Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Internet seit Tagen extrem ausgebremst (https://www.trojaner-board.de/94064-internet-seit-tagen-extrem-ausgebremst.html)

Brauny 23.12.2010 22:04
Internet seit Tagen extrem ausgebremst
 
Hallo
ich habe seit Freitag das Problem, dass mein Internet total ausgebremst ist sprich:Es wird nur mit 34kb/s statt 234kb/s die Sekunde geladen, Internetseiten laden zu lange, Spiele wie GTA San Andreas Multiplayer sind unspielbar wegen extrem schwankendem Ping.Da vorher alles reibungslos lief und bei meinen Eltern und meinem Bruder ebenso keine Internetprobleme da sind, kann ich davon ausgehen das es keine Provider Probleme sind, sondern etwas an meinem PC nicht stimmen mag, da vorher alles reibungslos lief.
Hier meine Ergebnisse von Hijackthis,Malwarebytes und OTL.Vielleicht erkennt ja jemand den Grund. (Siehe Anhang)

mfg
Brauny

rea 26.12.2010 15:15
Hallo Brauny und willkommen im TB,


vorweg ein paar Hinweise (Bitte beachten!):

  • Lies meine Anleitung für dich sorgfältig durch, bevor du beginnst. Führe alle Schritte unbedingt der Reihe nach aus, da manchmal der eine Punkt den anderen voraussetzt.
  • Wenn dir etwas im Verlauf der Bereinigung unklar ist, frage bitte in deinem Thread nach, bevor du weitermachst - doofe Fragen gibt es nicht.
  • Lade alle hier angeordneten Programme nur durch die jeweiligen Links herunter! Wenn ein Link nicht funktionieren sollte, melde dich bitte.
  • Installiere während der Bereinigung keine weiteren Programme, ausser denen, die wir dir für die Bereinigung anordnen.
  • Berichte zu jedem Schritt, ob Du ihn abgearbeitet hast, bzw. ob und welche Probleme dabei aufgetreten sind.
  • Sollten beim Abarbeiten der Anleitung Probleme auftauchen, bitte vorerst nicht weitermachen, sondern stoppen und das Problem hier im Thread schildern.
  • Editiere alle persönlichen Daten wie z.B. vollständige Namen realer und privater Personen aus den geforderten Logfiles, bevor du sie postest.
  • Und falls eine Antwort mal länger dauern wird, freu ich mich auch über einen hinweis :)



Ich geb mir Mühe, alles zu finden, was nicht auf dein System gehört, aber muss dich darauf hiweisen, dass Formatieren und Neuaufsetzen in den meisten Fällen die schnellste und sicherste Variante ist ein sauberes System zu bekommen. Wenn du trotzdem bereinigen möchtest, folgt hier die Anleitung:




Poste mir die Logs bitte in Codetags direkt in den Thread anstatt sie als Ziprarchiv anzuhängen, sie scheinen nicht allzu groß zu sein.




1.) Systemscan mit OTL
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.





2.) Gmer - Rootkitscan
Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:
  • Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
  • Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
  • Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Gmer startet automatisch einen ersten Scan.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    Code:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system?
  • Unbedingt auf "No" klicken,
    in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

    .
  • Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
  • Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
  • Wichtig: "Show all" darf nicht angehakt sein!
  • Starte den Scan durch Drücken des Buttons "Scan".
    Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
  • Wenn der Scan fertig ist, bleibt die Zeile leer.
    Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
    Mit "Ok" wird Gmer beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.

Brauny 26.12.2010 16:30
Hallo rea

nun da ich bereits OTL Files hatte fing ich mit dem Scann an.Der 1. scan lief reibungslos ohne Rootkilt Meldung.Als ich dann der Anleitung gefolgt bin und nun scan drückte, lief alles 1 minute gut.Dann erschien die Meldung:3wlorftm ( in dem Falle gmer) hat ein Problem festgestellt und muss beendet werden.Nun denn dachte ich mir, starte ich es erneut und ZACK! Bluescreen!Dazu muss man sagen, alles war aus und nach der Anleitung gemacht aber trotzdem kam ein (nach 1 jahr Computerbesitz der erste) Bluescreen.

Hier sind noch die OTL Files, an gmer will ich mich nicht weiter dran wagen, da es anscheinend nicht ganz will.

Code:
OTL logfile created on: 23.12.2010 21:39:38 - Run 1
OTL by OldTimer - Version 3.2.18.0    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581,17 Gb Total Space | 219,67 Gb Free Space | 37,80% Space Free | Partition Type: NTFS
Drive D: | 14,99 Gb Total Space | 2,79 Gb Free Space | 18,64% Space Free | Partition Type: FAT32
Drive H: | 4,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtblfs.exe (Kaspersky Lab)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Common Files\MAGIX Shared\Database2\bin\FABS.exe (MAGIX AG)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\Windows\vsnpstd3.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Shared\Database2\bin\FABS.exe (MAGIX AG)
SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Shared\Database2\bin\fbserver.exe (MAGIX®)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (cpuz132) -- C:\Users\***\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (amdide) -- C:\Windows\System32\DRIVERS\amdide.sys File not found
DRV - (ahcix86s) -- C:\Windows\System32\DRIVERS\ahcix86s.sys File not found
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                          )
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (VCSVADHWSer) Avnex Virtual Audio Device (WDM) -- C:\Windows\System32\drivers\vcsvad.sys (Avnex)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.youtube.com/"
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.747
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1
FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 19:35:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.12 19:35:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\THBExt [2010.10.08 20:45:48 | 000,000,000 | ---D | M]
 
[2010.01.16 22:31:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.12.23 21:04:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions
[2010.04.27 15:26:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.05 20:50:54 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
[2010.08.14 14:39:01 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.04.21 14:59:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}-trash
[2010.12.10 19:26:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.11.03 19:31:51 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2010.04.27 15:26:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\youtube2mp3@mondayx.de
[2010.03.10 18:05:01 | 000,002,288 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\fr2rqa3m.default\searchplugins\call-of-duty-wiki-en.xml
[2010.12.05 20:51:42 | 000,002,062 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\fr2rqa3m.default\searchplugins\qip-search.xml
[2010.12.23 20:58:01 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.18 02:48:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.14 14:40:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.08 20:47:04 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.22 13:44:58 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.21 14:00:00 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2010.07.22 13:44:58 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.22 13:44:58 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.22 13:44:58 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.22 13:44:58 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\***\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: 使用快车3下载 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.02.25 16:24:44 | 000,000,051 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{5f0589ac-02cd-11df-96cc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5f0589ac-02cd-11df-96cc-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Installer.exe -- File not found
O33 - MountPoints2\{645b992f-c8dd-11df-bb74-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{645b992f-c8dd-11df-bb74-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Install.exe -- [2004.10.21 19:38:02 | 000,126,976 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{fa799ce1-09cb-11df-a2a2-002421e021bd}\Shell - "" = AutoRun
O33 - MountPoints2\{fa799ce1-09cb-11df-a2a2-002421e021bd}\Shell\AutoRun\command - "" = J:\MafiaLauncher.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\Users\***\Desktop\Detektiv Keybinder by Pablo
[2010.12.23 21:20:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.12.23 21:20:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.23 21:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.23 21:20:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.23 21:20:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.12.23 21:17:53 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup.exe
[2010.12.23 21:01:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools
[2010.12.23 21:01:01 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.12.23 20:50:14 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis.exe
[2010.12.23 12:18:59 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.12.23 12:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.12.23 10:55:41 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\GTA San Andreas User Files
[2010.12.23 10:38:22 | 000,000,000 | ---D | C] -- C:\Programme\Rockstar Games
[2010.12.23 10:29:32 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\alle
[2010.12.23 10:17:20 | 000,000,000 | ---D | C] -- C:\Programme\GAMI
[2010.12.21 15:23:59 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Kakawurst
[2010.12.20 20:26:33 | 000,034,304 | ---- | C] (AMD, Inc.) -- C:\Windows\System32\drivers\AmdLLD.sys
[2010.12.20 20:26:32 | 000,000,000 | ---D | C] -- C:\Programme\AMD
[2010.12.17 08:37:34 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Hitman Blood Money
[2010.12.17 08:28:38 | 000,000,000 | ---D | C] -- C:\Programme\Eidos
[2010.12.17 08:17:14 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Hitman iso
[2010.12.17 08:16:12 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Hitman
[2010.12.16 22:40:41 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\test
[2010.12.16 22:08:26 | 454,415,571 | ---- | C] (1 Mann Lan) -- C:\Users\***\Desktop\addons.exe
[2010.12.16 13:01:37 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\DVDVideoSoft
[2010.12.16 13:01:28 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2010.12.16 13:01:28 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft
[2010.12.15 16:08:51 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.15 16:08:43 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.15 16:08:41 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.15 16:08:40 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.15 16:08:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.15 16:07:17 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.15 16:07:17 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.15 16:07:17 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.15 16:07:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.14 09:52:57 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.12.11 09:42:03 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\sacamhack12
[2010.12.11 09:36:22 | 001,227,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dx8vb.dll
[2010.12.08 16:09:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Divinity 2
[2010.12.07 23:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Divinity 2
[2010.12.07 23:10:28 | 000,000,000 | ---D | C] -- C:\Programme\Divinity II - Ego Draconis
[2010.12.05 20:50:50 | 000,000,000 | ---D | C] -- C:\Programme\QIP 2010
[2010.12.05 08:58:39 | 000,000,000 | ---D | C] -- C:\Programme\Mafia
[2010.12.05 08:56:01 | 000,139,264 | ---- | C] (Creative Technology Ltd) -- C:\Windows\System32\eax.dll
[2010.12.05 08:56:01 | 000,000,000 | ---D | C] -- C:\Programme\Creative
[2010.12.05 08:55:59 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010.12.03 18:14:56 | 000,000,000 | ---D | C] -- C:\Programme\Postal2
[2010.11.30 23:19:04 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010.11.30 23:16:10 | 000,000,000 | ---D | C] -- C:\Programme\Postal2STP
[2010.11.28 20:00:45 | 000,000,000 | ---D | C] -- C:\Programme\osu!
[2010.11.28 20:00:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Downloaded Installations
[2010.11.26 18:57:29 | 000,254,464 | ---- | C] (Mpath Interactive) -- C:\Programme\MPLAYNOW.EXE
[2010.11.26 18:57:29 | 000,000,000 | ---D | C] -- C:\Programme\WB
[2010.11.26 18:57:29 | 000,000,000 | ---D | C] -- C:\Programme\RES
[2010.11.26 18:57:10 | 000,246,784 | ---- | C] (Stirling Technologies, Inc.) -- C:\Windows\UNINST16.EXE
[2010.11.26 18:57:10 | 000,020,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\CTL3D.DLL
[2010.11.25 20:28:34 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader
[2010.11.24 19:25:20 | 000,000,000 | ---D | C] -- C:\Programme\AutoHotkey
[2010.11.24 16:38:01 | 002,381,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.11.24 16:38:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.11.24 16:38:00 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2007.03.12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2005.11.23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Users\***\Desktop\Detektiv Keybinder by Pablo
[2010.12.23 21:42:15 | 000,742,356 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.23 21:42:15 | 000,690,518 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.23 21:42:15 | 000,173,876 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.23 21:42:15 | 000,141,156 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.23 21:41:01 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-125589784-1136540592-1035784495-1004UA.job
[2010.12.23 21:37:39 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.12.23 21:35:38 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.23 21:35:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.23 21:35:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.23 21:35:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.23 21:27:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.23 21:20:28 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.23 21:20:09 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup.exe
[2010.12.23 21:01:57 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\defogger.exe
[2010.12.23 21:01:56 | 000,288,107 | ---- | M] () -- C:\Users\***\Desktop\Gmer.zip
[2010.12.23 21:01:19 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.12.23 20:58:48 | 000,472,152 | ---- | M] () -- C:\Users\***\Desktop\Load.exe
[2010.12.23 20:50:39 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis.exe
[2010.12.23 20:25:51 | 383,028,567 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.12.22 17:41:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-125589784-1136540592-1035784495-1004Core.job
[2010.12.22 16:20:40 | 000,001,021 | ---- | M] () -- C:\Users\***\Desktop\TeamSpeak 3 Client.lnk
[2010.12.20 20:29:38 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.19 19:57:19 | 000,000,204 | ---- | M] () -- C:\Windows\System32\secustat.dat
[2010.12.16 22:43:32 | 454,415,571 | ---- | M] (1 Mann Lan) -- C:\Users\***\Desktop\addons.exe
[2010.12.16 22:13:32 | 000,001,624 | ---- | M] () -- C:\Users\***\Desktop\Deamon Tools.lnk
[2010.12.16 22:12:41 | 000,000,705 | ---- | M] () -- C:\Users\***\Desktop\Mafia.lnk
[2010.12.16 19:57:05 | 000,646,095 | ---- | M] () -- C:\Users\***\Desktop\knifem9probisiiiww.rar
[2010.12.16 13:30:49 | 000,040,960 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.15 16:27:59 | 000,381,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.11 09:36:27 | 001,227,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dx8vb.dll
[2010.12.08 20:16:57 | 000,114,243 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.12.08 20:16:57 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010.12.05 08:57:34 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.11.26 18:57:43 | 000,008,718 | ---- | M] () -- C:\Program Files\DEISL1.ISU
[2010.11.26 18:56:06 | 000,002,483 | ---- | M] () -- C:\Program Files\POSTAL.INI
[2010.11.24 19:50:32 | 000,001,352 | ---- | M] () -- C:\Users\***\Documents\AutoHotkey.ahk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.23 21:20:28 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.23 21:01:56 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\defogger.exe
[2010.12.23 21:01:47 | 000,288,107 | ---- | C] () -- C:\Users\***\Desktop\Gmer.zip
[2010.12.23 20:58:38 | 000,472,152 | ---- | C] () -- C:\Users\***\Desktop\Load.exe
[2010.12.23 20:25:51 | 383,028,567 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.12.22 16:20:40 | 000,001,021 | ---- | C] () -- C:\Users\***\Desktop\TeamSpeak 3 Client.lnk
[2010.12.16 22:13:22 | 000,001,624 | ---- | C] () -- C:\Users\***\Desktop\Deamon Tools.lnk
[2010.12.16 22:12:41 | 000,000,705 | ---- | C] () -- C:\Users\***\Desktop\Mafia.lnk
[2010.12.16 19:57:03 | 000,646,095 | ---- | C] () -- C:\Users\***\Desktop\knifem9probisiiiww.rar
[2010.12.05 08:56:00 | 000,233,472 | ---- | C] () -- C:\Windows\System32\MafiaSetup.exe
[2010.12.05 08:47:09 | 2139,502,592 | ---- | C] () -- C:\Users\***\Desktop\sd-maf.iso
[2010.11.26 18:57:30 | 005,180,072 | ---- | C] () -- C:\Programme\KATALYST.EXE
[2010.11.26 18:57:30 | 000,022,862 | ---- | C] () -- C:\Programme\README.TXT
[2010.11.26 18:57:30 | 000,002,483 | ---- | C] () -- C:\Programme\POSTAL.INI
[2010.11.26 18:57:29 | 001,020,416 | ---- | C] () -- C:\Programme\POSTAL.EXE
[2010.11.26 18:57:29 | 000,008,718 | ---- | C] () -- C:\Programme\DEISL1.ISU
[2010.11.26 18:57:29 | 000,005,832 | ---- | C] () -- C:\Programme\WEBULLET.HTM
[2010.11.26 18:57:29 | 000,000,460 | ---- | C] () -- C:\Programme\WB.INI
[2010.11.24 19:50:32 | 000,001,352 | ---- | C] () -- C:\Users\***\Documents\AutoHotkey.ahk
[2010.11.11 16:55:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.11.03 19:31:07 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010.10.09 13:27:23 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.09 13:27:21 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.05.24 22:18:13 | 000,024,206 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2010.05.10 13:12:53 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2010.05.02 09:07:24 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.04.07 14:37:23 | 000,022,328 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2010.04.05 21:12:55 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.04.05 12:49:31 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.04.05 12:49:04 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.04.01 13:18:42 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.03.31 19:11:02 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010.03.28 04:37:33 | 000,000,552 | ---- | C] () -- C:\Users\***\AppData\Local\d3d8caps.dat
[2010.03.18 11:51:23 | 000,462,249 | ---- | C] () -- C:\Users\***\AppData\Roaming\SMW SRPI SNES.ips
[2010.03.03 04:06:00 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.01.25 16:46:51 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.01.16 19:49:22 | 000,040,960 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.07.24 09:02:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.06.12 20:36:38 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.04.12 07:41:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.04.12 07:30:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004.02.27 16:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
 
