Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Möglicherweise Trojaner? http://www.searchqu.com/406

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.05.2011, 22:41   #1
Oberoanut
 
Möglicherweise Trojaner? http://www.searchqu.com/406 - Daumen hoch

Möglicherweise Trojaner? http://www.searchqu.com/406



Guten Abend Leute

Ich habe mir ein ziemlich hartnäckiges Problem mit dem Namen hxxp://www.searchqu.com/406 eingefangen! Ich habe auch schon ein wenig im Forum gesucht und habe festgestellt dass das einige haben.
Wie schon von anderen Usern beschrieben legt sich der Link immer vor meine IGoogle-Startseite.(neuester Firefox) Siehe Pic im Anhang. Ich habe auch ein Logfile mit Combofix erstellt. Hijackthis durchgeführt, hat aber nichts gebracht. Ich habe AVAST als Virenscanner der jeden Download scannt bevor ich diesen ausführe. Ein Virenscann mit neuestem Update hat keinen Fehler ergeben. Muss ein ganz ein schlauer gewesen sein der das programmiert hat.

Na wie auch immer. Ich höffe mir kann geholfen werden. Nun mein Logfile:
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-05-30.05 - Michl 30.05.2011 22:44:02.1.2 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.43.1031.18.4094.2835 [GMT 2:00]
ausgeführt von:: c:\users\Michl\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
c:\users\Michl\AppData\Roaming\Microsoft\Windows\Recent\The Witcher 2.url
c:\users\Michl\AppData\Roaming\Mozilla\Firefox\Profiles\wdxuh5yd.default\searchplugins\SearchquWebSearch.xml
D:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-28 bis 2011-05-30 ))))))))))))))))))))))))))))))
.
.
2011-05-30 20:56 . 2011-05-30 20:56    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-05-30 18:49 . 2011-05-30 18:49    --------    d-----w-    c:\program files (x86)\MonitorDriver
2011-05-30 18:49 . 2011-05-30 18:49    --------    d-----w-    c:\users\Michl\AppData\Roaming\InstallShield
2011-05-30 18:12 . 2008-11-04 11:12    23096    ----a-w-    c:\windows\system32\drivers\MTiCtwl.sys
2011-05-30 18:11 . 2011-05-30 18:12    --------    d-----w-    c:\program files\MagicTune Premium
2011-05-30 18:06 . 2011-05-30 18:08    --------    d-----w-    C:\Samsung
2011-05-30 09:45 . 2011-05-30 09:45    --------    d-----w-    c:\users\Michl\AppData\Roaming\Bandoo
2011-05-30 07:29 . 2011-05-30 07:29    --------    d-----w-    c:\users\Michl\AppData\Local\Ilivid Player
2011-05-30 06:33 . 2011-05-30 06:34    --------    d-----w-    c:\programdata\Bandoo
2011-05-30 06:33 . 2011-05-30 06:34    --------    d-----w-    c:\program files (x86)\Bandoo
2011-05-30 06:33 . 2011-05-25 14:55    1524112    ----a-w-    c:\windows\SysWow64\bandoolmx.dll
2011-05-30 06:32 . 2011-05-30 06:32    --------    dc-h--w-    c:\programdata\{EF2D8223-8F3C-423E-BFA7-5E8BEEA8A6C2}
2011-05-30 06:31 . 2011-05-30 06:33    --------    d-----w-    c:\program files (x86)\iLivid
2011-05-30 06:30 . 2011-05-30 06:31    --------    d-----w-    c:\program files (x86)\Windows iLivid Toolbar
2011-05-30 06:28 . 2011-05-30 06:28    --------    d-----w-    c:\users\Michl\AppData\Local\PackageAware
2011-05-28 05:15 . 2011-05-30 07:45    --------    d-----w-    c:\programdata\NVIDIA
2011-05-28 05:15 . 2011-05-28 05:15    --------    d-----w-    c:\users\UpdatusUser
2011-05-28 05:14 . 2011-05-14 04:27    61544    ----a-w-    c:\windows\system32\nvshext.dll
2011-05-28 05:14 . 2011-05-14 04:27    3040360    ----a-w-    c:\windows\system32\nvsvc64.dll
2011-05-28 05:14 . 2011-05-14 04:27    1016936    ----a-w-    c:\windows\system32\nvvsvc.exe
2011-05-28 05:14 . 2011-05-14 04:27    794216    ----a-w-    c:\windows\system32\easyupdatusapiu64.dll
2011-05-28 05:14 . 2011-05-14 04:27    6289512    ----a-w-    c:\windows\system32\nvcpl.dll
2011-05-28 05:14 . 2011-05-14 04:27    2560616    ----a-w-    c:\windows\system32\nvsvcr.dll
2011-05-28 05:14 . 2011-05-14 04:27    117864    ----a-w-    c:\windows\system32\nvmctray.dll
2011-05-28 05:14 . 2011-05-28 05:14    --------    d-----w-    c:\programdata\NVIDIA Corporation
2011-05-28 04:23 . 2011-05-09 22:00    8718160    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{207A9448-6CD4-498A-B792-3B55D01D5780}\mpengine.dll
2011-05-26 15:19 . 2011-05-26 15:19    --------    d-----w-    c:\users\Michl\AppData\Local\PDF24
2011-05-21 16:32 . 2011-05-21 16:32    --------    d-----w-    c:\program files (x86)\Conduit
2011-05-21 16:32 . 2011-05-21 16:32    --------    d-----w-    c:\users\Michl\AppData\Local\Conduit
2011-05-21 16:31 . 2011-05-28 05:31    --------    d-----w-    c:\users\Michl\AppData\Roaming\Xfire
2011-05-21 16:31 . 2011-05-27 05:46    --------    d-----w-    c:\programdata\Xfire
2011-05-21 16:31 . 2011-05-21 16:31    --------    d-----w-    c:\program files (x86)\Xfire
2011-05-21 05:32 . 2011-05-21 05:32    --------    d-----w-    c:\users\Michl\AppData\Local\IsolatedStorage
2011-05-21 05:32 . 2011-05-21 05:32    --------    d-----w-    c:\users\Michl\AppData\Local\Futuremark_Corporation
2011-05-21 05:25 . 2011-05-21 05:25    --------    d-----w-    c:\program files\Futuremark
2011-05-18 19:35 . 2011-05-18 19:35    --------    d-----w-    c:\users\Michl\AppData\Local\The Witcher 2
2011-05-17 10:33 . 2011-05-17 10:33    --------    d-----w-    c:\program files (x86)\Common Files\Java
2011-05-16 13:28 . 2011-02-02 19:40    472808    ----a-w-    c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-16 13:28 . 2011-02-02 19:40    472808    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2011-05-15 16:28 . 2011-05-15 16:28    404640    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-15 12:41 . 2011-05-15 12:41    --------    d-----w-    c:\program files\iPod
2011-05-15 12:41 . 2011-05-15 12:41    --------    d-----w-    c:\program files\iTunes
2011-05-15 12:41 . 2011-05-15 12:41    --------    d-----w-    c:\program files (x86)\iTunes
2011-05-15 12:39 . 2011-05-15 12:39    --------    d-----w-    c:\program files\Bonjour
2011-05-15 12:39 . 2011-05-15 12:39    --------    d-----w-    c:\program files (x86)\Bonjour
2011-05-11 21:47 . 2011-05-11 21:47    71680    ----a-w-    c:\windows\system32\frapsv64.dll
2011-05-11 21:47 . 2011-05-11 21:47    65536    ----a-w-    c:\windows\SysWow64\frapsvid.dll
2011-05-11 09:58 . 2011-05-30 20:40    --------    d-----w-    c:\program files (x86)\Common Files\Akamai
2011-05-11 09:57 . 2011-05-24 08:51    --------    d-----w-    c:\program files (x86)\Kuma Games
2011-05-09 05:20 . 2011-05-09 05:20    89048    ----a-w-    c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-05-09 05:20 . 2011-05-09 05:20    781272    ----a-w-    c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-05-09 05:20 . 2011-05-09 05:20    465880    ----a-w-    c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-05-09 05:20 . 2011-05-09 05:20    1892184    ----a-w-    c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-05-09 05:20 . 2011-05-09 05:20    1874904    ----a-w-    c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-05-09 05:20 . 2011-05-09 05:20    15832    ----a-w-    c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-05-09 05:20 . 2011-05-09 05:20    142296    ----a-w-    c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-09 05:20 . 2011-05-09 05:20    1974616    ----a-w-    c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 15:57 . 2009-08-11 15:20    1629    ----a-w-    c:\programdata\xml42DB.tmp
2011-05-29 15:57 . 2009-08-11 15:20    13598    ----a-w-    c:\programdata\xml422E.tmp
2011-05-29 15:57 . 2009-08-11 15:20    8942    ----a-w-    c:\programdata\xml38AC.tmp
2011-05-16 09:10 . 2009-08-10 19:26    107832    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2011-04-17 19:57 . 2011-04-17 19:57    41872    ----a-w-    c:\windows\SysWow64\xfcodec.dll
2011-04-17 19:57 . 2011-04-17 19:57    27536    ----a-w-    c:\windows\system32\xfcodec64.dll
2011-04-06 14:26 . 2011-04-06 14:26    96544    ----a-w-    c:\windows\system32\dnssd.dll
2011-04-06 14:26 . 2011-04-06 14:26    119584    ----a-w-    c:\windows\system32\dns-sd.exe
2011-04-06 14:20 . 2011-04-06 14:20    91424    ----a-w-    c:\windows\SysWow64\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20    107808    ----a-w-    c:\windows\SysWow64\dns-sd.exe
2011-03-10 17:18 . 2011-04-18 12:07    1360384    ----a-w-    c:\windows\system32\mfc42u.dll
2011-03-10 17:18 . 2011-04-18 12:07    1398784    ----a-w-    c:\windows\system32\mfc42.dll
2011-03-10 17:03 . 2011-04-18 12:07    1162240    ----a-w-    c:\windows\SysWow64\mfc42u.dll
2011-03-10 17:03 . 2011-04-18 12:07    1136640    ----a-w-    c:\windows\SysWow64\mfc42.dll
2011-03-07 12:43 . 2011-03-07 12:43    108144    ----a-w-    c:\windows\SysWow64\CmdLineExt.dll
2011-03-07 11:32 . 2009-08-10 19:26    66872    ----a-w-    c:\windows\SysWow64\PnkBstrA.exe
2011-03-07 11:32 . 2009-08-10 19:26    2337865    ----a-w-    c:\windows\SysWow64\pbsvc.exe
2011-03-07 02:08 . 2011-03-07 02:08    93552    ----a-w-    c:\windows\SysWow64\ElbyCDIO.dll
2011-03-03 16:02 . 2011-04-18 12:08    975872    ----a-w-    c:\windows\system32\inetcomm.dll
2011-03-03 15:42 . 2011-04-18 12:08    739328    ----a-w-    c:\windows\SysWow64\inetcomm.dll
2011-03-03 13:46 . 2011-04-18 12:07    2762240    ----a-w-    c:\windows\system32\win32k.sys
2011-03-02 16:12 . 2011-04-18 12:06    117760    ----a-w-    c:\windows\system32\dnsrslvr.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files (x86)\XfireXO\prxtbXfir.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54    175912    ----a-w-    c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2011-01-17 14:54    175912    ----a-w-    c:\program files (x86)\XfireXO\prxtbXfir.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files (x86)\XfireXO\prxtbXfir.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AsioThk32Reg"="CTASIO.DLL" [2009-06-03 51712]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-26 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\WI371A~1\Datamngr\datamngr.dll c:\progra~2\WI371A~1\Datamngr\IEBHO.dll c:\progra~2\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ     autocheck autochk *\0OODBS
.
R2 BsMobileCS;BsMobileCS;c:\program files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-16 136176]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-01-24 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-09-03 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Shared\Database2\bin\fbserver.exe [2008-08-07 3276800]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-16 136176]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe [2009-05-17 98488]
R3 UPnPService;UPnPService;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-10-21 548864]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-18 27648]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Shared\Database2\bin\FABS.exe [2008-12-16 1155072]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-14 2226792]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
S3 PciPPorts;PCI ECP Parallel Port;c:\windows\system32\DRIVERS\PciPPorts.sys [x]
S3 PciSPorts;High-Speed PCI Serial Port;c:\windows\system32\DRIVERS\PciSPorts.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai    REG_MULTI_SZ     Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-16 15:31]
.
2011-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-16 15:31]
.
2011-05-30 c:\windows\Tasks\User_Feed_Synchronization-{6242D63D-81AE-4DB4-A58D-CF609B1522E2}.job
- c:\windows\system32\msfeedssync.exe [2011-04-18 04:43]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
2011-03-24 12:30    1058712    ----a-w-    c:\progra~2\WI371A~1\Datamngr\x64\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04    134384    ----a-w-    c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 225792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\WI371A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI371A~1\Datamngr\x64\IEBHO.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.searchqu.com/406
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 195.58.160.194 195.58.161.122
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Michl\AppData\Roaming\Mozilla\Firefox\Profiles\wdxuh5yd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-NWEReboot - (no file)
Toolbar-10 - (no file)
AddRemove-Free Studio_is1 - c:\program files (x86)\DVDVideoSoft\Free Studio\unins000.exe
AddRemove-Free Video to iPhone Converter_is1 - c:\program files (x86)\DVDVideoSoft\Free Video to iPhone Converter\unins000.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2428050025-1395815164-813026020-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:c0,86,da,25,fa,ff,50,ee,bd,fa,c7,20,7f,68,a1,12,07,e2,18,3d,5e,6e,f4,
3a,ea,eb,bd,9a,5c,26,28,73,b5,2e,fe,46,2d,35,d9,68,bb,cc,20,b6,6d,af,8e,c5,\
"??"=hex:03,19,76,33,70,8c,2e,19,d1,71,a8,71,bc,15,cf,05
.
[HKEY_USERS\S-1-5-21-2428050025-1395815164-813026020-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:07,4a,78,c8,69,94,60,d8,5a,32,57,fa,8b,2c,e2,b6,c8,8e,f4,b2,39,
4d,f3,d4,f3,65,72,e5,5a,32,59,f2,11,75,03,56,c5,2d,78,e7,5c,2c,ec,03,b5,de,\
"rkeysecu"=hex:65,63,02,0b,30,32,4d,43,7a,bf,a8,73,6d,9d,27,ea
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="96432B8E97A212BD7D91D3F5F13CB7B1B47D1490DD758ACB79043E9419DF841EAB5D3912B618454C3B12D17B61836F0DB9DC8F90AFD08C6F75D3319488DA017F1F701E4C8FC695AA08DD7BD7AD018D06EC174D57210A4DCE4E591D599D858D5159E6BDA604AB280FE7119B5421FBE640881F14A602C8721915FCEAC4D28E4170643BC641D71B23A1FD5CBBECE90B54D0E77BF1780A0BA672833AC9EC0976372DF17EA56DB3BB347E93852E4F9698B24110C6B678542018F0731FAB9A03120D4A54D30EB1A38709FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A9C6AECB7A5D1407A9C6AECB7A5D1407FC7302533105EBBF5DE26080DE44A73C8501FCAF93CBB4D7F0888C7DE04785D186453105E4004699B8347DDF55517DD06BC4C8B550260DE1381DC5D78290752975FA00719B6C6D29149A10C6910CD0D3CD31348237814FDC9F78AF14206E01A296C77621536431A56DC132FC5159930EF78B93C0662D3440DE186FE1D5B645872F022F62C467B248347A969486038EC9A33CCB622CD9470A9E1EBF2F6DA33426F4A5DB4858DAE6514CB77F5FD8B25AD705D1D4990D9CE739FCD07033E853115013CF3D28AA0318810D914673227BE60BC07ABC603FEE49540C9960677B49765B29452C9C0F8E64A144C5D6ADF0CF77BB6D8DA472AE2EF4E3D28609888F6A4FA0496B13838A0A3C7A313131AC0889A0C51B02424F7A9BC4F24A4AF3954082DCFDFB4EF1FED4EAE7DB8659EA535EE350874976DE3A77DC69936039BD57DD3F35D5BA9B5A755D087E98EE66AA491DFEC2656C2BD6BD2C7C6659784E9A546DB3BF0C75A77610459C6F8604A32EF824610C47EE839CA455E593DDE628CF5B2855398C0EE8FEBE62C67C005781441284719219AC0BB4FE60EA9C3DF687B8FBF97EB2C35D794433BD0CBAE4EA92D287877C914978EC38A1724282186651C28B826F92232E19A9E194539497B911509024B216CC157A5425E2049714E6126F2518C70F203D2AA5875867C6FD2D57CA298B28069BBC29CBE23C2E03D81EF556244290353640B3459FAF7763832765610F1F5515AF9B90727E3FA24313A74E21A9BCB2E7DFDCE0A56E731951177A5E484676174F8854EEB1D9DFA4267310928E1CF9FBD9A22E807BF8B140C92A700CC795D9AD142DFA24879E43604F2F595CF0231DA01501C3058D0A2BCA5AB3C3D8BD884A3E94A01937053747E137FDF9E8ADADFE36F585A006B7AE55F6642F25D5986D794FD971AACDCFD5F99AA91D5C9A3F6AAB372DBEBBBEE73BD9691F9AB7B5DCD8CC4FBC2F21B61F6CA0DF45CCDDF736D0E481BF3E7E0DA243172892F815522421DF8C6C6D61634235316B00D2D1A9B0191ED78518CA74FEA29D9F9DD0C7"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-05-30 22:58:02
ComboFix-quarantined-files.txt 2011-05-30 20:58
.
Vor Suchlauf: 26 Verzeichnis(se), 24.973.291.520 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 32.796.090.368 Bytes frei
.
- - End Of File - - F00A9372940E351F68BB9CDD92EDBED2
         
