Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Alles rund um Windows (https://www.trojaner-board.de/alles-rund-um-windows/)
-   -   Windows Vista Blue Screen (https://www.trojaner-board.de/97157-windows-vista-blue-screen.html)

Sarah19 05.04.2011 12:25
Windows Vista Blue Screen
 
Hallo Forum,
Ich habe gestern Abend meinen Laptop ganz normal heruntergefahren er lief den ganzen Tag ganz normal hab dann heute versucht den Laptop anzumachen
aber nach kürzester Zeit stürzt mein Laptop ab und es kommt ein Blauesfenster
das nach millisekunden verschwindet und dann der Laptop reBootet und dies passiert andauernd.
Im Abgesicherten Modus kann ich jedoch den Laptop einwandfrei benutzen.
also der Error fängt so an im Blue Screen
Stop 0x00000BE (oxC0000005) mehr konnte ich nicht lesen
Bitte Dringend um Hilfe

MFG
Sarah

Shadow 05.04.2011 12:40
:hallo:
lass dir mal die Fehlermeldung komplett anzeigen. Außerdem darfst du bitte schon deine genaue Windows-Version mitteilen ;-)

Beim Windows-Start F8 drücken und "Automatischen Neustart deaktivieren"
oder
(im abgesicherten Modus)
Start => Systemsteuerung => System –> Erweitert –> Starten und Wiederherstellen –> Einstellungen => das Hakerl bei "Automatisch Neustart durchführen" entfernen.

Sarah19 05.04.2011 13:01
Windows Vista 32 Bit Version
Habe das Häckchen entfernt wie du gesagt hast ich weiss aber nicht wie ich die Fehlermeldung mir anzeigen lassen kann weil die wirklich nur ne millisekunde sichtbar ist

Shadow 05.04.2011 13:36
Zitat:
Zitat von Sarah19 (Beitrag 636359)
Windows Vista 32 Bit Version
Ungenau ist nicht genau genug. SP?
Zitat:
Zitat von Sarah19 (Beitrag 636359)
Habe das Häckchen entfernt wie du gesagt hast ich weiss aber nicht wie ich die Fehlermeldung mir anzeigen lassen kann
du hast behauptet:
Zitat:
Zitat von Sarah19
aber nach kürzester Zeit stürzt mein Laptop ab und es kommt ein Blauesfenster ... und dies passiert andauernd.
Die Entfernung des Häkchen sollte dies
Zitat:
Zitat von Sarah19
das nach millisekunden verschwindet und dann der Laptop reBootet
verhindern.

Der PC sollte jetzt mit diesem blauen Bild (BSOD = Blue Screen Of Death) stehen bleiben (zum ganz Ausschalten Einschaltknopf bedienen.) und nicht (automatisch) rebooten.

Sarah19 05.04.2011 13:42
Antworten die Fehlermeldung ist ja in dem Blauenfenster das nach millisekunden verschwindet das Häckchen hat daran nix geändert ich habs mal abfotografiert
Stop 0x00000BE (0xC0000005,0xE26522A7,0xF2A4 hier fehlt mir etwas,0xE9F3491C,0x00000000)
Habe Windows Vista Home Premium (6.0 ,Build 6001) 32 Bit Version Service Pack 1
Soll ich mal Service Pack 2 Drauf installieren ?

Sarah19 05.04.2011 13:47
ich weiss auch warum das mit dem Häckchen jetzt nicht geklappt hat weil wenn ich das Häckchen rausnehme und ok klicke kann ich nicht die einstellungen übernehmen weil das Übernehmen kästchen permanent grau ist

Sarah19 05.04.2011 13:57
Habs jetzt mir der F8 Variante probiert und hat auch geklappt !
Der Fehler lautet wie folgt:
0x000008E (0xC0000005,0xE265E2A7,0xE82B491C,0x00000000)

Shadow 05.04.2011 15:16
Zitat:
Zitat von Sarah19 (Beitrag 636385)
Habs jetzt mir der F8 Variante probiert und hat auch geklappt !
Sehr gut! :daumenhoc

Irgend ein textliche Meldung wie "KERNEL_MODE_EXCEPTION_NOT_HANDLED" ist nicht dabei?

Tendenziell bei so etwas:

- Windows auf aktuelle Stand bringen (inkl. Treiber)
- Virenscan z.B. Malwarebytes Anti-Malware
- Festplattenfehlertest z.B. Data Lifeguard Diagnostic für Windows von Western Digital (nur Punkte 1 und 2, NICHT Punkt 3 - Write with Zeros)

Sarah19 05.04.2011 16:22
Malware Test:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6276

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.18904

05.04.2011 17:10:34
mbam-log-2011-04-05 (17-10-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 455890
Laufzeit: 1 Stunde(n), 19 Minute(n), 0 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 20

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\2SPI9KEA4C (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\A9YA3MI1CF (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Sarah\AppData\Local\Temp\383C.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Sarah\AppData\Local\Temp\6BF.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Sarah\AppData\Local\Temp\71D.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Sarah\AppData\Local\Temp\7A9.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Sarah\AppData\Local\Temp\911.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Sarah\AppData\Local\Temp\95F.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Sarah\AppData\Local\Temp\96F.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Sarah\AppData\Local\Temp\E30B.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Sarah\AppData\Local\Temp\ecsrwxonam.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\Sarah\AppData\Local\Temp\jar_cache4251088398415848075.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Sarah\AppData\Local\Temp\oesancrwmx.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Users\Sarah\AppData\Local\Temp\Uhf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Sarah\AppData\Local\Temp\Uhg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Sarah\AppData\Local\Temp\Uhh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Sarah\AppData\Local\Temp\Uhi.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Sarah\AppData\Local\Temp\Uhj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Sarah\AppData\Local\Temp\Uhm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Sarah\AppData\Local\Temp\Uho.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Sarah\AppData\Local\Temp\Uhp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Sarah\AppData\Local\Temp\Uhq.exe (Trojan.Downloader) -> Quarantined and deleted successfully.



Hat aber nix geholfen

Sarah19 05.04.2011 16:23
Ich weiss nicht wie ich vom Abgesicherten Modus aus Windows Updates installieren kann oder die Treiber aktualisieren kann ich hab jetzt mal service pack 2 heruntergeladen reicht es wenn ich das installiere?

Shadow 05.04.2011 16:38
Zitat:
Zitat von Shadow (Beitrag 636441)
Irgend ein textliche Meldung wie "KERNEL_MODE_EXCEPTION_NOT_HANDLED" ist nicht dabei?
Auch wenn die Wahrscheinlichkeit hoch ist, dass dies alles eine Folge des Malwarebefalls ist.
(Und der wiederum eine Folge von unvorsichtigem Surfen und inaktuellem System ist.)
Ich schick dir mal einen aus der Malwareecke vorbei bzw. der verwinkelte Allesleser aus der Malwarebekämpfungsfraktion oder ein anderer Heroe (m/w) aus der Liga der außergewöhnlichen Malwarebekämpfer der dies liest, mag "freiwillig" übernehmen.

Sarah19 05.04.2011 21:42
Test Option: EXTENDED TEST
Model Number: ST9500325AS
Unit Serial Number: 6VE1PVQR
Firmware Number: 0002SDM1
Capacity: 500.11 GB
SMART Status: PASS
Test Result: PASS
Test Time: 22:40:56, April 05, 2011

Den Physical Drive habe ich jetzt gecheckt das ist das Ergebniss

Sarah19 05.04.2011 22:01
"KERNEL_MODE_EXCEPTION_NOT_HANDLED
sowas steht nicht drinnen

Sarah19 05.04.2011 22:27
Als ich das Service Pack 2 im Abgesicherten Modus installieren wollte
kam der Blue Screen bei dem 1 schritt von 3 und ich konnte es nicht installieren.

cosinus 07.04.2011 20:01
Ich spring mal für shadow ein:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Sarah19 08.04.2011 10:45
1 Log FileOTL Logfile:
Code:
OTL logfile created on: 08.04.2011 11:37:25 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Sarah\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 126,32 Gb Free Space | 54,24% Space Free | Partition Type: NTFS
Drive D: | 221,16 Gb Total Space | 221,12 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
 
Computer Name: Sarah-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sarah\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Sarah\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (sdAuxService) -- C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (pctEFA) -- C:\Windows\system32\drivers\pctEFA.sys (PC Tools)
DRV - (pctDS) -- C:\Windows\system32\drivers\pctDS.sys (PC Tools)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (ASUSTek Computer Inc)
DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.)
DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows (R) Win 7 DDK provider)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (AmUStor) -- C:\Windows\System32\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:3.0.0.300
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - prefs.js..network.proxy.ftp: "proxy.hofmann.stw.uni-erlangen.de"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy.hofmann.stw.uni-erlangen.de"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy.hofmann.stw.uni-erlangen.de"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.socks: "proxy.hofmann.stw.uni-erlangen.de"
FF - prefs.js..network.proxy.socks_port: 1080
FF - prefs.js..network.proxy.ssl: "proxy.hofmann.stw.uni-erlangen.de"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools Security\BDT\Firefox\ [2011.02.12 11:04:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.22 14:56:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.26 18:58:40 | 000,000,000 | ---D | M]
 