========== LOP Check ==========
 
[2010.10.24 17:41:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2010.10.12 20:59:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avnex
[2010.12.23 03:31:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BITS
[2010.01.25 17:19:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.11.28 20:00:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations
[2010.11.03 19:31:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FlashGet
[2010.11.03 19:30:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FlashGetBHO
[2010.11.14 15:01:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2010.11.10 19:22:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.04.25 01:41:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HLSW
[2010.05.24 22:18:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2010.01.17 09:02:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\runic games
[2010.03.14 17:17:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\smc
[2010.04.08 23:10:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2010.04.08 23:08:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony Setup
[2010.07.29 14:25:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SPORE
[2010.01.17 13:08:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion
[2010.02.25 15:49:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.05.15 16:14:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teeworlds
[2010.02.17 14:19:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly
[2010.06.27 19:24:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2010.04.23 18:25:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TubeBox
[2010.10.10 12:11:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2010.04.01 13:04:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue
[2010.07.15 13:05:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Unity
[2010.06.19 10:03:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Warsow 0.5
[2010.10.07 20:55:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WindSolutions
[2010.12.23 21:33:59 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:B606BA34

< End of report >

Code:
OTL Extras logfile created on: 23.12.2010 21:39:38 - Run 1
OTL by OldTimer - Version 3.2.18.0    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581,17 Gb Total Space | 219,67 Gb Free Space | 37,80% Space Free | Partition Type: NTFS
Drive D: | 14,99 Gb Total Space | 2,79 Gb Free Space | 18,64% Space Free | Partition Type: FAT32
Drive H: | 4,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18D8B309-1F10-43AF-BD58-816B23D2BA85}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server |
"{60185C11-81FD-44E2-8829-D72BE8E97C54}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) |
"{77881CE2-49D0-4300-B296-7584E61D9171}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{79F9F2B1-FFDB-4B94-9E92-33E7F5A9BEBA}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{A92A184E-2EDF-45F8-9781-D7B9EEEF1089}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{BFCC54E2-8064-4110-B1A6-AF39C16AF4C1}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) |
"{F4E97F4F-1827-4A2C-A878-8FAA9BE7560E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{FFD5E3EA-0C01-4DBF-A65F-1D7B3ADC1B17}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0015B30F-2C2E-43BE-A908-A16F66E3F83A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{019A3477-E66C-4603-9E3A-DCE9FDFA34D6}" = protocol=6 | dir=in | app=c:\starcraft ii\starcraft ii.exe |
"{0371A660-2921-420C-9D90-2AC57A3D5F5E}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe |
"{04A7C978-F044-4FD4-8D5F-E9FBC5C5FE1E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{075ED6B4-9D3E-4297-8B85-C90A709D2C5D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{084A3554-9D06-4EFC-8959-A69BA0A9E3DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B7AAD56-7B6D-4D29-8E41-C363620B153F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0CDF5960-7FD7-406D-96AD-7061F8E7D2C9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0F04B2F1-707D-41AE-A384-566DB9B29222}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{0F404EA9-3F07-4667-A789-4A7E9C9E2709}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{11F8D904-0456-46B0-BD7B-E72DD9EAD9DB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{166F7114-9269-41BD-A9B5-7D86133DAD67}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{1D8C49FC-EB02-4CC8-A96A-8A229B39BA5F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2391E4BF-D0B5-49AA-A738-FE9086DDB235}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{24B9FD5B-9A3F-4C11-9D59-75BE7985E484}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{269A4FCF-1E07-4531-A252-A174A97AC02A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{27C03EE0-0C58-4C73-82E4-EA736998F478}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{28A602AD-6EAF-4478-87A4-F8A88A21070F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{29C59390-C436-4B84-BBFD-0682CB9BB551}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{30007948-BD6D-4347-BFAA-379731AA9DFC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3000EFBB-095C-490B-A9DC-021F1AB4541C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw.exe |
"{31FB10EE-957B-4746-A23E-F9D0FC389A1F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe |
"{320C7255-94E8-4CAF-AB2C-E16834D16EE9}" = protocol=6 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe |
"{332A233B-B2F3-4DC8-8EA5-F3FCB30F5895}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{37047DE3-7AFC-4201-A489-506BCC9A4CEF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3862D832-BAE1-46A8-A8CE-6F495B6F8EAA}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{3A4AE8C6-E383-40B4-94E4-CC025828F2E2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\help.htm |
"{3CD32C17-D5E3-4C0D-AEB2-ECA1B4581635}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\satansdevil\day of defeat source\hl2.exe |
"{3D7ED399-2B0D-42EF-A847-DD23556A17ED}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\help.htm |
"{3DFB454E-E253-490E-8817-7884C1F5A909}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{418CE828-7DE0-4079-8577-72CD5267F8B3}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{47587DFB-9FD1-4B3D-8547-E40AE6C132B8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torched\editor.exe |
"{490211D8-AD58-4ABE-8086-1660E7C6B324}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5694E7C5-9FF9-4CCE-8D76-54CC5DDA8FF6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57ACC302-6672-49C4-8926-5170A629CA18}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw.exe |
"{5838F3FC-919B-4C6E-ABE8-FBA1BB05B5D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{588CF5B9-8408-4755-B1D2-B44A293FF809}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold 2\stronghold2.exe |
"{5A182350-90D2-4801-B32A-C2BAC07A3029}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\satansdevil\garrysmod\hl2.exe |
"{5D52019D-1325-409E-BB9A-025DF89295B5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5DDB32D2-A019-4214-BEB8-9B4B3B0BE92C}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{5DE62AF9-E7CC-480A-888F-CAA22BD5E5D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{60DF8CF5-6804-4E26-B125-0275F6CC3BEF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{630617CF-9BC1-4729-ADE4-0D7A28B04E28}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{661F07DD-C536-4834-8663-39658DF38C80}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest immortal throne\help.htm |
"{67354739-9435-471F-9741-3C6C786FB1A6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{795C97F8-A0F0-4379-831C-05E83EAE9C5C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C54F273-DE94-4992-8CF2-F19186562C2A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7F4EA9FA-D2F1-4A20-B574-5B48B4B5A100}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7FB79324-EEDB-477A-AD42-241BBE4F6B4E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{83B18C70-4E8E-4B86-88BA-A33EEC073C83}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{83F9FA0C-6EA1-4912-82B0-DB378A8FF663}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8400D72A-3DBE-4209-AF6E-24130861A2D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{84D933F7-5F34-47BC-96D1-DA6DF116E75E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A99ADF7-3C63-43B9-9912-BF3BF91D172A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BD2374E-CBBA-48A9-A685-F908D2DA541B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest immortal throne\help.htm |
"{8BEF610C-0359-4A45-91ED-F8D2C3BF0DC3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8E86D4FC-C764-4346-B93C-09323B8CD204}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{927CB7BD-D2E0-4943-ADFA-B7A708C3A550}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{94638789-C49C-48B4-8084-24440A415618}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{950488AE-0CC3-4821-A1E4-1AD4E7D1466F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\satansdevil\counter-strike source\hl2.exe |
"{966FA72B-B490-4326-A4ED-81899C4AB11D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\satansdevil\day of defeat source\hl2.exe |
"{97122998-E718-47FE-B957-81AA96BEEB5D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{98477BA8-2D27-483D-8237-A8948ABC0ECE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{98EE0D59-D4BE-4FC1-9030-245A5A7B0DAD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trine\trine_launcher.exe |
"{9D7B9A3B-0B9F-4CD2-BFD1-EFD1D4522A0F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9DB41C33-56C1-43CF-A2AB-2E7098270090}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9DF25309-D057-4D2F-9948-5A44C7A11F8D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest immortal throne\tqit.exe |
"{9E2B576C-2892-403B-B0EF-0A6F20673ADF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trine\trine_launcher.exe |
"{A647D6E6-7BBF-4175-95E6-368F6A34FB87}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A93092A0-C85E-431A-828C-8F088A7AF84B}" = protocol=17 | dir=in | app=c:\starcraft ii\starcraft ii.exe |
"{AECF544E-DD0B-4DE3-A1C5-CE03BF27A8A6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AED8C1C0-1918-4EFF-B72E-74C3A0EE4F58}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest immortal throne\tqit.exe |
"{AF216EE2-521A-4BA4-8E20-996CC5382DA9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{B58837F3-3D9D-4901-BFD8-9B3B52DB34F0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B64B01CF-0CC3-4870-B779-0F90FEDB6639}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BA789A8F-47BF-4EF2-A3E1-B7D5FE34A454}" = protocol=17 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe |
"{BC9FACD4-BAA8-4D0E-9176-EDECF3CECAE2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{C5C802C9-7280-4E60-A19A-D2E735B9C1FD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{CC4D1298-CE1F-4418-B824-64D0C9FCDCFC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD09CE19-5BE4-406E-B8D9-B686903BF022}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D0120BF9-49D8-461B-B637-B431C0D57FBA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{D0B533AD-720E-4525-A893-74F4004BE716}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\satansdevil\day of defeat\hl.exe |
"{D1668BF5-3F95-4768-906B-CDD7B9134559}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5BC38ED-3D08-4472-BF52-3416BEA78839}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5E1EB80-E488-4689-9C8E-8A69C502B61E}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{D5E4BCD6-AE50-45E0-A297-9DFD6036FACA}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{D6D72F38-4F08-4896-8A07-29330AB712F8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\satansdevil\day of defeat\hl.exe |
"{DCD2D5D4-407C-4A11-B4DE-70AA959E51F4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DDD7B56B-DDA3-49C6-9D88-75E6BCCE7590}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{E356EADC-4DBC-426C-A21A-71DDCD882967}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E3EFEBC3-E137-4213-B262-68C75785AA06}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E88CF489-A548-451B-94CD-1949E96C2CAA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torched\editor.exe |
"{E92A05F7-052B-4ADA-AC96-78DEDF0777F7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe |
"{EADA4C7C-81AC-40D8-9D40-28CFBF9F0185}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\satansdevil\counter-strike source\hl2.exe |
"{ECAE8295-A0A4-4FE2-9060-6D3A5603E86C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED9C17F4-9E77-4A69-A4E6-E8C2DBBB5CEB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE5A56EA-80BB-466F-8695-CCCFB7020DB5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\satansdevil\garrysmod\hl2.exe |
"{F6EAAB43-C41F-4EFF-8A2A-331EE16A91D2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{FA7B874D-2C26-4EAE-BC0F-5FDFFDB2721D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"TCP Query User{00FBF39C-E456-4676-89AA-3CE1B0E92D9E}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{0B00423C-14F0-4355-8352-E10F3DA36B59}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{14B3D75E-AED7-4ABB-9B1C-97F87E5901D0}C:\users\public\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\launcher.exe |
"TCP Query User{174839E8-C7C0-42C0-A2A0-21FDA18718F9}C:\program files\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files\hlsw\hlsw.exe |
"TCP Query User{1F7B412F-758F-49E6-B1E0-7DBD57CDB6BF}C:\program files\steam\steamapps\satansdevil\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\satansdevil\team fortress 2\hl2.exe |
"TCP Query User{3C9CD4E3-BEFF-4E2C-A002-475EAF823ADE}C:\program files\steam\steamapps\common\titan quest\titan quest.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\titan quest.exe |
"TCP Query User{4219818A-225D-42A1-86FF-599B56EF760D}C:\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\starcraft\starcraft.exe |
"TCP Query User{52541761-2351-49AE-A342-79B040F167E0}C:\users\****\downloads\loleudownloader.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\loleudownloader.exe |
"TCP Query User{5DF21010-E94B-42C3-97C5-B0478348FDA3}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{779332E5-E980-4D83-83EF-831138F025D6}C:\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\starcraft ii\versions\base16605\sc2.exe |
"TCP Query User{C50E8E54-17B6-4F2A-A50D-01DA802DD7E2}C:\program files\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"TCP Query User{CC7A1841-6F23-4D37-9CD6-C8B0EDBB495C}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe.exe |
"TCP Query User{DC26D9A1-E676-4691-B886-77F5A234304D}C:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{DE70B447-D396-490F-BA54-49F311DE6D75}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{DE84835B-EC48-40EB-8CE5-41E416450DD8}C:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{FD6C44BC-4A25-41A9-B8D8-7DD9F05A1A62}C:\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=c:\starcraft ii\versions\base16561\sc2.exe |
"UDP Query User{10CCF8F7-7783-40D7-B4C0-528C31CA48D6}C:\program files\steam\steamapps\satansdevil\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\satansdevil\team fortress 2\hl2.exe |
"UDP Query User{1409DF71-9998-41E8-90CD-33DDD54D9157}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{2A40A214-B47A-4094-88AF-1460A16B2ECE}C:\program files\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files\hlsw\hlsw.exe |
"UDP Query User{303A4053-CBB9-40F9-86E8-D5780E63050D}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{35B57E77-41E3-43BD-90A8-5C6489B43068}C:\users\public\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\launcher.exe |
"UDP Query User{3A026671-C200-4A50-B999-2A6E234A275F}C:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{46E232B9-233F-4595-A78E-0A316C9C491D}C:\users\***\downloads\loleudownloader.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\loleudownloader.exe |
"UDP Query User{5F9EA9E9-4C91-4659-9C7D-5B4D1FB9EB86}C:\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\starcraft\starcraft.exe |
"UDP Query User{600B51AD-3439-4885-A9D7-EAFC73203825}C:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{9054F45D-FC3F-431E-AE66-2BC04FC87B2B}C:\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=c:\starcraft ii\versions\base16561\sc2.exe |
"UDP Query User{97F16B50-4249-40EF-B923-DA6BF9D67C3C}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{AC8A45D4-D32E-4706-AB49-E1C5B41CF89E}C:\program files\steam\steamapps\common\titan quest\titan quest.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\titan quest.exe |
"UDP Query User{B40390C6-9C4B-4014-A2B4-3B4158959097}C:\program files\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"UDP Query User{BCBB972E-6791-411C-AD20-DCF4CD170BEC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{DD97E332-F69B-4CA3-B3C6-9876BE8CB927}C:\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\starcraft ii\versions\base16605\sc2.exe |
"UDP Query User{FADBA5B6-08B4-4274-8E08-CD430E29F5DE}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{090EFAEF-E0C1-5311-7A96-817BC18B43BB}" = ccc-utility
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19666E73-D9E5-44D4-8F33-037ED151ECBC}" = Firebird SQL Server - MAGIX Edition
"{1BF43B74-1EDE-060E-A612-56A116A381F8}" = Catalyst Control Center Core Implementation
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.5
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 21
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{437220AC-2A97-8338-E012-74B8DF30E9DA}" = Catalyst Control Center InstallProxy
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4E2CD272-0F2F-98EA-9596-510EF0D24E28}" = ccc-core-static
"{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin Wireless USB Adapter Setup
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72C02F89-9E8E-2DBD-11D7-EB5F075FE081}" = Catalyst Control Center Graphics Previews Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DB77BE4-629D-458D-BD68-9F36667C2177}" = TubeBox!
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C19FFB1-25FC-43FC-AC78-919E5E2A6DD0}" = TortoiseSVN 1.6.6.17493 (32 bit)
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"{9DD16C0E-B9E7-417C-0C30-E57916C353E3}" = CCC Help English
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9EC63FE1-D017-460D-90B1-CCC97239AF73}" = Media Go
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A1E1D1EE-3F04-CC1A-8498-0D48463F579D}" = Catalyst Control Center Localization All
"{A680643A-1155-02F6-6B29-BF4FBA1190E8}" = Catalyst Control Center Graphics Full Existing
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{ABB6F00C-9722-82C2-FE1E-893313CCF612}" = Catalyst Control Center Graphics Light
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{B04836D8-4170-D430-6297-3DD084AAEC09}" = Catalyst Control Center Graphics Full New
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BCC78381-4B63-5352-BF57-BDBF7A77823A}" = Catalyst Control Center HydraVision Full
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE03D1DC-FD8D-2F5C-5FAD-02570BA0383B}" = Catalyst Control Center InstallProxy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{DF181652-D4F9-7D64-AED8-57D31E8D0410}" = Media Go Video Playback Engine 1.32.101.05130
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EE02955B-74BC-3995-6B67-2A9D1651D4F5}" = Catalyst Control Center Graphics Previews Vista
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F34D6DAE-7777-5C40-E143-8A0D6A048F75}" = ATI Catalyst Install Manager
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12345_is1" = WeGame Client Public Beta 2.0.2
"7-Zip" = 7-Zip 9.04 beta
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Active WebCam" = Active WebCam
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AutoHotkey" = AutoHotkey 1.0.48.05
"AV Voice Changer Software GOLD 7.0" = AV Voice Changer Software GOLD 7.0
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EA Download Manager" = EA Download Manager
"EAX Unified" = EAX Unified
"FlashGet 3.5" = FlashGet 3.5
"Fraps" = Fraps (remove only)
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.10
"GAMI (Gta-Action Mod-Installer)" = GAMI (Gta-Action Mod-Installer)
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HLSW_is1" = HLSW v1.3.2.1
"Icy Tower v1.4_is1" = Icy Tower v1.4
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"JDownloader" = JDownloader
"Mafia" = Mafia
"MAGIX MP3 Maker 15 Download-Version D" = MAGIX MP3 Maker 15 Download-Version 10.0.0.279 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"myBabylon_English Toolbar" = myBabylon_English Toolbar
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Postal 2 Apocalypse Weekend Expansion Pack" = Postal 2 Apocalypse Weekend Expansion Pack
"Postal 2 Share The Pain" = Postal 2 Share The Pain
"PROHYBRIDR" = 2007 Microsoft Office system
"RPGAdvocates_RTP_1.0" = Common RTP 1.0
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 240" = Counter-Strike: Source
"Steam App 30" = Day of Defeat
"Steam App 300" = Day of Defeat: Source
"Steam App 35700" = Trine
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 41500" = Torchlight
"Steam App 41520" = Torchlight Editor
"Steam App 440" = Team Fortress 2
"Steam App 4540" = Titan Quest
"Steam App 4550" = Titan Quest: Immortal Throne
"Steam App 4700" = Medieval II: Total War
"Steam App 4760" = Rome: Total War - Gold Edition
"Steam App 630" = Alien Swarm
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.9
"VRS" = VRS Recording System
"VTFEdit_is1" = VTFEdit 1.2.5
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Darth Mod M2TW 1.4D" = Darth Mod M2TW 1.4D
"Google Chrome" = Google Chrome
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.12.2010 05:28:35 | Computer Name = ***-PC | Source = VSS | ID = 8194
Description =
 
Error - 23.12.2010 05:34:05 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 23.12.2010 05:38:23 | Computer Name = ***-PC | Source = VSS | ID = 8194
Description =
 
Error - 23.12.2010 08:28:50 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 23.12.2010 10:34:07 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 23.12.2010 13:15:53 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 23.12.2010 13:21:17 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung HitmanBloodMoney.exe, Version 0.0.0.0, Zeitstempel
 0x445e8b88, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0x624, Anwendungsstartzeit
 01cba2c56d1b44a3.
 