--- --- ---
Miniaturansicht angehängter Grafiken
-www.searchqu-com.jpg  

Alt 31.05.2011, 20:25   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Möglicherweise Trojaner? http://www.searchqu.com/406 - Standard

Möglicherweise Trojaner? http://www.searchqu.com/406



Bitte beachten => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html


Einen ganz klaren Hinweis gibt es auch zu http://www.trojaner-board.de/95175-combofix.html
Zitat:

Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________

__________________

Alt 31.05.2011, 20:29   #3
M-K-D-B
/// TB-Ausbilder
 
Möglicherweise Trojaner? http://www.searchqu.com/406 - Standard

Möglicherweise Trojaner? http://www.searchqu.com/406





Mein Name ist M-K-D-B und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Bitte arbeite solange mit mir mit, bis ich dir sage, dass wir hier fertig sind.
  • Solltest du mir nicht innerhalb von 5 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
  • Für Benutzer von Windows Vista und Windows 7 gilt: Alle Programme mit Rechtsklick "Als Administrator ausführen" starten.

Ich bereite jetzt einen Fix vor und melde mich so bald als möglich mit weiteren Anweisungen.
__________________
__________________

Alt 31.05.2011, 20:30   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Möglicherweise Trojaner? http://www.searchqu.com/406 - Standard

Möglicherweise Trojaner? http://www.searchqu.com/406



Mach du mal weiter, M-K-D-B
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 31.05.2011, 20:49   #5
M-K-D-B
/// TB-Ausbilder
 
Möglicherweise Trojaner? http://www.searchqu.com/406 - Standard

Möglicherweise Trojaner? http://www.searchqu.com/406



Zitat:
Zitat von cosinus Beitrag anzeigen
Mach du mal weiter, M-K-D-B
Ich wollte dir nicht in die Quere kommen.


Alt 31.05.2011, 21:20   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Möglicherweise Trojaner? http://www.searchqu.com/406 - Standard

Möglicherweise Trojaner? http://www.searchqu.com/406



Nein tust du nicht, ich hab eh genug Fälle offen
__________________
--> Möglicherweise Trojaner? http://www.searchqu.com/406

Alt 01.06.2011, 06:35   #7
Oberoanut
 
Möglicherweise Trojaner? http://www.searchqu.com/406 - Standard

Möglicherweise Trojaner? http://www.searchqu.com/406



Tag Leute
Bitte streitet euch nicht, Ihr hilfsbereiten Seelen.


@ M-K-D-B
Ab sofort tu ich nichts mehr, ausser du sagst es mir. Gestern hab ich aber noch folgendes gemacht. Ich habe mir die neueste Virendefiniton von AVAST geholt und bin im abgesicherten Modus hochgefahren. Habe AVAST dann per Hand ausgeführt und einen Deepscann gemacht. Hat ewig lange gedauert. Gebracht hat es freilich nichts, ausser einigen interessanten Ergebnissen, siehe Pic im Anhang.

Was mir noch aufgefallen ist das ich, seit ich mir das "Ding" eingetretten habe, dauern Festplattenzugriffe habe falls das von Interesse ist.

THX for Help Oberonaut.
Miniaturansicht angehängter Grafiken
-avast-container.jpg  

Alt 01.06.2011, 15:14   #8
M-K-D-B
/// TB-Ausbilder
 
Möglicherweise Trojaner? http://www.searchqu.com/406 - Standard

Möglicherweise Trojaner? http://www.searchqu.com/406



Hallo Oberoanut,



Zitat:
Zitat von Oberoanut Beitrag anzeigen
Bitte streitet euch nicht, Ihr hilfsbereiten Seelen.



Zitat:
Zitat von Oberoanut Beitrag anzeigen
@ M-K-D-B
Ab sofort tu ich nichts mehr, ausser du sagst es mir.
Genau das wollte ich hören.




Schritt # 1: Fragen beantworten
Bitte beantworte mir folgende Fragen:
  • Du erwähntest etwas von Festplattenzugriffen:
    Zitat:
    Zitat von Oberoanut Beitrag anzeigen
    Was mir noch aufgefallen ist das ich, seit ich mir das "Ding" eingetretten habe, dauern Festplattenzugriffe habe falls das von Interesse ist.
    Kannst du das noch näher beschreiben? Welches Programm meldet wann von wo aus welchen Zugriff?




Schritt # 2: Deinstallation von Programmen
  • Folge folgendem Pfad: Start -> Systemsteuerung -> Programme deinstallieren
  • Suche in der Liste Software mit dem folgenden Namen
    • Conduit
    und deinstalliere das Programm.
  • Solltest du am Ende der Deinstallation zu einem Neustart aufgefordert werden, so führe diesen durch.




Schritt # 3: CFScript mit ComboFix ausführen
Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
DDS::
uInternet Settings,ProxyOverride = *.local

FireFox::
FF - ProfilePath - c:\users\Michl\AppData\Roaming\Mozilla\Firefox\Profiles\wdxuh5yd.default\
FF - prefs.js: browser.search.defaulturl - http://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - http://www.searchqu.com/406
FF - prefs.js: keyword.URL - http://www.searchqu.com/web?src=ffb&systemid=406&q=
         
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.





Schritt # 4: Kontrollscan mit Malwarebytes' Anti-Malware (MBAM)
Downloade Dir bitte Malwarebytes' Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.




Schritt # 5: aswMBR.exe ausführen
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Klicke auf Scan
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.





Schritt # 6: Benutzerdefinierter Scan mit OTL
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%PROGRAMFILES%\*.
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe 
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
         
  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread




Schritt # 7: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
  • die Beantwortung der gestellten Fragen,
  • eine Rückmeldung über die Deinstallation von Conduit,
  • das neue Logfile von ComboFix,
  • das Logfile von aswMBR und
  • die beiden Logfiles von OTL (OTL.txt und Extras.txt).

Alt 03.06.2011, 09:35   #9
Oberoanut
 
Möglicherweise Trojaner? http://www.searchqu.com/406 - Standard

Möglicherweise Trojaner? http://www.searchqu.com/406



Hallo

Zu den gefragten HD zugriffen. Na ja, die HD hat ständig volle Auslasstung, will sagen Schreib und Lesezugriffe. Welche Programm das sind kann ich nicht sagen. Ich hab dir mal zwecks besserer Erklärung ein Pic vom Resourssenmonitor hochgelden.

Zu Schritt 2........War erfolgreich.

Zu Schritt 3.........Hab alles so wie beschrieben gemacht. Es kommt aber eine Fehlermeldung. Siehe Pic im Anhang. Vorher hat sich Combofix aber wie vorgesehen problemlos geupdatet.
Miniaturansicht angehängter Grafiken
-hd-auslastung.jpg   -combo-fix-fehler.jpg  

Alt 03.06.2011, 13:17   #10
M-K-D-B
/// TB-Ausbilder
 
Möglicherweise Trojaner? http://www.searchqu.com/406 - Standard

Möglicherweise Trojaner? http://www.searchqu.com/406



Hallo Oberoanut,



Zitat:
Zitat von Oberoanut Beitrag anzeigen
Zu den gefragten HD zugriffen. Na ja, die HD hat ständig volle Auslasstung, will sagen Schreib und Lesezugriffe. Welche Programm das sind kann ich nicht sagen. Ich hab dir mal zwecks besserer Erklärung ein Pic vom Resourssenmonitor hochgelden.
Ok, nach der Bereinigung schauen wir uns das nochmal an.


Zitat:
Zitat von Oberoanut Beitrag anzeigen
Zu Schritt 2........War erfolgreich.
Gut.


Zitat:
Zitat von Oberoanut Beitrag anzeigen
Zu Schritt 3.........Hab alles so wie beschrieben gemacht. Es kommt aber eine Fehlermeldung. Siehe Pic im Anhang. Vorher hat sich Combofix aber wie vorgesehen problemlos geupdatet.
Dann versuchen wirs ab ComboFix nochmal:


Lösche die vorhandene ComboFix.exe von deinem Desktop und lade dir eine neue herunter. Vergewisse dich, dass du die Zeilen meines Fixes in den Windows Editor kopierst und als Textdatei (.txt) abspeicherst!
Genau beschrieben steht das Ganze auch nochmal unter Schritt # 1!





Schritt # 1: CFScript mit ComboFix ausführen
Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
DDS::
uInternet Settings,ProxyOverride = *.local

FireFox::
FF - ProfilePath - c:\users\Michl\AppData\Roaming\Mozilla\Firefox\Profiles\wdxuh5yd.default\
FF - prefs.js: browser.search.defaulturl - http://search.conduit.com/ResultsExt.aspx?ctid=CT2849855&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - http://www.searchqu.com/406
FF - prefs.js: keyword.URL - http://www.searchqu.com/web?src=ffb&systemid=406&q=
         
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.





Schritt # 2: Kontrollscan mit Malwarebytes' Anti-Malware (MBAM)
Downloade Dir bitte Malwarebytes' Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.




Schritt # 3: aswMBR.exe ausführen
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Klicke auf Scan
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.





Schritt # 4: Benutzerdefinierter Scan mit OTL
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%PROGRAMFILES%\*.
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe 
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
         
  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread




Schritt # 5: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
  • das neue Logfile von ComboFix,
  • das Logfile von MBAM,
  • das Logfile von aswMBR und
  • die beiden Logfiles von OTL (OTL.txt und Extras.txt).

Alt 04.06.2011, 06:41   #11
Oberoanut
 
Möglicherweise Trojaner? http://www.searchqu.com/406 - Standard

Möglicherweise Trojaner? http://www.searchqu.com/406



Hi M-K-D-M

Ab Schritt 3 hat jetzt alles funltioniert. Ich hab alle Anweisungen deines neuen Postings nacheinnader abegearbeitet. Hier die Ergebnisse:

Schritt 1 Combofix: Die CFScript.txt ist zwar durchgegangen aber ich finde kein Log mit Namen CFScript.txt nirgendwo auf meinem Pc. Nur eines das Log geheissenen hat wo aber Combofix drinnengestanden hat. Hab es dir sicherheitshalber hochgeladen. Heisst halt Log.txt.

Schritt 2 Malwarebytes hat keine Fehler gefunden. Deshalb war auch nix anzuhacken. Siehe Pic.

Schritt 3 aswMBR ausgeführt. Das Log hast du in der Anlage!

Als Schritt 4 habe ich noch den Scann mit OTL gemacht. Findest du auch in der Anlage. Leider kannt ich die txt Datein nicht hochladen da immer die Fehlermeldung kommt. Sie Pic.
Miniaturansicht angehängter Grafiken
-malwarebyts.jpg   -hochladefehler.jpg  
Angehängte Dateien
Dateityp: txt aswMBR.txt (1,3 KB, 176x aufgerufen)
Dateityp: txt log.txt (28,7 KB, 181x aufgerufen)

Geändert von Oberoanut (04.06.2011 um 06:48 Uhr)

Alt 04.06.2011, 09:42   #12
Oberoanut
 
Möglicherweise Trojaner? http://www.searchqu.com/406 - Standard

Möglicherweise Trojaner? http://www.searchqu.com/406



Ach ja, das wollte ich noch melden. Ich habe jetzt wieder meine geliebtes IGoogle als Startseite. Nur die von mir durchgeführteten personaliesierungen funzen nicht mehr.Schau bitte das Pic an. Soll ich die AddONs überprüfen?
Miniaturansicht angehängter Grafiken
-igoogle-fehler.jpg  

Alt 04.06.2011, 09:57   #13
M-K-D-B
/// TB-Ausbilder
 
Möglicherweise Trojaner? http://www.searchqu.com/406 - Standard

Möglicherweise Trojaner? http://www.searchqu.com/406



Hallo Oberoanut,


Zitat:
Zitat von Oberoanut Beitrag anzeigen
Schritt 1 Combofix: Die CFScript.txt ist zwar durchgegangen aber ich finde kein Log mit Namen CFScript.txt nirgendwo auf meinem Pc. Nur eines das Log geheissenen hat wo aber Combofix drinnengestanden hat. Hab es dir sicherheitshalber hochgeladen. Heisst halt Log.txt.
Das war das richtige Logfile.


Zitat:
Zitat von Oberoanut Beitrag anzeigen
Als Schritt 4 habe ich noch den Scann mit OTL gemacht. Findest du auch in der Anlage. Leider kannt ich die txt Datein nicht hochladen da immer die Fehlermeldung kommt. Sie Pic.
OTL erstellt 2 Logfiles: OTL.txt und Extras.txt. Ich brauche beide!
Du kannst die Textdateien auch mit 7-Zip oder WinRAR packen und dann als Archiv hier hochladen.
Oder was noch einfacher ist: Öffne ein Textdokument, kopiere den ganzen Inhalt und füge ihn direkt hier ins Forum mit der nächsten Antwort ein.


