovery.lnk
[2011.05.14 22:39:29 | 000,000,336 | -H-- | M] () -- C:\ProgramData\42000120
[2011.05.14 22:39:28 | 000,378,880 | -H-- | M] () -- C:\ProgramData\42000120.exe
[2011.05.14 22:34:08 | 000,005,843 | -H-- | M] () -- C:\Users\erni\AppData\Local\vffmndl_navps.dat
[2011.05.14 22:33:33 | 000,003,505 | -H-- | M] () -- C:\Users\erni\AppData\Local\vffmndl.dat
[2011.05.14 22:30:25 | 000,433,664 | -H-- | M] (QNP) -- C:\ProgramData\eGJterJSMsHHPPC.exe
[2011.05.14 11:18:27 | 000,173,296 | -H-- | M] () -- C:\Users\erni\Documents\europapokal.gif
[2011.05.14 04:26:21 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.14 04:25:56 | 000,000,089 | -H-- | M] () -- C:\Users\erni\AppData\Local\hxjazld.bat
[2011.05.14 04:25:36 | 000,012,978 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\nvModes.001
[2011.05.11 02:43:21 | 000,237,753 | -H-- | M] () -- C:\Users\erni\AppData\Local\vffmndl_nav.dat
[2011.05.09 11:53:49 | 000,012,978 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\nvModes.dat
[2011.05.09 11:53:41 | 000,007,592 | -H-- | M] () -- C:\Users\erni\AppData\Local\d3d9caps.dat
[2011.05.04 01:25:20 | 000,017,408 | -H-- | M] () -- C:\Users\erni\AppData\Local\WebpageIcons.db
[2011.04.19 14:01:11 | 000,166,063 | -H-- | M] () -- C:\Users\erni\Documents\Grafik1.JPG
[2011.04.17 23:00:30 | 001,158,253 | -H-- | M] () -- C:\Users\erni\Documents\Refine_Anleitung_EH_Serie_2009.pdf
[2011.04.17 16:24:59 | 000,100,864 | -H-- | M] () -- C:\Users\erni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.17 15:47:54 | 000,033,754 | -H-- | M] () -- C:\Users\erni\Documents\Eheringe.jpg
 
========== Files Created - No Company Name ==========
 
[2011.05.14 23:46:56 | 115,024,133 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011.05.14 22:39:33 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~42000120r
[2011.05.14 22:39:33 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~42000120
[2011.05.14 22:39:32 | 000,000,601 | -H-- | C] () -- C:\Users\erni\Desktop\Windows Vista Recovery.lnk
[2011.05.14 22:39:29 | 000,000,336 | -H-- | C] () -- C:\ProgramData\42000120
[2011.05.14 22:39:28 | 000,378,880 | -H-- | C] () -- C:\ProgramData\42000120.exe
[2011.05.14 11:18:27 | 000,173,296 | -H-- | C] () -- C:\Users\erni\Documents\europapokal.gif
[2011.05.05 22:52:30 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.04.17 23:00:29 | 001,158,253 | -H-- | C] () -- C:\Users\erni\Documents\Refine_Anleitung_EH_Serie_2009.pdf
[2011.04.17 21:11:02 | 000,166,063 | -H-- | C] () -- C:\Users\erni\Documents\Grafik1.JPG
[2011.04.17 15:47:53 | 000,033,754 | -H-- | C] () -- C:\Users\erni\Documents\Eheringe.jpg
[2011.04.04 13:33:40 | 000,237,753 | -H-- | C] () -- C:\Users\erni\AppData\Local\vffmndl_nav.dat
[2011.04.04 13:33:40 | 000,005,843 | -H-- | C] () -- C:\Users\erni\AppData\Local\vffmndl_navps.dat
[2011.04.04 13:33:40 | 000,003,505 | -H-- | C] () -- C:\Users\erni\AppData\Local\vffmndl.dat
[2011.01.09 20:22:00 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe
[2011.01.09 20:22:00 | 000,000,850 | ---- | C] () -- C:\Windows\unins000.dat
[2010.12.24 01:20:45 | 000,001,302 | -H-- | C] () -- C:\ProgramData\ss.ini
[2010.12.16 00:23:41 | 000,000,089 | -H-- | C] () -- C:\Users\erni\AppData\Local\hxjazld.bat
[2010.12.15 12:30:37 | 000,006,654 | -H-- | C] () -- C:\Users\erni\AppData\Local\vmemdsj_navps.dat
[2010.12.15 12:30:36 | 000,231,868 | -H-- | C] () -- C:\Users\erni\AppData\Local\vmemdsj_nav.dat
[2010.12.15 12:30:36 | 000,003,450 | -H-- | C] () -- C:\Users\erni\AppData\Local\vmemdsj.dat
[2010.07.02 22:17:42 | 000,017,408 | -H-- | C] () -- C:\Users\erni\AppData\Local\WebpageIcons.db
[2010.04.09 22:08:26 | 000,094,208 | ---- | C] () -- C:\Windows\System32\zmbv.dll
[2010.02.19 15:18:26 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.02.19 15:18:26 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.02.03 16:26:23 | 000,000,772 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.01.05 06:57:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.29 01:46:27 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009.12.29 01:46:27 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.12.16 04:16:57 | 000,000,089 | -H-- | C] () -- C:\Users\erni\AppData\Local\dpetav.bat
[2009.10.13 19:13:55 | 000,000,000 | -H-- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.10.13 19:02:21 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.09.30 13:39:29 | 000,004,096 | -H-- | C] () -- C:\Users\erni\AppData\Local\keyfile3.drm
[2009.08.04 22:37:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.04 22:37:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.05.02 14:55:35 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.04.16 16:53:32 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCTinst.dll
[2009.03.12 14:07:27 | 000,000,088 | -H-- | C] () -- C:\Users\erni\AppData\Local\aaqoceo.bat
[2009.03.01 23:19:41 | 000,007,592 | -H-- | C] () -- C:\Users\erni\AppData\Local\d3d9caps.dat
[2009.02.19 17:40:10 | 000,100,864 | -H-- | C] () -- C:\Users\erni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.19 15:56:43 | 000,000,714 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.02.19 15:47:05 | 000,039,095 | ---- | C] () -- C:\Windows\iccsigs.dat
[2009.02.19 15:47:04 | 000,112,688 | ---- | C] () -- C:\Windows\System32\shw32.dll
[2009.02.19 13:44:07 | 000,000,479 | ---- | C] () -- C:\Windows\eReg.dat
[2009.02.19 12:00:38 | 000,012,978 | -H-- | C] () -- C:\Users\erni\AppData\Roaming\nvModes.001
[2009.02.19 11:49:36 | 000,012,978 | -H-- | C] () -- C:\Users\erni\AppData\Roaming\nvModes.dat
[2008.11.11 12:29:00 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini
[2008.11.11 12:21:12 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.11.07 12:28:15 | 000,551,048 | ---- | C] () -- C:\Windows\System32\fsvk.exe.exe
[2008.07.23 12:22:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.01.21 09:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.16 03:56:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\lxctgrd.dll
[2006.11.07 12:30:48 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxctcoin.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 002,375,424 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.08.14 17:17:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxctcaps.dll
[2006.08.08 15:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxctdrs.dll
[2006.05.03 14:31:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxctcnv4.dll
[2006.04.25 03:11:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxctvs.dll
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1999.04.30 00:00:00 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
 