[2010.03.21 20:10:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fatih\AppData\Roaming\mozilla\Extensions
[2011.04.02 18:43:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fatih\AppData\Roaming\mozilla\Firefox\Profiles\n3n3q5b7.default\extensions
[2011.04.02 13:02:36 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Fatih\AppData\Roaming\mozilla\Firefox\Profiles\n3n3q5b7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.04.02 18:43:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Fatih\AppData\Roaming\mozilla\Firefox\Profiles\n3n3q5b7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.02 13:02:39 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Fatih\AppData\Roaming\mozilla\Firefox\Profiles\n3n3q5b7.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.05.27 23:55:41 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Fatih\AppData\Roaming\mozilla\Firefox\Profiles\n3n3q5b7.default\extensions\DTToolbar@toolbarnet.com
[2011.04.02 13:02:22 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Fatih\AppData\Roaming\mozilla\Firefox\Profiles\n3n3q5b7.default\extensions\engine@conduit.com
[2010.06.30 16:06:56 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Fatih\AppData\Roaming\mozilla\Firefox\Profiles\n3n3q5b7.default\extensions\toolbar@ask.com
[2010.03.22 22:27:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fatih\AppData\Roaming\mozilla\Firefox\Profiles(85)\p4jwr0q8.default\extensions
[2010.03.21 20:14:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Fatih\AppData\Roaming\mozilla\Firefox\Profiles(85)\p4jwr0q8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.27 23:55:34 | 000,002,059 | ---- | M] () -- C:\Users\Fatih\AppData\Roaming\Mozilla\Firefox\Profiles\n3n3q5b7.default\searchplugins\daemon-search.xml
[2010.10.29 07:12:49 | 000,000,950 | ---- | M] () -- C:\Users\Fatih\AppData\Roaming\Mozilla\Firefox\Profiles\n3n3q5b7.default\searchplugins\icqplugin-1.xml
[2011.03.03 14:19:47 | 000,000,950 | ---- | M] () -- C:\Users\Fatih\AppData\Roaming\Mozilla\Firefox\Profiles\n3n3q5b7.default\searchplugins\icqplugin-2.xml
[2011.03.05 09:56:18 | 000,000,950 | ---- | M] () -- C:\Users\Fatih\AppData\Roaming\Mozilla\Firefox\Profiles\n3n3q5b7.default\searchplugins\icqplugin-3.xml
[2011.03.05 12:06:01 | 000,000,950 | ---- | M] () -- C:\Users\Fatih\AppData\Roaming\Mozilla\Firefox\Profiles\n3n3q5b7.default\searchplugins\icqplugin-4.xml
[2011.04.02 15:16:46 | 000,000,950 | ---- | M] () -- C:\Users\Fatih\AppData\Roaming\Mozilla\Firefox\Profiles\n3n3q5b7.default\searchplugins\icqplugin-5.xml
[2011.04.02 17:00:51 | 000,000,950 | ---- | M] () -- C:\Users\Fatih\AppData\Roaming\Mozilla\Firefox\Profiles\n3n3q5b7.default\searchplugins\icqplugin-6.xml
[2011.02.20 12:21:20 | 000,000,168 | ---- | M] () -- C:\Users\Fatih\AppData\Roaming\Mozilla\Firefox\Profiles\n3n3q5b7.default\searchplugins\icqplugin.gif
[2011.02.20 12:21:20 | 000,000,618 | ---- | M] () -- C:\Users\Fatih\AppData\Roaming\Mozilla\Firefox\Profiles\n3n3q5b7.default\searchplugins\icqplugin.src
[2010.06.21 16:35:24 | 000,001,042 | ---- | M] () -- C:\Users\Fatih\AppData\Roaming\Mozilla\Firefox\Profiles\n3n3q5b7.default\searchplugins\icqplugin.xml
[2011.03.22 14:56:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.12.19 19:54:53 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) --
[2011.04.02 17:00:07 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\PROGRAM FILES\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER
[2009.11.08 14:38:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.11.09 00:01:51 | 000,350,680 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 12023 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O4 - HKCU..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 131.188.24.34 131.188.0.10 131.188.0.11
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Fatih\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{330bfa9a-eca4-11de-8b3f-90e6ba3b6e5b}\Shell - "" = AutoRun
O33 - MountPoints2\{330bfa9a-eca4-11de-8b3f-90e6ba3b6e5b}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.08 11:35:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Fatih\Desktop\OTL.exe
[2011.04.07 20:10:04 | 005,514,668 | ---- | C] (LIGHTNING UK!) -- C:\Users\Fatih\Desktop\SetupImgBurn_2.5.5.0.exe
[2011.04.06 14:04:04 | 000,000,000 | ---D | C] -- C:\bb587e879a5226a37f64d1ae
[2011.04.06 14:02:02 | 000,837,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32hda.dll
[2011.04.06 14:02:02 | 000,122,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2011.04.06 14:02:02 | 000,026,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2011.04.06 13:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011.04.06 13:57:16 | 015,047,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2011.04.06 13:57:16 | 013,011,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2011.04.06 13:57:16 | 010,467,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2011.04.06 13:57:16 | 010,078,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2011.04.06 13:57:16 | 005,653,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2011.04.06 13:57:16 | 004,941,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2011.04.06 13:57:16 | 002,895,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2011.04.06 13:57:16 | 002,251,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2011.04.06 13:57:16 | 001,965,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2011.04.06 13:57:16 | 000,941,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco322090.dll
[2011.04.06 13:57:16 | 000,837,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322040.dll
[2011.04.06 13:57:16 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011.04.06 13:57:16 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2011.04.06 13:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011.04.06 13:56:23 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011.04.06 13:55:43 | 139,333,896 | ---- | C] (NVIDIA Corporation) -- C:\Users\Fatih\Desktop\266.58_notebook_winvista_win7_32bit_international_whql.exe
[2011.04.06 13:53:31 | 001,039,048 | ---- | C] (PC Drivers HeadQuarters                                      ) -- C:\Users\Fatih\Desktop\driver_detective_EPU.exe
[2011.04.06 00:20:49 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.04.05 23:22:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011.04.05 23:01:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.04.05 17:24:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation
[2011.04.05 17:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital Corporation
[2011.04.05 17:23:56 | 000,000,000 | ---D | C] -- C:\Users\Fatih\Desktop\WinDlg_122
[2011.04.05 13:03:20 | 498,580,680 | ---- | C] (Microsoft Corporation) -- C:\Users\Fatih\Desktop\Windows6.0-KB948465-X86.exe
[2011.04.03 18:12:52 | 000,000,000 | ---D | C] -- C:\Users\Fatih\Desktop\paint
[2011.04.02 17:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
[2011.03.26 19:28:25 | 000,000,000 | ---D | C] -- C:\Users\Fatih\Desktop\textdokumente
[2011.03.26 19:20:49 | 000,000,000 | ---D | C] -- C:\Users\Fatih\Desktop\dsk_09_02_2011
[2011.03.26 18:44:50 | 000,000,000 | ---D | C] -- C:\Users\Fatih\Desktop\dsk klausuren formel
[2011.03.22 12:19:42 | 000,000,000 | ---D | C] -- C:\Users\Fatih\Desktop\fard
[2011.03.14 23:06:04 | 000,000,000 | ---D | C] -- C:\Users\Fatih\Desktop\groove2
[2008.11.03 09:03:27 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[2008.08.12 06:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files\Common Files\MSIactionall.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.08 11:35:44 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Fatih\Desktop\OTL.exe
[2011.04.08 10:46:49 | 000,669,960 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.08 10:46:49 | 000,631,026 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.08 10:46:49 | 000,143,498 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.08 10:46:49 | 000,117,652 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.08 10:41:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.08 10:41:47 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011.04.07 22:46:02 | 000,008,484 | ---- | M] () -- C:\Users\Fatih\AppData\Local\d3d9caps.dat
[2011.04.07 20:11:56 | 005,514,668 | ---- | M] (LIGHTNING UK!) -- C:\Users\Fatih\Desktop\SetupImgBurn_2.5.5.0.exe
[2011.04.07 19:54:27 | 000,653,750 | ---- | M] () -- C:\Users\Fatih\Desktop\TM_3.pdf
[2011.04.07 10:21:15 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011.04.07 09:40:55 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-185602744-2463074575-3719456933-1000UA.job
[2011.04.06 17:03:44 | 000,078,652 | ---- | M] () -- C:\Users\Fatih\Desktop\seite2antrag.jpg
[2011.04.06 17:03:22 | 000,001,215 | ---- | M] () -- C:\Users\Fatih\Desktop\antrag.pl.htm
[2011.04.06 14:17:27 | 000,000,774 | ---- | M] () -- C:\Users\Fatih\Desktop\RegCleaner.lnk
[2011.04.06 14:06:54 | 002,059,694 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011.04.06 13:56:10 | 139,333,896 | ---- | M] (NVIDIA Corporation) -- C:\Users\Fatih\Desktop\266.58_notebook_winvista_win7_32bit_international_whql.exe
[2011.04.06 13:53:30 | 001,039,048 | ---- | M] (PC Drivers HeadQuarters                                      ) -- C:\Users\Fatih\Desktop\driver_detective_EPU.exe
[2011.04.06 12:09:41 | 000,048,639 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.04.06 12:09:41 | 000,048,639 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.04.06 12:06:32 | 017,815,040 | ---- | M] () -- C:\Users\Fatih\Desktop\dbg_x86_6.11.1.404.msi
[2011.04.06 11:54:39 | 000,107,631 | ---- | M] () -- C:\Users\Fatih\Desktop\Zusammenfassung Kreuzprodukt.pdf
[2011.04.06 11:54:26 | 000,069,293 | ---- | M] () -- C:\Users\Fatih\Desktop\Unterlagen zum Stos starrer Korper.pdf
[2011.04.05 17:24:22 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Data Lifeguard Diagnostic for Windows.lnk
[2011.04.05 17:10:55 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\gwyiypt.sys
[2011.04.05 13:06:48 | 498,580,680 | ---- | M] (Microsoft Corporation) -- C:\Users\Fatih\Desktop\Windows6.0-KB948465-X86.exe
[2011.04.05 02:09:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.05 02:09:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.05 00:11:55 | 000,051,783 | ---- | M] () -- C:\Users\Fatih\Desktop\traffic.jpg
[2011.04.04 19:39:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-185602744-2463074575-3719456933-1000Core.job
[2011.04.03 23:08:09 | 003,341,314 | ---- | M] () -- C:\Users\Fatih\Desktop\stream(24).mp3
[2011.04.03 23:06:20 | 006,027,685 | ---- | M] () -- C:\Users\Fatih\Desktop\stream(23).mp3
[2011.04.03 23:05:37 | 005,801,411 | ---- | M] () -- C:\Users\Fatih\Desktop\stream(22).mp3
[2011.04.03 23:02:54 | 004,193,665 | ---- | M] () -- C:\Users\Fatih\Desktop\kursuna gerek yok.mp3
[2011.04.03 23:02:06 | 004,589,568 | ---- | M] () -- C:\Users\Fatih\Desktop\stream(20).mp3
[2011.04.03 23:01:00 | 006,844,065 | ---- | M] () -- C:\Users\Fatih\Desktop\dogus.mp3
[2011.04.03 14:30:28 | 012,568,889 | ---- | M] () -- C:\Users\Fatih\Desktop\kapitel 3 nur.pdf
[2011.04.03 14:29:50 | 006,601,562 | ---- | M] () -- C:\Users\Fatih\Desktop\kinematik.pdf
[2011.04.03 14:20:38 | 000,942,985 | ---- | M] () -- C:\Users\Fatih\Desktop\dynamik.pdf
[2011.03.26 18:49:52 | 014,403,771 | ---- | M] () -- C:\Users\Fatih\Desktop\DSK_Uebungen_WS10-11.pdf
[2011.03.26 18:49:36 | 018,167,138 | ---- | M] () -- C:\Users\Fatih\Desktop\TM3-Uebungen-Loesungen.pdf
[2011.03.26 18:44:28 | 000,227,109 | ---- | M] () -- C:\Users\Fatih\Desktop\tm3_ws0405.pdf
[2011.03.26 18:44:22 | 000,356,305 | ---- | M] () -- C:\Users\Fatih\Desktop\tm3_ss04.pdf
[2011.03.26 18:44:17 | 000,289,997 | ---- | M] () -- C:\Users\Fatih\Desktop\tm3_ws0304.pdf
[2011.03.26 18:44:05 | 000,411,509 | ---- | M] () -- C:\Users\Fatih\Desktop\tm3_ss03.pdf
[2011.03.26 18:43:54 | 003,067,176 | ---- | M] () -- C:\Users\Fatih\Desktop\tm3_94-03.pdf
[2011.03.26 18:35:36 | 000,097,383 | ---- | M] () -- C:\Users\Fatih\Desktop\Ubung 13 - Beispielklausur.pdf
[2011.03.26 18:33:18 | 000,067,230 | ---- | M] () -- C:\Users\Fatih\Desktop\Musterlosung Tutoriumsaufgaben 01a02.pdf
[2011.03.19 11:14:47 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.03.15 01:18:34 | 000,004,522 | ---- | M] () -- C:\Users\Fatih\.recently-used.xbel
[2011.03.13 04:00:09 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\RegInOut Scheduled Scan - Fatih.job
 