Zitat:
Zitat von Oberoanut Beitrag anzeigen
Ach ja, das wollte ich noch melden. Ich habe jetzt wieder meine geliebtes IGoogle als Startseite. Nur die von mir durchgeführteten personaliesierungen funzen nicht mehr.Schau bitte das Pic an. Soll ich die AddONs überprüfen?
Auch wenn deine Startseite wieder die richtige ist, ist dein Rechner noch nicht sauber.
Um dir weiter helfen zu können, benötige ich die genannten Logfiles von OTL.

Alt 04.06.2011, 16:06   #14
Oberoanut
 
Möglicherweise Trojaner? http://www.searchqu.com/406 - Standard

Möglicherweise Trojaner? http://www.searchqu.com/406



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.06.2011 18:43:44 - Run 2
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Michl\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 48,80% Memory free
12,47 Gb Paging File | 10,45 Gb Available in Paging File | 83,78% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 178,79 Gb Total Space | 38,61 Gb Free Space | 21,59% Space Free | Partition Type: NTFS
Drive D: | 119,30 Gb Total Space | 34,63 Gb Free Space | 29,03% Space Free | Partition Type: NTFS
Drive E: | 340,65 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MICHL-PC | User Name: Michl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = A4 15 D5 A6 0A 12 CA 01  [binary data]
"VistaSp2" = 56 31 0E B9 8B 12 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0178B4D4-AD64-4EE5-A9BC-5E25F9460FBF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{06B6E1C6-F5F6-498D-843C-04E59A7D07CC}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{078CA9E6-2C98-4BB7-A5B0-758B01CD13E0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1803F978-7D43-48F5-98CC-4D042A4C23B3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{18370743-7A0F-4DE7-97A0-8E98C3AE334E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{18B44616-0027-472D-B2FD-2609DF1D77E6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1EEB1B26-860A-4E78-A75C-FDE45CEEC2F8}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) | 
"{21471F00-8E9F-46CB-9108-57351DB3F5AF}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{31839FDF-EBC9-4EB1-A206-424696317BE1}" = lport=51110 | protocol=6 | dir=in | name=akamai netsession interface | 
"{3383428B-5880-4077-A1A7-6CC22A99E5C8}" = lport=58638 | protocol=6 | dir=in | name=pando media booster | 
"{352120F2-9455-4D70-85AC-47A07A342DE6}" = lport=58638 | protocol=17 | dir=in | name=pando media booster | 
"{419BA4D8-8047-488F-8500-AD6E10DB62B8}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{42F29363-B669-4696-B4B7-3679B516DCD9}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{47136509-D612-4127-8186-DCB66363C8E3}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{496C096C-B181-4763-A21A-BDEF6BC36020}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{4A40B1E6-3047-475F-8B72-976EA40910CC}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{5C7ACC72-FE5A-456A-941C-BE66C82B891B}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{5CBF0157-2383-406D-AF54-81A19C1A4C50}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{5F7AB8F2-9E63-4A51-AC02-55B5AAD2994A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{61BD9739-A1A2-48D0-AD8B-F053C0FE0842}" = lport=445 | protocol=6 | dir=in | app=system | 
"{63284D86-D59A-4A05-AF9F-6434BF0C5F2B}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server | 
"{63E08E73-0CE6-4456-81E4-34D382A979B9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{73A319A2-4498-4195-A694-9DD1D74FD5F5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{77913F17-FB48-449A-BDAC-4F53E08F5CCF}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{789AF40D-E7D7-4B4E-9C18-0CC99E95A1F5}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{79C7B78C-7617-4DF6-99A6-D7F881FCD898}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7DEAA28B-0165-4779-B70D-5A052D04BC59}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) | 
"{7F7915A1-E802-475C-84D7-D43550A35982}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{86C6B99F-030E-4C14-B91A-B32397552A3F}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) | 
"{ABC1BEB0-1829-4962-80B3-C885851B0EEB}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\rpcagentsrv.exe | 
"{AFE0887B-9DDE-448E-9E30-427AFB26D9EE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B236DA09-E01C-448A-9F62-E947A1995F5D}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B2EB82F0-E417-4F7B-968A-4E4785C967D4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B49D5A59-4A5F-48B0-8A97-5A0B7827775D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BD7EF39F-E33D-4F35-B675-DF219F63B031}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{C1CDB01D-7099-44AC-9973-23481DFB167F}" = lport=58638 | protocol=6 | dir=in | name=pando media booster | 
"{C1FB27E6-62F3-4DC6-ACDA-080BC28B44B2}" = lport=58638 | protocol=17 | dir=in | name=pando media booster | 
"{C45B4BFB-07FA-48C4-9883-96DD494FB123}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C4F5990B-FA47-4641-8352-00A43640DB69}" = lport=139 | protocol=6 | dir=in | app=system | 
"{C51B099B-CEEC-4084-A13B-CCC30F757314}" = lport=61850 | protocol=6 | dir=in | name=bittorrent 7.2 | 
"{C729F6D3-2C98-45A0-B8B2-5A88143F7C3E}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{C778836C-E716-49E3-895C-A53CCDEAE02C}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) | 
"{CFB1BF22-6A64-4BF3-B66A-6B6353F559CF}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{D20A186F-061D-42E3-95C7-7CA177ACB68A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D3E46B9A-F26C-4F99-9149-FDB4D4860442}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{D8080320-3CFB-4B58-8BB3-36EAB7A8C65E}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{E39EE1E2-F3D1-4517-833F-60717D456368}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E649275A-6140-4816-A167-0064FE18AAF5}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{F3D8264C-1CE6-4E47-9325-F04FF34C276A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F85F1DDA-D15A-4BC1-8B65-C1BEC04FC140}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00029D0C-79A4-4BE3-936A-9C1112473605}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{02605633-86CB-40CE-9CCE-6FC14BBA5FF8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe | 
"{0607F5C2-C5F8-4BD7-875F-E12F6C05BBD6}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{078CDBB3-0B31-446F-813B-A7A9024632F6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{08033F94-67E7-4BBD-B387-6D40BD0D4B67}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{099FEBDF-7AE1-47F6-BBEF-84104FC83287}" = protocol=17 | dir=in | app=d:\torrent\bittorrent.exe | 
"{09E43FE4-BCA2-4F71-A717-F11CCDC75A6D}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{0DF5B17B-A645-4942-ACBE-ED13DB74867E}" = protocol=17 | dir=in | app=d:\ofp2\ofdr.exe | 
"{141098F5-1545-4A64-92D0-9FE0AFCD9442}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{15830C7B-9372-4905-9947-F7521CAF8017}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{167FF43E-4E15-4801-A9C9-7AAD1C20A303}" = protocol=6 | dir=in | app=c:\program files (x86)\kuma games\kuma.exe | 
"{169DE562-16E4-4EBD-B922-65B8633E0288}" = protocol=6 | dir=in | app=d:\perfect world entertainment\forsaken world de\patcher.exe | 
"{1D9C8689-117A-4902-BFA6-0F0128C2CF90}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{22D56D7E-8EB7-4DDC-80F2-B4E8454A73E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{262B645C-231F-447B-95F2-95004D8D6CFF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{29BFD687-5C4B-4F69-8250-B18392756B56}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{2D8D2E32-692E-4793-B61E-2A17408FC90F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | 
"{2D982674-D124-43AF-9A39-AC0AE47E3EB1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | 
"{34708BFA-66A9-490B-A241-3106C957BE32}" = protocol=17 | dir=in | app=d:\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | 
"{36C12581-0273-40B6-B16A-20AE7A2190B9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\magix shared\upnpservice\upnpservice.exe | 
"{3B397BCA-FE7B-40AC-BAB6-FB620AAD4C9F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\rgsc\rgsclauncher.exe | 
"{3DA88608-E76E-4B01-A4A1-C77396D746A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\daoriginslauncher.exe | 
"{3F9A843E-AFC1-4860-BAB5-0519DEFEBD13}" = protocol=6 | dir=in | app=d:\ofp2\ofdr.exe | 
"{461FD8AD-E9F7-4E25-A258-676911408A05}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{464EE3FE-B462-4377-9385-1289016952EE}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{4BB4E3EC-82DC-4BF6-9204-77ABE1EFF2D7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{4E02A7B4-CE79-4067-841C-3FDDADC1F3BF}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{53713714-09B7-4926-81BB-0345B39818E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bonuscontent\launch.bat | 
"{54393781-7BED-40CE-B984-C8EAAD3D955B}" = protocol=17 | dir=in | app=c:\windows\temp\inode_config.exe | 
"{54BB7639-1ACA-4131-85B1-08541566B77F}" = protocol=17 | dir=in | app=d:\perfect world entertainment\forsaken world de\patcher.exe | 
"{567CF991-FCE9-4522-BFDC-D44E78E6DCFD}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5697000C-120F-4F42-B17C-F7834998FFB6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{5810280F-DDE1-41DC-B5E2-5D2C80898F13}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{58875C1A-6050-44EB-84B5-2DE5865B55D0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5B80EF23-FBF1-4FC0-B842-8B13E51C4321}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\daoriginslauncher.exe | 
"{5C1DC662-A491-45DE-B7F9-529CC66D0184}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{5E91D8D3-9E7B-4DDB-ADBE-B43F26F07FE1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe | 
"{5F76F72C-EFDD-485B-82E1-6EBC37F2EAFD}" = protocol=17 | dir=in | app=d:\two worlds ii\twoworlds2.exe | 
"{60784B9F-C048-4BE9-B85A-F856BB08089C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6400136F-DEA9-461E-A0EF-42746A98FA26}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{66D6E3E4-3959-448C-8945-DB989846ED35}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{6938B234-9CA7-4445-955E-5A48B7AA3056}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{69FD9D73-D103-4F9B-8A74-700778C6260B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{6E43AB73-01D0-488F-BB51-800314221953}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{6E7176BD-D032-43A7-B876-10182237C751}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{6EFED271-A428-49E4-8D77-106399D165BA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{732901EA-432A-412A-BBD5-9D81F27F8836}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{7480314E-C22A-4FD0-97E8-A90187EC6955}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{74A26A45-86FC-4BDE-8351-567D40E3A7EC}" = protocol=6 | dir=in | app=d:\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | 
"{763B2917-060D-4346-BAD3-64F1AF463F5A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe | 
"{773AC544-1377-452F-8FC5-2F5BA7CFB160}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{7BE3D29A-39F8-4053-8072-6FC5B5EF0B0F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\magix shared\upnpservice\upnpservice.exe | 
"{7C3D183D-2C83-4CD1-8A55-6E2C18A7F55B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{85FCAA85-5800-4CEC-9A00-60F645457A19}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{8930E3C8-1EAD-4795-9CB9-B7A6A27937B6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8F13C242-EB63-443E-9D1D-68F1604400F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe | 
"{8FC886BF-7136-4AFA-B17C-71C0812D1100}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{91137021-56FD-4E82-B018-BD0A45BD02C7}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\toolbar\dtuser.exe | 
"{92587D7B-C5E2-496E-850E-6D7EB95E5FBA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{93B58710-FAEA-4D09-A5BD-FABF3FCCC5B9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{940BE8E6-957A-4057-9D35-D3FAE58EBEC0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{950BA699-AA9F-4342-83FE-75D2AF1A7803}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{952E269C-8245-4C7E-BE00-7FA20105D1C9}" = protocol=17 | dir=in | app=d:\bfbc2\bfbc2updater.exe | 
"{95DE03B9-09B4-4911-87FA-E28AE85DBBAD}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\rpcagentsrv.exe | 
"{973E8290-81D2-4A5F-87DD-F3FE048B810E}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{99FBB628-5DE4-41F8-BC9B-E8F124020A62}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{9A97478F-E08E-45EC-9F2C-C7B2A95B5A0D}" = protocol=6 | dir=in | app=d:\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | 
"{9D0E2728-C66A-485F-AC65-44FA7A00BC36}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\rgsc\rgsclauncher.exe | 
"{9D40F525-EB7C-484E-A2D9-D2B53388111C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{9EAA830C-267A-44E0-BCD8-1D7ECE17F44E}" = protocol=6 | dir=in | app=d:\two worlds ii\twoworlds2.exe | 
"{A23AA91B-6B94-4E63-B69A-D155FAAA6A55}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe | 
"{A512EB83-936D-4CAE-875D-8E97B7698544}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{A59E1598-8D5A-4299-91F7-0457617934B4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bonuscontent\launch.bat | 
"{A8E75999-A2F4-4C0E-8B61-4A844A4DB27B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe | 
"{AAC6BAD2-A78E-46AF-BADA-F21DDD7390BA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rainbow six vegas 2\binaries\r6vegas2_game.exe | 
"{AB728438-A2F5-41DE-B93F-83D20E1F484A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\magix shared\upnpservice\upnpservice.exe | 
"{B148F639-ED48-4AAE-8DD6-2DBB0AA7296F}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{B5A90F9C-AC46-4550-9801-28EC109FFBB6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daorigins.exe | 
"{B72C18F2-48CF-4DD2-902B-CD94DF8CE288}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe | 
"{BA9B105A-6C43-4781-8969-9EFAD10ECF0E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe | 
"{BC262260-DB18-4E6C-82A5-213BF675CB0A}" = protocol=6 | dir=in | app=d:\bfbc2\bfbc2updater.exe | 
"{BCB8FA8C-C148-4DBE-896F-BE1B9C9AED6F}" = protocol=6 | dir=in | app=d:\torrent\bittorrent.exe | 
"{C1D3C9A4-276D-42F6-A72F-AD8A173443DD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rainbow six vegas 2\binaries\r6vegas2_game.exe | 
"{C94AD695-A2E9-4D66-B0D5-EE5151F52E04}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{D566B7E5-B2F5-4F21-9D4E-F6A9FEC7C479}" = protocol=6 | dir=in | app=d:\bf2\bf2.exe | 
"{D791E327-B318-4CB5-A312-22A690354A53}" = protocol=17 | dir=in | app=d:\runes of magic\runes of magic.exe | 
"{D7CE760A-167E-4AC1-A305-C165468E1B8F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{DAE9CE5A-423C-4B0B-804F-44E9B4B25D0A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aliens vs predator demo\avp.exe | 
"{DCD1BBDB-5593-47D1-A7C3-17D9642627DB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{E97ACDCF-4A12-4B3A-AA54-6922D82E14A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mass effect\binaries\masseffect.exe | 
"{E9E77BA0-4EF2-4F3C-A3DB-B0116BC33713}" = protocol=17 | dir=in | app=d:\bf2\bf2.exe | 
"{EB9A0D25-EF1D-40CC-B55A-A7CB0100493F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{EC1624A8-59EC-4A7D-B479-77D6F547142E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\aliens vs predator demo\avp.exe | 
"{ED217C9E-7116-45C9-B44E-6D464D238A31}" = protocol=17 | dir=in | app=d:\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | 
"{ED31015D-6C32-4CFA-9D30-22D98D5E04C0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{ED602387-BC15-4DB5-96F2-28C397734644}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe | 
"{EFEE77E5-2E01-42AA-AF62-33B62FFA0456}" = protocol=17 | dir=in | app=c:\program files (x86)\kuma games\kuma.exe | 
"{F1DABFDA-156E-4920-B2AB-25B0A296C463}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{F200C484-B03E-4EF0-8EBD-4902D68A122F}" = protocol=6 | dir=in | app=c:\windows\temp\inode_config.exe | 
"{F3177E61-886E-4840-AF0A-A30B6DAAD705}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleil.exe | 
"{F4B2583B-A440-4ACA-ACB5-917B2DF3D9CB}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{F4E3009C-9ED1-4B44-B464-C2E77F7C2206}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\toolbar\dtuser.exe | 
"{F5AABC6C-E039-4279-9897-41801E71D9E7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{F5F0B872-D305-4ED2-9F0D-562858E2838B}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{FAEE944B-15D9-425D-80BB-FC59A787C924}" = protocol=6 | dir=in | app=d:\runes of magic\runes of magic.exe | 
"{FE6D3738-0E55-4623-BBE0-FE5606E4C6B9}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2009.sp3c\wnt500x64\rpcsandrasrv.exe | 
"{FF71266C-14D6-4577-B944-115CBED889EB}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\magix shared\upnpservice\upnpservice.exe | 
"TCP Query User{021E3BE7-6B56-4D4B-BFAD-46EDCAE29543}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe | 
"TCP Query User{0C40D5F0-802F-4104-8DE3-6FD09AED9E25}C:\program files\elba5\db\sybase\dbeng9.exe" = protocol=6 | dir=in | app=c:\program files\elba5\db\sybase\dbeng9.exe | 
"TCP Query User{0C740723-7BA9-439D-A857-93FF9B57114F}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"TCP Query User{1BF1948B-A10F-4078-983C-DA30B2DEF449}D:\lodro\lotroclient.exe" = protocol=6 | dir=in | app=d:\lodro\lotroclient.exe | 
"TCP Query User{2A66C4B6-EA7D-4416-B3E5-1CAC8A9C3923}D:\anno1701\anno1701.exe" = protocol=6 | dir=in | app=d:\anno1701\anno1701.exe | 
"TCP Query User{41B4320B-A272-4896-ADF8-6A732C51BEA0}D:\runes of magic\launcher.exe" = protocol=6 | dir=in | app=d:\runes of magic\launcher.exe | 
"TCP Query User{49D26C21-4F61-46B6-9777-3036507636F1}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{50497538-BDE2-4FC7-A5E7-D0C17D4736E5}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"TCP Query User{5BEB99B1-2AAF-4566-B0DD-D34ACA3C0914}C:\program files\elba5\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\elba5\jre\bin\javaw.exe | 
"TCP Query User{5F84F074-E32C-4C42-B88C-8E5B31213D98}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{5FFE4FFD-F4CE-4029-87AE-7CF13C218DA5}C:\users\michl\downloads\crysis2(5620)_r\crysis2(5620)_01_13\bin64\crysis2.exe" = protocol=6 | dir=in | app=c:\users\michl\downloads\crysis2(5620)_r\crysis2(5620)_01_13\bin64\crysis2.exe | 
"TCP Query User{7082BD35-2E36-4D1D-B295-1E46E3C112F3}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{7096C0C2-F500-4753-B908-D55B69671429}C:\program files (x86)\xfire\ua_lsp_inst.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\ua_lsp_inst.exe | 
"TCP Query User{7ABF9005-A1BF-4426-B04D-7D6D25E6806D}D:\anno1701\anno1701.exe" = protocol=6 | dir=in | app=d:\anno1701\anno1701.exe | 
"TCP Query User{86727DC0-0993-4FD3-A9B6-92349E3A2B12}D:\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=d:\electronic arts\need for speed world\data\nfsw.exe | 
"TCP Query User{8A936DB5-A57D-4E8E-B5AE-4CBD490DA07C}C:\users\michl\downloads\tinyumbrella-4.21.01.exe" = protocol=6 | dir=in | app=c:\users\michl\downloads\tinyumbrella-4.21.01.exe | 
"TCP Query User{91DA99A3-0BEF-4938-AAAD-207030F7E8C8}C:\program files\elba5\db\sybase\dbeng9.exe" = protocol=6 | dir=in | app=c:\program files\elba5\db\sybase\dbeng9.exe | 
"TCP Query User{9D1F056F-7E56-45EC-91E9-F679E98A9486}C:\program files\elba5\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\elba5\jre\bin\javaw.exe | 
"TCP Query User{ABACBD8C-9A07-4F4C-A8C0-F6BB5BD31BBD}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe | 
"TCP Query User{AFD4C2DC-890D-4F8A-9CFD-9CE4E32D5FE0}C:\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\metin2\metin2.bin | 
"TCP Query User{B1D9698D-152C-4F6A-B3C7-E0332D761295}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{B24A9DB1-4564-41DA-8CCC-8631DCDFCF84}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{BCAD3ABD-2946-4345-960A-8F676FC10371}C:\users\michl\downloads\crysis2(5620)_r\crysis2(5620)_01_13\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\users\michl\downloads\crysis2(5620)_r\crysis2(5620)_01_13\bin32\crysis2.exe | 
"TCP Query User{BDB3226E-4053-475A-BDE3-E052E97A4DFC}C:\program files\magictune premium\magictune.exe" = protocol=6 | dir=in | app=c:\program files\magictune premium\magictune.exe | 
"TCP Query User{C634798B-DFFD-44ED-8092-AB55FBB0E27B}D:\runes of magic\client.exe" = protocol=6 | dir=in | app=d:\runes of magic\client.exe | 
"TCP Query User{D07767BB-58C1-43E0-8AC5-53FC7BFEBCC3}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"TCP Query User{D3CE51E8-5374-412F-9CE4-2066292178B3}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{DABAC4C3-E4E0-4DF6-9867-DC8E8F438D3C}C:\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\metin2\metin2client.bin | 
"TCP Query User{DE41E37F-1070-418C-879C-0FB0012C12F2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{E3C91F8F-B69D-417E-880C-370C878D5C08}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{E778D341-CCBF-4C19-83C0-1DF77ED8B2A6}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{EC83F4D3-3ADC-42C7-9786-411F9B51ECA0}D:\mtx\mtx.exe" = protocol=6 | dir=in | app=d:\mtx\mtx.exe | 
"TCP Query User{F13C48F7-1A7A-4E85-94A8-2980067850E9}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"UDP Query User{13448797-7B33-446F-A7BF-A8BCCB06BCFF}C:\users\michl\downloads\tinyumbrella-4.21.01.exe" = protocol=17 | dir=in | app=c:\users\michl\downloads\tinyumbrella-4.21.01.exe | 
"UDP Query User{15832E9D-8487-4B6C-9273-74EAD637BE8F}C:\users\michl\downloads\crysis2(5620)_r\crysis2(5620)_01_13\bin64\crysis2.exe" = protocol=17 | dir=in | app=c:\users\michl\downloads\crysis2(5620)_r\crysis2(5620)_01_13\bin64\crysis2.exe | 
"UDP Query User{15CA0134-A06E-4C39-95B0-ECD1C9C2A5F1}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"UDP Query User{1F50BCD9-66D1-46AA-9FAB-9741B0AF2AE9}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{24BB21BD-633C-48EE-9C13-6C9642291A8E}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe | 
"UDP Query User{2FC0B339-6B6D-44B8-918B-D1BC88F6CDE7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{5879DAE3-EFC8-495E-8957-CC47CEB082B4}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"UDP Query User{5A15C4C7-02B2-4A41-9926-EE73FE7B8EF3}C:\program files (x86)\xfire\ua_lsp_inst.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\ua_lsp_inst.exe | 
"UDP Query User{5B157CEF-8F17-4E5C-B34B-25648DD6E3A7}D:\lodro\lotroclient.exe" = protocol=17 | dir=in | app=d:\lodro\lotroclient.exe | 
"UDP Query User{69E3469B-E2EC-49B6-9C2E-555FB1DD2915}D:\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=d:\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{7635285A-8AB1-477E-B1B6-8B6C2AB7B1AE}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{78179CBF-F8D6-4EDC-BBF3-03FAD133E378}C:\program files\elba5\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\elba5\jre\bin\javaw.exe | 
"UDP Query User{7E6F4557-712F-44F1-BC87-1F49958E4890}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{8190F411-C2F7-45CC-B001-D77D1E290056}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{83CE00A1-D487-46C4-8D3D-EE72B14238FF}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{851AAD07-02F9-4B35-9878-58B320D589A9}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{8B90CA4C-1E3B-416E-9A99-74BEE55C8B4F}D:\runes of magic\client.exe" = protocol=17 | dir=in | app=d:\runes of magic\client.exe | 
"UDP Query User{942FBA21-B758-4E3E-82EA-DF601A414F8E}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{A7A6C223-C7BD-4545-8EEB-0A7B10012AE7}C:\program files\magictune premium\magictune.exe" = protocol=17 | dir=in | app=c:\program files\magictune premium\magictune.exe | 
"UDP Query User{BD2B0FFA-6E7E-4C1D-BA31-4043A54D59AF}C:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe | 
"UDP Query User{C02B110E-44AC-431C-B124-991281F16FA5}D:\anno1701\anno1701.exe" = protocol=17 | dir=in | app=d:\anno1701\anno1701.exe | 
"UDP Query User{CAC66159-34FC-4DDB-8AF2-F21D7F5A6A0B}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{D0228FC4-8247-4982-9162-A6D29976F06C}C:\program files\elba5\db\sybase\dbeng9.exe" = protocol=17 | dir=in | app=c:\program files\elba5\db\sybase\dbeng9.exe | 
"UDP Query User{DCC7FB2F-5078-4F22-A913-AF040DC62C8C}D:\runes of magic\launcher.exe" = protocol=17 | dir=in | app=d:\runes of magic\launcher.exe | 
"UDP Query User{E12D20A7-30ED-4BB6-BD71-DDD906689870}C:\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\metin2\metin2.bin | 
"UDP Query User{E4D574BA-92BC-4E52-8258-9517F453130D}D:\mtx\mtx.exe" = protocol=17 | dir=in | app=d:\mtx\mtx.exe | 
"UDP Query User{E8AE60B6-E454-427B-9E90-1D994921677E}C:\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\metin2\metin2client.bin | 
"UDP Query User{E9A29FA6-883E-4A9C-AA70-3F25BF625E89}D:\anno1701\anno1701.exe" = protocol=17 | dir=in | app=d:\anno1701\anno1701.exe | 
"UDP Query User{EA288B6F-4B4F-48B9-8016-877DCB46FBBA}C:\users\michl\downloads\crysis2(5620)_r\crysis2(5620)_01_13\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\users\michl\downloads\crysis2(5620)_r\crysis2(5620)_01_13\bin32\crysis2.exe | 
"UDP Query User{EC62F14D-DFB5-4270-BA25-E0A8395E8DE1}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"UDP Query User{EDAE0C52-D923-4A86-A0FB-F171568FA674}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"UDP Query User{F3C838D5-B07E-48F1-80A3-B2D29C2C4506}C:\program files\elba5\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\elba5\jre\bin\javaw.exe | 
"UDP Query User{F851E7C2-8540-400D-AD43-841951FECE51}C:\program files\elba5\db\sybase\dbeng9.exe" = protocol=17 | dir=in | app=c:\program files\elba5\db\sybase\dbeng9.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{18155797-EF2E-4699-9A16-FE787C4C10DB}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java(TM) 6 Update 15 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{53480360-C6AA-4E73-A4E3-1C4C915E049F}" = O&O Defrag Professional Edition
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID-Anmelde-Assistent
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP3c
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MosChip Semiconductor Technology Ltd" = ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;
;;  File : PciPorts.inf
;;  This inf file configures Pci multi I/O (COM & LPT ) ports
;;  (c) Copyright MosChip Semiconductor Technology Limited
;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;