Error - 23.12.2010 15:14:01 | Computer Name = ***-PC | Source = VSS | ID = 8194
Description =
 
Error - 23.12.2010 15:26:01 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 23.12.2010 16:35:12 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 23.12.2010 14:51:39 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 23.12.2010 15:17:32 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 23.12.2010 15:23:02 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 23.12.2010 15:23:07 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 23.12.2010 15:25:55 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 23.12.2010 um 20:23:14 unerwartet heruntergefahren.
 
Error - 23.12.2010 15:26:03 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 23.12.2010 15:43:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 23.12.2010 15:43:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 23.12.2010 15:43:59 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 23.12.2010 16:35:16 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >

rea 26.12.2010 18:18
1.) Teatimer abstellen

Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt. Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind):
Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten.





2.) Software deinstallieren
=> Start
=> Systemsteuerung
=> Programme und Funktionen
=> Programm deinstallieren
Wähle nun jeweils eine Software aus:
Code:
Google Toolbar for Internet Explorer
Google Update Helper
myBabylon_English Toolbar
=> ändern/entfernen und deinstallieren.


Deinstalliere bitte jede Software aus dieser Liste, die vorhanden ist.





3.) Fixen mit OTL
  • Starte bitte die OTL.exe.
    Vista-&Win7-User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt der folgenden Codebox in die Benutzerdefinierte Scans/Fixes - Textbox.

    Denke daran, vor dem Fix die **** wieder in deinen Benutzernamen zu ändern!!!

    Code:
    :OTL
    O32 - AutoRun File - [2005.02.25 16:24:44 | 000,000,051 | R--- | M] () - H:\autorun.inf -- [ UDF ]
    File not found -- C:\Users\***\Desktop\Detektiv Keybinder by Pablo
    [2010.12.19 19:57:19 | 000,000,204 | ---- | M] () -- C:\Windows\System32\secustat.dat
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:B606BA34
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf OK.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.



Versuche nach diesem Schritt erneut mit Gmer zu scannen.




Worum handelt es sich bei diesen/m Dateien/Ordner?
C:\Users\***\Desktop\knifem9probisiiiww.rar
C:\Users\***\Desktop\test
C:\Users\***\Desktop\addons.exe

Worum handelt es sich bei deinem Laufwerk H:\ ?

Brauny 26.12.2010 23:09
Hey

C:\Users\***\Desktop\knifem9probisiiiww.rar ---> ein Counter Strike Source Skin Mod, den ich selbst gebastelt habe

C:\Users\***\Desktop\test --->ein Ordner mit AddOns von dem Spiel Garry's Mod

C:\Users\***\Desktop\addons.exe --->Ein Programm, dass AddOns vom Spiel Garry's Mod gepackt hatte und beim Start alles entpackt.


So folgte ich deinen Schritten und wagte mich mal wieder an GMER.Nachdem es sehr lange geladen hatte war es da, stellte alles ein und fing an zu scannen.10 Sekunden alles reibungslos bis ich dann einen Bluescreen bekam, dass wegen pwryjpog.sys das System zur Sicherheit runtergefahren wird (die genaue Meldung war nicht bekannt, hab mich nur auf den Namen fixiert.

So versuchte ich es mal im Abgesichtern Modus, wo das Programm erneut abstürzte (hat ein Problem gefunden, muss beendet werden).Das Programm stürzte bei \device\harddiskVolumeShadowcopy1 ab.

mfg
Brauny

rea 26.12.2010 23:23
Okay, dann poste mir erstmal das Fixlog von OTL und beantworte die andere Frage noch.

Brauny 26.12.2010 23:30
Das Fixlog hab ich leider nicht gespeichert, hatte in dem Moment leider nicht dran gedacht...oder lässt sich das woanders finden?

Zum Laufwerk H...das ist mein CD Laufwerk.

mfg
Brauny

rea 27.12.2010 00:10
Schau auf deinem Desktop oder im Ordner C:\_OTL. Beim nächsten Mal vorher die Anleitung lesen. ;) Wenns nicht da ist, mach mit der neuen Anleitung weiter.

Gmer hat das leider manchmal, dass es kein Logfile erzeugt sondern abstürzt. Ist recht schade, aber wir steigen auf andere Rootkitscanner um:



Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:
  • Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
  • Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
  • Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!


1.) Rootkit-Suche mit Avira AntiRootkit

Lade Avira AntiRootkit herunter, indem Du auf den Download-Button klickst. Speichere die Datei auf Deinem Desktop.
  • Du solltest jetzt antivir_rootkit.zip auf Deinem Desktop finden.
  • Entpacke das Archiv auf Deinen Desktop (antivir_rootkit.zip kannst Du jetzt manuell löschen).
  • Doppelklick auf die avirarkd.exe => OK.
  • Klicke auf Start scan.
  • Wenn der Suchlauf beendet ist, klicke auf View report und kopiere das Log hier in den Thread.




2.) Rootkit-Suche mit RootRepeal
  • Gehe hierhin, scrolle runter und downloade RootRepeal.zip.
  • Entpacke die Datei auf Deinen Desktop.
  • Doppelklicke die RootRepeal.exe, um den Scanner zu starten.
  • Klicke auf den Reiter Report und dann auf den Button Scan.
  • Mache einen Haken bei den folgenden Elementen und klicke Ok.
    .
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
    .
  • Im Anschluss wirst Du gefragt, welche Laufwerke gescannt werden sollen.
  • Wähle C:\ und klicke wieder Ok.
  • Der Suchlauf beginnt automatisch, es wird eine Weile dauern, bitte Geduld.
  • Wenn der Suchlauf beendet ist, klicke auf Save Report.
  • Speichere das Logfile als RootRepeal.txt auf dem Desktop.
  • Kopiere den Inhalt hier in den Thread.





3.) OSAM
Und erstelle bitte ein Logfile mit OSAM. (Einfach draufklicken, um zur Anleitung zu kommen)





4.) Erneuter Systemscan mit OTL
  • Doppelklick auf die OTL.exe
    Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standart Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Setze jeweils den Haken bei LOP Prüfung & Purity Prüfung
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste beide Logfiles hier in den Thread.

Brauny 27.12.2010 01:50
Hallo

so habe nun alle Scans bis auf den von AntiVir gemacht, da AntiVir mich dazu auffordert AntiVir zu installieren, aber da ich Kaspersky schon drauf habe und Kaspersky dadurch entfernt wird, werde ich den Scan auch nicht durchführen.

Hier die Logs von RootRepeal,Osam und die neuen OTL files mit anderen einstellungen.Da alles insgesamt zu groß ist, gibts diese in einem zip Archiv.

mfg
Brauny

rea 27.12.2010 02:22
Hi,
poste die Logs bitte einzeln direkt in den Thread, jeweils mit Codetags umschlossen. Du kannst gern, wenns denn nötig ist 2 Beiträge dafür verwenden. Ich schau mir die Logs dann morgen an :)

Brauny 27.12.2010 02:27
Code:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:                2010/12/27 00:16
Program Version:                Version 1.3.5.0
Windows Version:                Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x941B4000        Size: 45056        File Visible: No        Signed: -
Status: -

Name: dump_msahci.sys
Image Path: C:\Windows\System32\Drivers\dump_msahci.sys
Address: 0x941BF000        Size: 40960        File Visible: No        Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x833F1000        Size: 49152        File Visible: No        Signed: -
Status: -

Name: spmt.sys
Image Path: C:\Windows\System32\Drivers\spmt.sys
Address: 0x8060C000        Size: 995328        File Visible: No        Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000        Size: 0        File Visible: No        Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\System Volume Information\{666e940b-113b-11e0-be08-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{79eefdb4-0e73-11e0-8e63-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7ed2ca99-0c49-11e0-8936-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7ed2ca9d-0c49-11e0-8936-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7ed2caa3-0c49-11e0-8936-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3d93e3e0-0eb8-11e0-827e-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3f31aed3-0dc7-11e0-ac27-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{84adb4d0-0e77-11e0-95c1-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b78d7d0f-0f80-11e0-a97b-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b99a2003-1006-11e0-821b-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e17a0231-0f45-11e0-888a-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e17a0251-0f45-11e0-888a-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e17a026e-0f45-11e0-888a-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e17a0272-0f45-11e0-888a-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e17a0276-0f45-11e0-888a-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e17a027a-0f45-11e0-888a-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0da7a342-0aa8-11e0-9f27-f4272d2fd9e0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0da7a353-0aa8-11e0-9f27-f4272d2fd9e0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0ded87b7-0d03-11e0-80c0-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e17a027e-0f45-11e0-888a-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e17a0282-0f45-11e0-888a-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{f79fca38-0b50-11e0-bc80-002421e021bd}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4974_none_f0c009be84e41666.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.debugmfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_3389d53e5a2d10c0.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30411.0_none_d70c8009a3652bd4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4974_none_f0f30f20f89ddc75.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4027_none_cbeeb6564710a1d1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.debugcrt_1fc8b3b9a1e18e3b_8.0.50727.42_none_ef74ff32550b5bf0.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_0e9108e3b72e14d4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4027_none_4daf0ae87dd59b6e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_50940634bcb759cb.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.debugmfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_f455012451df8b23.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4974_none_80bb23871e9ab973.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30411.0_none_7f955bd5da1ee32d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4974_none_0e9463c1b72afcdd.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_bdf22a22ab9e15d5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30411.0_none_7816760bdeed6010.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4027_none_d08a21a2442db2dc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4974_none_ed0290eafb227cfc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0bcaee084e72e5d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4974_none_497745fb754785d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4974_none_f48176b4f6540019.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30411.0_none_d48b2b1c591268e6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_5d1777c2e857a23b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b59bae9d65014b98.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30411.0_none_7bd3eedf68aef97a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.debugcrt_1fc8b3b9a1e18e3b_8.0.50727.42_none_3825408a574a21cb.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4db266e67dd280ef.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4027_none_516ad2630f4bd825.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_5926f98ceadc42c2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4974_none_4bf89ae8bf9a48c0.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_5ce47260749ddc2c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30411.0_none_dba7eb55a0823cdf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_3b0e32bdc9afe437.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f47e1bd6f6571810.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4027_none_03c6f934205fcb15.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b81d038aaf540e86.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_6b86c0e9b0196766.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4974_none_51cdc180bbe4500f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4027_none_49ebec99141a5508.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_ecff360cfb2594f3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_49ef489714173a89.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_80b7c8a91e9dd16a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.web.resources_b03f5f7f11d50a3a_6.0.6002.18232_de-de_5281c6e07b670138\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.web.resources_b03f5f7f11d50a3a_6.0.6002.18315_de-de_527f81d07b691bbe\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.web.resources_b03f5f7f11d50a3a_6.0.6002.22372_de-de_3bb82148950ac69a\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.web.resources_b03f5f7f11d50a3a_6.0.6002.22493_de-de_3bba0af09509133a\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.security.resources_b03f5f7f11d50a3a_6.0.6002.18222_de-de_52e7823c4ca4d7f9\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18210_none_12c51e3eb200ba24\APPLIC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.22343_none_13314c23cb33f9c6\APPLIC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.security.resources_b03f5f7f11d50a3a_6.0.6002.22354_de-de_3c1caeca6649b746\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: c:\program files\nero\nero8\nero backitup\biub05a.txt
Status: Allocation size mismatch (API: 216, Raw: 0)

Path: c:\program files\nero\nero8\nero backitup\biu7290.txt
Status: Allocation size mismatch (API: 216, Raw: 0)

Path: c:\program files\nero\nero8\nero backitup\biu7647.txt
Status: Allocation size mismatch (API: 216, Raw: 0)

Path: c:\program files\nero\nero8\nero backitup\biu7de5.txt
Status: Allocation size mismatch (API: 216, Raw: 0)

Path: c:\program files\nero\nero8\nero backitup\biu6d23.txt
Status: Allocation size mismatch (API: 216, Raw: 0)

Path: c:\program files\nero\nero8\nero backitup\biu6f07.txt
Status: Allocation size mismatch (API: 216, Raw: 0)

Path: c:\program files\nero\nero8\nero backitup\biu7148.txt
Status: Allocation size mismatch (API: 216, Raw: 0)

Path: c:\program files\nero\nero8\nero backitup\biu7aab.txt
Status: Allocation size mismatch (API: 216, Raw: 0)

Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_MSIL\System.Security.resources\2.0.0.0_de_b03f5f7f11d50a3a\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_MSIL\System.Web.resources\2.0.0.0_de_b03f5f7f11d50a3a\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: c:\users\***\appdata\local\mozilla\firefox\profiles\fr2rqa3m.default\urlclassifier3.sqlite-journal
Status: Allocation size mismatch (API: 12058624, Raw: 0)

Path: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fr2rqa3m.default\sessionstore.js
Status: Could not get file information (Error 0xc0000008)

Path: c:\users\***\appdata\local\mozilla\firefox\profiles\fr2rqa3m.default\cache\_cache_001_
Status: Allocation size mismatch (API: 696320, Raw: 688128)

Path: c:\users\***\appdata\local\mozilla\firefox\profiles\fr2rqa3m.default\cache\_cache_002_
Status: Allocation size mismatch (API: 753664, Raw: 671744)

Processes
-------------------
Path: System
PID: 4        Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1416        Status: Locked to the Windows API!