========== Files Created - No Company Name ==========
 
[2011.04.07 19:54:27 | 000,653,750 | ---- | C] () -- C:\Users\Fatih\Desktop\TM_3.pdf
[2011.04.06 17:03:44 | 000,078,652 | ---- | C] () -- C:\Users\Fatih\Desktop\seite2antrag.jpg
[2011.04.06 17:03:21 | 000,001,215 | ---- | C] () -- C:\Users\Fatih\Desktop\antrag.pl.htm
[2011.04.06 14:17:27 | 000,000,774 | ---- | C] () -- C:\Users\Fatih\Desktop\RegCleaner.lnk
[2011.04.06 13:57:16 | 000,004,756 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2011.04.06 12:05:38 | 017,815,040 | ---- | C] () -- C:\Users\Fatih\Desktop\dbg_x86_6.11.1.404.msi
[2011.04.06 11:54:41 | 000,107,631 | ---- | C] () -- C:\Users\Fatih\Desktop\Zusammenfassung Kreuzprodukt.pdf
[2011.04.06 11:54:29 | 000,069,293 | ---- | C] () -- C:\Users\Fatih\Desktop\Unterlagen zum Stos starrer Korper.pdf
[2011.04.05 17:24:22 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Data Lifeguard Diagnostic for Windows.lnk
[2011.04.05 17:10:55 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\gwyiypt.sys
[2011.04.05 11:12:01 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011.04.05 00:11:55 | 000,051,783 | ---- | C] () -- C:\Users\Fatih\Desktop\traffic.jpg
[2011.04.03 23:08:06 | 003,341,314 | ---- | C] () -- C:\Users\Fatih\Desktop\stream(24).mp3
[2011.04.03 23:06:06 | 006,027,685 | ---- | C] () -- C:\Users\Fatih\Desktop\stream(23).mp3
[2011.04.03 23:05:00 | 005,801,411 | ---- | C] () -- C:\Users\Fatih\Desktop\stream(22).mp3
[2011.04.03 23:02:40 | 004,193,665 | ---- | C] () -- C:\Users\Fatih\Desktop\kursuna gerek yok.mp3
[2011.04.03 23:02:11 | 004,589,568 | ---- | C] () -- C:\Users\Fatih\Desktop\stream(20).mp3
[2011.04.03 23:00:49 | 006,844,065 | ---- | C] () -- C:\Users\Fatih\Desktop\dogus.mp3
[2011.04.03 14:30:15 | 012,568,889 | ---- | C] () -- C:\Users\Fatih\Desktop\kapitel 3 nur.pdf
[2011.04.03 14:29:46 | 006,601,562 | ---- | C] () -- C:\Users\Fatih\Desktop\kinematik.pdf
[2011.04.03 14:20:38 | 000,942,985 | ---- | C] () -- C:\Users\Fatih\Desktop\dynamik.pdf
[2011.03.26 19:20:49 | 000,187,727 | ---- | C] () -- C:\Users\Fatih\Desktop\2006-10.pdf
[2011.03.26 19:20:49 | 000,135,973 | ---- | C] () -- C:\Users\Fatih\Desktop\2007-10.pdf
[2011.03.26 18:49:41 | 014,403,771 | ---- | C] () -- C:\Users\Fatih\Desktop\DSK_Uebungen_WS10-11.pdf
[2011.03.26 18:49:22 | 018,167,138 | ---- | C] () -- C:\Users\Fatih\Desktop\TM3-Uebungen-Loesungen.pdf
[2011.03.26 18:44:28 | 000,227,109 | ---- | C] () -- C:\Users\Fatih\Desktop\tm3_ws0405.pdf
[2011.03.26 18:44:22 | 000,356,305 | ---- | C] () -- C:\Users\Fatih\Desktop\tm3_ss04.pdf
[2011.03.26 18:44:17 | 000,289,997 | ---- | C] () -- C:\Users\Fatih\Desktop\tm3_ws0304.pdf
[2011.03.26 18:44:05 | 000,411,509 | ---- | C] () -- C:\Users\Fatih\Desktop\tm3_ss03.pdf
[2011.03.26 18:43:54 | 003,067,176 | ---- | C] () -- C:\Users\Fatih\Desktop\tm3_94-03.pdf
[2011.03.26 18:35:38 | 000,097,383 | ---- | C] () -- C:\Users\Fatih\Desktop\Ubung 13 - Beispielklausur.pdf
[2011.03.26 18:33:17 | 000,067,230 | ---- | C] () -- C:\Users\Fatih\Desktop\Musterlosung Tutoriumsaufgaben 01a02.pdf
[2011.03.22 14:56:43 | 000,000,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.03.15 01:18:34 | 000,004,522 | ---- | C] () -- C:\Users\Fatih\.recently-used.xbel
[2011.02.12 11:04:23 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.12.22 15:27:17 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.12.04 20:27:44 | 000,179,098 | ---- | C] () -- C:\Windows\hpoins27.dat.temp
[2010.12.04 20:27:44 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl27.dat.temp
[2010.08.09 22:02:41 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2010.06.28 21:20:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.28 20:22:08 | 000,027,043 | ---- | C] () -- C:\Users\Fatih\AppData\Roaming\UserTile.png
[2010.01.10 19:13:37 | 000,008,484 | ---- | C] () -- C:\Users\Fatih\AppData\Local\d3d9caps.dat
[2009.12.20 15:37:32 | 000,055,308 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009.11.17 20:40:21 | 000,179,098 | ---- | C] () -- C:\Windows\hpoins27.dat
[2009.11.10 13:43:36 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.10.04 19:53:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2009.10.04 17:10:51 | 000,006,144 | ---- | C] () -- C:\Users\Fatih\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.14 02:51:39 | 000,053,248 | ---- | C] () -- C:\Windows\System32\LogonStart.dll
[2009.09.14 02:43:40 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009.09.14 02:41:56 | 000,048,639 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.09.14 02:41:48 | 000,048,639 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.09.14 02:05:50 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.14 02:05:50 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.04.08 19:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008.12.02 03:32:32 | 000,362,029 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2008.08.11 04:14:11 | 001,752,704 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.05.22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
[2008.05.12 05:20:31 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2008.04.16 13:11:34 | 000,669,960 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.04.16 13:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.04.16 13:11:34 | 000,143,498 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.04.16 13:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008.01.21 04:25:01 | 000,589,824 | ---- | C] () -- C:\Windows\System32\jayy68xi.dll
[2008.01.18 01:56:22 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl27.dat
[2007.10.14 06:58:32 | 000,147,538 | ---- | C] () -- C:\Windows\hpqins11.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,380,976 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,631,026 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,117,652 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:CE2C623F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84

< End of report >
--- --- ---

Sarah19 08.04.2011 10:48
2 LogfileOTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 08.04.2011 11:37:25 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Sarah\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 126,32 Gb Free Space | 54,24% Space Free | Partition Type: NTFS
Drive D: | 221,16 Gb Total Space | 221,12 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
 