[version]
CatalogFile=Pciports.cat 
signature=$Chicago$
Class=Ports
ClassGuid={4D36E978-E325-11CE-BFC1-08002BE10318}
Provider=%ProviderName%
DriverVer=05/22/2008, 1.0.0.6

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

[SourceDisksNames]
0=%DiskName%,,

[SourceDisksNames.ia64]
0=%DiskName%,,

[SourceDisksNames.amd64]
0=%DiskName%,,

[SourceDisksFiles]
PciSPorts.sys=0,X86,
PciPPorts.sys=0,X86,
PciPorts.dll=0,X86,
PciIsaSerial.sys=0,X86, 

[SourceDisksFiles.ia64]
PciSPorts.sys=0,IA64,
PciPPorts.sys=0,IA64,
PciPorts.dll=0,IA64, 
PciIsaSerial.sys=0,IA64, 

[SourceDisksFiles.amd64]
PciSPorts.sys=0,AMD64,
PciPPorts.sys=0,AMD64,
PciPorts.dll=0,AMD64, 
PciIsaSerial.sys=0,AMD64, 



[DestinationDirs]
Common.Files.x86_11 = 11
Sys.Files.x86_12 = 12 

Common.Files.x64_11 = 11 
Sys.Files.x64_12 = 12 

Common.Files.Amd64_11 = 11 
Sys.Files.Amd64_12 = 12 



;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;  Driver Installation
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

[Manufacturer]
%ProviderName%=PCIPorts, NTamd64, NTia64

[PCIPorts]
%PCI.SerialPort%=ComCard,PCI\VEN_9710&DEV_9865&SUBSYS_1000A000&REV_00
%PCI.ParallelPort%=LptCard,PCI\VEN_9710&DEV_9865&SUBSYS_2000A000&REV_00
%PCI.ComPort%=ISAComPort, MCS9000MF\PCI_COM
%PCI.EcpPort%=ISAEcpPort, MCS9000MF\PCI_LPT


[PCIPorts.NTamd64]
%PCI.SerialPort%=ComCard,PCI\VEN_9710&DEV_9865&SUBSYS_1000A000&REV_00
%PCI.ParallelPort%=LptCard,PCI\VEN_9710&DEV_9865&SUBSYS_2000A000&REV_00
%PCI.ComPort%=ISAComPort, MCS9000MF\PCI_COM
%PCI.EcpPort%=ISAEcpPort, MCS9000MF\PCI_LPT


[PCIPorts.NTia64]
%PCI.SerialPort%=ComCard,PCI\VEN_9710&DEV_9865&SUBSYS_1000A000&REV_00
%PCI.ParallelPort%=LptCard,PCI\VEN_9710&DEV_9865&SUBSYS_2000A000&REV_00
%PCI.ComPort%=ISAComPort, MCS9000MF\PCI_COM
%PCI.EcpPort%=ISAEcpPort, MCS9000MF\PCI_LPT


;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;  COM Port Install
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;;;;  X86 ;;;; 

[ISAComPort.NT]
CopyFiles=Common.Files.x86_11, Sys.Files.x86_12
AddReg=ComPort.AddReg, ComPort.NT.AddReg, Uninstall.AddReg
Include=msports.inf 
Needs=ComPort.NT.Copy