SSDT
-------------------
#: 012        Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450abd0

#: 021        Function Name: NtAlpcConnectPort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450c52c

#: 022        Function Name: NtAlpcCreatePort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450c782

#: 038        Function Name: NtAlpcSendWaitReceivePort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450c9fc

#: 048        Function Name: NtClose
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450b450

#: 054        Function Name: NtConnectPort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450bb32

#: 058        Function Name: NtCreateEvent
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450bf3c

#: 060        Function Name: NtCreateFile
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450b5f8

#: 067        Function Name: NtCreateMutant
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450be14

#: 068        Function Name: NtCreateNamedPipeFile
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450a7d6

#: 071        Function Name: NtCreatePort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450bcd0

#: 075        Function Name: NtCreateSection
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450a992

#: 076        Function Name: NtCreateSemaphore
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450c06e

#: 077        Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450dcb0

#: 078        Function Name: NtCreateThread
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450b0ee

#: 115        Function Name: NtCreateWaitablePort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450bd72

#: 116        Function Name: NtDebugActiveProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450d6a2

#: 129        Function Name: NtDuplicateObject
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450e672

#: 150        Function Name: NtFsControlFile
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450b752

#: 165        Function Name: NtLoadDriver
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450d734

#: 177        Function Name: NtMapViewOfSection
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450dd64

#: 184        Function Name: NtOpenEvent
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450bfde

#: 186        Function Name: NtOpenFile
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450b4d2

#: 191        Function Name: NtOpenMutant
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450beac

#: 194        Function Name: NtOpenProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450add6

#: 197        Function Name: NtOpenSection
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450dcda

#: 198        Function Name: NtOpenSemaphore
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450c110

#: 201        Function Name: NtOpenThread
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450acfa

#: 219        Function Name: NtQueryDirectoryObject
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450cc3e

#: 242        Function Name: NtQuerySection
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450e07c

#: 255        Function Name: NtQueueApcThread
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450d9ca

#: 270        Function Name: NtReplyPort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450c49a

#: 271        Function Name: NtReplyWaitReceivePort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450c360

#: 276        Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450d442

#: 282        Function Name: NtResumeThread
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450e554

#: 286        Function Name: NtSecureConnectPort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450b86c

#: 289        Function Name: NtSetContextThread
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450b30c

#: 307        Function Name: NtSetInformationToken
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450ccf2

#: 314        Function Name: NtSetSecurityObject
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450d82e

#: 317        Function Name: NtSetSystemInformation
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450e1bc

#: 330        Function Name: NtSuspendProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450e2a0

#: 331        Function Name: NtSuspendThread
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450e3c8

#: 332        Function Name: NtSystemDebugControl
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450d5ce

#: 334        Function Name: NtTerminateProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450af4e

#: 335        Function Name: NtTerminateThread
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450aea4

#: 348        Function Name: NtUnmapViewOfSection
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450df32

#: 358        Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450b02e

#: 382        Function Name: NtCreateThreadEx
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9450b1ee

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System        Address: 0x863471f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System        Address: 0x863471f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System        Address: 0x863471f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System        Address: 0x863471f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System        Address: 0x863471f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System        Address: 0x863471f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System        Address: 0x863471f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System        Address: 0x863471f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System        Address: 0x863471f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System        Address: 0x863471f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System        Address: 0x863471f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System        Address: 0x863471f8        Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System        Address: Shadow SSDT
-------------------
#: 013        Function Name: NtGdiBitBlt
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451bd1c

#: 235        Function Name: NtGdiMaskBlt
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451bde6

#: 245        Function Name: NtGdiPlgBlt
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451be50

#: 301        Function Name: NtGdiStretchBlt
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451bd80

#: 317        Function Name: NtUserAttachThreadInput
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451b930

#: 333        Function Name: NtUserCallOneParam
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451bce8

#: 391        Function Name: NtUserFindWindowEx
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451bb1e

#: 397        Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451b898

#: 428        Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451bc20

#: 430        Function Name: NtUserGetKeyState
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451b8e4

#: 479        Function Name: NtUserMessageCall
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451ba70

#: 497        Function Name: NtUserPostMessage
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451b9c6

#: 498        Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451ba1a

#: 513        Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451bbb0

#: 525        Function Name: NtUserSendInput
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451bad0

#: 573        Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451b7e8

#: 576        Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x9451b83e

==EOF==
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 00:10:02 on 27.12.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Kaspersky Lab" - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
"AppInit_DLLs" - "Kaspersky Lab" - C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-125589784-1136540592-1035784495-1004Core.job" - "Google Inc." - C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-125589784-1136540592-1035784495-1004UA.job" - "Google Inc." - C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ahcix86s" (ahcix86s) - ? - C:\Windows\System32\DRIVERS\ahcix86s.sys  (File not found)
"AMD Low Level Device Driver" (AmdLLD) - ? - C:\Windows\System32\DRIVERS\AmdLLD.sys  (File not found)
"amdide" (amdide) - ? - C:\Windows\System32\DRIVERS\amdide.sys  (File not found)
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"awggm53m" (awggm53m) - "Microsoft Corporation" - C:\Windows\system32\drivers\awggm53m.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"cpuz132" (cpuz132) - ? - C:\Users\***\AppData\Local\Temp\cpuz132\cpuz132_x32.sys  (File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{0561EC90-CE54-4f0c-9C55-E226110A740C} "{0561EC90-CE54-4f0c-9C55-E226110A740C}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? -  (File not found | COM-object registry key not found)
{5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? -  (File not found | COM-object registry key not found)
{327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Exctractor" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{30351346-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{30351347-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{30351348-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134A-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134B-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134C-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134D-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134E-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{3035134F-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{30351350-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
{C5994560-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994561-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994562-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994563-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994564-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994565-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994566-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994567-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{C5994568-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} "QIPBHO Class" - "qip.ru" - C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
 "{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll
{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} "FlashGetBHO" - "Trend Media Group" - C:\Users\***\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} "QIPBHO Class" - "qip.ru" - C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AVP" - "Kaspersky Lab" - "C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe"
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - "C:\Program Files\Cyberlink\Shared files\RichVideo.exe"  (File not found)
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Shared\Database2\bin\FABS.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Shared\Database2\bin\fbserver.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Kaspersky Security Suite CBE 10" (AVP) - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
"SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
"UPnPService" (UPnPService) - "Magix AG" - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"klogon" - "Kaspersky Lab" - C:\Windows\system32\klogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Brauny 27.12.2010 02:28
Code:
OTL logfile created on: 27.12.2010 01:35:04 - Run 1
OTL by OldTimer - Version 3.2.18.0    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581,17 Gb Total Space | 240,55 Gb Free Space | 41,39% Space Free | Partition Type: NTFS
Drive D: | 14,99 Gb Total Space | 2,79 Gb Free Space | 18,64% Space Free | Partition Type: FAT32
Drive H: | 4,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.26 22:42:14 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2010.11.19 15:32:52 | 000,743,232 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010.11.19 15:31:52 | 001,051,968 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2010.09.01 07:39:18 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.06.10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.05.06 08:08:30 | 000,207,448 | ---- | M] (Kaspersky Lab) -- C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtblfs.exe
PRC - [2010.03.26 17:02:56 | 008,546,848 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2010.03.03 05:12:32 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.03.03 05:11:58 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.10.20 00:11:52 | 000,616,712 | ---- | M] (hxxp://tortoisesvn.net) -- C:\Programme\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.02.23 10:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008.12.16 09:52:02 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Shared\Database2\bin\FABS.exe
PRC - [2008.11.24 21:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.11.24 21:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2006.10.26 12:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe
PRC - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.26 22:42:14 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Cyberlink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2010.12.24 15:06:02 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.11.19 15:31:52 | 001,051,968 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.11.19 15:29:54 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.11.05 19:44:16 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.08.18 00:49:16 | 000,797,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010.06.10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.05.06 08:10:22 | 000,361,120 | ---- | M] (Kaspersky Lab) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe -- (AVP)
SRV - [2010.03.18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2010.03.03 05:11:58 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.02.23 10:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008.12.16 09:52:02 | 001,155,072 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Shared\Database2\bin\FABS.exe -- (Fabs)
SRV - [2008.10.21 14:50:00 | 000,548,864 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2008.08.07 09:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\Database2\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\AmdLLD.sys -- (AmdLLD)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\DRIVERS\amdide.sys -- (amdide)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2010.10.09 13:27:23 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.10.09 13:27:21 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.10.08 20:44:38 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010.03.26 17:24:58 | 003,048,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010.03.03 05:22:26 | 005,340,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2010.03.03 04:07:16 | 000,152,064 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.02.24 13:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.01.25 16:55:07 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.12.20 10:53:32 | 000,234,016 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.10.14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\klbg.sys -- (klbg)
DRV - [2009.10.02 18:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.09.23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.09.14 13:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009.09.01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009.05.27 10:32:04 | 000,516,608 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009.05.20 17:04:40 | 000,157,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.12.26 11:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008.09.26 12:30:54 | 000,651,264 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2008.04.28 14:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.03.27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.autohotkey.com/docs/Tutorial.htm"
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.747
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1
FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 19:35:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.12 19:35:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\THBExt [2010.10.08 20:45:48 | 000,000,000 | ---D | M]
 
[2010.01.16 22:31:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.12.27 00:55:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions
[2010.04.27 15:26:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.05 20:50:54 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
[2010.08.14 14:39:01 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.04.21 14:59:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}-trash
[2010.12.24 21:32:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.11.03 19:31:51 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2010.04.27 15:26:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\youtube2mp3@mondayx.de
[2010.03.10 18:05:01 | 000,002,288 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\fr2rqa3m.default\searchplugins\call-of-duty-wiki-en.xml
[2010.12.05 20:51:42 | 000,002,062 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\fr2rqa3m.default\searchplugins\qip-search.xml
[2010.12.27 00:55:31 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.18 02:48:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.14 14:40:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.08 20:47:04 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.22 13:44:58 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.21 14:00:00 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2010.07.22 13:44:58 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.22 13:44:58 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.22 13:44:58 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.22 13:44:58 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\***\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\******\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: 使用快车3下载 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.02.25 16:24:44 | 000,000,051 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{5f0589ac-02cd-11df-96cc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5f0589ac-02cd-11df-96cc-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Installer.exe -- File not found
O33 - MountPoints2\{645b992f-c8dd-11df-bb74-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{645b992f-c8dd-11df-bb74-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Install.exe -- [2004.10.21 19:38:02 | 000,126,976 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{fa799ce1-09cb-11df-a2a2-002421e021bd}\Shell - "" = AutoRun
O33 - MountPoints2\{fa799ce1-09cb-11df-a2a2-002421e021bd}\Shell\AutoRun\command - "" = J:\MafiaLauncher.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\Users\***\Desktop\Detektiv Keybinder by Pablo
[2010.12.27 00:15:20 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\RootRepeal
[2010.12.27 00:13:26 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\avira_antirootkit
[2010.12.27 00:06:33 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\osam_autorun_manager_version_portable
[2010.12.26 22:43:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.12.26 22:42:12 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.12.26 14:25:08 | 000,000,000 | ---D | C] -- C:\Programme\TeamSpeak 3 Client
[2010.12.26 14:23:51 | 013,326,816 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Users\***\Desktop\TeamSpeak3-Client-win32-3.0.0-beta36.exe
[2010.12.24 23:47:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ENBSeries Configurator for GTA San Andreas
[2010.12.24 23:47:43 | 000,000,000 | ---D | C] -- C:\Programme\ENBSeries Configurator for GTA San Andreas
[2010.12.24 22:23:11 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\TXD Workshop
[2010.12.24 15:06:08 | 000,030,528 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010.12.24 15:06:05 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.12.24 15:06:05 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.12.24 15:05:27 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2010
[2010.12.24 15:01:23 | 019,904,832 | ---- | C] (TuneUp Software) -- C:\Users\***\Desktop\TU2010TrialDE.exe
[2010.12.23 21:20:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.12.23 21:20:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.23 21:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.23 21:20:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.23 21:20:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.12.23 21:17:53 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup.exe
[2010.12.23 20:50:14 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis.exe
[2010.12.23 12:18:59 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.12.23 12:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.12.23 10:55:41 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\GTA San Andreas User Files
[2010.12.23 10:38:22 | 000,000,000 | ---D | C] -- C:\Programme\Rockstar Games
[2010.12.23 10:29:32 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\alle
[2010.12.23 10:17:20 | 000,000,000 | ---D | C] -- C:\Programme\GAMI
[2010.12.21 15:23:59 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Kakawurst
[2010.12.17 08:37:34 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Hitman Blood Money
[2010.12.17 08:28:38 | 000,000,000 | ---D | C] -- C:\Programme\Eidos
[2010.12.17 08:17:14 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Hitman iso
[2010.12.17 08:16:12 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Hitman
[2010.12.16 22:40:41 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\test
[2010.12.16 22:08:26 | 454,415,571 | ---- | C] (1 Mann Lan) -- C:\Users\***\Desktop\addons.exe
[2010.12.16 13:01:37 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\DVDVideoSoft
[2010.12.16 13:01:28 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2010.12.16 13:01:28 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft
[2010.12.15 16:08:51 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.15 16:08:43 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.15 16:08:41 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.15 16:08:40 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.15 16:08:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.15 16:07:17 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.15 16:07:17 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.15 16:07:17 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.15 16:07:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.14 09:52:57 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.12.11 09:42:03 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\sacamhack12
[2010.12.11 09:36:22 | 001,227,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dx8vb.dll
[2010.12.08 16:09:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Divinity 2
[2010.12.07 23:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Divinity 2
[2010.12.07 23:10:28 | 000,000,000 | ---D | C] -- C:\Programme\Divinity II - Ego Draconis
[2010.12.05 20:50:50 | 000,000,000 | ---D | C] -- C:\Programme\QIP 2010
[2010.12.05 08:58:39 | 000,000,000 | ---D | C] -- C:\Programme\Mafia
[2010.12.05 08:56:01 | 000,139,264 | ---- | C] (Creative Technology Ltd) -- C:\Windows\System32\eax.dll
[2010.12.05 08:56:01 | 000,000,000 | ---D | C] -- C:\Programme\Creative
[2010.12.05 08:55:59 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010.12.03 18:14:56 | 000,000,000 | ---D | C] -- C:\Programme\Postal2
[2010.11.30 23:19:04 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010.11.30 23:16:10 | 000,000,000 | ---D | C] -- C:\Programme\Postal2STP
[2010.11.28 20:00:45 | 000,000,000 | ---D | C] -- C:\Programme\osu!
[2010.11.28 20:00:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Downloaded Installations
[2010.11.26 18:57:29 | 000,254,464 | ---- | C] (Mpath Interactive) -- C:\Programme\MPLAYNOW.EXE
[2007.03.12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2005.11.23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Users\***\Desktop\Detektiv Keybinder by Pablo
[2010.12.27 01:27:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.27 01:04:48 | 000,000,184 | ---- | M] () -- C:\Users\***\Desktop\Google.ahk
[2010.12.27 00:59:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.27 00:59:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.27 00:41:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-125589784-1136540592-1035784495-1004UA.job
[2010.12.27 00:15:09 | 000,465,298 | ---- | M] () -- C:\Users\***\Desktop\RootRepeal.rar
[2010.12.27 00:13:00 | 000,089,324 | ---- | M] () -- C:\Users\***\Desktop\avira_antivir_antirootkit_en.zip
[2010.12.27 00:12:44 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.26 23:06:55 | 000,742,356 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.26 23:06:55 | 000,690,518 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.26 23:06:55 | 000,173,876 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.26 23:06:55 | 000,141,156 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.26 22:59:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.26 22:55:14 | 385,498,455 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.12.26 22:42:14 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.12.26 17:41:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-125589784-1136540592-1035784495-1004Core.job
[2010.12.26 16:10:29 | 000,296,448 | ---- | M] () -- C:\Users\***\Desktop\3wloftrm.exe
[2010.12.26 14:25:09 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.12.26 14:24:50 | 013,326,816 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Users\***\Desktop\TeamSpeak3-Client-win32-3.0.0-beta36.exe
[2010.12.25 19:03:17 | 000,002,710 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2010.12.25 19:03:03 | 000,001,349 | ---- | M] () -- C:\Users\***\Desktop\muzzle_texture4.png
[2010.12.25 17:25:33 | 000,444,416 | ---- | M] () -- C:\Users\***\Desktop\desert_eagle.txd
[2010.12.25 16:21:19 | 000,001,271 | ---- | M] () -- C:\Users\***\Desktop\bloodpool_64.png
[2010.12.25 14:40:56 | 000,040,960 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.25 11:42:14 | 000,000,287 | ---- | M] () -- C:\Users\***\Desktop\radardisc.png
[2010.12.25 00:20:30 | 000,000,354 | ---- | M] () -- C:\Users\***\Desktop\radar_centre.png
[2010.12.25 00:19:02 | 000,000,256 | ---- | M] () -- C:\Users\***\Desktop\siteM16.png
[2010.12.24 23:47:43 | 000,002,162 | ---- | M] () -- C:\Users\***\Desktop\ENBSeries Configurator for GTA San Andreas.lnk
[2010.12.24 23:46:11 | 004,866,209 | ---- | M] () -- C:\Users\***\Desktop\SAStreamMemFix.rar
[2010.12.24 23:45:25 | 001,443,095 | ---- | M] () -- C:\Users\***\Desktop\ENB-Series-Configurator.rar
[2010.12.24 22:22:44 | 000,430,455 | ---- | M] () -- C:\Users\***\Desktop\txdworkshop40.rar
[2010.12.24 15:47:31 | 000,830,065 | ---- | M] () -- C:\Users\***\Desktop\3304_1122614819_Faggio.zip
[2010.12.24 15:46:19 | 000,148,442 | ---- | M] () -- C:\Users\***\Desktop\11447_Stage 6 Aerox Engine Sounds.rar
[2010.12.24 15:05:57 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.12.24 15:05:57 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.12.24 15:02:59 | 019,904,832 | ---- | M] (TuneUp Software) -- C:\Users\***\Desktop\TU2010TrialDE.exe
[2010.12.24 13:10:56 | 000,331,828 | ---- | M] () -- C:\Users\***\Desktop\undercover hud addon.rar
[2010.12.23 22:42:54 | 000,381,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.23 22:12:15 | 000,033,115 | ---- | M] () -- C:\Users\***\Desktop\Logs.zip
[2010.12.23 22:04:18 | 000,030,547 | ---- | M] () -- C:\Users\***\Desktop\Log Dateien.zip
[2010.12.23 22:01:00 | 000,030,419 | ---- | M] () -- C:\Users\***\Desktop\Log Dateien.rar
[2010.12.23 21:20:28 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.23 21:20:09 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup.exe
[2010.12.23 20:50:39 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis.exe
[2010.12.23 10:54:04 | 009,408,623 | ---- | M] () -- C:\Users\***\Desktop\sa-downgrade patch 0.3.1.rar
[2010.12.20 20:29:38 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.16 22:43:32 | 454,415,571 | ---- | M] (1 Mann Lan) -- C:\Users\***\Desktop\addons.exe
[2010.12.16 22:13:32 | 000,001,624 | ---- | M] () -- C:\Users\***\Desktop\Deamon Tools.lnk
[2010.12.16 22:12:41 | 000,000,705 | ---- | M] () -- C:\Users\***\Desktop\Mafia.lnk
[2010.12.16 19:57:05 | 000,646,095 | ---- | M] () -- C:\Users\***\Desktop\knifem9probisiiiww.rar
[2010.12.11 09:36:27 | 001,227,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dx8vb.dll
[2010.12.08 20:16:57 | 000,114,243 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.12.08 20:16:57 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010.12.05 08:57:34 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
 