========== LOP Check ==========
 
[2010.04.21 17:13:25 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\AppLauncher
[2011.05.14 23:45:48 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\AVG10
[2010.02.19 15:10:16 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\DAEMON Tools Lite
[2010.12.23 21:32:41 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.09 20:22:00 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Flatcast
[2009.05.07 18:26:59 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\gtk-2.0
[2009.05.07 18:10:48 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Inkscape
[2010.12.16 00:19:45 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\IrfanView
[2010.12.23 23:37:29 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Mp3tag
[2010.12.24 01:08:42 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\MusicBrainz
[2009.12.29 01:50:28 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\PC Suite
[2009.12.29 01:45:58 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Samsung
[2009.02.19 16:51:48 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Simple Star
[2010.02.19 15:56:35 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Ubisoft
[2011.05.10 17:01:15 | 000,000,000 | --SD | M] -- C:\Users\erni\AppData\Roaming\Virtual CD v10
[2011.05.15 00:57:40 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2011.05.15 00:55:36 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.03.15 15:13:04 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Adobe
[2010.04.21 17:13:25 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\AppLauncher
[2010.12.23 21:21:18 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Apple Computer
[2011.05.14 23:45:48 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\AVG10
[2009.06.11 16:38:52 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Corel
[2009.02.19 11:44:45 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\CyberLink
[2010.02.19 15:10:16 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\DAEMON Tools Lite
[2010.12.23 21:32:41 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.09 20:22:00 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Flatcast
[2009.05.07 18:26:59 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\gtk-2.0
[2009.02.19 11:30:30 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Identities
[2009.05.07 18:10:48 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Inkscape
[2011.05.10 16:57:43 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\InstallShield
[2010.12.16 00:19:45 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\IrfanView
[2009.02.19 12:58:19 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Macromedia
[2006.11.02 14:37:34 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Media Center Programs
[2010.11.26 06:17:41 | 000,000,000 | --SD | M] -- C:\Users\erni\AppData\Roaming\Microsoft
[2009.02.19 15:53:31 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Microsoft Web Folders
[2009.02.20 07:04:39 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Mozilla
[2010.10.24 11:48:54 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Mozilla-Cache
[2010.12.23 23:37:29 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Mp3tag
[2010.12.24 01:08:42 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\MusicBrainz
[2009.02.19 16:51:48 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Nero
[2009.12.29 01:50:28 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\PC Suite
[2009.12.29 01:45:58 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Samsung
[2009.02.19 16:51:48 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Simple Star
[2011.05.14 11:23:45 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Skype
[2011.05.14 11:23:16 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\skypePM
[2010.02.19 15:56:35 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Ubisoft
[2011.05.10 17:01:15 | 000,000,000 | --SD | M] -- C:\Users\erni\AppData\Roaming\Virtual CD v10
[2009.02.21 19:12:15 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\WinRAR
[2009.04.10 21:21:28 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2009.08.10 19:36:16 | 007,344,128 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\AppLauncher\AppLauncher.exe
[2010.04.21 17:13:25 | 000,667,648 | -H-- | M] (TODO: <Company name>) -- C:\Users\erni\AppData\Roaming\AppLauncher\Data Recovery.exe
[2010.04.21 17:13:25 | 002,695,168 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\AppLauncher\DataSync.exe
[2010.04.21 17:13:25 | 001,294,336 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\AppLauncher\LOCK.exe
[2010.04.21 17:13:25 | 000,770,048 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\AppLauncher\MakeBootable.exe
[2010.04.21 17:13:25 | 000,561,152 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\AppLauncher\PCLock.exe
[2010.04.21 17:13:25 | 000,208,896 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\AppLauncher\Reset.exe
[2010.04.21 17:13:25 | 000,462,848 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\AppLauncher\SecretZip.exe
[2008.05.29 08:03:08 | 000,037,176 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2009.12.29 01:57:20 | 000,069,632 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\Samsung\New PC Studio\DriverChecker.exe
[2010.06.17 20:57:28 | 032,501,760 | -H-- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\erni\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
 