[ISAComPort.NT.HW]
AddReg=ComPort.NT.HW.AddReg

[ISAComPort.NT.Services]
AddService = PciIsaSerial, 0x00000002, PCI_ISASerial_Service_Inst,PCI_ISASerial_EventLog_Inst
AddService = Serenum,,Serenum_Service_Inst



;;;;  AMD64 ;;;; 

[ISAComPort.NTamd64]
CopyFiles=Common.Files.Amd64_11, Sys.Files.Amd64_12
AddReg=ComPort.AddReg, ComPort.NT.AddReg, Uninstall.AddReg
Include=msports.inf 
Needs=ComPort.NT.Copy

[ISAComPort.NTamd64.HW]
AddReg=ComPort.NT.HW.AddReg

[ISAComPort.NTamd64.Services]
AddService = PciIsaSerial, 0x00000002, PCI_ISASerial_Service_Inst,PCI_ISASerial_EventLog_Inst
AddService = Serenum,,Serenum_Service_Inst



;;;;  IA64 ;;;; 

[ISAComPort.NTia64]
CopyFiles=Common.Files.x64_11, Sys.Files.x64_12
AddReg=ComPort.AddReg, ComPort.NT.AddReg, Uninstall.AddReg
Include=msports.inf 
Needs=ComPort.NT.Copy

[ISAComPort.NTia64.HW]
AddReg=ComPort.NT.HW.AddReg

[ISAComPort.NTia64.Services]
AddService = PciIsaSerial, 0x00000002, PCI_ISASerial_Service_Inst,PCI_ISASerial_EventLog_Inst
AddService = Serenum,,Serenum_Service_Inst




; -------------- ISASerial Port Driver install sections
[PCI_ISASerial_Service_Inst]
DisplayName    = %PCI.ComPort%
ServiceType    = 1               ; SERVICE_KERNEL_DRIVER
StartType      = 3               ; SERVICE_DEMAND_START (1-SERVICE_SYSTEM_START)
ErrorControl   = 0               ; SERVICE_ERROR_IGNORE
ServiceBinary  = %12%\PciIsaSerial.sys
LoadOrderGroup = Extended base



;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;  EcpPort Install
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

[ISAEcpPort.NT]
CopyFiles=Common.Files.x86_11
AddReg=EcpPort.AddReg,EcpPort.NT.AddReg

[ISAEcpPort.NT.Services]
Include=msports.inf
Needs=EcpPort.NT.Services



[ISAEcpPort.NTamd64]
CopyFiles=Common.Files.x86_11
AddReg=EcpPort.AddReg,EcpPort.NT.AddReg

[ISAEcpPort.NTamd64.Services]
Include=msports.inf
Needs=EcpPort.NT.Services



[ISAEcpPort.NTia64]
CopyFiles=Common.Files.x86_11
AddReg=EcpPort.AddReg,EcpPort.NT.AddReg

[ISAEcpPort.NTia64.Services]
Include=msports.inf
Needs=EcpPort.NT.Services



[PCI_ISASerial_EventLog_Inst]
AddReg=ISAComPort.DriverParams

[ISAComPort.DriverParams]
HKLM,System\CurrentControlSet\Services\PciIsaSerial, SetRtsOnWake, 0x10001, 1
HKLM,System\CurrentControlSet\Services\PciIsaSerial, RetainPowerOnClose, 0x10001, 1



;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; PCI COM Card Install
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;;;;  X86 ;;;; 

[ComCard.NT]
CopyFiles=Common.Files.x86_11, Sys.Files.x86_12
AddReg=ComPort.AddReg, ComCard.NT.AddReg, Uninstall.AddReg

[ComCard.NT.HW]
AddReg=ComCard.NT.HW.AddReg

[ComCard.NT.Services]
AddService = PciSPorts, 0x00000002, PCISPorts_Service_Inst,PCISPorts_EventLog_Inst
AddService = Serenum,,Serenum_Service_Inst



;;;;  AMD64 ;;;; 

[ComCard.NTamd64]
CopyFiles=Common.Files.Amd64_11, Sys.Files.Amd64_12
AddReg=ComPort.AddReg, ComCard.NT.AddReg, Uninstall.AddReg


[ComCard.NTamd64.HW]
AddReg=ComCard.NT.HW.AddReg

[ComCard.NTamd64.Services]
AddService = PciSPorts, 0x00000002, PCISPorts_Service_Inst,PCISPorts_EventLog_Inst
AddService = Serenum,,Serenum_Service_Inst



;;;;  IA64 ;;;; 

[ComCard.NTia64]
CopyFiles=Common.Files.x64_11, Sys.Files.x64_12
AddReg=ComPort.AddReg, ComCard.NT.AddReg, Uninstall.AddReg

[ComCard.NTia64.HW]
AddReg=ComCard.NT.HW.AddReg

[ComCard.NTia64.Services]
AddService = PciSPorts, 0x00000002, PCISPorts_Service_Inst,PCISPorts_EventLog_Inst
AddService = Serenum,,Serenum_Service_Inst



;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;  General Sections for all Installations  
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;


[ComPort.AddReg]
HKR,,PortSubClass,1,01

[ComPort.NT.AddReg]
HKR,,EnumPropPages32,,MsPorts.dll,SerialPortPropPageProvider

[ComPort.NT.HW.AddReg]
HKR,,UpperFilters,0x00010000,serenum
HKR,,CUSTNAME,0x00010000,%CustomerName%

[EcpPort.AddReg]
HKR,,PortSubClass,1,00
HKR,,ECPDevice,1,01

[EcpPort.NT.AddReg]
HKR,,EnumPropPages32,,MsPorts.dll,ParallelPortPropPageProvider

[PCISPorts_EventLog_Inst]
AddReg=ComCard.DriverParams

[ComCard.NT.HW.AddReg]
HKR,,UpperFilters,0x00010000,serenum
HKR,,MaskLowBaudToHigh, 0x10001, 0
HKR,,UARTMode, 0x10001, 9
HKR,,RxFIFO, 0x10001, 64
HKR,,TxFIFO, 0x10001, 64
HKR,,RxHighWaterMark, 0x10001, 240
HKR,,RxLowWaterMark, 0x10001, 16
HKR,,EnableHwFlowControl, 0x10001, 0
HKR,,HwFlowControl, 0x10001, 0
HKR,,UseClockPrescalar, 0x10001, 0
HKR,,CPRRegValue, 0x10001, 1
HKR,,UseBaudMultiplier, 0x10001, 0
HKR,,TCRRegValue, 0x10001, 16
HKR,,XOnChar, 0x10001, 17
HKR,,XOffChar, 0x10001, 19
HKR,,TranceiverMode, 0x10001, 0
HKR,,RS485Mode, 0x10001, 1
HKR,,SampleStartBit, 0x10001, 0
HKR,,StartBitLength, 0x10001, 4
HKR,,SampleDataBit, 0x10001, 0
HKR,,DataBitLength, 0x10001, 4
HKR,,TxFifoAmount, 0x10001, 64
HKR,,TxDmaEnable, 0x10001, 0
HKR,,TxDmaLength, 0x10001, 4096
HKR,,RxDmaEnable, 0x10001, 0
HKR,,RxDmaLength, 0x10001, 4096
HKR,,Limit4k, 0x10001, 1
HKR,,SerialDebugLevel, 0x10001, 0
HKR,,PowerUpTime, 0x10001, 1000
HKR,,EnableICG, 0x10001, 0
HKR,,InterCharGap, 0x10001, 0
HKR,,UseCustomBaudrate, 0x10001, 0
HKR,,DLLValue, 0x10001, 0
HKR,,DLMValue, 0x10001, 0
HKR,,InputClock, 0x10001, 0
HKR,,UseExternalClock, 0x10001, 0
HKR,,ExternalClock, 0x10001, 14745600
HKR,,UseExtPCIeClockSource, 0x10001, 0
HKR,,RemoteWakeOn, 0x10001, 0x09000000
HKR,,CUSTNAME,0x00010000,%CustomerName%

[ComCard.DriverParams]
HKLM,System\CurrentControlSet\Services\PciSPorts, EnableTranceiverShutdown, 0x10001, 0
HKLM,System\CurrentControlSet\Services\PciSPorts, UseExtPCIeClockSource, 0x10001, 0
HKLM,System\CurrentControlSet\Services\PciSPorts, RetainPowerOnClose, 0x10001, 1



[ComCard.NT.AddReg]
HKR,,EnumPropPages32,,PciPorts.dll,SerialPortPropPageProvider


[PCISPorts_Service_Inst]
DisplayName = %PCI.SerialPort%
ServiceType  = 1             ; SERVICE_KERNEL_DRIVER
StartType      = 3           ; SERVICE_DEMAND_START (1-SERVICE_SYSTEM_START)
ErrorControl = 0             ; SERVICE_ERROR_IGNORE
ServiceBinary = %12%\PciSPorts.sys
LoadOrderGroup = Extended base

; -------------- Serenum Driver install section
[Serenum_Service_Inst]
DisplayName    = %Serenum.SVCDESC%
ServiceType    = 1               ; SERVICE_KERNEL_DRIVER
StartType      = 3               ; SERVICE_DEMAND_START
ErrorControl   = 1               ; SERVICE_ERROR_NORMAL
ServiceBinary  = %12%\serenum.sys
LoadOrderGroup = PNP Filter




;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; PCI LPT Card Install
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;;;;  X86 ;;;; 

[LptCard.NT]
CopyFiles=Common.Files.x86_11, Sys.Files.x86_12
AddReg=LptCard.AddReg,LptCard.NT.AddReg,Uninstall.AddReg

[LptCard.NT.HW]
AddReg = LptCard.NT.HW.AddReg

[LptCard.NT.Services]
AddService = PciPPorts, 0x00000002, PCIPPorts_Service_Inst, PCIPPorts_EventLog_Inst 



;;;;  AMD64 ;;;; 

[LptCard.NTamd64]
CopyFiles=Common.Files.Amd64_11, Sys.Files.Amd64_12
AddReg=LptCard.AddReg,LptCard.NT.AddReg,Uninstall.AddReg

[LptCard.NT.HW]
AddReg = LptCard.NT.HW.AddReg

[LptCard.NTamd64.Services]
AddService = PciPPorts, 0x00000002, PCIPPorts_Service_Inst, PCIPPorts_EventLog_Inst 



;;;;  IA64 ;;;; 

[LptCard.NTia64]
CopyFiles=Common.Files.x64_11, Sys.Files.x64_12
AddReg=LptCard.AddReg,LptCard.NT.AddReg,Uninstall.AddReg

[LptCard.NT.HW]
AddReg = LptCard.NT.HW.AddReg

[LptCard.NTia64.Services]
AddService = PciPPorts, 0x00000002, PCIPPorts_Service_Inst, PCIPPorts_EventLog_Inst





;;; Other sections

[LptCard.NT.HW.AddReg]
HKR,,CUSTNAME,0x00010000,%CustomerName%

[LptCard.AddReg]
HKR,,PortSubClass,1,00
HKR,,ECPDevice,1,01

[LptCard.NT.AddReg]
HKR,,EnumPropPages32,,PciPorts.dll,ParallelPortPropPageProvider

; -------------- Parallel Port Driver install sections
[PCIPPorts_Service_Inst]
DisplayName    = %PCI.ParallelPort%
ServiceType    = 1                ; SERVICE_KERNEL_DRIVER
StartType      = 3                ; SERVICE_DEMAND_START (1-SERVICE_SYSTEM_START)
ErrorControl   = 0                ; SERVICE_ERROR_IGNORE  ;; Check
ServiceBinary  = %12%\PciPPorts.sys
LoadOrderGroup = Parallel arbitrator

[PCIPPorts_EventLog_Inst]
AddReg = PCIPPorts_EventLog_AddReg

[PCIPPorts_EventLog_AddReg]
HKR,,EventMessageFile,0x00020000,%%SystemRoot%%\System32\IoLogMsg.dll;%%SystemRoot%%\System32\drivers\PciPPorts.sys
HKR,,TypesSupported,0x00010001,7


[Uninstall.AddReg]
HKLM,SOFTWARE\Microsoft\Windows\CurrentVersion\PCI Multi-Io Controller\%CustomerName%,VID_PID_NAME1,0,VEN_9710&DEV_9865



[Common.Files.x86_11] 
PciPorts.dll

[Sys.Files.x86_12] 
PciSPorts.sys
PciPPorts.sys
PciIsaSerial.sys


[Common.Files.x64_11] 
PciPorts.dll

[Sys.Files.x64_12] 
PciSPorts.sys
PciPPorts.sys
PciIsaSerial.sys


[Common.Files.AMD64_11] 
PciPorts.dll

[Sys.Files.AMD64_12] 
PciSPorts.sys
PciPPorts.sys
PciIsaSerial.sys



; User readable strings
;----------------------------------------------------------
[Strings]
CustomerName=MOSCHIP
ProviderName=MosChip Semiconductor Technology Ltd
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UltSounds" = Windows-Soundschemas
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{11B5E957-FCF2-469D-AB66-963C38134231}" = Bluesoleil2.6.0.1 Release 070402
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{19666E73-D9E5-44D4-8F33-037ED151ECBC}" = Firebird SQL Server - MAGIX Edition
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22E4AC9C-9E05-47D5-B7EB-A9FC1D762A7B}" = Quake Live Internet Explorer Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 24
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3CD5832D-13D9-4751-8B22-3A7D3F4ACA42}" = Quake Live Mozilla Plugin
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCB2148-4793-4D7B-8269-84C0F0022422}" = HEROLD Marketing CD business 3/2006 - EINZELPLATZ-CD
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0 SP1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C9A37B5-717B-4519-8CB3-0F9E01CA9E8D}" = HEROLD Marketing CD Komponenten
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}" = MagicTunePremium
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8133D88C-C6F0-4D1A-962E-C3F57D0AB117}" = ODF Add-in for Microsoft Office
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95140000-004E-0407-0000-0000000FF1CE}" = Microsoft Outlook Connector für soziale Netzerker 32-Bit
"{95140000-007C-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Facebook 32-bit
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA12FD6C-169A-11D7-A6A9-00C026281E5A}" = Speed-Link SL-6534 Dual Vibration Pad
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BEF696DB-9214-46FA-A71B-C2E7BF81D2A7}" = StaticTrainer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online v03.02.04.8010
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"ALchemy" = Creative ALchemy
"AnyDVD" = AnyDVD
"AudioCS" = Creative Audio-Systemsteuerung
"avast" = avast! Free Antivirus
"Bandoo" = Bandoo
"BitTorrent" = BitTorrent
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Fraps" = Fraps (remove only)
"Free Studio_is1" = Free Studio version 4.3
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 2.2
"iLivid" = iLivid
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.0 (Full)
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8 6.0.1.457 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX MP3 Maker 15 D" = MAGIX MP3 Maker 15 10.0.0.257 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"MAXCRM V7.11 Testversion_is1" = MAXCRM Trial 7.11
"MediaCoder" = MediaCoder 0.7.2.4535
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"SFBM" = SoundFont-Bank-Manager
"Smart Recorder" = Creative Smart Recorder
"SMPlayer" = SMPlayer 0.6.9
"sm-un1.u32" = TextMaker 2006 (Trial) (C:\Program Files (x86)\SoftMaker Office 2006 (Trial))
"Steam App 15120" = Tom Clancy's Rainbow Six: Vegas 2
"Steam App 20920" = The Witcher 2
"Steam App 20930" = The Witcher 2: Bonus Content
"SystemRequirementsLab" = System Requirements Lab
"Tomb Raider: Anniversary" = Tomb Raider: Anniversary 1.0
"Two Worlds II" = Two Worlds II
"UltraISO_is1" = UltraISO Premium V9.36
"Uninstall_is1" = Uninstall 1.0.0.1
"WaveStudio 7" = Creative WaveStudio 7
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.03.2011 06:59:57 | Computer Name = Michl-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 22.03.2011 07:01:24 | Computer Name = Michl-PC | Source = Windows Search Service | ID = 3083
Description = 
 
Error - 22.03.2011 07:01:24 | Computer Name = Michl-PC | Source = Windows Search Service | ID = 3083
Description = 
 
Error - 22.03.2011 11:33:44 | Computer Name = Michl-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 22.03.2011 11:33:44 | Computer Name = Michl-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 22.03.2011 12:07:18 | Computer Name = Michl-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 22.03.2011 12:07:18 | Computer Name = Michl-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 22.03.2011 12:07:18 | Computer Name = Michl-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 22.03.2011 12:07:18 | Computer Name = Michl-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 23.03.2011 10:39:24 | Computer Name = Michl-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
 (Fehler=0x80010108).
 