========== Files Created - No Company Name ==========
 
[2010.12.27 00:46:12 | 000,000,184 | ---- | C] () -- C:\Users\***\Desktop\Google.ahk
[2010.12.27 00:15:08 | 000,465,298 | ---- | C] () -- C:\Users\***\Desktop\RootRepeal.rar
[2010.12.27 00:12:59 | 000,089,324 | ---- | C] () -- C:\Users\***\Desktop\avira_antivir_antirootkit_en.zip
[2010.12.26 16:10:28 | 000,296,448 | ---- | C] () -- C:\Users\***\Desktop\3wloftrm.exe
[2010.12.26 14:25:09 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.12.25 19:03:17 | 000,002,710 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2010.12.25 19:03:03 | 000,001,349 | ---- | C] () -- C:\Users\***\Desktop\muzzle_texture4.png
[2010.12.25 17:25:33 | 000,444,416 | ---- | C] () -- C:\Users\***\Desktop\desert_eagle.txd
[2010.12.25 16:21:19 | 000,001,271 | ---- | C] () -- C:\Users\***\Desktop\bloodpool_64.png
[2010.12.25 00:20:30 | 000,000,354 | ---- | C] () -- C:\Users\***\Desktop\radar_centre.png
[2010.12.24 23:47:43 | 000,002,162 | ---- | C] () -- C:\Users\***\Desktop\ENBSeries Configurator for GTA San Andreas.lnk
[2010.12.24 23:45:15 | 004,866,209 | ---- | C] () -- C:\Users\***\Desktop\SAStreamMemFix.rar
[2010.12.24 23:45:04 | 001,443,095 | ---- | C] () -- C:\Users\***\Desktop\ENB-Series-Configurator.rar
[2010.12.24 22:29:52 | 000,000,256 | ---- | C] () -- C:\Users\***\Desktop\siteM16.png
[2010.12.24 22:25:31 | 000,000,287 | ---- | C] () -- C:\Users\***\Desktop\radardisc.png
[2010.12.24 22:22:43 | 000,430,455 | ---- | C] () -- C:\Users\***\Desktop\txdworkshop40.rar
[2010.12.24 15:47:31 | 000,830,065 | ---- | C] () -- C:\Users\***\Desktop\3304_1122614819_Faggio.zip
[2010.12.24 15:46:18 | 000,148,442 | ---- | C] () -- C:\Users\***\Desktop\11447_Stage 6 Aerox Engine Sounds.rar
[2010.12.24 15:05:57 | 000,001,871 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.12.24 15:05:57 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.12.24 13:10:55 | 000,331,828 | ---- | C] () -- C:\Users\***\Desktop\undercover hud addon.rar
[2010.12.23 22:12:15 | 000,033,115 | ---- | C] () -- C:\Users\***\Desktop\Logs.zip
[2010.12.23 22:04:18 | 000,030,547 | ---- | C] () -- C:\Users\***\Desktop\Log Dateien.zip
[2010.12.23 22:00:59 | 000,030,419 | ---- | C] () -- C:\Users\***\Desktop\Log Dateien.rar
[2010.12.23 21:20:28 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.23 20:25:51 | 385,498,455 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.12.23 10:52:54 | 009,408,623 | ---- | C] () -- C:\Users\***\Desktop\sa-downgrade patch 0.3.1.rar
[2010.12.16 22:13:22 | 000,001,624 | ---- | C] () -- C:\Users\***\Desktop\Deamon Tools.lnk
[2010.12.16 22:12:41 | 000,000,705 | ---- | C] () -- C:\Users\***\Desktop\Mafia.lnk
[2010.12.16 19:57:03 | 000,646,095 | ---- | C] () -- C:\Users\***\Desktop\knifem9probisiiiww.rar
[2010.12.05 08:56:00 | 000,233,472 | ---- | C] () -- C:\Windows\System32\MafiaSetup.exe
[2010.12.05 08:47:09 | 2139,502,592 | ---- | C] () -- C:\Users\***\Desktop\sd-maf.iso
[2010.11.26 18:57:30 | 005,180,072 | ---- | C] () -- C:\Programme\KATALYST.EXE
[2010.11.26 18:57:30 | 000,022,862 | ---- | C] () -- C:\Programme\README.TXT
[2010.11.26 18:57:30 | 000,002,483 | ---- | C] () -- C:\Programme\POSTAL.INI
[2010.11.26 18:57:29 | 001,020,416 | ---- | C] () -- C:\Programme\POSTAL.EXE
[2010.11.26 18:57:29 | 000,008,718 | ---- | C] () -- C:\Programme\DEISL1.ISU
[2010.11.26 18:57:29 | 000,005,832 | ---- | C] () -- C:\Programme\WEBULLET.HTM
[2010.11.26 18:57:29 | 000,000,460 | ---- | C] () -- C:\Programme\WB.INI
[2010.11.11 16:55:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.11.03 19:31:07 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010.10.09 13:27:23 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.09 13:27:21 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.05.24 22:18:13 | 000,024,206 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2010.05.10 13:12:53 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2010.05.02 09:07:24 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.04.07 14:37:23 | 000,022,328 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2010.04.05 21:12:55 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.04.05 12:49:31 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.04.05 12:49:04 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.04.01 13:18:42 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.03.31 19:11:02 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010.03.28 04:37:33 | 000,000,552 | ---- | C] () -- C:\Users\***\AppData\Local\d3d8caps.dat
[2010.03.18 11:51:23 | 000,462,249 | ---- | C] () -- C:\Users\***\AppData\Roaming\SMW SRPI SNES.ips
[2010.03.03 04:06:00 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.01.25 16:46:51 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.01.16 19:49:22 | 000,040,960 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.07.24 09:02:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.06.12 20:36:38 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.04.12 07:41:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.04.12 07:30:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004.02.27 16:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
 
========== LOP Check ==========
 
[2010.10.24 17:41:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2010.10.12 20:59:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avnex
[2010.12.23 03:31:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BITS
[2010.01.25 17:19:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.11.28 20:00:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations
[2010.12.24 23:49:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ENBSeries Configurator for GTA San Andreas
[2010.11.03 19:31:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FlashGet
[2010.11.03 19:30:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FlashGetBHO
[2010.11.14 15:01:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2010.12.25 11:34:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.12.24 15:12:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HLSW
[2010.05.24 22:18:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2010.01.17 09:02:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\runic games
[2010.03.14 17:17:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\smc
[2010.04.08 23:10:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2010.04.08 23:08:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony Setup
[2010.07.29 14:25:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SPORE
[2010.01.17 13:08:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion
[2010.02.25 15:49:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.05.15 16:14:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teeworlds
[2010.02.17 14:19:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Creative Assembly
[2010.06.27 19:24:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2010.04.23 18:25:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TubeBox
[2010.10.10 12:11:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2010.04.01 13:04:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue
[2010.07.15 13:05:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Unity
[2010.06.19 10:03:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Warsow 0.5
[2010.10.07 20:55:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WindSolutions
[2010.12.26 22:44:22 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Code:
OTL Extras logfile created on: 27.12.2010 01:35:04 - Run 1
OTL by OldTimer - Version 3.2.18.0    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581,17 Gb Total Space | 240,55 Gb Free Space | 41,39% Space Free | Partition Type: NTFS
Drive D: | 14,99 Gb Total Space | 2,79 Gb Free Space | 18,64% Space Free | Partition Type: FAT32
Drive H: | 4,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18D8B309-1F10-43AF-BD58-816B23D2BA85}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server |
"{60185C11-81FD-44E2-8829-D72BE8E97C54}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) |
"{77881CE2-49D0-4300-B296-7584E61D9171}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{79F9F2B1-FFDB-4B94-9E92-33E7F5A9BEBA}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{A92A184E-2EDF-45F8-9781-D7B9EEEF1089}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{BFCC54E2-8064-4110-B1A6-AF39C16AF4C1}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) |
"{F4E97F4F-1827-4A2C-A878-8FAA9BE7560E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{FFD5E3EA-0C01-4DBF-A65F-1D7B3ADC1B17}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0015B30F-2C2E-43BE-A908-A16F66E3F83A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{019A3477-E66C-4603-9E3A-DCE9FDFA34D6}" = protocol=6 | dir=in | app=c:\starcraft ii\starcraft ii.exe |
"{04A7C978-F044-4FD4-8D5F-E9FBC5C5FE1E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{075ED6B4-9D3E-4297-8B85-C90A709D2C5D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{084A3554-9D06-4EFC-8959-A69BA0A9E3DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B7AAD56-7B6D-4D29-8E41-C363620B153F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0CDF5960-7FD7-406D-96AD-7061F8E7D2C9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0F04B2F1-707D-41AE-A384-566DB9B29222}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{0F404EA9-3F07-4667-A789-4A7E9C9E2709}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{11F8D904-0456-46B0-BD7B-E72DD9EAD9DB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D8C49FC-EB02-4CC8-A96A-8A229B39BA5F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2391E4BF-D0B5-49AA-A738-FE9086DDB235}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{24B9FD5B-9A3F-4C11-9D59-75BE7985E484}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{269A4FCF-1E07-4531-A252-A174A97AC02A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{27C03EE0-0C58-4C73-82E4-EA736998F478}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{28A602AD-6EAF-4478-87A4-F8A88A21070F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{29C59390-C436-4B84-BBFD-0682CB9BB551}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{30007948-BD6D-4347-BFAA-379731AA9DFC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3000EFBB-095C-490B-A9DC-021F1AB4541C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw.exe |
"{31FB10EE-957B-4746-A23E-F9D0FC389A1F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe |
"{320C7255-94E8-4CAF-AB2C-E16834D16EE9}" = protocol=6 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe |
"{332A233B-B2F3-4DC8-8EA5-F3FCB30F5895}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{37047DE3-7AFC-4201-A489-506BCC9A4CEF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3862D832-BAE1-46A8-A8CE-6F495B6F8EAA}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{3A4AE8C6-E383-40B4-94E4-CC025828F2E2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\help.htm |
"{3D7ED399-2B0D-42EF-A847-DD23556A17ED}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\help.htm |
"{3DFB454E-E253-490E-8817-7884C1F5A909}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4163060A-2CE9-4F79-AAA1-0FCDC52B53CB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\satansdevil\day of defeat\hl.exe |
"{418CE828-7DE0-4079-8577-72CD5267F8B3}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{47587DFB-9FD1-4B3D-8547-E40AE6C132B8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torched\editor.exe |
"{490211D8-AD58-4ABE-8086-1660E7C6B324}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5694E7C5-9FF9-4CCE-8D76-54CC5DDA8FF6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57ACC302-6672-49C4-8926-5170A629CA18}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw.exe |
"{5838F3FC-919B-4C6E-ABE8-FBA1BB05B5D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D52019D-1325-409E-BB9A-025DF89295B5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5DDB32D2-A019-4214-BEB8-9B4B3B0BE92C}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{5DE62AF9-E7CC-480A-888F-CAA22BD5E5D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{60DF8CF5-6804-4E26-B125-0275F6CC3BEF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{630617CF-9BC1-4729-ADE4-0D7A28B04E28}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{661F07DD-C536-4834-8663-39658DF38C80}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest immortal throne\help.htm |
"{67354739-9435-471F-9741-3C6C786FB1A6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{67521540-DDEB-4E98-8C50-78FC948445A2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\satansdevil\day of defeat\hl.exe |
"{795C97F8-A0F0-4379-831C-05E83EAE9C5C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C54F273-DE94-4992-8CF2-F19186562C2A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7F4EA9FA-D2F1-4A20-B574-5B48B4B5A100}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7FB79324-EEDB-477A-AD42-241BBE4F6B4E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{83B18C70-4E8E-4B86-88BA-A33EEC073C83}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{83F9FA0C-6EA1-4912-82B0-DB378A8FF663}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8400D72A-3DBE-4209-AF6E-24130861A2D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{84D933F7-5F34-47BC-96D1-DA6DF116E75E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A99ADF7-3C63-43B9-9912-BF3BF91D172A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BD2374E-CBBA-48A9-A685-F908D2DA541B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest immortal throne\help.htm |
"{8BEF610C-0359-4A45-91ED-F8D2C3BF0DC3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8DB1D253-6DE8-4362-8529-A422FDEF86E1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\satansdevil\garrysmod\hl2.exe |
"{8E86D4FC-C764-4346-B93C-09323B8CD204}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{927CB7BD-D2E0-4943-ADFA-B7A708C3A550}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{94638789-C49C-48B4-8084-24440A415618}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{97122998-E718-47FE-B957-81AA96BEEB5D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{98477BA8-2D27-483D-8237-A8948ABC0ECE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{98EE0D59-D4BE-4FC1-9030-245A5A7B0DAD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trine\trine_launcher.exe |
"{9D7B9A3B-0B9F-4CD2-BFD1-EFD1D4522A0F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9DB41C33-56C1-43CF-A2AB-2E7098270090}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9DF25309-D057-4D2F-9948-5A44C7A11F8D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest immortal throne\tqit.exe |
"{9E2B576C-2892-403B-B0EF-0A6F20673ADF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trine\trine_launcher.exe |
"{A647D6E6-7BBF-4175-95E6-368F6A34FB87}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A93092A0-C85E-431A-828C-8F088A7AF84B}" = protocol=17 | dir=in | app=c:\starcraft ii\starcraft ii.exe |
"{AECF544E-DD0B-4DE3-A1C5-CE03BF27A8A6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AED8C1C0-1918-4EFF-B72E-74C3A0EE4F58}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest immortal throne\tqit.exe |
"{AF216EE2-521A-4BA4-8E20-996CC5382DA9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{B58837F3-3D9D-4901-BFD8-9B3B52DB34F0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B64B01CF-0CC3-4870-B779-0F90FEDB6639}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B8D68992-B9D1-4B95-AF1B-7A11DB5B0651}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\satansdevil\garrysmod\hl2.exe |
"{BA789A8F-47BF-4EF2-A3E1-B7D5FE34A454}" = protocol=17 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe |
"{BC9FACD4-BAA8-4D0E-9176-EDECF3CECAE2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{C5C802C9-7280-4E60-A19A-D2E735B9C1FD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{CC4D1298-CE1F-4418-B824-64D0C9FCDCFC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD09CE19-5BE4-406E-B8D9-B686903BF022}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D0120BF9-49D8-461B-B637-B431C0D57FBA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{D1668BF5-3F95-4768-906B-CDD7B9134559}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5BC38ED-3D08-4472-BF52-3416BEA78839}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5E1EB80-E488-4689-9C8E-8A69C502B61E}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{D5E4BCD6-AE50-45E0-A297-9DFD6036FACA}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{DCD2D5D4-407C-4A11-B4DE-70AA959E51F4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DDD7B56B-DDA3-49C6-9D88-75E6BCCE7590}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{E356EADC-4DBC-426C-A21A-71DDCD882967}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E3EFEBC3-E137-4213-B262-68C75785AA06}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E88CF489-A548-451B-94CD-1949E96C2CAA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torched\editor.exe |
"{E92A05F7-052B-4ADA-AC96-78DEDF0777F7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe |
"{ECAE8295-A0A4-4FE2-9060-6D3A5603E86C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED9C17F4-9E77-4A69-A4E6-E8C2DBBB5CEB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F6EAAB43-C41F-4EFF-8A2A-331EE16A91D2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{FA7B874D-2C26-4EAE-BC0F-5FDFFDB2721D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"TCP Query User{00FBF39C-E456-4676-89AA-3CE1B0E92D9E}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{0B00423C-14F0-4355-8352-E10F3DA36B59}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{14B3D75E-AED7-4ABB-9B1C-97F87E5901D0}C:\users\public\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\launcher.exe |
"TCP Query User{3C9CD4E3-BEFF-4E2C-A002-475EAF823ADE}C:\program files\steam\steamapps\common\titan quest\titan quest.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\titan quest.exe |
"TCP Query User{4219818A-225D-42A1-86FF-599B56EF760D}C:\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\starcraft\starcraft.exe |
"TCP Query User{5DF21010-E94B-42C3-97C5-B0478348FDA3}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{779332E5-E980-4D83-83EF-831138F025D6}C:\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\starcraft ii\versions\base16605\sc2.exe |
"TCP Query User{C50E8E54-17B6-4F2A-A50D-01DA802DD7E2}C:\program files\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"TCP Query User{CC7A1841-6F23-4D37-9CD6-C8B0EDBB495C}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe.exe |
"TCP Query User{DC26D9A1-E676-4691-B886-77F5A234304D}C:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{DE70B447-D396-490F-BA54-49F311DE6D75}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{DE84835B-EC48-40EB-8CE5-41E416450DD8}C:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{FD6C44BC-4A25-41A9-B8D8-7DD9F05A1A62}C:\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=c:\starcraft ii\versions\base16561\sc2.exe |
"UDP Query User{1409DF71-9998-41E8-90CD-33DDD54D9157}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{303A4053-CBB9-40F9-86E8-D5780E63050D}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{35B57E77-41E3-43BD-90A8-5C6489B43068}C:\users\public\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\launcher.exe |
"UDP Query User{3A026671-C200-4A50-B999-2A6E234A275F}C:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{5F9EA9E9-4C91-4659-9C7D-5B4D1FB9EB86}C:\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\starcraft\starcraft.exe |
"UDP Query User{600B51AD-3439-4885-A9D7-EAFC73203825}C:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{9054F45D-FC3F-431E-AE66-2BC04FC87B2B}C:\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=c:\starcraft ii\versions\base16561\sc2.exe |
"UDP Query User{97F16B50-4249-40EF-B923-DA6BF9D67C3C}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{AC8A45D4-D32E-4706-AB49-E1C5B41CF89E}C:\program files\steam\steamapps\common\titan quest\titan quest.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\titan quest.exe |
"UDP Query User{B40390C6-9C4B-4014-A2B4-3B4158959097}C:\program files\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"UDP Query User{BCBB972E-6791-411C-AD20-DCF4CD170BEC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{DD97E332-F69B-4CA3-B3C6-9876BE8CB927}C:\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\starcraft ii\versions\base16605\sc2.exe |
"UDP Query User{FADBA5B6-08B4-4274-8E08-CD430E29F5DE}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{090EFAEF-E0C1-5311-7A96-817BC18B43BB}" = ccc-utility
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{19666E73-D9E5-44D4-8F33-037ED151ECBC}" = Firebird SQL Server - MAGIX Edition
"{1BF43B74-1EDE-060E-A612-56A116A381F8}" = Catalyst Control Center Core Implementation
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.5
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 21
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{437220AC-2A97-8338-E012-74B8DF30E9DA}" = Catalyst Control Center InstallProxy
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4E2CD272-0F2F-98EA-9596-510EF0D24E28}" = ccc-core-static
"{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin Wireless USB Adapter Setup
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72C02F89-9E8E-2DBD-11D7-EB5F075FE081}" = Catalyst Control Center Graphics Previews Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{783C086A-159E-4E45-B42C-F6E2C4FB14C0}" = ENBSeries Configurator for GTA San Andreas
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DB77BE4-629D-458D-BD68-9F36667C2177}" = TubeBox!
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C19FFB1-25FC-43FC-AC78-919E5E2A6DD0}" = TortoiseSVN 1.6.6.17493 (32 bit)
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"{9DD16C0E-B9E7-417C-0C30-E57916C353E3}" = CCC Help English
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A1E1D1EE-3F04-CC1A-8498-0D48463F579D}" = Catalyst Control Center Localization All
"{A680643A-1155-02F6-6B29-BF4FBA1190E8}" = Catalyst Control Center Graphics Full Existing
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{ABB6F00C-9722-82C2-FE1E-893313CCF612}" = Catalyst Control Center Graphics Light
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{B04836D8-4170-D430-6297-3DD084AAEC09}" = Catalyst Control Center Graphics Full New
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BCC78381-4B63-5352-BF57-BDBF7A77823A}" = Catalyst Control Center HydraVision Full
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE03D1DC-FD8D-2F5C-5FAD-02570BA0383B}" = Catalyst Control Center InstallProxy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{DF181652-D4F9-7D64-AED8-57D31E8D0410}" = Media Go Video Playback Engine 1.32.101.05130
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EE02955B-74BC-3995-6B67-2A9D1651D4F5}" = Catalyst Control Center Graphics Previews Vista
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F34D6DAE-7777-5C40-E143-8A0D6A048F75}" = ATI Catalyst Install Manager
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.04 beta
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Active WebCam" = Active WebCam
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AutoHotkey" = AutoHotkey 1.0.48.05
"AV Voice Changer Software GOLD 7.0" = AV Voice Changer Software GOLD 7.0
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EA Download Manager" = EA Download Manager
"EAX Unified" = EAX Unified
"FlashGet 3.5" = FlashGet 3.5
"Fraps" = Fraps (remove only)
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.10
"GAMI (Gta-Action Mod-Installer)" = GAMI (Gta-Action Mod-Installer)
"HijackThis" = HijackThis 2.0.2
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"JDownloader" = JDownloader
"Mafia" = Mafia
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Postal 2 Apocalypse Weekend Expansion Pack" = Postal 2 Apocalypse Weekend Expansion Pack
"Postal 2 Share The Pain" = Postal 2 Share The Pain
"PROHYBRIDR" = 2007 Microsoft Office system
"RPGAdvocates_RTP_1.0" = Common RTP 1.0
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 240" = Counter-Strike: Source
"Steam App 30" = Day of Defeat
"Steam App 300" = Day of Defeat: Source
"Steam App 35700" = Trine
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 41500" = Torchlight
"Steam App 41520" = Torchlight Editor
"Steam App 440" = Team Fortress 2
"Steam App 4540" = Titan Quest
"Steam App 4550" = Titan Quest: Immortal Throne
"Steam App 4700" = Medieval II: Total War
"Steam App 4760" = Rome: Total War - Gold Edition
"Steam App 630" = Alien Swarm
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.9
"VRS" = VRS Recording System
"VTFEdit_is1" = VTFEdit 1.2.5
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Darth Mod M2TW 1.4D" = Darth Mod M2TW 1.4D
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.12.2010 06:06:38 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 26.12.2010 11:19:15 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 26.12.2010 11:23:52 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 26.12.2010 17:31:23 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 26.12.2010 17:47:04 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 26.12.2010 17:56:07 | Computer Name = ***-PC | Source = EventSystem | ID = 4609
Description =
 