< %SYSTEMDRIVE%\*.exe >
[2008.04.11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\OemDrv\IaStor.sys
[2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\drivers\IaStor.sys
[2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7b6e77f6\iaStor.sys
[2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_649e6da2\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.02.19 06:11:38 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 04:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2008.01.21 04:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

< End of report >
         
--- --- ---
__________________

Alt 15.05.2011, 16:40   #4
Erni
 
Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt - Standard

Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt



Extras-Editor

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 15.05.2011 01:46:18 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\erni\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 152,05 Gb Free Space | 51,01% Space Free | Partition Type: NTFS
 
Computer Name: SCHLEPPI | User Name: erni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-2081150714-656436237-3114053707-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0177C1AC-DE86-4750-9C66-84FF88C052CB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{0BCD706E-E9EA-422C-A122-4C6AC1D90972}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{0CD73EF3-0CD5-4959-A6A7-F1286C09A80E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{15AC1955-2034-4D33-B35F-DB0A09BF938B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1853AD10-1BFA-4D73-AD78-69F94FA32DA5}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1D4B7227-FD92-4340-A098-901481CA1095}" = rport=138 | protocol=17 | dir=out | app=system | 
"{309F15D8-C42A-4B60-ABE9-5CD0A2DCD8A5}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{350C3792-34BC-42DC-AA96-8C42DDD1EA80}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4B8D8E79-D2DD-4ED8-B5AF-DA359B40D504}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{54C392D4-96DF-4DAF-829D-B883D5D912CE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{63EF55EE-8474-4F46-947F-118D4A00873C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{692CED5B-AF91-41DC-A1ED-EC7F4CA67A57}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{6CCAEC64-465A-4509-90B3-38250307884D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8021F0E1-04C9-49B8-8EA4-8E789924A02D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{85E0A575-41C6-4309-8DA6-C2F04E0E00D6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{87512D3D-13AB-4E7C-A51D-FFA4BB8BEB4C}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{9F2D68A8-8731-410F-AFCC-996E8E572B9B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A4D45FF2-DCAC-4F74-925F-7E2E86530089}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A8548794-1D4E-47DE-AA01-6229F3BE9E46}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B46DCFC7-E3DF-406F-813B-E37BBFE54D0A}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{C8526658-4546-40F1-92AC-50020783F5CE}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{D1FF94F0-80BF-4B1F-A4F0-B1B86B0DE81C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{D35EC39A-F877-4104-A3A8-559A47CED857}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D4D9DF3D-F013-4A0E-B59D-1C5B9DE57977}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FCFDA820-8829-47AC-8224-52EEBD6B928B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C3F822-87DA-4D3D-A76E-B090DD31D257}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{0B705868-7537-4995-B398-39D1049E5F39}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{189851B4-4763-4FF5-8B55-60364FC5BA6F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | 
"{1B7EE455-19D0-449A-9CD3-07946287FD7E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1C11CE04-435D-44F6-83C2-01FAEB8CB049}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 
"{1FEE08F8-7380-4AC5-82EB-DF859F549636}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{21114246-62BB-4E25-AEEB-6F3DD723CA1B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{221F2CEB-8BEA-4AF3-8FD2-C7F31ED3B0C5}" = protocol=6 | dir=in | app=c:\program files\cyberlink\powercinema\pcmservice.exe | 
"{22EECA2C-F79D-4049-A217-2DB9D5F6982A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | 
"{2C81E393-7B8F-4DE0-9EC9-BAA89429AEC6}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{35810AF5-800C-4D57-A86E-94FFFF25ECB6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{3FD2F5FB-1F93-4283-9B25-411CE95B31DC}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 
"{43D66D72-07CB-4563-9E39-25E9BEB9D94A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | 
"{458FCE42-CA0B-4CC1-ADD7-16DD82BFE7C6}" = protocol=17 | dir=in | app=c:\program files\cyberlink\powercinema\pcmservice.exe | 
"{5446769C-3754-479D-9330-33E5C58253EA}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"{5B83F622-A4E8-45F6-8C15-2FA4BE14464B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{628B5A36-26A9-4452-8966-58F7589D13D1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6CA31C83-3ABD-4CC5-873F-DBA0B9F003A3}" = protocol=17 | dir=in | app=c:\windows\system32\lxctcoms.exe | 
"{7516FBF9-D591-41E9-BAD3-AD1D58866B67}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{765B43A1-5DF8-40E4-9088-96CD51A100A1}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe | 
"{7F924210-D952-4410-8FD0-2BDBB13F8E55}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{83EBF16A-1800-4681-843F-14B39F926C69}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8B856059-4613-4810-99DB-A65B72033768}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{9FAF50FC-0E80-4D90-937B-F69B7A0DE293}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A49798A4-A800-4668-90AF-9BDAF78B3610}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{A9E9D524-9017-4668-90A6-2E276F34AD09}" = protocol=6 | dir=in | app=c:\program files\cyberlink\powercinema\powercinema.exe | 
"{AA418BB7-B913-41D9-A47B-67EB30518875}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"{B32DC07D-63D4-4DF3-A73E-CAD728236FBB}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{B8FFFC7E-C6CC-41DD-BA8B-FA2940C4CDC2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BCA164BB-D3B8-4D20-A3B4-90DFFA74D7CA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C13F784F-D21A-4CD6-917D-EDC2406A9DDE}" = protocol=17 | dir=in | app=c:\program files\cyberlink\powercinema\powercinema.exe | 
"{C18ECEDF-17D0-473E-900F-C1D9EDCC0B63}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | 
"{C5622C49-856C-48EF-A21F-BD2681E4025D}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{CCEDCB3B-65F5-49DC-B8AB-A03F6FE401F9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CE5D0009-035F-43EF-95B3-1DEE39138F47}" = protocol=6 | dir=in | app=c:\windows\system32\lxctcoms.exe | 
"{D8BC2E67-BA10-4668-9132-3B6656023BEF}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{EBC12A6B-B5F9-442C-B06E-2C2C67B56679}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{F718385C-1CB5-47E2-A708-41D6136F62D5}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe | 
"{F7F90383-CDA7-451B-83FA-948F5DCD677C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{04C3F55F-D22B-4C6F-AEA9-45BE9E563376}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"TCP Query User{083DF3BF-1771-45D7-8402-6DA6C6A1FC62}C:\users\erni\documents\weisseradler-script_1.071\weisseradler-script 1.071\weisseradler-script.exe" = protocol=6 | dir=in | app=c:\users\erni\documents\weisseradler-script_1.071\weisseradler-script 1.071\weisseradler-script.exe | 