[ OSession Events ]
Error - 05.08.2009 10:42:08 | Computer Name = Michl-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 588
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 27.03.2011 11:37:21 | Computer Name = Michl-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 52
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 03.06.2011 04:19:17 | Computer Name = Michl-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 03.06.2011 04:21:48 | Computer Name = Michl-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 03.06.2011 04:25:18 | Computer Name = Michl-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\System32\Drivers\StarOpen.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 03.06.2011 04:26:12 | Computer Name = Michl-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.06.2011 04:26:12 | Computer Name = Michl-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.06.2011 04:26:12 | Computer Name = Michl-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 03.06.2011 10:55:35 | Computer Name = Michl-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 03.06.2011 10:56:25 | Computer Name = Michl-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 03.06.2011 11:03:59 | Computer Name = Michl-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 03.06.2011 11:06:46 | Computer Name = Michl-PC | Source = Service Control Manager | ID = 7030
Description = 
 
 
< End of report >
         
--- --- ---

Alt 04.06.2011, 16:09   #15
Oberoanut
 
Möglicherweise Trojaner? http://www.searchqu.com/406 - Standard

Möglicherweise Trojaner? http://www.searchqu.com/406



OTL Normal Log:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.06.2011 18:43:44 - Run 2
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Michl\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 48,80% Memory free
12,47 Gb Paging File | 10,45 Gb Available in Paging File | 83,78% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 178,79 Gb Total Space | 38,61 Gb Free Space | 21,59% Space Free | Partition Type: NTFS
Drive D: | 119,30 Gb Total Space | 34,63 Gb Free Space | 29,03% Space Free | Partition Type: NTFS
Drive E: | 340,65 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ****** | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\PROGRA~2\Bandoo\Bandoo.exe (Bandoo Media Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Common Files\MAGIX Shared\Database2\bin\FABS.exe (MAGIX AG)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (O&O Defrag) -- C:\Windows\SysNative\oodag.exe (O&O Software GmbH)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Bandoo Coordinator) -- C:\PROGRA~2\Bandoo\Bandoo.exe (Bandoo Media Inc.)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai\netsession_win_8832f4b.dll ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe (SiSoftware)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Shared\Database2\bin\FABS.exe (MAGIX AG)
SRV - (UPnPService) -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Shared\Database2\bin\fbserver.exe (MAGIX®)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\Drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (btnetBUs) -- C:\Windows\SysNative\Drivers\btnetBus.sys ()
DRV:64bit: - (IvtBtBUs) -- C:\Windows\SysNative\Drivers\IvtBtBus.sys (IVT Corporation.)
DRV:64bit: - (BtHidBus) -- C:\Windows\SysNative\Drivers\BtHidBus.sys (IVT Corporation.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.SYS (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.SYS (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.SYS (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.SYS (Creative Technology Ltd.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MagicTune) -- C:\Windows\SysNative\drivers\MTiCtwl.sys (Samsung Electronics, Inc. )
DRV:64bit: - (PciPPorts) -- C:\Windows\SysNative\DRIVERS\PciPPorts.sys ()
DRV:64bit: - (PciSPorts) -- C:\Windows\SysNative\DRIVERS\PciSPorts.sys ()
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys (Microsoft Corporation)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (Btcsrusb) -- C:\Windows\SysNative\Drivers\btcusb.sys (IVT Corporation.)
DRV:64bit: - (BlueletSCOAudio) -- C:\Windows\SysNative\DRIVERS\BlueletSCOAudio.sys (IVT Corporation.)
DRV:64bit: - (BT) -- C:\Windows\SysNative\DRIVERS\btnetdrv.sys (IVT Corporation.)
DRV:64bit: - (VcommMgr) -- C:\Windows\SysNative\Drivers\VcommMgr.sys (IVT Corporation.)
DRV:64bit: - (VComm) -- C:\Windows\SysNative\DRIVERS\VComm.sys (IVT Corporation.)
DRV:64bit: - (BlueletAudio) -- C:\Windows\SysNative\DRIVERS\blueletaudio.sys (IVT Corporation.)
DRV:64bit: - (CTEDSPSY.DLL) -- C:\Windows\SysNative\CTEDSPSY.DLL (Creative Technology Ltd)
DRV:64bit: - (CTEDSPIO.DLL) -- C:\Windows\SysNative\CTEDSPIO.DLL (Creative Technology Ltd)
DRV:64bit: - (CTERFXFX.DLL) -- C:\Windows\SysNative\CTERFXFX.DLL (Creative Technology Ltd)
DRV:64bit: - (CTEDSPFX.DLL) -- C:\Windows\SysNative\CTEDSPFX.DLL (Creative Technology Ltd)
DRV:64bit: - (CTEAPSFX.DLL) -- C:\Windows\SysNative\CTEAPSFX.DLL (Creative Technology Ltd)
DRV:64bit: - (CTSBLFX.DLL) -- C:\Windows\SysNative\CTSBLFX.DLL (Creative Technology Ltd)
DRV:64bit: - (CTAUDFX.DLL) -- C:\Windows\SysNative\CTAUDFX.DLL (Creative Technology Ltd)
DRV:64bit: - (COMMONFX.DLL) -- C:\Windows\SysNative\COMMONFX.DLL (Creative Technology Ltd)
DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\Drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys (NVIDIA Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ASACPI.sys ()
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x64\sandra.sys (SiSoftware)
DRV - (Btcsrusb) -- C:\Windows\SysWOW64\drivers\btcusb.sys (IVT Corporation.)
DRV - (BlueletSCOAudio) -- C:\Windows\SysWOW64\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (BT) -- C:\Windows\SysWOW64\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys (IVT Corporation.)
DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys (IVT Corporation.)
DRV - (VcommMgr) -- C:\Windows\SysWOW64\drivers\VCommMgr.sys (IVT Corporation.)
DRV - (VComm) -- C:\Windows\SysWOW64\drivers\VComm.sys (IVT Corporation.)
DRV - (BlueletAudio) -- C:\Windows\SysWOW64\drivers\blueletaudio.sys (IVT Corporation.)
DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
DRV - (ElbyCDIO) -- C:\Windows\SysWOW64\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011.05.31 10:45:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.09 07:20:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.16 15:28:13 | 000,000,000 | ---D | M]
 