Computer Name: Sarah-PC | User Name: Sarah | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E3DDA89-A64C-4108-BA86-08FCCB15C65B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1248B531-C123-4960-BCD6-3AD0BD3FA059}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{182CB20A-9CF0-474D-906D-F71351F743F0}" = lport=137 | protocol=17 | dir=in | app=system |
"{19C81232-726B-49F1-B2FD-2231088820A6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{299B0E31-22D8-4DF6-9E64-9AC831DC83B8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2BCE5870-864A-4F17-90D8-22EF3C717E4B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3E67E58F-931A-4EEE-AE32-0514F343241E}" = rport=138 | protocol=17 | dir=out | app=system |
"{3F05995E-A710-46FC-AFF9-AA39674BBBBE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{425FAC0B-F4F6-4D19-862B-C200038FB5A7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4FE41784-50B1-4A7D-96A8-C759DA1310CD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5B5D043C-509A-4DAF-96A8-2F7C14D7FA55}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5EBCDEC3-FAFC-4C36-939E-499F90AAAAC9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{627192EE-FDDC-4776-A357-83CCC4BD24CC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{63F1D5A2-1980-4094-A866-677DF79D34A3}" = lport=445 | protocol=6 | dir=in | app=system |
"{64AB0625-BFA4-4353-B415-21C9CDD219BD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6B5356D1-5DD2-41C9-81A7-780B10AA7F3A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6ED13AD5-7B80-4AB1-8CF0-C22B2A32FBF8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{78F0B785-EB1F-4235-ACDD-B1BDCBA88CDD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7E32241A-51AF-4BB7-B6B1-E47CD03DD8D8}" = lport=5000 | protocol=17 | dir=in | name=camfrog1 |
"{8474DB34-ECB7-4B25-B9D5-FFB73713A978}" = rport=137 | protocol=17 | dir=out | app=system |
"{948073B2-D92F-4CDE-A240-F855D6706819}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A0CBFEBC-D445-48BD-956D-6AD1A84FFAE2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A32516AF-4759-4249-BDEA-3EF523822293}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{A757DAB2-A922-454A-8A35-1F27188D9D9B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD3717B1-7EC7-4CA3-924B-43F595E911D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B4FA2719-C204-456F-8833-48A212B965E4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C22C1BD7-6D2D-4B0F-AE74-F379AB677845}" = rport=445 | protocol=6 | dir=out | app=system |
"{C50D2EFF-23AA-4460-AAE5-748F74118488}" = lport=6005 | protocol=6 | dir=in | name=camfrog |
"{C5BBFC31-2F82-4654-BD4A-1B2DF9B1F928}" = rport=139 | protocol=6 | dir=out | app=system |
"{D2C54116-BDC2-420F-9B2A-9E6B2F2B982E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1A9DF7E-F6AD-4ED5-9443-53BC0E49D887}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EF5CBA7C-98E6-4D64-BC43-4A6C3ABD544F}" = lport=139 | protocol=6 | dir=in | app=system |
"{F192A617-7EA4-4D0A-9A1B-C7C2A8FBD2C1}" = lport=138 | protocol=17 | dir=in | app=system |
"{FAFFB230-9650-445A-BB7E-8F541FBE57AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0246383D-AB6D-439B-A288-01215361779B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{04F75E38-45EA-4CFA-834A-FE34FC5F152B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{06E2BB6A-3E25-4ED1-93BC-3E9F7C1EF469}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{0DFFA93D-74F1-4436-A436-6211C1CBEE21}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{0FC0B215-EACF-4C0B-9B2F-2500E0F17F58}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1A589D80-4DFB-40DD-B42C-B520B5BF8FA9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1D905744-5A7E-4FEB-B911-A1E523CA522F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{23C6AC5D-0B47-4EC9-8CFC-32D251E7057D}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |
"{25CC0600-49D6-4691-8954-76C09D57CC7B}" = protocol=17 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"{2BBD669F-6D8D-4558-A768-898ADAFB7B73}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2E67288E-6AA4-4C41-9E9D-063B804138BB}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\gu.exe |
"{2FC39C5F-0C41-4457-9B64-3D173950C7F9}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"{399AC890-6717-4598-88EE-2FBC59EF8737}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{4943C104-EEF4-4EFF-A553-D208EED6914D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{4B40E840-EA96-4C48-9E75-AE8D170C851D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4C701DFD-540F-490F-9D2E-AD2B3FC9FFF4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4ECBAE6A-C8F8-46B8-AD44-7628A3E074F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{52013A57-D128-45B6-AB91-5117E4502F00}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{52C918C8-FFC1-4395-BCB1-FA663973C2D7}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{5897AFDA-E33A-4C4D-95F8-BAE442D00544}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{64E25145-83B7-4706-9C5D-F04FF293B925}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{67C9646F-9D6A-4852-A1D2-222D250D526F}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{732DC77D-CC60-4B83-BA4D-A04167AEA50C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{75CE5014-3129-49CD-B896-2EB66AE597B1}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{82D05221-0148-45F4-AC32-83CE2B01006D}" = protocol=6 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"{85E1FEE9-91A1-42A3-8276-79AD6D63A8B6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{860B7FF8-08DF-44F4-B473-CF5C64D2B6F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{867E6FFC-A37F-46DE-A6D2-D23BF0CCB84C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{88B47B7B-F55D-4A33-81A5-CB04928AD306}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8B006C4F-8A98-4361-9E4C-1B8F29E51A6A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{9263C44B-4FF8-4BED-BDB6-881B89962B5C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{9C2D1ACB-27F8-4413-8B4F-03B5026B7C55}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe |
"{9DC7D986-5DC6-4BAE-ACF0-CF9A8CA78670}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A1FD6BA8-FD39-4E67-BE83-179C1897FBF3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{A6CE29D6-2964-4F0A-B739-F7165AA35B8B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{A958CF2D-A2E5-406D-8BD0-82489EE93F5E}" = protocol=6 | dir=out | app=system |
"{AABF5E68-189F-4319-98C9-0C22104939A4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{B3B499FB-0CD0-4198-B24F-527EFD4192DF}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{B6E31713-AF8C-4A76-81C9-549E00BBDFE2}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{BBB04196-9311-4099-96AD-77DC7896908D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{BCCE4772-3B78-462F-92E8-B6E7566BDC3D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C2A17FBC-94A7-4284-A55F-B9E6C0D6EEB7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{D745DF30-7350-4E55-90A0-8A679551F417}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{DAE671A5-9FCF-43BE-BA77-3D300F459D34}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{DB23793C-2E07-4B3A-9C93-DC543B5EE75D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DBDC206C-30C0-4739-93DD-72FE25AB7AFD}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"{E6BAB98A-F5F9-4674-A7F3-CC67FC370ED8}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{E7571E27-840A-4A0C-A2BA-05C958920D98}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{EA538F10-8123-4818-A46F-1D22CD1D95FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EE2F224E-D808-41EE-AEBA-99E8DAEC090D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{EEEA4F8B-4FA8-412E-AF12-318882ED7112}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F50ACBA5-734B-4CBA-96E4-A29163E52A7A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F714F464-50A9-4540-BC73-5F767514D1C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB7EFE97-2BCD-4F85-AE58-911B8B8D9B60}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FB864B3F-1578-4025-B111-894BB6BBE645}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{1F472F4F-BE4F-4D1D-99FB-A5954C36406F}C:\program files\proengineer schools edition\i486_nt\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=c:\program files\proengineer schools edition\i486_nt\obj\pro_comm_msg.exe |
"TCP Query User{2231E050-823E-4D64-9ECF-C54BA9C09B3B}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{38F67658-C259-4D76-9B17-7EAD64B734CE}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{405165FF-7733-4844-879F-7EAA41123992}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{501FE247-E5BB-4F2C-8716-39B9D3A3AD8A}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{687140E7-9E0E-47AF-9571-2B2BA3B04EAC}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{6F6694B5-CB82-47FD-AA41-830628E81FB2}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{7214A22A-AF68-485B-8550-A8449F89F9B9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{89618E34-3D6C-48EB-8580-5F478E9890ED}C:\program files\proengineer schools edition\i486_nt\nms\nmsd.exe" = protocol=6 | dir=in | app=c:\program files\proengineer schools edition\i486_nt\nms\nmsd.exe |
"TCP Query User{8E34C7B1-4468-45DA-987E-431930510B5C}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{A327106A-2639-4672-A584-5D096837C153}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{A34D5759-931C-4DDD-8949-57FC767260B0}C:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"TCP Query User{A380D578-04C9-4E8A-AF8D-ECF674BE0C63}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{C13768B4-7524-45BE-BF85-DF033227AF41}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"TCP Query User{CA1E25D2-E110-4D7B-9091-00F847F6225A}C:\program files\proengineer schools edition\i486_nt\nms\nmsd.exe" = protocol=6 | dir=in | app=c:\program files\proengineer schools edition\i486_nt\nms\nmsd.exe |
"TCP Query User{CA1FCA75-E8F8-4DA2-A6CF-E3DE40F11BC2}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{CB19F942-C056-4234-A5A0-0C376759416E}C:\program files\proengineer schools edition\i486_nt\obj\xtop.exe" = protocol=6 | dir=in | app=c:\program files\proengineer schools edition\i486_nt\obj\xtop.exe |
"TCP Query User{CF0C99EE-5251-47E1-A0B5-9180AE5D4BC5}C:\program files\proengineer schools edition\i486_nt\obj\xtop.exe" = protocol=6 | dir=in | app=c:\program files\proengineer schools edition\i486_nt\obj\xtop.exe |
"TCP Query User{D34582C2-F605-4EE2-A7BA-D2DBC12A7289}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{DD6089A8-3B7D-4FF0-A54D-017C011D551F}C:\program files\proengineer schools edition\i486_nt\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=c:\program files\proengineer schools edition\i486_nt\obj\pro_comm_msg.exe |
"TCP Query User{F13FF121-8EE5-407E-BD80-82010A2FC3DE}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{F4A60246-B33E-49E5-8CBC-42B1F83C8B91}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{F677CE85-D45A-410A-BAFD-55F469A9F43F}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{1ABAAC3C-7DF8-4576-8966-9B33C3EC421D}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"UDP Query User{22CD5EF7-A117-457C-84E6-EFC8D1B64917}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{3D1F7440-D207-473C-920E-C1528F00B83F}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{55A6C5D6-EAF1-41D7-A353-084C3A279067}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{74FA4E1D-4E99-4EB7-B5B1-0FABFE895617}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{755E9848-B46A-43BD-80FC-3E623CAE694C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{82F1A577-8886-4D60-AF7E-D2082BE5BD55}C:\program files\proengineer schools edition\i486_nt\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=c:\program files\proengineer schools edition\i486_nt\obj\pro_comm_msg.exe |
"UDP Query User{8DDBD0AA-A7A1-4A0E-8870-97E7F228AF7B}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{9A29B844-8C04-4DE7-A51D-F5D46871907A}C:\program files\proengineer schools edition\i486_nt\nms\nmsd.exe" = protocol=17 | dir=in | app=c:\program files\proengineer schools edition\i486_nt\nms\nmsd.exe |
"UDP Query User{9F00DADC-D107-450F-B0B3-05FC641C8BE9}C:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"UDP Query User{A070A1A3-7768-4C1C-8D9F-48AE839BC3BA}C:\program files\proengineer schools edition\i486_nt\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=c:\program files\proengineer schools edition\i486_nt\obj\pro_comm_msg.exe |
"UDP Query User{A3ACC5AE-0260-46C7-9C2C-00DE4261B3CA}C:\program files\proengineer schools edition\i486_nt\obj\xtop.exe" = protocol=17 | dir=in | app=c:\program files\proengineer schools edition\i486_nt\obj\xtop.exe |
"UDP Query User{C020A72E-5527-4860-959A-E2D0CC0A656C}C:\program files\proengineer schools edition\i486_nt\nms\nmsd.exe" = protocol=17 | dir=in | app=c:\program files\proengineer schools edition\i486_nt\nms\nmsd.exe |
"UDP Query User{C0814E22-8A1D-4C25-BCC3-B260D4A563DE}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{D1D5DF88-23C5-4754-9E70-C80AA704A3A0}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{D1D7D5D4-F989-425E-AA65-CB8F213ADC99}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{E34742F9-9B3B-4EA8-B6C8-B5973EB21A52}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{E488B3BA-44FD-41E5-979C-5834B640A152}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{E75D036B-537E-4136-8368-EB48CFBA21F2}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{EB693E79-7BD5-4F8F-9B76-2F8A431CB57B}C:\program files\proengineer schools edition\i486_nt\obj\xtop.exe" = protocol=17 | dir=in | app=c:\program files\proengineer schools edition\i486_nt\obj\xtop.exe |
"UDP Query User{F65B8A43-2765-415B-AF23-E22C93141B7F}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{FEA1706E-D1D8-4E07-BBA8-B16169364496}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{FEAF7893-D4E4-40D4-88BA-A22F84D99E94}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0474CEF2-37AE-441D-8FDE-A1EF7EAD01B9}" = Cisco AnyConnect VPN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22C29E59-2EF5-4B64-9B7F-9F7A69BC7D1A}" = FMRTE
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A9849CA-E11C-4F24-8BB1-97C717A1C898}" = LightScribe System Software
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5AF0FD8E-1659-44F4-9C78-B09E0CB75F0E}" = KalOnline
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{688E07FE-9832-4FB9-8666-FB198D86ADC6}" = 2MOONS
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{865CD808-6D31-4269-9D36-693CFE75D26A}" = Express Gate
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{99A4344A-C723-4661-A507-D9D939480358}" = Cisco LEAP Module
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9BFD5911-93E3-42BB-BFCD-50E4BA5B8D67}" = Cisco EAP-FAST Module
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C049938D-8D8B-419A-B3E4-BCB445AAA1DD}" = LogMeIn Setup
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD344FA5-6657-47CD-940F-8727EED35595}" = Cisco PEAP Module
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D42F84B6-3709-4A50-8502-6719D16AE6C8}" = SRS Premium Sound Control Panel
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E5407E8B-DABF-4EBE-807E-809DA7D50CBC}" = 2Moons
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Browser Defender_is1" = Browser Defender 3.0
"Camfrog 5.5" = Camfrog Video Chat 5.5
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EADM" = EA Download Manager
"Elantech" = ETDWare PS/2-x86 7.0.5.7_WHQL
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Explorer Suite_is1" = Explorer Suite III
"Graboid Video" = Graboid Video 1.65
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"ICQToolbar" = ICQ Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"Java Platform, Enterprise Edition 5 SDK" = Java Platform, Enterprise Edition 5 SDK
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"Picasa 3" = Picasa 3
"Pro/ENGINEER Schools Edition Release Wildfire 4.0 Datecode M092" = Pro/ENGINEER Schools Edition Release Wildfire 4.0 Datecode M092
"PROHYBRIDR" = 2007 Microsoft Office system
"R for Windows 2.7.2_is1" = R for Windows 2.7.2
"RegInOut1.0.0.2000" = RegInOut
"Shop for HP Supplies" = Shop for HP Supplies
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SopCast" = SopCast 3.2.4
"Spyware Doctor" = Spyware Doctor 8.0
"TeamViewer 5" = TeamViewer 5
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Warcraft III" = Warcraft III
"WinAce Archiver" = WinAce Archiver
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Power Loader" = Power Challenge Game Plugin
"UnityWebPlayer" = Unity Web Player
"Warcraft III" = Warcraft III: All Products
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