"TCP Query User{2A1ED1D6-8C4A-4090-B74E-DA0971F691AA}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{3ED85D47-1B5A-4DA4-83CC-FDCF7185A6FA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{51BF6FDF-2153-43D0-A070-B6F13A996345}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{55D3BB80-FE61-4E6D-9230-94D79A7CE221}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{605DF183-EF3B-46DA-9F93-04E96B5F06FC}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{7FF70EEA-96DC-4F35-A9AF-362BE1DFB09B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{84FC5F44-44E3-4B72-901E-FC44C3290F3E}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{98F52D44-A096-4669-92C0-57FBD42DD7BE}C:\users\erni\documents\weisseradler-script_1.071\weisseradler-script 1.071\weisseradler-script.exe" = protocol=6 | dir=in | app=c:\users\erni\documents\weisseradler-script_1.071\weisseradler-script 1.071\weisseradler-script.exe | 
"TCP Query User{AC7EDF86-7A1E-4820-95D4-B92A0D705F76}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{B1BB2F0D-412E-423F-89A0-63E507223743}C:\program files\anno 1701 demo\anno1701_demo.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701 demo\anno1701_demo.exe | 
"TCP Query User{BC95642B-0ABA-4C6F-8BA3-3FEA4E7494AC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{C263C0B5-39C5-45AA-83F0-CFEF6FEE7175}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"TCP Query User{C2F3BF2A-58DD-4FC3-86A4-68E7A962D7B3}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{C56EA605-98AE-4788-9E33-3523862603E8}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{D0C2C1D8-A9B9-489A-B28E-F62F0BD66E9D}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"TCP Query User{DA5F2175-F398-45D4-9E18-E5933A6B6090}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{E8A463A8-CC15-4DD9-8410-941772A78F15}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{FF271EA0-F962-4323-9C0D-C8340BFE7E64}C:\program files\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=c:\program files\musicbrainz picard\picard.exe | 
"UDP Query User{2B082DFD-3998-4D50-B354-1ACC681F5E16}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{409C36A7-ACCC-4D2D-8A3A-0B73EB91C42E}C:\users\erni\documents\weisseradler-script_1.071\weisseradler-script 1.071\weisseradler-script.exe" = protocol=17 | dir=in | app=c:\users\erni\documents\weisseradler-script_1.071\weisseradler-script 1.071\weisseradler-script.exe | 
"UDP Query User{4C1830F8-8C78-4E2E-9B87-1B0A02B32BA0}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{5E75FB84-A415-4AB5-B0A5-FCF6B46427D8}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"UDP Query User{75218251-E907-48DE-ADFD-8C2E5E3775EE}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{77ACA30B-E974-4934-9475-C89D06BAC0F0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{991EAD3F-4C49-40B9-9CCE-267063918840}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{9AF8BC67-B396-48DB-9EB9-A59A9856FDF3}C:\program files\anno 1701 demo\anno1701_demo.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701 demo\anno1701_demo.exe | 
"UDP Query User{A5DFFC81-B5CF-4826-B168-BED1EEBAFEF9}C:\program files\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=c:\program files\musicbrainz picard\picard.exe | 
"UDP Query User{AAF95A22-4652-457C-B556-01F4C7CE822B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{ACD79B5F-B407-4AB1-8960-8E37A8CBA270}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{B39B62AA-B333-4396-A277-DFBB6EE4E060}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{C022EF49-9F2C-4320-B1CF-F86A64BAB350}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{C520845D-16E4-4E58-A54B-8D8290F8FC35}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{CCD7A5A0-6334-441A-BD18-8E85554E94C9}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{D2FAA6F3-D4BB-40B0-B90C-A79A87A6FA2A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{D4781180-A740-46A3-A0B8-E7D59C55612C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{D6483A78-F7EF-465C-81AA-5A9F18A7E592}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{DAFD7EF6-B437-42D0-B175-D07E334FBD9B}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{E23B21C2-A7C4-4C35-87DA-9A5862B69AA0}C:\users\erni\documents\weisseradler-script_1.071\weisseradler-script 1.071\weisseradler-script.exe" = protocol=17 | dir=in | app=c:\users\erni\documents\weisseradler-script_1.071\weisseradler-script 1.071\weisseradler-script.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{10C51313-A308-4B40-90E3-B368D5882660}" = Virtual CD v10
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{230E8DDC-FB78-4F9F-8461-22ED20DBC3BA}" = AVG 2011
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2F173C40-563E-11D4-89C5-0010ADDAAC33}" = EA.com Matchup
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = BisonCam
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.42
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91B7CEB3-4331-427B-AA7A-2898BE8F9DC6}" = Samsung PC Studio 3
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_943" = Adobe Acrobat 9.4.3 - CPSID_83708
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DC1674-B5E8-4364-009E-B350048DD006}" = NHL 2005
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E64404F1-98DC-4CC8-A1A7-EF36E4E21031}" = Nero 8 Essentials
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDF3A1E0-186A-11D5-0089-C400C04FAE70}" = NHL 2002
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2005
"923A70C1-3B99-4B0E-A077-CA53405C70C9" = Wepoca.tv
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5445c5ddd9a5c69582d3c1e2bba18f7" = Adobe Creative Suite 4 Master Collection
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Ankh" = Ankh
"Artcut2009" = Artcut2009
"AVG" = AVG 2011
"BabylonToolbar" = Babylon toolbar
"ǧÄêͼ¿â" = ǧÄêͼ¿â
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Corel Applications" = Corel Applications
"facemoods" = facemoods
"Flatcast_is1" = Flatcast Viewer Plugin 5.0.356
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.31
"Google Chrome" = Google Chrome
"Hattrick Organizer" = Hattrick Organizer (remove only)
"Inkscape" = Inkscape 0.46
"InstallShield_{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Lexmark 5400 Series" = Lexmark 5400 Series
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mp3tag" = Mp3tag v2.47b
"MusicBrainz Picard" = MusicBrainz Picard
"NVIDIA Drivers" = NVIDIA Drivers
"PartyPoker" = PartyPoker
"PokerStars.net" = PokerStars.net
"PROHYBRIDR" = 2007 Microsoft Office system
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"SopCast" = SopCast 3.3.2
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"TVUPlayer" = TVUPlayer 2.5.3.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"Virtual DJ Home Edition - Atomix Productions" = Virtual DJ Home Edition - Atomix Productions
"VLC media player" = VLC media player 1.0.3
"WebMediaPlayer" = WebMediaPlayer
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Yahoo! Messenger" = Yahoo! Messenger
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
"ZMBV" = Zip Motion Block Video codec (Remove Only)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.05.2011 19:56:12 | Computer Name = schleppi | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 14.05.2011 19:56:12 | Computer Name = schleppi | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 14.05.2011 19:56:12 | Computer Name = schleppi | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 14.05.2011 19:56:12 | Computer Name = schleppi | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 14.05.2011 19:56:13 | Computer Name = schleppi | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 14.05.2011 19:56:13 | Computer Name = schleppi | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 14.05.2011 19:56:13 | Computer Name = schleppi | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 14.05.2011 19:56:13 | Computer Name = schleppi | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 14.05.2011 19:56:13 | Computer Name = schleppi | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 14.05.2011 19:56:13 | Computer Name = schleppi | Source = Windows Search Service | ID = 3013
Description = 
 