[2011.05.30 08:31:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michl\AppData\Roaming\mozilla\Extensions
[2009.11.15 12:31:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michl\AppData\Roaming\mozilla\Extensions\MediaCoder
[2010.02.04 12:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michl\AppData\Roaming\mozilla\Extensions\MediaCoder-MCEX
[2009.11.15 12:35:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michl\AppData\Roaming\mozilla\Extensions\MediaCoder-Setup-Wizard
[2011.05.30 21:37:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michl\AppData\Roaming\mozilla\Firefox\Profiles\wdxuh5yd.default\extensions
[2010.04.27 14:56:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michl\AppData\Roaming\mozilla\Firefox\Profiles\wdxuh5yd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.21 18:31:59 | 000,000,000 | ---D | M] (XfireXO) -- C:\Users\Michl\AppData\Roaming\mozilla\Firefox\Profiles\wdxuh5yd.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011.05.30 08:30:49 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Michl\AppData\Roaming\mozilla\Firefox\Profiles\wdxuh5yd.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011.01.20 22:33:01 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Michl\AppData\Roaming\mozilla\Firefox\Profiles\wdxuh5yd.default\extensions\battlefieldheroespatcher@ea.com
[2011.05.30 08:31:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.05.16 15:28:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.05.17 12:31:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.05.09 07:20:40 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.09 07:20:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.09 07:20:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.05.09 07:20:41 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.09 07:20:41 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.09 07:20:41 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.09 07:20:41 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.30 22:56:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.58.160.194 195.58.161.122
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll (Discordia, LTD)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\PROGRA~2\WI371A~1\Datamngr\datamngr.dll) - c:\PROGRA~2\WI371A~1\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll) - c:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\PROGRA~2\Bandoo\BndHook.dll) - c:\PROGRA~2\Bandoo\BndHook.dll (Discordia Limited)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Michl\Desktop\76341_TheWitcher2-KeyArt-02.jpg
O24 - Desktop BackupWallPaper: C:\Users\Michl\Desktop\76341_TheWitcher2-KeyArt-02.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.07.23 08:13:31 | 000,000,000 | ---D | M] - E:\AutoPlay -- [ CDFS ]
O32 - AutoRun File - [2010.07.19 01:50:37 | 002,834,432 | R--- | M] () - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009.04.10 18:32:30 | 000,000,046 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GammaTray.exe.lnk - C:\Programme\MagicTune Premium\GammaTray.exe - ()
MsConfig:64bit - StartUpFolder: C:^Users^Michl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Kuma_Tray.lnk - C:\PROGRA~2\KUMAGA~1\KGSYST~1\KUMA_T~1.EXE - ()
MsConfig:64bit - StartUpFolder: C:^Users^Michl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Michl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk - C:\PROGRA~2\Xfire\Xfire.exe - (Xfire Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AnyDVD - hkey= - key= - C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: AudioDrvEmulator - hkey= - key= - C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
MsConfig:64bit - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: CloneCDTray - hkey= - key= - C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
MsConfig:64bit - StartUpReg: Creative MediaSource Go - hkey= - key= - C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: CTHelper - hkey= - key= - C:\Windows\SysWow64\CTHELPER.EXE (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: CTxfiHlp - hkey= - key= - C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: DATAMNGR - hkey= - key= - C:\PROGRA~2\WI371A~1\Datamngr\DATAMN~1.EXE (Discordia, LTD)
MsConfig:64bit - StartUpReg: EA Core - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: EPSON Stylus DX4400 Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATICAE.EXE (SEIKO EPSON CORPORATION)
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: MagicTuneEngine - hkey= - key= - C:\Programme\MagicTune Premium\MagicTuneLauncher.exe ()
MsConfig:64bit - StartUpReg: NeroFilterCheck - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: NVIDIA nTune - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: OODefragTray - hkey= - key= - C:\Windows\SysNative\oodtray.exe (O&O Software GmbH)
MsConfig:64bit - StartUpReg: Pando Media Booster - hkey= - key= - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MsConfig:64bit - StartUpReg: PC SpeedScan Pro - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Performance Center - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RCSystem - hkey= - key= - C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
MsConfig:64bit - StartUpReg: RGSC - hkey= - key= - C:\Program Files (x86)\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: Software Informer - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - c:\program files (x86)\steam\steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - StartUpReg: UpdReg - hkey= - key= - C:\Windows\Updreg.EXE (Creative Technology Ltd.)
MsConfig:64bit - StartUpReg: VolPanel - hkey= - key= - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.03 18:40:16 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Michl\Desktop\OTL.exe
[2011.06.03 18:38:02 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Users\Michl\Desktop\aswMBR.exe
[2011.06.03 18:31:00 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Roaming\Malwarebytes
[2011.06.03 18:30:53 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.06.03 18:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.03 18:30:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.03 18:30:49 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.06.03 18:30:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.06.03 18:29:30 | 009,435,312 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Michl\Desktop\mbam-setup-1.51.0.1200.exe
[2011.06.03 17:09:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.06.03 16:56:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.06.03 16:52:33 | 004,112,250 | R--- | C] (Swearware) -- C:\Users\Michl\Desktop\ComboFix.exe
[2011.05.30 23:04:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011.05.30 23:04:21 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.05.30 22:40:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.05.30 22:40:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.05.30 22:40:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.05.30 22:40:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.05.30 20:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MonitorDriver
[2011.05.30 20:49:05 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Roaming\InstallShield
[2011.05.30 20:12:21 | 000,023,096 | ---- | C] (Samsung Electronics, Inc. ) -- C:\Windows\SysNative\drivers\MTiCtwl.sys
[2011.05.30 20:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Electronics Ltd
[2011.05.30 20:11:45 | 000,000,000 | ---D | C] -- C:\Programme\MagicTune Premium
[2011.05.30 20:06:43 | 000,000,000 | ---D | C] -- C:\Samsung
[2011.05.30 11:54:24 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011.05.30 11:45:11 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Roaming\Bandoo
[2011.05.30 09:29:13 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Local\Ilivid Player
[2011.05.30 08:34:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandoo
[2011.05.30 08:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Bandoo
[2011.05.30 08:33:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bandoo
[2011.05.30 08:32:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\{EF2D8223-8F3C-423E-BFA7-5E8BEEA8A6C2}
[2011.05.30 08:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid
[2011.05.30 08:31:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iLivid
[2011.05.30 08:30:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows iLivid Toolbar
[2011.05.30 08:28:01 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Local\PackageAware
[2011.05.28 07:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011.05.28 07:14:43 | 003,040,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2011.05.28 07:14:43 | 000,061,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2011.05.28 07:14:38 | 006,289,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2011.05.28 07:14:38 | 002,560,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2011.05.28 07:14:38 | 000,794,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2011.05.28 07:14:38 | 000,117,864 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2011.05.28 07:14:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011.05.28 07:07:12 | 022,286,952 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011.05.28 07:07:12 | 016,456,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011.05.28 07:07:12 | 008,865,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2011.05.28 07:07:12 | 006,555,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011.05.28 07:07:12 | 001,427,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642090.dll
[2011.05.28 07:07:12 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011.05.28 07:07:12 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011.05.28 07:07:11 | 018,583,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011.05.28 07:07:11 | 015,223,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011.05.28 07:07:11 | 013,011,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011.05.28 07:07:11 | 011,992,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011.05.28 07:07:11 | 007,123,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011.05.28 07:07:11 | 005,301,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011.05.28 07:07:11 | 002,943,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011.05.28 07:07:11 | 002,804,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011.05.28 07:07:11 | 002,644,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2011.05.28 07:07:11 | 002,335,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011.05.28 07:07:11 | 002,212,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011.05.28 07:07:11 | 002,082,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011.05.28 07:07:11 | 001,496,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420150.dll
[2011.05.28 07:07:11 | 000,012,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2011.05.26 17:19:05 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Local\PDF24
[2011.05.26 17:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pdf24
[2011.05.21 18:32:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XfireXO
[2011.05.21 18:32:00 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Local\Conduit
[2011.05.21 18:31:30 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Roaming\Xfire
[2011.05.21 18:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2011.05.21 18:31:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire
[2011.05.21 18:31:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xfire
[2011.05.21 07:32:37 | 000,000,000 | ---D | C] -- C:\Users\Michl\Documents\3DMark 11
[2011.05.21 07:32:14 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Local\IsolatedStorage
[2011.05.21 07:32:06 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Local\Futuremark_Corporation
[2011.05.21 07:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
[2011.05.21 07:25:51 | 000,000,000 | ---D | C] -- C:\Programme\Futuremark
[2011.05.18 21:35:16 | 000,000,000 | ---D | C] -- C:\Users\Michl\Documents\Witcher 2
[2011.05.18 21:35:16 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Local\The Witcher 2
[2011.05.17 12:33:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.05.17 12:31:24 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.05.17 12:31:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.05.17 12:31:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.05.16 15:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.05.16 15:28:13 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011.05.15 18:28:00 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.05.15 14:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.05.15 14:41:26 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.05.15 14:41:22 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.05.15 14:41:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011.05.15 14:39:45 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.05.15 14:39:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011.05.11 23:47:38 | 000,071,680 | ---- | C] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll
[2011.05.11 23:47:36 | 000,065,536 | ---- | C] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll
[2011.05.11 11:59:16 | 000,000,000 | ---D | C] -- C:\Users\Michl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kuma Games
[2011.05.11 11:58:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2011.05.11 11:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kuma Games
[2009.06.04 00:57:38 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2009.06.04 00:32:54 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.03 18:45:49 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6242D63D-81AE-4DB4-A58D-CF609B1522E2}.job
[2011.06.03 18:40:17 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Michl\Desktop\OTL.exe
[2011.06.03 18:39:22 | 000,000,512 | ---- | M] () -- C:\Users\Michl\Desktop\MBR.dat
[2011.06.03 18:38:05 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Users\Michl\Desktop\aswMBR.exe
[2011.06.03 18:36:41 | 000,098,565 | ---- | M] () -- C:\Users\Michl\Desktop\Malwarebyts.jpg
[2011.06.03 18:30:53 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.03 18:30:07 | 009,435,312 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Michl\Desktop\mbam-setup-1.51.0.1200.exe
[2011.06.03 18:25:39 | 000,005,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.03 18:25:39 | 000,005,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.03 17:56:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.03 16:56:14 | 004,112,250 | R--- | M] (Swearware) -- C:\Users\Michl\Desktop\ComboFix.exe
[2011.06.03 10:39:00 | 000,395,109 | ---- | M] () -- C:\Users\Michl\Desktop\76341_TheWitcher2-KeyArt-02.jpg
[2011.06.03 10:25:52 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011.06.03 10:25:42 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.03 10:25:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.03 10:25:27 | 4293,451,776 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.03 10:25:19 | 001,763,665 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2011.06.03 10:24:30 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000007-00000000-00000007-00001102-00000005-00291102}.rfx
[2011.06.03 10:24:30 | 000,061,448 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000007-00000000-00000007-00001102-00000005-00291102}.rfx
[2011.06.03 10:24:30 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000007-00000000-00000007-00001102-00000005-00291102}.rfx
[2011.06.03 10:23:01 | 000,018,453 | ---- | M] () -- C:\Users\Michl\Desktop\Combo Fix Fehler.jpg
[2011.06.02 14:27:35 | 000,104,674 | ---- | M] () -- C:\Users\Michl\Desktop\HD Auslastung.jpg
[2011.06.01 13:20:40 | 000,057,344 | ---- | M] () -- C:\Users\Michl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.01 07:30:31 | 000,073,116 | ---- | M] () -- C:\Users\Michl\Desktop\AVAST Container.jpg
[2011.06.01 07:20:14 | 000,000,816 | ---- | M] () -- C:\Users\Michl\Desktop\PW Logis.lnk
[2011.05.31 10:45:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011.05.30 23:26:35 | 000,054,981 | ---- | M] () -- C:\Users\Michl\Desktop\www.searchqu,com.jpg
[2011.05.30 22:56:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.05.30 21:36:30 | 000,038,630 | ---- | M] () -- C:\Users\Michl\Desktop\Firefox.jpg
[2011.05.30 20:49:17 | 000,001,477 | ---- | M] () -- C:\Users\Public\Desktop\Launch Monitor Driver Installer.lnk
[2011.05.30 20:11:45 | 000,001,431 | ---- | M] () -- C:\Users\Public\Desktop\MagicTunePremium.lnk
[2011.05.30 11:54:24 | 000,000,524 | ---- | M] () -- C:\Users\Michl\Desktop\Fraps.lnk
[2011.05.30 08:31:59 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\iLivid Download Manager.lnk
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.05.29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.05.28 07:12:33 | 000,001,460 | ---- | M] () -- C:\Users\Michl\AppData\Local\d3d9caps64.dat
[2011.05.28 07:12:13 | 000,001,356 | ---- | M] () -- C:\Users\Michl\AppData\Local\d3d9caps.dat
[2011.05.28 07:02:53 | 000,001,100 | ---- | M] () -- C:\Users\Michl\AppData\Local\d3d8caps.dat
[2011.05.27 20:48:32 | 000,051,480 | ---- | M] () -- C:\Users\Michl\Desktop\Zwischenablage02.jpg
[2011.05.26 17:19:52 | 000,580,689 | ---- | M] () -- C:\Users\Michl\Desktop\Typenschein Peugeot 206.pdf
[2011.05.26 17:17:52 | 000,001,707 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2011.05.26 09:42:01 | 001,598,440 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.05.26 09:42:01 | 000,685,890 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.05.26 09:42:01 | 000,643,978 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.05.26 09:42:01 | 000,150,290 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.05.26 09:42:01 | 000,123,802 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.05.25 16:55:28 | 001,524,112 | ---- | M] () -- C:\Windows\SysWow64\bandoolmx.dll
[2011.05.23 18:02:19 | 000,001,788 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2011.05.23 10:55:00 | 000,408,698 | ---- | M] () -- C:\Users\Michl\Documents\UPC.pdf
[2011.05.23 10:55:00 | 000,389,945 | ---- | M] () -- C:\Users\Michl\Documents\UPC3.pdf
[2011.05.23 10:55:00 | 000,380,536 | ---- | M] () -- C:\Users\Michl\Documents\UPC 2.pdf
[2011.05.23 09:42:40 | 000,032,613 | ---- | M] () -- C:\Users\Michl\Desktop\Tastaturbelegung Witcher 2.jpg
[2011.05.23 08:25:53 | 000,000,980 | ---- | M] () -- C:\Users\Michl\Desktop\Scheidung.lnk
[2011.05.21 18:31:29 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk
[2011.05.21 07:25:57 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\3DMark 11.lnk
[2011.05.19 20:41:18 | 000,000,221 | ---- | M] () -- C:\Users\Michl\Desktop\The Witcher 2.url
[2011.05.19 19:43:25 | 004,710,557 | ---- | M] () -- C:\Users\Michl\Desktop\The Witcher 2 Manual - German.pdf
[2011.05.16 15:53:04 | 000,000,129 | ---- | M] () -- C:\Users\Michl\jagex_runescape_preferences2.dat
[2011.05.16 15:50:00 | 000,000,046 | ---- | M] () -- C:\Users\Michl\jagex_runescape_preferences.dat
[2011.05.16 15:21:19 | 000,304,828 | ---- | M] () -- C:\Users\Michl\Desktop\Nirolift.pdf
[2011.05.16 11:10:06 | 000,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.05.15 18:28:00 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.05.15 14:41:51 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.05.14 06:27:00 | 022,286,952 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2011.05.14 06:27:00 | 018,583,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2011.05.14 06:27:00 | 016,456,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2011.05.14 06:27:00 | 015,223,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2011.05.14 06:27:00 | 013,011,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2011.05.14 06:27:00 | 011,992,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2011.05.14 06:27:00 | 008,865,896 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2011.05.14 06:27:00 | 007,123,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2011.05.14 06:27:00 | 006,555,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2011.05.14 06:27:00 | 006,289,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2011.05.14 06:27:00 | 005,301,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2011.05.14 06:27:00 | 003,040,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2011.05.14 06:27:00 | 002,943,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2011.05.14 06:27:00 | 002,804,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2011.05.14 06:27:00 | 002,644,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2011.05.14 06:27:00 | 002,560,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2011.05.14 06:27:00 | 002,335,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2011.05.14 06:27:00 | 002,212,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011.05.14 06:27:00 | 002,082,408 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2011.05.14 06:27:00 | 001,496,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6420150.dll
[2011.05.14 06:27:00 | 001,427,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642090.dll
[2011.05.14 06:27:00 | 000,794,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\easyupdatusapiu64.dll
[2011.05.14 06:27:00 | 000,117,864 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2011.05.14 06:27:00 | 000,067,176 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011.05.14 06:27:00 | 000,061,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2011.05.14 06:27:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011.05.14 06:27:00 | 000,012,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2011.05.14 06:27:00 | 000,007,384 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2011.05.11 23:47:38 | 000,071,680 | ---- | M] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll
[2011.05.11 23:47:36 | 000,065,536 | ---- | M] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll
[2011.05.11 11:59:16 | 000,001,718 | ---- | M] () -- C:\Users\Michl\Desktop\Kuma Games.lnk
[2011.05.10 14:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.05.10 14:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011.05.10 14:10:44 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011.05.10 14:04:08 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011.05.10 14:04:07 | 000,287,576 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011.05.10 14:02:41 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011.05.10 13:59:59 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011.05.10 13:59:48 | 000,064,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011.05.10 13:59:37 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.03 18:39:22 | 000,000,512 | ---- | C] () -- C:\Users\Michl\Desktop\MBR.dat
[2011.06.03 18:36:41 | 000,098,565 | ---- | C] () -- C:\Users\Michl\Desktop\Malwarebyts.jpg
[2011.06.03 18:30:53 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.03 10:38:11 | 000,395,109 | ---- | C] () -- C:\Users\Michl\Desktop\76341_TheWitcher2-KeyArt-02.jpg
[2011.06.03 10:23:01 | 000,018,453 | ---- | C] () -- C:\Users\Michl\Desktop\Combo Fix Fehler.jpg
[2011.06.02 14:27:34 | 000,104,674 | ---- | C] () -- C:\Users\Michl\Desktop\HD Auslastung.jpg
[2011.06.01 07:30:31 | 000,073,116 | ---- | C] () -- C:\Users\Michl\Desktop\AVAST Container.jpg
[2011.05.30 23:26:35 | 000,054,981 | ---- | C] () -- C:\Users\Michl\Desktop\www.searchqu,com.jpg
[2011.05.30 22:40:27 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.05.30 22:40:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.05.30 22:40:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.05.30 22:40:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.05.30 22:40:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.05.30 21:36:30 | 000,038,630 | ---- | C] () -- C:\Users\Michl\Desktop\Firefox.jpg
[2011.05.30 20:49:17 | 000,001,477 | ---- | C] () -- C:\Users\Public\Desktop\Launch Monitor Driver Installer.lnk
[2011.05.30 20:11:45 | 000,001,431 | ---- | C] () -- C:\Users\Public\Desktop\MagicTunePremium.lnk
[2011.05.30 11:54:24 | 000,000,524 | ---- | C] () -- C:\Users\Michl\Desktop\Fraps.lnk
[2011.05.30 08:33:57 | 001,524,112 | ---- | C] () -- C:\Windows\SysWow64\bandoolmx.dll
[2011.05.30 08:31:59 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\iLivid Download Manager.lnk
[2011.05.28 07:21:35 | 4293,451,776 | -HS- | C] () -- C:\hiberfil.sys
[2011.05.28 07:07:11 | 000,007,384 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2011.05.27 20:48:32 | 000,051,480 | ---- | C] () -- C:\Users\Michl\Desktop\Zwischenablage02.jpg
[2011.05.26 17:19:51 | 000,580,689 | ---- | C] () -- C:\Users\Michl\Desktop\Typenschein Peugeot 206.pdf
[2011.05.26 17:17:52 | 000,001,707 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2011.05.23 10:55:00 | 000,408,698 | ---- | C] () -- C:\Users\Michl\Documents\UPC.pdf
[2011.05.23 10:55:00 | 000,389,945 | ---- | C] () -- C:\Users\Michl\Documents\UPC3.pdf
[2011.05.23 10:55:00 | 000,380,536 | ---- | C] () -- C:\Users\Michl\Documents\UPC 2.pdf
[2011.05.23 09:42:40 | 000,032,613 | ---- | C] () -- C:\Users\Michl\Desktop\Tastaturbelegung Witcher 2.jpg
[2011.05.21 18:31:29 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk
[2011.05.21 07:25:57 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\3DMark 11.lnk
[2011.05.19 20:41:18 | 000,000,221 | ---- | C] () -- C:\Users\Michl\Desktop\The Witcher 2.url
[2011.05.19 19:43:25 | 004,710,557 | ---- | C] () -- C:\Users\Michl\Desktop\The Witcher 2 Manual - German.pdf
[2011.05.16 15:21:18 | 000,304,828 | ---- | C] () -- C:\Users\Michl\Desktop\Nirolift.pdf
[2011.05.15 14:41:51 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.05.11 11:59:16 | 000,001,718 | ---- | C] () -- C:\Users\Michl\Desktop\Kuma Games.lnk
[2011.05.09 07:20:43 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.04.17 21:57:54 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.01.24 13:32:41 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2010.12.02 18:32:06 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.09.08 15:39:07 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.09.04 15:58:30 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.09.04 15:58:30 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.09.04 15:58:24 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.06.28 14:31:28 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.06.28 11:49:09 | 000,000,091 | ---- | C] () -- C:\Windows\BsMobileModel.ini
[2010.06.28 11:32:23 | 000,002,114 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2010.06.28 11:31:11 | 000,000,128 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2010.06.28 11:28:16 | 000,006,532 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2010.06.28 11:28:16 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2010.06.27 21:11:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI
[2010.04.20 18:22:44 | 000,000,047 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.02.18 14:27:38 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.01.07 19:09:25 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\StrStorage.dll
[2009.12.14 13:30:17 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.10.25 11:44:56 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2009.10.25 11:40:31 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.10.03 19:40:42 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2009.10.01 11:19:32 | 000,000,093 | ---- | C] () -- C:\Users\Michl\AppData\Local\fusioncache.dat
[2009.09.21 22:03:47 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.09.16 15:59:37 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.09.07 17:01:45 | 001,562,452 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.08.25 16:04:29 | 000,001,086 | ---- | C] () -- C:\Users\Michl\AppData\Local\F1C3C386.il
[2009.08.25 16:04:29 | 000,000,280 | ---- | C] () -- C:\Users\Michl\AppData\Local\IndexIE_F1C3C386.il
[2009.08.22 10:44:18 | 000,038,423 | ---- | C] () -- C:\Users\Michl\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2009.08.13 09:27:24 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2009.08.13 09:26:18 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.08.11 17:19:36 | 010,452,992 | ---- | C] () -- C:\ProgramData\sandra.mda
[2009.08.10 21:26:41 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009.08.10 21:26:20 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009.08.10 21:26:19 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2009.08.07 13:36:18 | 000,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI
[2009.08.01 11:24:06 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.08.01 11:23:59 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.08.01 11:23:48 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.08.01 11:23:48 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.07.31 23:41:11 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009.07.31 23:41:11 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.07.31 23:41:11 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.07.31 23:41:11 | 000,168,448 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.07.31 23:41:11 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009.07.31 23:41:10 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.07.31 23:23:24 | 000,313,207 | ---- | C] () -- C:\Windows\SysWow64\ctstatic.dat
[2009.07.31 23:23:24 | 000,053,932 | ---- | C] () -- C:\Windows\SysWow64\ctdaught.dat
[2009.07.31 23:23:24 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBURST.DLL
[2009.07.31 23:22:09 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2009.07.31 23:20:53 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009.07.31 23:20:53 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.07.31 19:45:20 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2009.07.31 18:55:58 | 000,001,100 | ---- | C] () -- C:\Users\Michl\AppData\Local\d3d8caps.dat
[2009.07.31 18:55:52 | 000,001,356 | ---- | C] () -- C:\Users\Michl\AppData\Local\d3d9caps.dat
[2009.07.31 18:51:34 | 000,057,344 | ---- | C] () -- C:\Users\Michl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.31 18:50:10 | 000,001,460 | ---- | C] () -- C:\Users\Michl\AppData\Local\d3d9caps64.dat
[2009.06.04 02:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009.06.04 01:37:08 | 000,021,093 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009.06.04 00:55:20 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2009.06.04 00:40:44 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2009.06.04 00:40:44 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2009.06.04 00:33:04 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2009.05.27 09:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2007.03.05 09:09:04 | 000,037,888 | ---- | C] () -- C:\Windows\SysWow64\PSCONV.EXE
[2006.11.02 17:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.10.09 15:29:22 | 000,032,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\BTNetFilter.sys
[2005.10.04 17:28:12 | 000,071,680 | ---- | C] () -- C:\Windows\SysWow64\CTMMACTL.DLL
 