cosinus 08.04.2011 13:41
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
@Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:CE2C623F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
[2011.04.05 17:10:55 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\gwyiypt.sys
[2011.04.05 11:12:01 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{330bfa9a-eca4-11de-8b3f-90e6ba3b6e5b}\Shell - "" = AutoRun
O33 - MountPoints2\{330bfa9a-eca4-11de-8b3f-90e6ba3b6e5b}\Shell\AutoRun\command - "" = F:\autorun.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Sarah19 08.04.2011 15:16
Habs gemacht der Pc hat neu gestartet und dann ist der Blue Screen gekommen habe keine Logfiles bekommen nach dem Neustart nach dem Blue Screen.

cosinus 08.04.2011 15:20
Wiederhol den Fix bitte.

Sarah19 11.04.2011 18:19
Habe es nochmal gemacht und dann wollte OTL einen Nuestart habe diesen Ausgeführt direkt im abgesicherten Modus gestartet aber kam keine Logfile

Habe mal eine andere Frage falls ich mein System formatieren würde würde mein laptop wieder 100% funktionieren?

cosinus 11.04.2011 18:27
Zitat:
Habe mal eine andere Frage falls ich mein System formatieren würde würde mein laptop wieder 100% funktionieren?
:glaskugel: :confused: ??

Wenn der Bluescreen nicht durch einen Hardwarefehler verursacht wird wahrscheinlich ja. Aber plätten kannst du das Teil immer noch.
Such bitte nach dem Log im Ordner C:\_OTL

Sarah19 11.04.2011 19:13
All processes killed
========== OTL ==========
Unable to delete ADS C:\ProgramData\Temp:CE2C623F .
ADS C:\ProgramData\Temp:430C6D84 deleted successfully.
File C:\Windows\System32\drivers\gwyiypt.sys not found.
File C:\Windows\System32\temppf.sys not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{330bfa9a-eca4-11de-8b3f-90e6ba3b6e5b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{330bfa9a-eca4-11de-8b3f-90e6ba3b6e5b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{330bfa9a-eca4-11de-8b3f-90e6ba3b6e5b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{330bfa9a-eca4-11de-8b3f-90e6ba3b6e5b}\ not found.
File F:\autorun.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
File C:\Program Files\softonic-de3\tbsoft.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
File C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ deleted successfully.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Fatih
->Temp folder emptied: 3783714 bytes
->Temporary Internet Files folder emptied: 4331265 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 137815790 bytes
->Google Chrome cache emptied: 82391043 bytes
->Flash cache emptied: 10674 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5122668 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 223,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04112011_191116

Sarah19 11.04.2011 19:14
hat aber nix geholfen bis jetzt der otl^^

cosinus 11.04.2011 19:15
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Sarah19 11.04.2011 19:32
nothing found kam als Ergebnis heraus
keine ahnung wo sich der Log befindet