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---

Alt 15.05.2011, 17:38   #5
markusg
/// Malware-holic
 
Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt - Standard

Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt



das ist nen neuer otl log, du solltest doch das script ausführen und auf fix klicken, nicht auf scan :-)

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.05.2011, 18:24   #6
Erni
 
Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt - Standard

Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt



Ja, habe ich auch getan, hat er irgendwann abgebrochen, weil OTL einen Fehler hatte.

Die Ordner sind ja wieder sichtbar, die Fehlermeldung erscheint auch nciht mehr, ist das ein gutes Zeichen oder hält sich da noch was versteckt?

Alt 15.05.2011, 19:10   #7
markusg
/// Malware-holic
 
Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt - Standard

Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt



dann lad mal das moved files archiv wie beschrieben hoch.
und das nächste mal sag mir wenn fehler auftreten, oder denkst du ich hab hier ne glaskugel womit ich hellsehen kann?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.05.2011, 19:34   #8
Erni
 
Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt - Standard

Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt



so, nu abba!

Zitat:
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2081150714-656436237-3114053707-1000\Software\Microsoft\Windows\CurrentVersion\Run\\eGJterJSMsHHPPC not found.
File C:\ProgramData\eGJterJSMsHHPPC.exe not found.
Folder C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\ not found.
File C:\ProgramData\~42000120r not found.
File C:\ProgramData\~42000120 not found.
File C:\Users\xxxx\Desktop\Windows Vista Recovery.lnk not found.
File C:\ProgramData\42000120 not found.
File C:\ProgramData\42000120.exe not found.
File C:\Users\xxxx\AppData\Local\hxjazld.bat not found.
========== FILES ==========
File\Folder C:\ProgramData\eGJterJSMsHHPPC.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: xxxx
->Flash cache emptied: 806 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: xxxx
->Temp folder emptied: 191093 bytes
->Temporary Internet Files folder emptied: 9859983 bytes
->Java cache emptied: 93443363 bytes
->FireFox cache emptied: 56481509 bytes
->Google Chrome cache emptied: 7279788 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 434 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 351588359 bytes
RecycleBin emptied: 18022531271 bytes

Total Files Cleaned = 17.682,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05152011_202418

Files\Folders moved on Reboot...
C:\Users\xxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZP7JFKGF\wdgts[1].htm moved successfully.
C:\Users\xxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBWCR7RO\ac2[2].htm moved successfully.
C:\Users\xxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBWCR7RO\component[1].htm moved successfully.
C:\Users\xxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBWCR7RO\mnu[1].htm moved successfully.
C:\Users\xxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBWCR7RO\topix-conduit-localnews-small.2[1].htm moved successfully.
C:\Users\xxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBWCR7RO\wl[2].htm moved successfully.
C:\Users\xxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\INXKZIV4\tags.min[1].htm moved successfully.
C:\Users\xxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G3L76KF5\wdgtwnd[1].htm moved successfully.
C:\Users\xxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E7GQKRTR\rd[1].htm moved successfully.
C:\Users\xxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4NQHXPWR\Default[1].htm moved successfully.
C:\Users\xxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4NQHXPWR\tlbr[1].htm moved successfully.
C:\Users\xxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2JKRBFVJ\toolbar[1].htm moved successfully.
C:\Users\xxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...

Alt 15.05.2011, 19:43   #9
markusg
/// Malware-holic
 
Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt - Standard

Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt



und wo ist der upload! lies doch mal bitte weiter was unter dem script steht. :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.05.2011, 10:55   #10
markusg
/// Malware-holic
 
Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt - Standard

Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt



danke für den upload.
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.05.2011, 12:37   #11
Erni
 
Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt - Standard

Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt



************************

combofix



Combofix Logfile:
Code:
ATTFilter
ComboFix 11-05-15.04 - erni 16.05.2011  12:58:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.2158 [GMT 2:00]
ausgeführt von:: c:\users\erni\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.1\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.1\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.1\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.1\uninstall.exe
c:\program files\webmediaplayer
c:\program files\webmediaplayer\resources\wmp_translation_file.xml
c:\program files\webmediaplayer\skins\classic.skn
c:\program files\webmediaplayer\sqlite3.dll
c:\program files\webmediaplayer\uninst.exe
c:\program files\webmediaplayer\WebMediaPlayer.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Datenschutzrichtlinien.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Deinstallieren.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Geschäftsbedingungen.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\WebMediaPlayer.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Website.url
c:\users\erni\AppData\Local\vffmndl.dat
c:\users\erni\AppData\Local\vffmndl_nav.dat
c:\users\erni\AppData\Local\vffmndl_navps.dat
c:\users\erni\AppData\Local\vmemdsj.dat
c:\users\erni\AppData\Local\vmemdsj_nav.dat
c:\users\erni\AppData\Local\vmemdsj_navps.dat
c:\users\erni\AppData\Roaming\Adobe\plugs
c:\users\erni\AppData\Roaming\Adobe\shed
c:\users\erni\AppData\Roaming\Adobe\shed\thr1.chm
c:\windows\system32\fsvk.exe.exe
.
Infizierte Kopie von c:\windows\system32\drivers\volsnap.sys wurde gefunden und desinfiziert 
Kopie von - Kitty had a snack :p wurde wiederhergestellt 
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-16 bis 2011-05-16  ))))))))))))))))))))))))))))))
.
.
2011-05-16 08:14 . 2011-05-16 08:14	--------	d-----w-	c:\program files\Common Files\Skype
2011-05-16 08:14 . 2011-05-16 08:14	--------	d-----r-	c:\program files\Skype
2011-05-15 15:41 . 2011-05-16 07:26	--------	d-----w-	C:\_OTL
2011-05-14 21:45 . 2011-05-14 21:45	--------	d-----w-	c:\users\erni\AppData\Roaming\AVG10
2011-05-14 21:44 . 2011-05-14 21:44	--------	d-----w-	c:\programdata\Common Files
2011-05-14 21:43 . 2011-05-16 10:36	--------	d-----w-	c:\programdata\AVG10
2011-05-14 21:41 . 2011-05-14 21:41	--------	d-----w-	c:\program files\AVG
2011-05-14 21:38 . 2011-05-16 10:34	--------	d-----w-	c:\programdata\MFAData
2011-05-14 20:36 . 2011-05-14 20:36	69632	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\6558EA.tmp
2011-05-14 02:26 . 2011-05-14 02:26	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-14 00:45 . 2011-04-11 07:04	7071056	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D8053B7-C8EB-43F6-B993-ECD86EFC47A1}\mpengine.dll
2011-05-12 15:17 . 2011-05-12 15:17	--------	d-----w-	c:\programdata\Skype Extras
2011-05-12 15:14 . 2011-05-16 07:59	--------	d-----w-	c:\users\erni\AppData\Roaming\Skype
2011-05-11 08:25 . 2011-04-07 12:01	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-05-10 14:59 . 2010-05-21 07:14	186392	----a-w-	c:\windows\system32\drivers\vdrv1000.sys
2011-05-10 14:59 . 2010-03-10 15:34	13952	----a-w-	c:\windows\system32\drivers\HH10Help.sys
2011-05-10 14:59 . 2011-05-10 15:02	--------	d-s---w-	c:\users\Public\Virtual CDs
2011-05-10 14:59 . 2011-05-10 15:01	--------	d-s---w-	c:\users\Public\Virtual CD v10
2011-05-10 14:59 . 2011-05-10 15:01	--------	d-s---w-	c:\users\erni\AppData\Roaming\Virtual CD v10
2011-05-10 14:58 . 2011-05-10 14:59	--------	d-----w-	c:\program files\Virtual CD v10
2011-05-10 14:57 . 2011-05-10 14:57	--------	d-----w-	c:\users\erni\AppData\Roaming\InstallShield
2011-05-05 20:52 . 2011-05-05 20:52	781272	----a-w-	c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-05 20:52 . 2011-05-05 20:52	1874904	----a-w-	c:\program files\Mozilla Firefox\mozjs.dll
2011-05-05 20:52 . 2011-05-05 20:52	89048	----a-w-	c:\program files\Mozilla Firefox\libEGL.dll
2011-05-05 20:52 . 2011-05-05 20:52	465880	----a-w-	c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-05 20:52 . 2011-05-05 20:52	1974616	----a-w-	c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-05 20:52 . 2011-05-05 20:52	1892184	----a-w-	c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-05 20:52 . 2011-05-05 20:52	15832	----a-w-	c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-05 20:52 . 2011-05-05 20:52	142296	----a-w-	c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-27 10:57 . 2011-03-03 15:40	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2011-04-27 10:57 . 2011-03-03 13:35	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 10:57 . 2011-03-12 21:55	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2011-04-18 21:24 . 2011-04-18 21:24	--------	d-----w-	c:\program files\iPod
2011-04-18 21:24 . 2011-04-18 21:25	--------	d-----w-	c:\program files\iTunes
2011-04-18 21:20 . 2011-04-18 21:20	--------	d-----w-	c:\program files\Bonjour
2011-04-16 16:51 . 2011-04-16 16:51	--------	d-----w-	c:\program files\BabylonToolbar
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-01 12:40 . 2009-02-19 09:51	1186056	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-06 14:20 . 2011-04-06 14:20	91424	----a-w-	c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20	197920	----a-w-	c:\windows\system32\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20	107808	----a-w-	c:\windows\system32\dns-sd.exe