Error - 26.12.2010 17:56:48 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 26.12.2010 17:58:00 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung 3wloftrm.exe, Version 1.0.15.15530, Zeitstempel
 0x4cd7c3b7, fehlerhaftes Modul 3wloftrm.exe, Version 1.0.15.15530, Zeitstempel
0x4cd7c3b7, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c551,  Prozess-ID 0x6dc, Anwendungsstartzeit
 01cba547d7a00ad3.
 
Error - 26.12.2010 18:01:19 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 26.12.2010 19:01:59 | Computer Name = ***-PC | Source = VSS | ID = 8194
Description =
 
[ System Events ]
Error - 26.12.2010 17:56:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 26.12.2010 17:56:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 26.12.2010 17:56:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 26.12.2010 17:56:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 26.12.2010 17:56:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 26.12.2010 17:56:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 26.12.2010 17:56:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 26.12.2010 17:56:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 26.12.2010 18:01:20 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 26.12.2010 18:01:20 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >

rea 27.12.2010 02:34
Danke und bis später :)

rea 27.12.2010 18:05
Du nutzt den IE 9? Ist das ne Beta? Normalerweise ist ja der IE 8 der aktuelle.


1.) Fixen mit OTL
  • Starte bitte die OTL.exe.
    Vista-&Win7-User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt der folgenden Codebox in die Benutzerdefinierte Scans/Fixes - Textbox.

    Denke daran, vor dem Fix die **** wieder in deinen Benutzernamen zu ändern!!!

    Code:
    :OTL
    FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    [2010.04.21 14:59:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}-trash
    O32 - AutoRun File - [2005.02.25 16:24:44 | 000,000,051 | R--- | M] () - H:\autorun.inf -- [ UDF ]
    File not found -- C:\Users\***\Desktop\Detektiv Keybinder by Pablo
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf OK.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.





2.) Desinfizierung/Absicherung externer Medien

Lade Dir den Flash Disinfector von sUBs und speichere Flash_Disinfector.exe auf Deinem Desktop ab.
Gehe nun wie folgt vor:

1. Trenne den Rechner physikalisch vom Netz.
2. Deaktiviere den Hintergrundwächter deines AVP.
3. Schließe jetzt alle externe Datenträgeran Deinen Rechner an.
4. Starte den Flash Disinfector mit einem Doppelklick und folge ggf. den Anweisungen.
5. Wenn der Scan zuende ist, kannst du das Programm schließen.
6. Starte Deinen Rechner neu.

Hinweis:
Flash Disinfector desinfiziert all Deine Laufwerke von Autoruninfektionen und erstellt einen versteckten Ordner mit demselben Namen, so dass dein Datenträger in Zukunft vor dieser Infektion geschützt ist.
Während dem Scan wird Dein Desktop kurzfristig verschwinden und dann wiederkommen. Das ist normal.





3.) Hijackthis
Du benutzt eine nicht aktuelle Version, die neueste ist HijackThis 2.0.4.
Deinstalliere Hijackthis und lade dir zb HIER die neueste Version 2.0.4. und installiere es.





4.) Java aktualisieren
Deine Javaversion ist nicht aktuell. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, deinstalliere zunächst alle vorhandenen Java-Versionen über Systemsteuerung => Software => deinstallieren. Starte den Rechner neu.
Downloade nun die Offline-Version von Java Version 6 Update 23 von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.





5.) Sicherheitsrisiko Adobe Arcrobat Reader

Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Wir empfehlen daher, die alte Version über Systemsteuerung => Software zu deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Starte den Rechner neu und downloade den aktuellen Acrobat-Reader X herunter und installiere ihn.

Da der Adobe Acrobat Reader immer häufiger für gezielte Verbreitung von Malware genutzt wird, schlage ich vor, stattdessen einen alternativen PDF-Anzeiger zu nutzen, beispielsweise kannst Du den Foxit PDF Reader installieren. Er ist "schlanker" und benutzt weniger Resourcen. Achte bei der Installation unbedingt darauf, dass die Ask-Toolbar und/oder Foxit-Toolbar bzw. Sponsoren nicht mitinstalliert werden (ggfs. sofort über Systemsteuerung => Software wieder deinstallieren).



Erstelle und poste mir abschliessend wieder zwei neue OTL-Logfiles.

Brauny 28.12.2010 00:31
Flash disinfector will bei mir nicht starten, Java und Adobe sind nun aufm neusten Stand.Und ja beim IE 9 handelt es sich um eine Beta, aber das ist Nebensache da ich keinen IE benutze sondern lieber Firefox.

Hier die Logs:

Code:
All processes killed
========== OTL ==========
Prefs.js httpsearch.babylon.comweb{searchTerms}babsrc=browsersearch&ai=13054 removed from browser.search.defaulturl
Prefs.js Search the web (Babylon) removed from browser.search.order.1
CUsersBraunyAppDataRoamingmozillaFirefoxProfilesfr2rqa3m.defaultextensions{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}-trashcomponents folder moved successfully.
CUsersBraunyAppDataRoamingmozillaFirefoxProfilesfr2rqa3m.defaultextensions{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}-trashchrome folder moved successfully.
CUsersBraunyAppDataRoamingmozillaFirefoxProfilesfr2rqa3m.defaultextensions{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}-trash folder moved successfully.
File move failed. Hautorun.inf scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User All Users
 
User Brauny
-Temp folder emptied 944774 bytes
-Temporary Internet Files folder emptied 814556 bytes
-Java cache emptied 0 bytes
-FireFox cache emptied 95839402 bytes
-Google Chrome cache emptied 0 bytes
-Flash cache emptied 848 bytes
 
User Default
-Temp folder emptied 0 bytes
-Temporary Internet Files folder emptied 0 bytes
-Flash cache emptied 0 bytes
 
User Default User
-Temp folder emptied 0 bytes
-Temporary Internet Files folder emptied 0 bytes
-Flash cache emptied 0 bytes
 
User Public
 
%systemdrive% .tmp files removed 0 bytes
%systemroot% .tmp files removed 0 bytes
%systemroot%System32 .tmp files removed 0 bytes
%systemroot%System32drivers .tmp files removed 0 bytes
Windows Temp folder emptied 526872 bytes
RecycleBin emptied 0 bytes
 
Total Files Cleaned = 94,00 mb
 

 
OTL by OldTimer - Version 3.2.18.0 log created on 12272010_213011

FilesFolders moved on Reboot...
File move failed. Hautorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Brauny 28.12.2010 00:34
Code:
OTL logfile created on: 28.12.2010 00:41:13 - Run 3
OTL by OldTimer - Version 3.2.18.0    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581,17 Gb Total Space | 233,36 Gb Free Space | 40,15% Space Free | Partition Type: NTFS
Drive D: | 14,99 Gb Total Space | 2,79 Gb Free Space | 18,64% Space Free | Partition Type: FAT32
Drive H: | 4,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.26 22:42:14 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2010.11.19 15:32:52 | 000,743,232 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010.11.19 15:31:52 | 001,051,968 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2010.09.01 07:39:18 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.06.10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.03.26 17:02:56 | 008,546,848 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2010.03.03 05:12:32 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.03.03 05:11:58 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.10.20 00:11:52 | 000,616,712 | ---- | M] (hxxp://tortoisesvn.net) -- C:\Programme\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.10 22:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.02.23 10:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008.12.16 09:52:02 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Shared\Database2\bin\FABS.exe
PRC - [2008.11.24 21:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.11.24 21:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2006.10.26 12:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe
PRC - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.26 22:42:14 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Cyberlink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2010.12.24 15:06:02 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.11.19 15:31:52 | 001,051,968 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.11.19 15:29:54 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.11.05 19:44:16 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.08.18 00:49:16 | 000,797,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010.06.10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.05.06 08:10:22 | 000,361,120 | ---- | M] (Kaspersky Lab) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe -- (AVP)
SRV - [2010.03.18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2010.03.03 05:11:58 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.02.23 10:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008.12.16 09:52:02 | 001,155,072 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Shared\Database2\bin\FABS.exe -- (Fabs)
SRV - [2008.10.21 14:50:00 | 000,548,864 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2008.08.07 09:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\Database2\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\AmdLLD.sys -- (AmdLLD)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\DRIVERS\amdide.sys -- (amdide)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2010.11.25 06:59:16 | 000,541,800 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010.10.09 13:27:23 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.10.09 13:27:21 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.10.08 20:44:38 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010.03.26 17:24:58 | 003,048,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010.03.03 05:22:26 | 005,340,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2010.03.03 04:07:16 | 000,152,064 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.02.24 13:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.01.25 16:55:07 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.12.20 10:53:32 | 000,234,016 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.10.14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\klbg.sys -- (klbg)
DRV - [2009.10.02 18:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.09.23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.09.14 13:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009.09.01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009.05.20 17:04:40 | 000,157,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.12.26 11:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008.09.26 12:30:54 | 000,651,264 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2008.04.28 14:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.03.27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.autohotkey.com/docs/Tutorial.htm"
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.747
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 19:35:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.28 00:02:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\THBExt [2010.10.08 20:45:48 | 000,000,000 | ---D | M]
 