Sarah19 11.04.2011 19:33
2011/04/11 20:30:46.0584 3800 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/11 20:30:47.0067 3800 ================================================================================
2011/04/11 20:30:47.0067 3800 SystemInfo:
2011/04/11 20:30:47.0067 3800
2011/04/11 20:30:47.0067 3800 OS Version: 6.0.6001 ServicePack: 1.0
2011/04/11 20:30:47.0067 3800 Product type: Workstation
2011/04/11 20:30:47.0067 3800 ComputerName: FATIH-PC
2011/04/11 20:30:47.0067 3800 UserName: Fatih
2011/04/11 20:30:47.0067 3800 Windows directory: C:\Windows
2011/04/11 20:30:47.0067 3800 System windows directory: C:\Windows
2011/04/11 20:30:47.0067 3800 Processor architecture: Intel x86
2011/04/11 20:30:47.0067 3800 Number of processors: 2
2011/04/11 20:30:47.0067 3800 Page size: 0x1000
2011/04/11 20:30:47.0067 3800 Boot type: Safe boot with network
2011/04/11 20:30:47.0067 3800 ================================================================================
2011/04/11 20:30:47.0754 3800 Initialize success
2011/04/11 20:30:50.0796 3356 ================================================================================
2011/04/11 20:30:50.0796 3356 Scan started
2011/04/11 20:30:50.0796 3356 Mode: Manual;
2011/04/11 20:30:50.0796 3356 ================================================================================
2011/04/11 20:30:52.0340 3356 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/04/11 20:30:52.0465 3356 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/11 20:30:52.0558 3356 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/11 20:30:52.0621 3356 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/11 20:30:52.0683 3356 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/11 20:30:52.0824 3356 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/04/11 20:30:52.0902 3356 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/11 20:30:53.0042 3356 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/11 20:30:53.0104 3356 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/11 20:30:53.0120 3356 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/11 20:30:53.0167 3356 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/11 20:30:53.0198 3356 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/11 20:30:53.0229 3356 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/11 20:30:53.0292 3356 AmUStor (53952d6d1bdec4090abca19d84f34e20) C:\Windows\system32\drivers\AmUStor.SYS
2011/04/11 20:30:53.0370 3356 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/11 20:30:53.0401 3356 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/11 20:30:53.0448 3356 AsDsm (104db777372411c55850c4a2ae6877ef) C:\Windows\system32\drivers\AsDsm.sys
2011/04/11 20:30:53.0526 3356 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
2011/04/11 20:30:53.0682 3356 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/11 20:30:53.0697 3356 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/04/11 20:30:53.0806 3356 athr (4d9d710254410a7caef269819ea7b53c) C:\Windows\system32\DRIVERS\athr.sys
2011/04/11 20:30:53.0931 3356 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/11 20:30:53.0994 3356 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/11 20:30:54.0056 3356 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/11 20:30:54.0118 3356 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/11 20:30:54.0196 3356 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/11 20:30:54.0274 3356 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/11 20:30:54.0306 3356 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/11 20:30:54.0368 3356 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/11 20:30:54.0415 3356 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/11 20:30:54.0446 3356 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/11 20:30:54.0524 3356 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/11 20:30:54.0571 3356 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/11 20:30:54.0633 3356 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/11 20:30:54.0680 3356 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/11 20:30:54.0742 3356 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/11 20:30:54.0789 3356 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/04/11 20:30:54.0976 3356 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/11 20:30:55.0008 3356 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/11 20:30:55.0054 3356 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/11 20:30:55.0117 3356 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/11 20:30:55.0148 3356 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/11 20:30:55.0226 3356 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/04/11 20:30:55.0288 3356 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/04/11 20:30:55.0382 3356 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/04/11 20:30:55.0429 3356 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/04/11 20:30:55.0476 3356 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/04/11 20:30:55.0554 3356 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/11 20:30:55.0600 3356 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/11 20:30:55.0647 3356 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/11 20:30:55.0788 3356 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/04/11 20:30:55.0897 3356 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/11 20:30:55.0975 3356 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/11 20:30:56.0037 3356 ETD (7009ee1da6a128193a9d4a596570f0ef) C:\Windows\system32\DRIVERS\ETD.sys
2011/04/11 20:30:56.0084 3356 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/04/11 20:30:56.0131 3356 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/04/11 20:30:56.0178 3356 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/11 20:30:56.0209 3356 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/11 20:30:56.0256 3356 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/11 20:30:56.0287 3356 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/11 20:30:56.0334 3356 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/04/11 20:30:56.0380 3356 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/11 20:30:56.0427 3356 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/11 20:30:56.0521 3356 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/11 20:30:56.0568 3356 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/11 20:30:56.0599 3356 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/11 20:30:56.0630 3356 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/11 20:30:56.0692 3356 HidUsb (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/11 20:30:56.0770 3356 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/11 20:30:56.0833 3356 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/04/11 20:30:56.0880 3356 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/11 20:30:56.0926 3356 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/11 20:30:56.0973 3356 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
2011/04/11 20:30:57.0020 3356 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/11 20:30:57.0129 3356 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/11 20:30:57.0301 3356 IntcAzAudAddService (d991871aa47da7989540ac2c0f6ec533) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/11 20:30:57.0426 3356 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/11 20:30:57.0472 3356 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/11 20:30:57.0519 3356 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/11 20:30:57.0582 3356 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/11 20:30:57.0613 3356 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/11 20:30:57.0675 3356 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/11 20:30:57.0691 3356 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/11 20:30:57.0738 3356 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/11 20:30:57.0769 3356 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/11 20:30:57.0831 3356 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/11 20:30:57.0878 3356 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/11 20:30:57.0909 3356 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/04/11 20:30:57.0972 3356 kbfiltr (7f2b8d0b31fb4a797e5786ef124c5a80) C:\Windows\system32\DRIVERS\kbfiltr.sys
2011/04/11 20:30:58.0034 3356 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/11 20:30:58.0096 3356 L1C (fb6e5529c06c1ac997d486fd897d019d) C:\Windows\system32\DRIVERS\L1C60x86.sys
2011/04/11 20:30:58.0174 3356 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/11 20:30:58.0237 3356 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/11 20:30:58.0299 3356 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/11 20:30:58.0377 3356 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/11 20:30:58.0440 3356 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/11 20:30:58.0471 3356 lullaby (969d61d7463d78037dc6b020a435fc0c) C:\Windows\system32\DRIVERS\lullaby.sys
2011/04/11 20:30:58.0518 3356 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/11 20:30:58.0580 3356 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/11 20:30:58.0689 3356 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/11 20:30:58.0736 3356 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/11 20:30:58.0798 3356 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/11 20:30:58.0830 3356 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/11 20:30:58.0861 3356 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/11 20:30:58.0954 3356 MpFilter (dfa1cd670ea50a21c87c92c727c50950) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/04/11 20:30:59.0017 3356 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/11 20:30:59.0048 3356 MpNWMon (77075a384a94b83e19d78efbcf8a832e) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/04/11 20:30:59.0079 3356 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/11 20:30:59.0126 3356 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/11 20:30:59.0157 3356 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/04/11 20:30:59.0220 3356 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/11 20:30:59.0266 3356 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/11 20:30:59.0298 3356 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/11 20:30:59.0344 3356 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/04/11 20:30:59.0376 3356 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/11 20:30:59.0454 3356 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/11 20:30:59.0500 3356 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/11 20:30:59.0578 3356 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/11 20:30:59.0625 3356 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/11 20:30:59.0688 3356 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/11 20:30:59.0719 3356 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/04/11 20:30:59.0766 3356 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/11 20:30:59.0812 3356 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/11 20:30:59.0859 3356 MTsensor (bb16693616427eac1a436e106ea8d318) C:\Windows\system32\DRIVERS\ATKACPI.sys
2011/04/11 20:30:59.0875 3356 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/04/11 20:30:59.0968 3356 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/11 20:31:00.0031 3356 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
2011/04/11 20:31:00.0078 3356 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/11 20:31:00.0093 3356 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/11 20:31:00.0124 3356 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/11 20:31:00.0171 3356 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/11 20:31:00.0218 3356 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/11 20:31:00.0249 3356 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/11 20:31:00.0343 3356 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/11 20:31:00.0390 3356 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/04/11 20:31:00.0421 3356 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/11 20:31:00.0468 3356 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/04/11 20:31:00.0546 3356 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/11 20:31:00.0577 3356 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/11 20:31:00.0624 3356 NVHDA (92cfe8964b3a6da0692331fa66630db3) C:\Windows\system32\drivers\nvhda32v.sys
2011/04/11 20:31:00.0967 3356 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/11 20:31:01.0294 3356 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/11 20:31:01.0326 3356 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/11 20:31:01.0357 3356 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/11 20:31:01.0497 3356 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/11 20:31:01.0575 3356 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/11 20:31:01.0606 3356 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/04/11 20:31:01.0653 3356 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/11 20:31:01.0684 3356 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/04/11 20:31:01.0731 3356 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/04/11 20:31:01.0778 3356 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/11 20:31:01.0825 3356 PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\Windows\system32\drivers\PCTCore.sys
2011/04/11 20:31:01.0872 3356 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
2011/04/11 20:31:01.0918 3356 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys
2011/04/11 20:31:02.0012 3356 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/11 20:31:02.0230 3356 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/11 20:31:02.0262 3356 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/04/11 20:31:02.0355 3356 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/11 20:31:02.0418 3356 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/11 20:31:02.0496 3356 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/11 20:31:02.0542 3356 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/11 20:31:02.0574 3356 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/11 20:31:02.0605 3356 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/11 20:31:02.0652 3356 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/11 20:31:02.0683 3356 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/11 20:31:02.0730 3356 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/11 20:31:02.0745 3356 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/11 20:31:02.0823 3356 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/04/11 20:31:02.0839 3356 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/11 20:31:02.0886 3356 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/04/11 20:31:02.0964 3356 RMCAST (fdeb76bed9c0a75329ca426623297158) C:\Windows\system32\DRIVERS\RMCAST.sys
2011/04/11 20:31:03.0026 3356 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/11 20:31:03.0073 3356 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/11 20:31:03.0166 3356 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/11 20:31:03.0229 3356 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/11 20:31:03.0276 3356 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/11 20:31:03.0322 3356 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/11 20:31:03.0354 3356 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/11 20:31:03.0432 3356 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/11 20:31:03.0463 3356 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/11 20:31:03.0494 3356 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/11 20:31:03.0525 3356 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/11 20:31:03.0572 3356 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/11 20:31:03.0634 3356 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/11 20:31:03.0666 3356 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/11 20:31:03.0712 3356 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/04/11 20:31:03.0806 3356 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
2011/04/11 20:31:03.0946 3356 SNP2UVC (060f51141b20b8156804446a04ab8b2a) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/04/11 20:31:04.0024 3356 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/11 20:31:04.0102 3356 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/04/11 20:31:04.0196 3356 srv (8e5fc19b3b38364c5f44ccecec5248e9) C:\Windows\system32\DRIVERS\srv.sys
2011/04/11 20:31:04.0243 3356 srv2 (4ceeb95e0b79e48b81f2da0a6c24c64b) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/11 20:31:04.0290 3356 srvnet (f9c65e1e00a6bbf7c57d9b8ea068c525) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/11 20:31:04.0368 3356 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/11 20:31:04.0430 3356 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/11 20:31:04.0508 3356 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/11 20:31:04.0539 3356 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/11 20:31:04.0570 3356 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/11 20:31:04.0664 3356 Tcpip (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\drivers\tcpip.sys
2011/04/11 20:31:04.0742 3356 Tcpip6 (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/11 20:31:04.0789 3356 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/11 20:31:04.0851 3356 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/11 20:31:04.0882 3356 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/11 20:31:04.0929 3356 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/11 20:31:04.0992 3356 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/11 20:31:05.0054 3356 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/11 20:31:05.0116 3356 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/11 20:31:05.0226 3356 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/11 20:31:05.0257 3356 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/11 20:31:05.0304 3356 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/11 20:31:05.0366 3356 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/11 20:31:05.0413 3356 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/11 20:31:05.0444 3356 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/11 20:31:05.0491 3356 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/11 20:31:05.0538 3356 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/11 20:31:05.0600 3356 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
2011/04/11 20:31:05.0662 3356 usbccgp (afb10a231254a1920c3bb4a0d02e1ca6) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/11 20:31:05.0709 3356 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/11 20:31:05.0740 3356 usbehci (44245742c4ed2eafd69020583424455b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/11 20:31:05.0772 3356 usbhub (db39b3f83af77bca019d7df6aaddbdae) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/11 20:31:05.0818 3356 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/11 20:31:05.0865 3356 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/11 20:31:05.0912 3356 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/11 20:31:05.0990 3356 USBSTOR (1aa742316f1af7ec4b139f17f6c7c31a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/11 20:31:06.0021 3356 usbuhci (587809974e43cfad0ca0ef6e1d940ca9) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/11 20:31:06.0099 3356 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/11 20:31:06.0177 3356 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/11 20:31:06.0208 3356 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/11 20:31:06.0240 3356 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/11 20:31:06.0286 3356 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/11 20:31:06.0318 3356 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/11 20:31:06.0364 3356 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/11 20:31:06.0411 3356 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/04/11 20:31:06.0458 3356 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/04/11 20:31:06.0598 3356 vpnva (1b7c80c66742dafaa31f98af4c3a5bc2) C:\Windows\system32\DRIVERS\vpnva.sys
2011/04/11 20:31:06.0676 3356 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/11 20:31:06.0770 3356 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/11 20:31:06.0801 3356 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/11 20:31:06.0848 3356 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/11 20:31:06.0895 3356 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/11 20:31:06.0926 3356 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/11 20:31:07.0051 3356 WimFltr (090a2b8f055343815556a01f725f6c35) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/04/11 20:31:07.0176 3356 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/11 20:31:07.0254 3356 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/11 20:31:07.0347 3356 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/11 20:31:07.0425 3356 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/04/11 20:31:07.0659 3356 ================================================================================
2011/04/11 20:31:07.0659 3356 Scan finished
2011/04/11 20:31:07.0659 3356 ================================================================================
2011/04/11 20:31:14.0804 3824 Deinitialize success