2011-03-10 17:03 . 2011-04-15 13:56	1162240	----a-w-	c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 13:56	1136640	----a-w-	c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-15 13:56	739328	----a-w-	c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-27 10:57	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 10:57	542720	----a-w-	c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 10:57	458752	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 10:57	2159616	----a-w-	c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25 . 2011-04-15 13:56	2041856	----a-w-	c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-15 13:56	86528	----a-w-	c:\windows\system32\dnsrslvr.dll
2011-02-26 12:42 . 2009-08-01 09:10	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-02-22 14:13 . 2011-03-23 06:55	288768	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 06:55	1068544	----a-w-	c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 06:55	797696	----a-w-	c:\windows\system32\FntCache.dll
2011-02-22 13:24 . 2011-04-15 13:57	213504	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-02-22 13:24 . 2011-04-15 13:57	79360	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-02-22 13:23 . 2011-04-15 13:57	106496	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-02-22 13:23 . 2011-04-15 13:57	69632	----a-w-	c:\windows\system32\drivers\bowser.sys
2011-02-18 16:38 . 2011-04-15 13:56	834048	----a-w-	c:\windows\system32\wininet.dll
2011-02-18 15:45 . 2011-04-15 13:56	78336	----a-w-	c:\windows\system32\ieencode.dll
2011-02-18 14:49 . 2011-04-15 13:56	389632	----a-w-	c:\windows\system32\html.iec
2011-02-18 14:03 . 2011-04-15 13:56	305152	----a-w-	c:\windows\system32\drivers\srv.sys
2011-02-18 14:03 . 2011-04-15 13:56	146432	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-02-18 14:03 . 2011-04-15 13:56	102400	----a-w-	c:\windows\system32\drivers\srvnet.sys
2011-02-16 16:21 . 2011-04-15 13:56	430080	----a-w-	c:\windows\system32\vbscript.dll
2011-02-16 16:16 . 2011-04-15 14:02	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-02-16 14:02 . 2011-04-15 14:02	292864	----a-w-	c:\windows\system32\atmfd.dll
2011-05-05 20:52 . 2011-05-05 20:52	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2009-11-09 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
2009-11-09 16:38	2331672	----a-w-	c:\program files\Softonic_Deutsch\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-10-11 15:12	1244040	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2009-11-09 2331672]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]
.
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2009-11-09 2331672]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]
.
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-23 135680]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-03-12 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-28 6144000]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-04 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-04 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-04 81920]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2006-12-07 151552]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-30 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe" [2010-11-07 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"VC10Player"="c:\program files\Virtual CD v10\System\VC10Play.exe" [2011-03-30 404296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
VR-NetWorld Auftragsprfung.lnk - c:\program files\VR-NetWorld\VRToolCheckOrder.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 136176]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 136176]
R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [2010-03-10 13952]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2007-07-13 38400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-19 691696]
S1 vdrv1000;vdrv1000;c:\windows\system32\DRIVERS\vdrv1000.sys [2010-05-21 186392]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-12 233472]
S2 VC10SecS;Virtual CD v10 Management Service;c:\program files\Virtual CD v10\System\VC10SecS.exe [2011-03-30 144712]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-05 36608]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-06-26 3662848]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2007-07-13 35968]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 12:00]
.
2011-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 12:00]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/home
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube to MP3 Converter - c:\users\erni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\erni\AppData\Roaming\Mozilla\Firefox\Profiles\sbb9jaeu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&q=
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files\facemoods.com\facemoods\1.4.17.1\bh\facemoods.dll
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodsTlbr.dll
HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
HKLM-Run-NPSStartup - (no file)
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodssrv.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.1\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-16 13:08
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-05-16  13:11:00
ComboFix-quarantined-files.txt  2011-05-16 11:10
.
Vor Suchlauf: 16 Verzeichnis(se), 186.092.240.896 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 185.513.889.792 Bytes frei
.
- - End Of File - - 68FFE3CE96480536932AF5CCC9BFB52C
         