========== LOP Check ==========
 
[2011.03.19 18:07:28 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\.minecraft
[2011.05.30 11:45:11 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\Bandoo
[2011.03.03 11:17:34 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\BitTorrent
[2009.11.15 12:13:27 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\Broad Intelligence
[2011.01.11 18:36:36 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\Canneverbe Limited
[2009.08.20 08:41:47 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\EPSON
[2009.08.05 18:42:30 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\GrabPro
[2010.12.30 17:13:27 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\gtk-2.0
[2009.10.01 11:19:34 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\HEROLD Business Data
[2009.09.14 16:20:19 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\IrfanView
[2011.02.23 20:32:19 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\Kalypso Media
[2010.08.15 17:41:13 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\MAGIX
[2010.09.26 11:59:53 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\Need for Speed World
[2009.11.15 12:13:29 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\OpenCandy
[2009.08.07 11:08:34 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\Orbit
[2009.12.12 18:46:35 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\ProtectDisc
[2011.02.16 11:19:38 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\RIFT
[2010.11.15 20:51:56 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\runic games
[2011.02.13 11:42:08 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\SAMSUNG
[2009.09.09 22:13:16 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\SecondLife
[2009.11.06 12:07:51 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\SoftMaker
[2010.04.23 18:41:13 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\TS3Client
[2011.03.07 13:06:16 | 000,000,000 | ---D | M] -- C:\Users\Michl\AppData\Roaming\Ubisoft
[2011.06.03 10:24:09 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.06.03 18:45:49 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6242D63D-81AE-4DB4-A58D-CF609B1522E2}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.02.12 19:51:31 | 000,000,000 | ---D | M] -- C:\.jagex_cache_32
[2009.07.31 19:55:55 | 000,000,000 | ---D | M] -- C:\557cdd409ec7b42b452f72cc3bfa
[2009.08.01 11:36:50 | 000,000,000 | ---D | M] -- C:\Boot
[2009.11.01 09:43:31 | 000,000,000 | ---D | M] -- C:\CloneDVDTemp
[2010.03.05 14:15:10 | 000,000,000 | ---D | M] -- C:\CoreTemp
[2009.08.06 18:33:27 | 000,000,000 | ---D | M] -- C:\CrashReport
[2006.11.02 17:41:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.07.31 18:48:22 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.03.02 15:48:27 | 000,000,000 | ---D | M] -- C:\dosprogs
[2011.02.25 19:00:28 | 000,000,000 | ---D | M] -- C:\downloads
[2010.07.25 22:19:28 | 000,000,000 | ---D | M] -- C:\DS2Temp
[2011.06.01 13:22:05 | 000,000,000 | ---D | M] -- C:\Fraps
[2011.05.16 11:19:55 | 000,000,000 | ---D | M] -- C:\Install
[2009.08.01 11:51:47 | 000,000,000 | R--D | M] -- C:\MSOCache
[2011.02.27 20:11:26 | 000,000,000 | ---D | M] -- C:\My Music
[2009.08.10 13:49:06 | 000,000,000 | ---D | M] -- C:\NV5003056.TMP
[2010.09.04 16:31:16 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2011.05.16 11:18:45 | 000,000,000 | ---D | M] -- C:\Patches
[2009.08.01 17:38:07 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.05.16 11:21:14 | 000,000,000 | ---D | M] -- C:\Pics
[2011.05.30 20:11:45 | 000,000,000 | R--D | M] -- C:\Programme
[2011.06.03 18:30:49 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.06.03 18:30:52 | 000,000,000 | ---D | M] -- C:\ProgramData
[2009.07.31 18:48:22 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.03.10 21:22:42 | 000,000,000 | ---D | M] -- C:\PWRD
[2011.06.03 17:09:05 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.05.30 20:08:14 | 000,000,000 | ---D | M] -- C:\Samsung
[2011.06.03 18:44:51 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.05.28 07:15:31 | 000,000,000 | R--D | M] -- C:\Users
[2011.05.16 11:21:12 | 000,000,000 | ---D | M] -- C:\Vids
[2011.05.16 11:21:13 | 000,000,000 | ---D | M] -- C:\VISTA Buch
[2009.12.23 18:20:43 | 000,000,000 | ---D | M] -- C:\VivoxLogs
[2011.06.03 17:09:04 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %PROGRAMFILES%\*. >
[2011.03.08 10:48:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2009.08.08 13:19:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2010.09.04 15:58:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ASUS
[2011.05.30 08:34:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bandoo
[2011.05.15 14:39:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2011.05.24 06:56:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CDBurnerXP
[2011.06.03 17:04:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2011.05.16 11:15:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative
[2011.01.24 15:40:39 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Creative Installation Information
[2011.03.02 16:10:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DOSBox-0.74
[2010.09.08 15:40:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DVDVideoSoft
[2011.01.20 22:33:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EA Games
[2010.12.10 21:04:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Elaborate Bytes
[2010.04.20 09:54:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Electronic Arts
[2009.08.19 18:07:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\epson
[2009.08.07 15:40:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GIMP-2.0
[2011.02.22 14:58:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2009.10.01 11:11:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HEROLD
[2009.08.02 08:22:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Huawei technologies
[2011.05.30 08:33:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iLivid
[2011.05.30 20:49:15 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2011.04.18 20:11:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2009.09.13 15:20:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iPhone-Konfigurationsprogramm
[2009.09.14 16:20:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IrfanView
[2011.05.15 14:41:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2010.06.27 21:09:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IVT Corporation
[2011.05.17 12:31:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2009.07.31 23:43:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\K-Lite Codec Pack
[2011.05.24 10:51:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Kuma Games
[2009.08.13 09:30:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MAGIX
[2011.06.03 18:30:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.05.20 08:25:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MAXCRM-Trial
[2009.11.15 12:39:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MediaCoder
[2009.08.29 09:23:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2009.08.29 09:24:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games
[2010.04.24 11:09:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010.12.12 22:22:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2011.04.23 11:25:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2009.08.01 11:54:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio
[2009.10.01 11:12:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio .NET 2003
[2009.08.01 11:52:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2009.08.14 21:34:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010.07.25 08:57:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2011.05.30 20:49:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MonitorDriver
[2011.05.09 07:20:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2009.08.01 11:54:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010.12.12 22:21:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSECache
[2009.08.14 19:35:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2009.10.25 11:38:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nero
[2011.05.28 07:15:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
[2009.08.11 19:50:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA nTune Performance Application
[2009.07.31 23:22:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenAL
[2009.08.25 19:41:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenXML-ODF Translator
[2010.11.05 18:53:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pando Networks
[2011.05.26 17:17:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\pdf24
[2010.12.11 21:08:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2006.11.02 17:06:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2011.02.13 11:42:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Samsung
[2009.08.22 09:04:39 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2009.09.16 15:58:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SlySoft
[2010.06.26 09:56:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SMPlayer
[2009.08.25 17:17:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SoftMaker Office 2006 (Trial)
[2010.07.16 13:17:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Software Informer
[2011.06.03 10:52:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
[2011.01.25 15:34:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\StefansFreedive
[2009.09.10 16:19:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SystemRequirementsLab
[2011.05.30 23:04:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Trend Micro
[2011.02.15 23:27:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\UltraISO
[2006.11.02 17:33:57 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010.04.20 09:47:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\USB Vibration Joystick
[2009.08.01 11:33:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Calendar
[2009.07.31 20:08:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011.05.30 08:31:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows iLivid Toolbar
[2010.12.16 14:05:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010.10.20 18:36:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2006.11.02 17:06:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009.08.01 11:33:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Gallery
[2009.11.01 11:49:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009.08.01 11:33:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2009.08.01 11:42:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinRAR
[2011.05.21 18:31:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Xfire
[2011.05.21 18:32:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\XfireXO
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2006.11.02 13:15:52 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=5D768BEB711FF67ADC8FAD4E2F6ABB02 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_ab9c809a352ecf21\explorer.exe
[2009.04.11 00:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\ERDNT\cache86\explorer.exe
[2009.04.11 00:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 00:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.01.19 00:00:16 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_b5f12aec698f911c\explorer.exe
[2008.01.18 23:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2006.11.02 13:16:04 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=272D4789B7BAAEDDE73E85A380A670DD -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_4e168eec974b06f9\regedit.exe
[2008.01.19 00:00:32 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.18 23:33:26 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe
[2008.01.18 23:33:26 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe
[2008.01.19 00:00:32 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\ERDNT\cache86\regedit.exe
[2008.01.19 00:00:32 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe
[2006.11.02 11:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_586b393ecbabc8f4\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2006.11.02 13:16:15 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=46D5B6B80E4A5997F508F938F96B7628 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_3610939d8d22586d\userinit.exe
[2008.01.19 00:00:42 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe
[2008.01.19 00:00:42 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.19 00:00:42 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache86\wininit.exe
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.19 00:00:46 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\ERDNT\cache64\wininit.exe
[2008.01.19 00:00:46 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.19 00:00:46 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
[2006.11.02 13:16:20 | 000,122,368 | ---- | M] (Microsoft Corporation) MD5=6F92CE5B50283B0C0A7A539ED552039A -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_8ada9256bfc30704\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.19 00:00:46 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 13:16:20 | 000,397,312 | ---- | M] (Microsoft Corporation) MD5=9642EED809219A2F914DD8E40A09C48B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_c9aada9e9063dc57\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 512 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
         
--- --- ---

Antwort

Themen zu Möglicherweise Trojaner? http://www.searchqu.com/406
antivirus, avast, combofix, converter, defender, desktop, fehler, firefox, firfoxfehler, helper, hijack, hijackthis, http://www.searchqu.com/406, ilivid, internet, internet explorer, logfile, mozilla, nvidia update, port, problem, scan, searchplugins, software, studio, svchost.exe, system, syswow64, trojaner, trojaner?, updates, windows



Ähnliche Themen: Möglicherweise Trojaner? http://www.searchqu.com/406


  1. Vista - Malwarebytes findet http://www.searchqu.com/406 und PUP.Optional.Searchqu.A
    Log-Analyse und Auswertung - 16.09.2013 (5)
  2. http://www.searchqu.com/406
    Log-Analyse und Auswertung - 10.01.2012 (24)
  3. http://www.searchqu.com/406 lässt sich nicht abstellen
    Log-Analyse und Auswertung - 06.01.2012 (15)
  4. http://www.searchqu.com/420 - Problem!
    Plagegeister aller Art und deren Bekämpfung - 22.12.2011 (5)
  5. http://www.searchqu.com/410 als Startseite - Frust!
    Log-Analyse und Auswertung - 13.12.2011 (10)
  6. http://www.searchqu.com/406
    Plagegeister aller Art und deren Bekämpfung - 05.12.2011 (30)
  7. http://www.searchqu.com/406
    Plagegeister aller Art und deren Bekämpfung - 04.12.2011 (14)
  8. http://www.searchqu.com/410
    Log-Analyse und Auswertung - 20.11.2011 (36)
  9. wie kann ich (http://www.searchqu.com/410) löschen
    Log-Analyse und Auswertung - 20.11.2011 (2)
  10. googlestartseite nennt sich jetzt : http://www.searchqu.com//406
    Log-Analyse und Auswertung - 30.09.2011 (3)
  11. nochmal: http://www.searchqu.com/413
    Plagegeister aller Art und deren Bekämpfung - 26.09.2011 (20)
  12. http://www.searchqu.com/406 kann ich nicht loswerden......
    Log-Analyse und Auswertung - 22.09.2011 (2)
  13. http://www.searchqu.com/406
    Plagegeister aller Art und deren Bekämpfung - 01.08.2011 (60)
  14. http://www.searchqu.com/406 als Startseite bekomme es nicht weg
    Plagegeister aller Art und deren Bekämpfung - 07.07.2011 (1)
  15. http://www.searchqu.com/406
    Log-Analyse und Auswertung - 07.07.2011 (8)
  16. Virus: http://www.searchqu.com/406
    Plagegeister aller Art und deren Bekämpfung - 29.06.2011 (9)
  17. http://www.searchqu.com - ändert die Startseite .
    Log-Analyse und Auswertung - 04.05.2011 (1)

Zum Thema Möglicherweise Trojaner? http://www.searchqu.com/406 - Guten Abend Leute Ich habe mir ein ziemlich hartnäckiges Problem mit dem Namen hxxp://www.searchqu.com/406 eingefangen! Ich habe auch schon ein wenig im Forum gesucht und habe festgestellt dass das einige - Möglicherweise Trojaner? http://www.searchqu.com/406...
Archiv
Du betrachtest: Möglicherweise Trojaner? http://www.searchqu.com/406 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.