cosinus 11.04.2011 19:48
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Sarah19 11.04.2011 20:03
da steht ich muss antivirs: microsoft security essential antivir desktop
antispyware:microsoft security essentials und antivir desktop beenden bzw deaktivieren wie mach ich das bin im abgesicherten modus zurzeit um confi.exe auszuführen

Sarah19 11.04.2011 20:54
Combofix Logfile:
Code:
ComboFix 11-04-11.01 - Fatih 11.04.2011  21:28:38.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.49.1031.18.3070.2471 [GMT 2:00]
ausgeführt von:: c:\users\Fatih\Desktop\cofi.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-11 bis 2011-04-11  ))))))))))))))))))))))))))))))
.
.
2011-04-11 19:43 . 2011-04-11 19:43        --------        d-----w-        c:\users\Fatih\AppData\Local\temp
2011-04-11 19:43 . 2011-04-11 19:43        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-04-11 19:24 . 2011-04-11 19:24        --------        d-----w-        C:\cofi
2011-04-11 18:54 . 2011-04-11 18:54        --------        d-----w-        c:\program files\CCleaner
2011-04-11 17:25 . 2011-03-15 04:05        6792528        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E9BC639D-5588-46F2-AEA4-7EBBC862B805}\mpengine.dll
2011-04-11 17:18 . 2011-04-11 17:18        6478        ----a-w-        c:\windows\system32\PerfStringBackup.TMP
2011-04-10 21:28 . 2011-04-11 18:26        --------        d-----w-        C:\Temp
2011-04-08 13:53 . 2011-04-08 13:53        --------        d-----w-        C:\_OTL
2011-04-06 12:04 . 2011-04-06 12:04        --------        d-----w-        C:\bb587e879a5226a37f64d1ae
2011-04-06 12:02 . 2010-12-02 09:12        837224        ----a-w-        c:\windows\system32\nvgenco32hda.dll
2011-04-06 12:02 . 2010-11-11 23:10        26216        ----a-w-        c:\windows\system32\nvhdap32.dll
2011-04-06 12:02 . 2010-11-11 23:10        122984        ----a-w-        c:\windows\system32\drivers\nvhda32v.sys
2011-04-06 11:58 . 2011-04-06 11:58        --------        d-----w-        c:\programdata\NVIDIA Corporation
2011-04-06 11:57 . 2011-01-08 03:27        941160        ----a-w-        c:\windows\system32\nvdispco322090.dll
2011-04-06 11:57 . 2011-01-08 03:27        837736        ----a-w-        c:\windows\system32\nvgenco322040.dll
2011-04-06 11:57 . 2011-01-08 03:27        57960        ----a-w-        c:\windows\system32\OpenCL.dll
2011-04-06 11:57 . 2011-01-08 03:27        5653096        ----a-w-        c:\windows\system32\nvwgf2um.dll
2011-04-06 11:57 . 2011-01-08 03:27        4941928        ----a-w-        c:\windows\system32\nvcuda.dll
2011-04-06 11:57 . 2011-01-08 03:27        2895976        ----a-w-        c:\windows\system32\nvcuvid.dll
2011-04-06 11:57 . 2011-01-08 03:27        2251368        ----a-w-        c:\windows\system32\nvcuvenc.dll
2011-04-06 11:57 . 2011-01-08 03:27        1965672        ----a-w-        c:\windows\system32\nvapi.dll
2011-04-06 11:57 . 2011-01-08 03:27        15047272        ----a-w-        c:\windows\system32\nvoglv32.dll
2011-04-06 11:57 . 2011-01-08 03:27        13011560        ----a-w-        c:\windows\system32\nvcompiler.dll
2011-04-06 11:57 . 2011-01-08 03:27        10467656        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2011-04-06 11:57 . 2011-01-08 03:27        10078312        ----a-w-        c:\windows\system32\nvd3dum.dll
2011-04-06 11:56 . 2011-04-06 12:03        --------        d-----w-        c:\program files\NVIDIA Corporation
2011-04-06 11:56 . 2011-04-06 11:56        --------        d-----w-        C:\NVIDIA
2011-04-05 22:20 . 2011-04-05 22:20        --------        d-----w-        c:\windows\Sun
2011-04-05 21:22 . 2011-04-05 21:22        --------        d-----w-        c:\windows\system32\SPReview
2011-04-05 21:01 . 2011-04-05 21:01        --------        d-----w-        c:\windows\system32\EventProviders
2011-04-05 15:24 . 2011-04-05 15:24        --------        d-----w-        c:\program files\Western Digital Corporation
2011-03-22 12:56 . 2011-03-18 17:56        142296        ----a-w-        c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-03-22 12:56 . 2011-03-18 17:56        781272        ----a-w-        c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-03-22 12:56 . 2011-03-18 17:56        1874904        ----a-w-        c:\program files\Mozilla Firefox\mozjs.dll
2011-03-22 12:56 . 2011-03-18 17:56        15832        ----a-w-        c:\program files\Mozilla Firefox\mozalloc.dll
2011-03-22 12:56 . 2011-03-18 17:56        728024        ----a-w-        c:\program files\Mozilla Firefox\libGLESv2.dll
2011-03-22 12:56 . 2011-03-18 17:56        1975768        ----a-w-        c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-03-22 12:56 . 2011-03-18 17:56        1893336        ----a-w-        c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-03-22 12:56 . 2011-03-18 17:56        142296        ----a-w-        c:\program files\Mozilla Firefox\libEGL.dll
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-10 07:45 . 2009-10-04 17:53        45056        ----a-w-        c:\windows\system32\acovcnt.exe
2011-03-19 09:14 . 2010-08-13 21:17        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-03-15 04:05 . 2010-04-23 14:02        6792528        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-17 08:10 . 2011-02-12 09:03        251560        ----a-w-        c:\windows\system32\drivers\pctgntdi.sys
2009-04-08 17:31 . 2009-04-08 17:31        106496        ----a-w-        c:\program files\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45        155648        ----a-w-        c:\program files\Common Files\MSIactionall.dll
2011-03-18 17:56 . 2011-03-22 12:56        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08        143360        ----a-w-        c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
backup=c:\windows\pss\FancyStart daemon.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk]
backup=c:\windows\pss\SRS Premium Sound.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Fatih^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LogMeIn.lnk]
path=c:\users\Fatih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LogMeIn.lnk
backup=c:\windows\pss\LogMeIn.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Fatih^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SDK Tray Menu.lnk]
backup=c:\windows\pss\SDK Tray Menu.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DisableS3S4
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\*Restore]
2009-09-13 23:57        318464        ----a-w-        c:\windows\System32\rstrui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07        932288        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44        35760        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
2009-06-24 19:30        272952        ----a-w-        c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmIcoSinglun]
2009-04-09 13:17        237568        ----a-w-        c:\program files\AmIcoSingLun\AmIcoSinglun.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2009-09-14 00:51        72248        ----a-w-        c:\windows\AsScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2009-09-14 00:51        3054136        ----a-w-        c:\windows\AsScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2009-08-20 03:31        170624        ----a-w-        c:\program files\ASUS\ATK Media\DMedia.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2009-07-07 18:20        8493624        ----a-w-        c:\program files\ASUS\ATKOSD2\ATKOSD2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2010-11-13 17:02        281768        ----a-w-        c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 02:52        104936        ----a-w-        c:\program files\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16        357696        ----a-w-        c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04        1164584        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-09-03 21:17        3342336        ----a-w-        c:\program files\Electronic Arts\EADM\Core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25        125952        ----a-w-        c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDWare]
2009-07-30 10:45        497024        ----a-w-        c:\program files\Elantech\ETDCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-04-21 17:24        136176        ----atw-        c:\users\Fatih\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47        31016        ----a-w-        c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControlUser]
2009-06-19 17:29        105016        ----a-w-        c:\program files\ASUS\ATK Hotkey\HControlUser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 20:17        49152        ----a-w-        c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 15:31        80896        ----a-w-        c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18        133432        ----a-w-        c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
2011-01-13 14:17        1589208        ----a-w-        c:\program files\PC Tools Security\pctsGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-01-28 05:30        2387968        ----a-w-        c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2010-12-20 17:08        963976        ----a-w-        c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDS_Menu]
2009-02-25 21:40        218408        ----a-w-        c:\program files\CyberLink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 08:17        5252408        ----a-w-        c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12        3872080        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-02-21 03:03        1093208        ----a-w-        c:\program files\Microsoft Security Essentials\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCsoft Launcher]
2010-09-14 07:56        38184        ----a-w-        c:\program files\NCSoft\Launcher\NCLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-01-07 19:06        3597416        ----a-w-        c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTools FGuard]
2011-01-07 13:54        108496        ----a-w-        c:\program files\PC Tools Security\BDT\FGuard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2009-04-28 00:50        50472        ----a-w-        c:\program files\CyberLink\PowerDVD9\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-04-28 03:41        87336        ----a-w-        c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-07-10 11:26        7612960        ----a-w-        c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 16:05        15026056        ----a-r-        c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07        2260480        --sha-r-        c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17        149280        ----a-w-        c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2009-05-19 21:16        222504        ------w-        c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall Adobe Download Manager]
2010-03-29 06:51        68000        ----a-w-        c:\program files\NOS\bin\getPlus_Helper.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2009-05-20 05:16        222504        ----a-w-        c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-12-04 05:15        218408        ----a-w-        c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
2008-12-04 05:15        218408        ----a-w-        c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2009-08-15 04:55        210216        ----a-w-        c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2008-01-21 02:23        2153472        ----a-w-        c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25        202240        ----a-w-        c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirror Tray icon]
2009-06-11 12:14        162912        ------w-        c:\program files\CyberLink\YouCam\YouCamTray.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-19 691696]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-13 135336]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [2011-01-07 247760]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-06-28 173352]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-08-16 592120]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-08 25600]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-11-11 122984]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15416]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-10 239168]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-07-29 87040]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-07-27 50688]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ECACHE
*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
getPlusHelper        REG_MULTI_SZ          getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-28 05:28        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-185602744-2463074575-3719456933-1000Core.job
- c:\users\Fatih\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-21 17:24]
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-185602744-2463074575-3719456933-1000UA.job
- c:\users\Fatih\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-21 17:24]
.
2011-03-13 c:\windows\Tasks\RegInOut Scheduled Scan - Fatih.job
- c:\program files\RegInOut\RegInOut.exe [2010-03-15 12:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uInternet Settings,ProxyOverride = <local>
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\users\Fatih\AppData\Roaming\Mozilla\Firefox\Profiles\n3n3q5b7.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - prefs.js: network.proxy.ftp - proxy.hofmann.stw.uni-erlangen.de
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy.hofmann.stw.uni-erlangen.de
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy.hofmann.stw.uni-erlangen.de
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.hofmann.stw.uni-erlangen.de
FF - prefs.js: network.proxy.socks_port - 1080
FF - prefs.js: network.proxy.ssl - proxy.hofmann.stw.uni-erlangen.de
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\program files\softonic-de3\tbsoft.dll
BHO-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\program files\softonic-de3\tbsoft.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\program files\softonic-de3\tbsoft.dll
HKCU-Run-PlayNC Launcher - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-Metropolis - c:\users\Fatih\AppData\Local\Temp\sshnas21.dll
MSConfigStartUp-mnxobwof - c:\users\Fatih\AppData\Local\whmpyuaja\ipofctsshdw.exe
MSConfigStartUp-qywvrkca - c:\users\Fatih\AppData\Local\yurpydnrl\igamuqpshdw.exe
MSConfigStartUp-ZE18MW23GY - c:\users\Fatih\AppData\Local\Temp\Uhj.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-11 21:43
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
C:\ADSM_PData_0150
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
.
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-185602744-2463074575-3719456933-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:50,18,e8,0a,b9,38,f7,66,a1,dc,05,ee,30,cd,f1,21,57,74,e0,f4,f1,e2,4e,
  37,63,b8,88,9a,4d,e4,75,df,5c,cb,05,f0,c3,db,a1,3e,53,aa,1b,91,bf,7f,9f,c1,\
"??"=hex:51,3b,5b,50,a1,8d,da,b0,28,47,09,53,f2,0c,89,a3
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(568)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
- - - - - - - > 'Explorer.exe'(1280)
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
Zeit der Fertigstellung: 2011-04-11  21:49:52
ComboFix-quarantined-files.txt  2011-04-11 19:49
.
Vor Suchlauf: 16 Verzeichnis(se), 159.324.364.800 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 159.356.817.408 Bytes frei
.
- - End Of File - - 07C6974CF23256320A08F887A1271385
--- --- ---