--- --- ---

Alt 16.05.2011, 14:20   #12
markusg
/// Malware-holic
 
Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt - Standard

Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt



^öffne bitte computer c: qoobox.
rechtsklick quarantain, packen und wieder im upload channel hochladen.
http://www.trojaner-board.de/54791-a...ner-board.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.05.2011, 16:45   #13
markusg
/// Malware-holic
 
Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt - Standard

Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt



ok, welche probleme gibt es noch?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.05.2011, 10:15   #14
Erni
 
Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt - Standard

Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt



Nun ja, die Meldungen sind weg, die Ordner sind alle wieder da.
Das Startmenü ist leer und ich habe einige Ordner wo er mir den Zugriff verweigert.

Alt 17.05.2011, 11:18   #15
markusg
/// Malware-holic
 
Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt - Standard

Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt



was heißt einige.... welche
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Thema geschlossen

Themen zu Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt
4d36e972-e325-11ce-bfc1-08002be10318, acedrv05.sys, autorun, babylon toolbar, babylontoolbar, bho, bonjour, c:\windows\system32\rundll32.exe, conduit, converter, cs4/contributeieplugin.dll, desktop, device driver, error, festplatte, firefox, helper, home, hängen, location, logfile, mozilla, mp3, mystart, nvlddmkm.sys, nvstor.sys, object, oldtimer, realtek, registry, rundll, scan, search the web, searchplugins, security, security scan, server, softonic, softonic deutsch toolbar, software, sptd.sys, start menu, studio, system, trojaner, vista



Ähnliche Themen: Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt


  1. Das System hat ein Problem mit einem oder mehreren installierten IDE / SATA - Festplatten erkannt.
    Log-Analyse und Auswertung - 07.09.2011 (10)
  2. Das System hat ein Problem mit einem oder mehreren installierten IDE-/SATA-Festplatten erkannt.
    Log-Analyse und Auswertung - 10.08.2011 (1)
  3. 'Das System hat ein Problem mit einem oder mehreren installierten IDE-/SATA-Festplatten erkannt.'
    Plagegeister aller Art und deren Bekämpfung - 09.08.2011 (1)
  4. Das System hat ein problem mit einem oder mehreren installierten IDA/ SATA-Festplatten erkannt, es w
    Plagegeister aller Art und deren Bekämpfung - 25.06.2011 (5)
  5. Das System hat ein Problem mit einem oder mehreren installierten IDE / SATA Festplatten
    Plagegeister aller Art und deren Bekämpfung - 19.06.2011 (28)
  6. Das System hat ein Problem mit einem oder mehreren installierten IDE-/SATA-Festplatten erkannt.
    Plagegeister aller Art und deren Bekämpfung - 30.05.2011 (1)
  7. Das System hat ein Problem mit einem oder mehreren installierten IDE / SATA-Festplatten erkannt
    Log-Analyse und Auswertung - 27.05.2011 (30)
  8. Das System hat ein Problem mit einem oder mehreren installierten IDE / SATA-Festplatten erkannt.
    Log-Analyse und Auswertung - 23.05.2011 (15)
  9. 'Das System hat ein Problem mit einem oder mehreren installierten IDE-/SATA-Festplatten erkannt.'
    Plagegeister aller Art und deren Bekämpfung - 19.05.2011 (1)
  10. das system hat ein problem mit einem oder mehreren installierten ide sata-festplatten erkannt
    Plagegeister aller Art und deren Bekämpfung - 19.05.2011 (1)
  11. Das System hat ein Problem mit einem oder mehreren installierten IDE / SATA-Festplatten erkannt.
    Log-Analyse und Auswertung - 02.05.2011 (6)
  12. 'Das System hat ein Problem mit einem oder mehreren installierten IDE-/SATA-Festplatten erkannt.'
    Log-Analyse und Auswertung - 02.05.2011 (3)
  13. Festplatte beschädigt Das System hat mit einem oder mehreren installierten...
    Plagegeister aller Art und deren Bekämpfung - 02.05.2011 (28)
  14. Festplatte beschädigt Das System hat mit einem oder mehreren installierten...
    Log-Analyse und Auswertung - 29.04.2011 (20)
  15. Das System hat ein Problem mit einem oder mehreren installierten IDE / SATA-Festplatten erkannt.
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (5)
  16. Das system hat ein problem mit einem oder mehreren installierten IDE/SATA Festplatten erkannt.
    Log-Analyse und Auswertung - 22.04.2011 (1)
  17. Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt
    Plagegeister aller Art und deren Bekämpfung - 21.04.2011 (1)

Zum Thema Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt - Nun hat es auch mich erwischt. Der Trojaner , Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt Icons sind alle verschwunden und der Desktop schwarz Zitat: - Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt...
Archiv
Du betrachtest: Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.