Sarah19 11.04.2011 22:18
weisst du vllt wie ich irgenwie meinen sound treiber im abgesicherten modus starten kann?

cosinus 12.04.2011 10:17
Zitat:
Zitat von Sarah19 (Beitrag 638973)
weisst du vllt wie ich irgenwie meinen sound treiber im abgesicherten modus starten kann?
Der abgesicherte Modus heißt eben deswegen abgesichert, weil da nur die allernötigsten Sachen geladen werden! Und Audiotreiber sind nicht gerade essentiell, das System funktioniert auch ohne Sound! Der abgesicherte Modus ist auch nicht für das produktive Arbeiten gedacht, sondern rein zur Fehlersuche und -beseitung!

Zitat:
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Was sollen diese Virenscanner? Mehrere parallel sind kontraproduktiv!
Deinstalliere am besten AntiVir und SpywareDoctor, WindowsDefender und MSE können/sollten bleiben.

Sarah19 12.04.2011 11:40
Habe ich gemacht !
Was ist der Debug modus ?
Weisst du woher ich herausfinden kann ob meine hardware kaputt ist
ich hab mal einen scandisk ausgefüht da standen mehrere Fehler drinnen keine ahnung ob die behoben wurden

cosinus 12.04.2011 11:45
Zitat:
ich hab mal einen scandisk ausgefüht da standen mehrere Fehler drinnen keine ahnung ob die behoben wurden
Scandisk behebt Fehler im Dateisystem, das sind keine Hardwarefehler!
Die Virenscanner sind deinstalliert? Geht der normale Modus wieder?

Sarah19 12.04.2011 12:32
nein geht immernoch nicht als ich den Debug Modus gestartet hab ging es 2min lang aber dann ist das bild einfach eingefroren und es ging gar nix mehr zurzeit funktioniert immer noch nur der abgesicherte modus.
falls der abgesicherte modus funktioniert kann ich daraus schließen das an der hardware nix kaputt ist? weil der abgesicherte modus geht ja einwandfrei

cosinus 12.04.2011 12:49
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Sarah19 13.04.2011 08:10
Bei mir geht jetzt der Abgesicherte Modus auch nicht mehr der stop fehler ist jetzt 0x00000007B
immer wenn ich in den abgesicherten Modus möchte stürzt der rechner ab beim Laden nach den drivers
meinste ich kann den Rechner noch formatieren? wie öffnet man bios?

cosinus 13.04.2011 10:00
Hm, weder der normale noch der abgescierhte Modus funktionieren?
Was ist mit der letzten als funktionierend bekannten Konfig?

Sarah19 15.04.2011 09:26
geht alles nicht in BIOS load default geht auch nicht

Shadow 15.04.2011 09:55
Was heißt "geht nicht" (was passiert, Fehlermeldung, ...)
und was zum Henker haben in diesem Zusammenhnag die BIOS-Defaults zu suchen?
"Abgesicherter Modus"und "letzte als funktionierend bekannte Version" sind reine Windowssachen, die haben NICHTS mit dem BIOS zu tun und können auch NICHT aus dem BIOS irgendwie aktiviert werden.

Nutze nach dem POST des BIOS' direkt beim Beginn des Bootens von Windows die Taste F8.
Wenn du mit "geht nicht" ausdrücken wolltest, dass beide Optionen keine auch so minmale Auswirkung zur Behebung deines Problemes haben, dann solltest du meines Erachtens mal über eine radiklaere Lösung nachdenken. (=> saubere Neuinstallation)

Sarah19 15.04.2011 10:21
Ich mein ich hab mit f8 alle möglichen Optionen versucht gingen alle nicht danach hab ich BIOS versucht load defaults zu machen hat auch nicht funktioniert.
wo dieser Grüneladebalken kommt dort passiert der bluescreen mit der Fehlermeldung 0x000007B
beim abgesicherten modus nachdem er chsdk driver oder irgendwas macht kommt der blue screen

Shadow 15.04.2011 10:33
Das Problem bei deinem Fall:

1. Der Blue Screen of Death (BSOD) kann eine Hardwareursache haben.
2. Dein System hatte sicher, und hat eventuell noch, aktive Malware, auch diese Malware kann aber den BSOD (ungewollt) auslösen.

Der BSOD verhindert, dass zumindest halbwegs zuverlässig die Malwarereste noch weiter entfernt werden können oder nach ihnen weiter gesucht werden kann. (ich habe nicht alles wirklich verfolgt, scheint mir aber so zu sein.)

Wir können 1. nicht ausschließen und 2. nicht mit "Bekämpfung" lösen, jedenfalls nicht ohne sehr großen Aufwand, da der BSOD ständig reinfunkt.

Punkt 2. könnte man aber ausschließen, wenn das System sicher sauber neuinstalliert wird. Wenn dann der BSOD immer noch kommt, dann war es wohl auch ein Hardwarefehler und du hast die Malware wohl nur wegen des Hardwarefehlers entdeckt.

cosinus 15.04.2011 10:47
@Sarah:
Lad dir mal sowas wie Knoppix oder Ubuntu herunter, brenn die iso Datei per Imagebrennfunktion auf eine CD und boote den Rechner davon.

Kommst du dann noch über Orte (oben in der Menüleiste) an die Windows-Festplatte ran?


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:57 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131