[2010.01.16 22:31:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.12.28 00:05:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions
[2010.04.27 15:26:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.14 14:39:01 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.12.24 21:32:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.11.03 19:31:51 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2010.04.27 15:26:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\youtube2mp3@mondayx.de
[2010.03.10 18:05:01 | 000,002,288 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\fr2rqa3m.default\searchplugins\call-of-duty-wiki-en.xml
[2010.12.05 20:51:42 | 000,002,062 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\fr2rqa3m.default\searchplugins\qip-search.xml
[2010.12.28 00:00:40 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.18 02:48:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.12.28 00:00:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.10.08 20:47:04 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.12.27 23:59:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.12.28 00:01:22 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010.07.22 13:44:58 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.21 14:00:00 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2010.07.22 13:44:58 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.22 13:44:58 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.22 13:44:58 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.22 13:44:58 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\***\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: 使用快车3下载 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.02.25 16:24:44 | 000,000,051 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{5f0589ac-02cd-11df-96cc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5f0589ac-02cd-11df-96cc-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Installer.exe -- File not found
O33 - MountPoints2\{645b992f-c8dd-11df-bb74-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{645b992f-c8dd-11df-bb74-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Install.exe -- [2004.10.21 19:38:02 | 000,126,976 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{fa799ce1-09cb-11df-a2a2-002421e021bd}\Shell - "" = AutoRun
O33 - MountPoints2\{fa799ce1-09cb-11df-a2a2-002421e021bd}\Shell\AutoRun\command - "" = J:\MafiaLauncher.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.28 00:02:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Foxit
[2010.12.28 00:01:53 | 000,000,000 | ---D | C] -- C:\Programme\Foxit Software
[2010.12.28 00:00:39 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.12.28 00:00:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.12.28 00:00:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.12.27 23:50:19 | 003,738,880 | ---- | C] (Foxit Software) -- C:\Users\***\Desktop\FoxitReader30_enu_Setup.exe
[2010.12.27 23:44:53 | 016,795,424 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\***\Desktop\jre-6u23-windows-i586-s.exe
[2010.12.27 22:43:36 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\hijackthis(2).exe
[2010.12.27 00:15:20 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\RootRepeal
[2010.12.27 00:13:26 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\avira_antirootkit
[2010.12.27 00:06:33 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\osam_autorun_manager_version_portable
[2010.12.26 22:43:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.12.26 22:42:12 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.12.26 14:25:08 | 000,000,000 | ---D | C] -- C:\Programme\TeamSpeak 3 Client
[2010.12.26 14:23:51 | 013,326,816 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Users\***\Desktop\TeamSpeak3-Client-win32-3.0.0-beta36.exe
[2010.12.24 23:47:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ENBSeries Configurator for GTA San Andreas
[2010.12.24 23:47:43 | 000,000,000 | ---D | C] -- C:\Programme\ENBSeries Configurator for GTA San Andreas
[2010.12.24 22:23:11 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\TXD Workshop
[2010.12.24 15:06:08 | 000,030,528 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010.12.24 15:06:05 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.12.24 15:06:05 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.12.24 15:05:27 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2010
[2010.12.24 15:01:23 | 019,904,832 | ---- | C] (TuneUp Software) -- C:\Users\***\Desktop\TU2010TrialDE.exe
[2010.12.23 21:20:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.12.23 21:20:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.23 21:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.23 21:20:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.23 21:20:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.12.23 21:17:53 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup.exe
[2010.12.23 20:50:14 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis.exe
[2010.12.23 12:18:59 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.12.23 12:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.12.23 10:55:41 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\GTA San Andreas User Files
[2010.12.23 10:38:22 | 000,000,000 | ---D | C] -- C:\Programme\Rockstar Games
[2010.12.23 10:29:32 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\alle
[2010.12.23 10:17:20 | 000,000,000 | ---D | C] -- C:\Programme\GAMI
[2010.12.21 15:23:59 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Kakawurst
[2010.12.17 08:37:34 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Hitman Blood Money
[2010.12.17 08:28:38 | 000,000,000 | ---D | C] -- C:\Programme\Eidos
[2010.12.17 08:17:14 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Hitman iso
[2010.12.17 08:16:12 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Hitman
[2010.12.16 22:40:41 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\test
[2010.12.16 13:01:37 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\DVDVideoSoft
[2010.12.16 13:01:28 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2010.12.16 13:01:28 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft
[2010.12.15 16:08:51 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.15 16:08:43 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.15 16:08:41 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.15 16:08:40 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.15 16:08:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.15 16:07:17 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.15 16:07:17 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.15 16:07:17 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.15 16:07:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.14 09:52:57 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.12.11 09:42:03 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\sacamhack12
[2010.12.11 09:36:22 | 001,227,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dx8vb.dll
[2010.12.08 16:09:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Divinity 2
[2010.12.07 23:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Divinity 2
[2010.12.07 23:10:28 | 000,000,000 | ---D | C] -- C:\Programme\Divinity II - Ego Draconis
[2010.12.05 20:50:50 | 000,000,000 | ---D | C] -- C:\Programme\QIP 2010
[2010.12.05 08:58:39 | 000,000,000 | ---D | C] -- C:\Programme\Mafia
[2010.12.05 08:56:01 | 000,139,264 | ---- | C] (Creative Technology Ltd) -- C:\Windows\System32\eax.dll
[2010.12.05 08:56:01 | 000,000,000 | ---D | C] -- C:\Programme\Creative
[2010.12.05 08:55:59 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010.12.03 18:14:56 | 000,000,000 | ---D | C] -- C:\Programme\Postal2
[2010.11.30 23:19:04 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2010.11.30 23:16:10 | 000,000,000 | ---D | C] -- C:\Programme\Postal2STP
[2010.11.28 20:00:45 | 000,000,000 | ---D | C] -- C:\Programme\osu!
[2010.11.28 20:00:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Downloaded Installations
[2010.11.26 18:57:29 | 000,254,464 | ---- | C] (Mpath Interactive) -- C:\Programme\MPLAYNOW.EXE
[2007.03.12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2005.11.23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.28 00:41:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-125589784-1136540592-1035784495-1004UA.job
[2010.12.28 00:27:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.28 00:01:46 | 000,742,356 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.28 00:01:46 | 000,690,518 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.28 00:01:46 | 000,173,876 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.28 00:01:46 | 000,141,156 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.27 23:59:58 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.12.27 23:59:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.12.27 23:59:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.12.27 23:59:57 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.12.27 23:56:36 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.27 23:55:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.27 23:55:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.27 23:55:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.27 23:50:34 | 003,738,880 | ---- | M] (Foxit Software) -- C:\Users\***\Desktop\FoxitReader30_enu_Setup.exe
[2010.12.27 23:49:16 | 000,132,597 | ---- | M] () -- C:\Users\***\Desktop\Flash_Disinfector(2).exe
[2010.12.27 23:48:55 | 016,795,424 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\***\Desktop\jre-6u23-windows-i586-s.exe
[2010.12.27 23:35:33 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.12.27 22:44:17 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\hijackthis(2).exe
[2010.12.27 20:49:35 | 000,000,287 | ---- | M] () -- C:\Users\***\Desktop\test script.ahk
[2010.12.27 17:41:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-125589784-1136540592-1035784495-1004Core.job
[2010.12.27 14:50:06 | 000,207,143 | ---- | M] () -- C:\Users\***\Desktop\test script.exe
[2010.12.27 10:40:07 | 000,000,105 | ---- | M] () -- C:\Users\***\Desktop\hi.ahk
[2010.12.27 01:48:10 | 000,041,355 | ---- | M] () -- C:\Users\***\Desktop\Logs.zip
[2010.12.27 01:04:48 | 000,000,184 | ---- | M] () -- C:\Users\***\Desktop\Google.ahk
[2010.12.27 00:15:09 | 000,465,298 | ---- | M] () -- C:\Users\***\Desktop\RootRepeal.rar
[2010.12.27 00:13:00 | 000,089,324 | ---- | M] () -- C:\Users\***\Desktop\avira_antivir_antirootkit_en.zip
[2010.12.26 22:55:14 | 385,498,455 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.12.26 22:42:14 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.12.26 16:10:29 | 000,296,448 | ---- | M] () -- C:\Users\***\Desktop\3wloftrm.exe
[2010.12.26 14:25:09 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.12.26 14:24:50 | 013,326,816 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Users\***\Desktop\TeamSpeak3-Client-win32-3.0.0-beta36.exe
[2010.12.25 19:03:17 | 000,002,710 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2010.12.25 19:03:03 | 000,001,349 | ---- | M] () -- C:\Users\***\Desktop\muzzle_texture4.png
[2010.12.25 17:25:33 | 000,444,416 | ---- | M] () -- C:\Users\***\Desktop\desert_eagle.txd
[2010.12.25 16:21:19 | 000,001,271 | ---- | M] () -- C:\Users\***\Desktop\bloodpool_64.png
[2010.12.25 14:40:56 | 000,040,960 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.25 11:42:14 | 000,000,287 | ---- | M] () -- C:\Users\***\Desktop\radardisc.png
[2010.12.25 00:20:30 | 000,000,354 | ---- | M] () -- C:\Users\***\Desktop\radar_centre.png
[2010.12.25 00:19:02 | 000,000,256 | ---- | M] () -- C:\Users\***\Desktop\siteM16.png
[2010.12.24 23:46:11 | 004,866,209 | ---- | M] () -- C:\Users\***\Desktop\SAStreamMemFix.rar
[2010.12.24 23:45:25 | 001,443,095 | ---- | M] () -- C:\Users\***\Desktop\ENB-Series-Configurator.rar
[2010.12.24 22:22:44 | 000,430,455 | ---- | M] () -- C:\Users\***\Desktop\txdworkshop40.rar
[2010.12.24 15:47:31 | 000,830,065 | ---- | M] () -- C:\Users\***\Desktop\3304_1122614819_Faggio.zip
[2010.12.24 15:46:19 | 000,148,442 | ---- | M] () -- C:\Users\***\Desktop\11447_Stage 6 Aerox Engine Sounds.rar
[2010.12.24 15:05:57 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.12.24 15:05:57 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.12.24 15:02:59 | 019,904,832 | ---- | M] (TuneUp Software) -- C:\Users\***\Desktop\TU2010TrialDE.exe
[2010.12.24 13:10:56 | 000,331,828 | ---- | M] () -- C:\Users\***\Desktop\undercover hud addon.rar
[2010.12.23 22:42:54 | 000,381,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.23 22:04:18 | 000,030,547 | ---- | M] () -- C:\Users\***\Desktop\Log Dateien.zip
[2010.12.23 22:01:00 | 000,030,419 | ---- | M] () -- C:\Users\***\Desktop\Log Dateien.rar
[2010.12.23 21:20:28 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.23 21:20:09 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup.exe
[2010.12.23 20:50:39 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis.exe
[2010.12.23 10:54:04 | 009,408,623 | ---- | M] () -- C:\Users\***\Desktop\sa-downgrade patch 0.3.1.rar
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.16 22:13:32 | 000,001,624 | ---- | M] () -- C:\Users\***\Desktop\Deamon Tools.lnk
[2010.12.16 22:12:41 | 000,000,705 | ---- | M] () -- C:\Users\***\Desktop\Mafia.lnk
[2010.12.16 19:57:05 | 000,646,095 | ---- | M] () -- C:\Users\***\Desktop\knifem9probisiiiww.rar
[2010.12.11 09:36:27 | 001,227,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dx8vb.dll
[2010.12.08 20:16:57 | 000,114,243 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.12.08 20:16:57 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010.12.05 08:57:34 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
 
========== Files Created - No Company Name ==========
 
[2010.12.27 23:49:15 | 000,132,597 | ---- | C] () -- C:\Users\***\Desktop\Flash_Disinfector(2).exe
[2010.12.27 14:50:04 | 000,207,143 | ---- | C] () -- C:\Users\***\Desktop\test script.exe
[2010.12.27 14:33:58 | 000,000,287 | ---- | C] () -- C:\Users\***\Desktop\test script.ahk
[2010.12.27 01:53:04 | 000,000,105 | ---- | C] () -- C:\Users\***\Desktop\hi.ahk
[2010.12.27 00:46:12 | 000,000,184 | ---- | C] () -- C:\Users\***\Desktop\Google.ahk
[2010.12.27 00:15:08 | 000,465,298 | ---- | C] () -- C:\Users\***\Desktop\RootRepeal.rar
[2010.12.27 00:12:59 | 000,089,324 | ---- | C] () -- C:\Users\***\Desktop\avira_antivir_antirootkit_en.zip
[2010.12.26 16:10:28 | 000,296,448 | ---- | C] () -- C:\Users\***\Desktop\3wloftrm.exe
[2010.12.26 14:25:09 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.12.25 19:03:17 | 000,002,710 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2010.12.25 19:03:03 | 000,001,349 | ---- | C] () -- C:\Users\***\Desktop\muzzle_texture4.png
[2010.12.25 17:25:33 | 000,444,416 | ---- | C] () -- C:\Users\***\Desktop\desert_eagle.txd
[2010.12.25 16:21:19 | 000,001,271 | ---- | C] () -- C:\Users\***\Desktop\bloodpool_64.png
[2010.12.25 00:20:30 | 000,000,354 | ---- | C] () -- C:\Users\***\Desktop\radar_centre.png
[2010.12.24 23:45:15 | 004,866,209 | ---- | C] () -- C:\Users\***\Desktop\SAStreamMemFix.rar
[2010.12.24 23:45:04 | 001,443,095 | ---- | C] () -- C:\Users\***\Desktop\ENB-Series-Configurator.rar
[2010.12.24 22:29:52 | 000,000,256 | ---- | C] () -- C:\Users\***\Desktop\siteM16.png
[2010.12.24 22:25:31 | 000,000,287 | ---- | C] () -- C:\Users\***\Desktop\radardisc.png
[2010.12.24 22:22:43 | 000,430,455 | ---- | C] () -- C:\Users\***\Desktop\txdworkshop40.rar
[2010.12.24 15:47:31 | 000,830,065 | ---- | C] () -- C:\Users\***\Desktop\3304_1122614819_Faggio.zip
[2010.12.24 15:46:18 | 000,148,442 | ---- | C] () -- C:\Users\***\Desktop\11447_Stage 6 Aerox Engine Sounds.rar
[2010.12.24 15:05:57 | 000,001,871 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.12.24 15:05:57 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2010.12.24 13:10:55 | 000,331,828 | ---- | C] () -- C:\Users\***\Desktop\undercover hud addon.rar
[2010.12.23 22:12:15 | 000,041,355 | ---- | C] () -- C:\Users\***\Desktop\Logs.zip
[2010.12.23 22:04:18 | 000,030,547 | ---- | C] () -- C:\Users\***\Desktop\Log Dateien.zip
[2010.12.23 22:00:59 | 000,030,419 | ---- | C] () -- C:\Users\***\Desktop\Log Dateien.rar
[2010.12.23 21:20:28 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.23 20:25:51 | 385,498,455 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.12.23 10:52:54 | 009,408,623 | ---- | C] () -- C:\Users\***\Desktop\sa-downgrade patch 0.3.1.rar
[2010.12.16 22:13:22 | 000,001,624 | ---- | C] () -- C:\Users\***\Desktop\Deamon Tools.lnk
[2010.12.16 22:12:41 | 000,000,705 | ---- | C] () -- C:\Users\***\Desktop\Mafia.lnk
[2010.12.16 19:57:03 | 000,646,095 | ---- | C] () -- C:\Users\***\Desktop\knifem9probisiiiww.rar
[2010.12.05 08:56:00 | 000,233,472 | ---- | C] () -- C:\Windows\System32\MafiaSetup.exe
[2010.12.05 08:47:09 | 2139,502,592 | ---- | C] () -- C:\Users\***\Desktop\sd-maf.iso
[2010.11.26 18:57:30 | 005,180,072 | ---- | C] () -- C:\Programme\KATALYST.EXE
[2010.11.26 18:57:30 | 000,022,862 | ---- | C] () -- C:\Programme\README.TXT
[2010.11.26 18:57:30 | 000,002,483 | ---- | C] () -- C:\Programme\POSTAL.INI
[2010.11.26 18:57:29 | 001,020,416 | ---- | C] () -- C:\Programme\POSTAL.EXE
[2010.11.26 18:57:29 | 000,008,718 | ---- | C] () -- C:\Programme\DEISL1.ISU
[2010.11.26 18:57:29 | 000,005,832 | ---- | C] () -- C:\Programme\WEBULLET.HTM
[2010.11.26 18:57:29 | 000,000,460 | ---- | C] () -- C:\Programme\WB.INI
[2010.11.11 16:55:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.11.03 19:31:07 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010.10.09 13:27:23 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.09 13:27:21 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.05.24 22:18:13 | 000,024,206 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2010.05.10 13:12:53 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2010.05.02 09:07:24 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.04.07 14:37:23 | 000,022,328 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2010.04.05 21:12:55 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.04.05 12:49:31 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.04.05 12:49:04 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.04.01 13:18:42 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.03.31 19:11:02 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010.03.28 04:37:33 | 000,000,552 | ---- | C] () -- C:\Users\***\AppData\Local\d3d8caps.dat
[2010.03.18 11:51:23 | 000,462,249 | ---- | C] () -- C:\Users\***\AppData\Roaming\SMW SRPI SNES.ips
[2010.03.03 04:06:00 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.01.25 16:46:51 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.01.16 19:49:22 | 000,040,960 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.07.24 09:02:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.06.12 20:36:38 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.04.12 07:41:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.04.12 07:30:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004.02.27 16:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini

< End of report >
Code:
OTL Extras logfile created on: 28.12.2010 00:41:13 - Run 3
OTL by OldTimer - Version 3.2.18.0    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581,17 Gb Total Space | 233,36 Gb Free Space | 40,15% Space Free | Partition Type: NTFS
Drive D: | 14,99 Gb Total Space | 2,79 Gb Free Space | 18,64% Space Free | Partition Type: FAT32
Drive H: | 4,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18D8B309-1F10-43AF-BD58-816B23D2BA85}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server |
"{60185C11-81FD-44E2-8829-D72BE8E97C54}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) |
"{77881CE2-49D0-4300-B296-7584E61D9171}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{79F9F2B1-FFDB-4B94-9E92-33E7F5A9BEBA}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{A92A184E-2EDF-45F8-9781-D7B9EEEF1089}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{BFCC54E2-8064-4110-B1A6-AF39C16AF4C1}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) |
"{F4E97F4F-1827-4A2C-A878-8FAA9BE7560E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{FFD5E3EA-0C01-4DBF-A65F-1D7B3ADC1B17}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0015B30F-2C2E-43BE-A908-A16F66E3F83A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{019A3477-E66C-4603-9E3A-DCE9FDFA34D6}" = protocol=6 | dir=in | app=c:\starcraft ii\starcraft ii.exe |
"{04A7C978-F044-4FD4-8D5F-E9FBC5C5FE1E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{075ED6B4-9D3E-4297-8B85-C90A709D2C5D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{084A3554-9D06-4EFC-8959-A69BA0A9E3DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B7AAD56-7B6D-4D29-8E41-C363620B153F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0CDF5960-7FD7-406D-96AD-7061F8E7D2C9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0F04B2F1-707D-41AE-A384-566DB9B29222}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{0F404EA9-3F07-4667-A789-4A7E9C9E2709}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{11F8D904-0456-46B0-BD7B-E72DD9EAD9DB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D8C49FC-EB02-4CC8-A96A-8A229B39BA5F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2391E4BF-D0B5-49AA-A738-FE9086DDB235}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{24B9FD5B-9A3F-4C11-9D59-75BE7985E484}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{269A4FCF-1E07-4531-A252-A174A97AC02A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{27C03EE0-0C58-4C73-82E4-EA736998F478}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{28A602AD-6EAF-4478-87A4-F8A88A21070F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{29C59390-C436-4B84-BBFD-0682CB9BB551}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{30007948-BD6D-4347-BFAA-379731AA9DFC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3000EFBB-095C-490B-A9DC-021F1AB4541C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw.exe |
"{31FB10EE-957B-4746-A23E-F9D0FC389A1F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe |
"{320C7255-94E8-4CAF-AB2C-E16834D16EE9}" = protocol=6 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe |
"{332A233B-B2F3-4DC8-8EA5-F3FCB30F5895}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{37047DE3-7AFC-4201-A489-506BCC9A4CEF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3862D832-BAE1-46A8-A8CE-6F495B6F8EAA}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{3A4AE8C6-E383-40B4-94E4-CC025828F2E2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\help.htm |
"{3D7ED399-2B0D-42EF-A847-DD23556A17ED}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\help.htm |
"{3DFB454E-E253-490E-8817-7884C1F5A909}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4163060A-2CE9-4F79-AAA1-0FCDC52B53CB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\satansdevil\day of defeat\hl.exe |
"{418CE828-7DE0-4079-8577-72CD5267F8B3}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{47587DFB-9FD1-4B3D-8547-E40AE6C132B8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torched\editor.exe |
"{490211D8-AD58-4ABE-8086-1660E7C6B324}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5694E7C5-9FF9-4CCE-8D76-54CC5DDA8FF6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57ACC302-6672-49C4-8926-5170A629CA18}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw.exe |
"{5838F3FC-919B-4C6E-ABE8-FBA1BB05B5D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D52019D-1325-409E-BB9A-025DF89295B5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5DDB32D2-A019-4214-BEB8-9B4B3B0BE92C}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{5DE62AF9-E7CC-480A-888F-CAA22BD5E5D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{60DF8CF5-6804-4E26-B125-0275F6CC3BEF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{630617CF-9BC1-4729-ADE4-0D7A28B04E28}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{661F07DD-C536-4834-8663-39658DF38C80}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest immortal throne\help.htm |
"{67354739-9435-471F-9741-3C6C786FB1A6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{67521540-DDEB-4E98-8C50-78FC948445A2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\satansdevil\day of defeat\hl.exe |
"{795C97F8-A0F0-4379-831C-05E83EAE9C5C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C54F273-DE94-4992-8CF2-F19186562C2A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7F4EA9FA-D2F1-4A20-B574-5B48B4B5A100}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7FB79324-EEDB-477A-AD42-241BBE4F6B4E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{83B18C70-4E8E-4B86-88BA-A33EEC073C83}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{83F9FA0C-6EA1-4912-82B0-DB378A8FF663}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8400D72A-3DBE-4209-AF6E-24130861A2D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{84D933F7-5F34-47BC-96D1-DA6DF116E75E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A99ADF7-3C63-43B9-9912-BF3BF91D172A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BD2374E-CBBA-48A9-A685-F908D2DA541B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest immortal throne\help.htm |
"{8BEF610C-0359-4A45-91ED-F8D2C3BF0DC3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8DB1D253-6DE8-4362-8529-A422FDEF86E1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\satansdevil\garrysmod\hl2.exe |
"{8E86D4FC-C764-4346-B93C-09323B8CD204}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{927CB7BD-D2E0-4943-ADFA-B7A708C3A550}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{94638789-C49C-48B4-8084-24440A415618}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{97122998-E718-47FE-B957-81AA96BEEB5D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{98477BA8-2D27-483D-8237-A8948ABC0ECE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{98EE0D59-D4BE-4FC1-9030-245A5A7B0DAD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trine\trine_launcher.exe |
"{9D7B9A3B-0B9F-4CD2-BFD1-EFD1D4522A0F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9DB41C33-56C1-43CF-A2AB-2E7098270090}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9DF25309-D057-4D2F-9948-5A44C7A11F8D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest immortal throne\tqit.exe |
"{9E2B576C-2892-403B-B0EF-0A6F20673ADF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trine\trine_launcher.exe |
"{A647D6E6-7BBF-4175-95E6-368F6A34FB87}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A93092A0-C85E-431A-828C-8F088A7AF84B}" = protocol=17 | dir=in | app=c:\starcraft ii\starcraft ii.exe |
"{AECF544E-DD0B-4DE3-A1C5-CE03BF27A8A6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AED8C1C0-1918-4EFF-B72E-74C3A0EE4F58}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest immortal throne\tqit.exe |
"{AF216EE2-521A-4BA4-8E20-996CC5382DA9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{B58837F3-3D9D-4901-BFD8-9B3B52DB34F0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B64B01CF-0CC3-4870-B779-0F90FEDB6639}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B8D68992-B9D1-4B95-AF1B-7A11DB5B0651}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\satansdevil\garrysmod\hl2.exe |
"{BA789A8F-47BF-4EF2-A3E1-B7D5FE34A454}" = protocol=17 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe |
"{BC9FACD4-BAA8-4D0E-9176-EDECF3CECAE2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{C5C802C9-7280-4E60-A19A-D2E735B9C1FD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{CC4D1298-CE1F-4418-B824-64D0C9FCDCFC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD09CE19-5BE4-406E-B8D9-B686903BF022}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D0120BF9-49D8-461B-B637-B431C0D57FBA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{D1668BF5-3F95-4768-906B-CDD7B9134559}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5BC38ED-3D08-4472-BF52-3416BEA78839}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5E1EB80-E488-4689-9C8E-8A69C502B61E}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{D5E4BCD6-AE50-45E0-A297-9DFD6036FACA}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{DCD2D5D4-407C-4A11-B4DE-70AA959E51F4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DDD7B56B-DDA3-49C6-9D88-75E6BCCE7590}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{E356EADC-4DBC-426C-A21A-71DDCD882967}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E3EFEBC3-E137-4213-B262-68C75785AA06}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E88CF489-A548-451B-94CD-1949E96C2CAA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torched\editor.exe |
"{E92A05F7-052B-4ADA-AC96-78DEDF0777F7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe |
"{ECAE8295-A0A4-4FE2-9060-6D3A5603E86C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED9C17F4-9E77-4A69-A4E6-E8C2DBBB5CEB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F6EAAB43-C41F-4EFF-8A2A-331EE16A91D2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{FA7B874D-2C26-4EAE-BC0F-5FDFFDB2721D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"TCP Query User{00FBF39C-E456-4676-89AA-3CE1B0E92D9E}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{0B00423C-14F0-4355-8352-E10F3DA36B59}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{14B3D75E-AED7-4ABB-9B1C-97F87E5901D0}C:\users\public\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\launcher.exe |
"TCP Query User{3C9CD4E3-BEFF-4E2C-A002-475EAF823ADE}C:\program files\steam\steamapps\common\titan quest\titan quest.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\titan quest.exe |
"TCP Query User{4219818A-225D-42A1-86FF-599B56EF760D}C:\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\starcraft\starcraft.exe |
"TCP Query User{5DF21010-E94B-42C3-97C5-B0478348FDA3}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{779332E5-E980-4D83-83EF-831138F025D6}C:\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\starcraft ii\versions\base16605\sc2.exe |
"TCP Query User{C50E8E54-17B6-4F2A-A50D-01DA802DD7E2}C:\program files\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"TCP Query User{CC7A1841-6F23-4D37-9CD6-C8B0EDBB495C}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe.exe |
"TCP Query User{DC26D9A1-E676-4691-B886-77F5A234304D}C:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{DE70B447-D396-490F-BA54-49F311DE6D75}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{DE84835B-EC48-40EB-8CE5-41E416450DD8}C:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{FD6C44BC-4A25-41A9-B8D8-7DD9F05A1A62}C:\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=c:\starcraft ii\versions\base16561\sc2.exe |
"UDP Query User{1409DF71-9998-41E8-90CD-33DDD54D9157}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{303A4053-CBB9-40F9-86E8-D5780E63050D}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{35B57E77-41E3-43BD-90A8-5C6489B43068}C:\users\public\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\launcher.exe |
"UDP Query User{3A026671-C200-4A50-B999-2A6E234A275F}C:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{5F9EA9E9-4C91-4659-9C7D-5B4D1FB9EB86}C:\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\starcraft\starcraft.exe |
"UDP Query User{600B51AD-3439-4885-A9D7-EAFC73203825}C:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{9054F45D-FC3F-431E-AE66-2BC04FC87B2B}C:\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=c:\starcraft ii\versions\base16561\sc2.exe |
"UDP Query User{97F16B50-4249-40EF-B923-DA6BF9D67C3C}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{AC8A45D4-D32E-4706-AB49-E1C5B41CF89E}C:\program files\steam\steamapps\common\titan quest\titan quest.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\titan quest.exe |
"UDP Query User{B40390C6-9C4B-4014-A2B4-3B4158959097}C:\program files\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"UDP Query User{BCBB972E-6791-411C-AD20-DCF4CD170BEC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{DD97E332-F69B-4CA3-B3C6-9876BE8CB927}C:\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\starcraft ii\versions\base16605\sc2.exe |
"UDP Query User{FADBA5B6-08B4-4274-8E08-CD430E29F5DE}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{090EFAEF-E0C1-5311-7A96-817BC18B43BB}" = ccc-utility
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{19666E73-D9E5-44D4-8F33-037ED151ECBC}" = Firebird SQL Server - MAGIX Edition
"{1BF43B74-1EDE-060E-A612-56A116A381F8}" = Catalyst Control Center Core Implementation
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.5
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{437220AC-2A97-8338-E012-74B8DF30E9DA}" = Catalyst Control Center InstallProxy
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4E2CD272-0F2F-98EA-9596-510EF0D24E28}" = ccc-core-static
"{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin Wireless USB Adapter Setup
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72C02F89-9E8E-2DBD-11D7-EB5F075FE081}" = Catalyst Control Center Graphics Previews Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DB77BE4-629D-458D-BD68-9F36667C2177}" = TubeBox!
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C19FFB1-25FC-43FC-AC78-919E5E2A6DD0}" = TortoiseSVN 1.6.6.17493 (32 bit)
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"{9DD16C0E-B9E7-417C-0C30-E57916C353E3}" = CCC Help English
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A1E1D1EE-3F04-CC1A-8498-0D48463F579D}" = Catalyst Control Center Localization All
"{A680643A-1155-02F6-6B29-BF4FBA1190E8}" = Catalyst Control Center Graphics Full Existing
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{ABB6F00C-9722-82C2-FE1E-893313CCF612}" = Catalyst Control Center Graphics Light
"{B04836D8-4170-D430-6297-3DD084AAEC09}" = Catalyst Control Center Graphics Full New
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BCC78381-4B63-5352-BF57-BDBF7A77823A}" = Catalyst Control Center HydraVision Full
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE03D1DC-FD8D-2F5C-5FAD-02570BA0383B}" = Catalyst Control Center InstallProxy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{DF181652-D4F9-7D64-AED8-57D31E8D0410}" = Media Go Video Playback Engine 1.32.101.05130
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EE02955B-74BC-3995-6B67-2A9D1651D4F5}" = Catalyst Control Center Graphics Previews Vista
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F34D6DAE-7777-5C40-E143-8A0D6A048F75}" = ATI Catalyst Install Manager
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.04 beta
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Active WebCam" = Active WebCam
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AutoHotkey" = AutoHotkey 1.0.48.05
"AV Voice Changer Software GOLD 7.0" = AV Voice Changer Software GOLD 7.0
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EA Download Manager" = EA Download Manager
"EAX Unified" = EAX Unified
"FlashGet 3.5" = FlashGet 3.5
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps (remove only)
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.10
"GAMI (Gta-Action Mod-Installer)" = GAMI (Gta-Action Mod-Installer)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"JDownloader" = JDownloader
"Mafia" = Mafia
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Postal 2 Apocalypse Weekend Expansion Pack" = Postal 2 Apocalypse Weekend Expansion Pack
"Postal 2 Share The Pain" = Postal 2 Share The Pain
"PROHYBRIDR" = 2007 Microsoft Office system
"RPGAdvocates_RTP_1.0" = Common RTP 1.0
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 240" = Counter-Strike: Source
"Steam App 30" = Day of Defeat
"Steam App 300" = Day of Defeat: Source
"Steam App 35700" = Trine
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 41500" = Torchlight
"Steam App 41520" = Torchlight Editor
"Steam App 440" = Team Fortress 2
"Steam App 4540" = Titan Quest
"Steam App 4550" = Titan Quest: Immortal Throne
"Steam App 4700" = Medieval II: Total War
"Steam App 4760" = Rome: Total War - Gold Edition
"Steam App 630" = Alien Swarm
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.9
"VRS" = VRS Recording System
"VTFEdit_is1" = VTFEdit 1.2.5
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Darth Mod M2TW 1.4D" = Darth Mod M2TW 1.4D
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.12.2010 19:01:59 | Computer Name = ***-PC | Source = VSS | ID = 8194
Description =
 
Error - 27.12.2010 05:27:16 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 27.12.2010 06:03:13 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm gta_sa.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: ff4  Anfangszeit: 01cba5a9e437c676  Zeitpunkt der Beendigung:
 9524
 
Error - 27.12.2010 15:35:50 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 27.12.2010 16:33:22 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 27.12.2010 16:53:17 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 27.12.2010 17:38:49 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 27.12.2010 17:52:48 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 27.12.2010 18:38:25 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 27.12.2010 18:56:58 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 27.12.2010 16:53:18 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 27.12.2010 16:53:18 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 27.12.2010 17:38:49 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 27.12.2010 17:38:49 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 27.12.2010 17:52:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 27.12.2010 17:52:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 27.12.2010 18:38:25 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 27.12.2010 18:38:25 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 27.12.2010 18:56:59 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 27.12.2010 18:56:59 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >

rea 28.12.2010 11:39
Deinstallier bitte die IE9 Beta, dass du wieder bei dem 8er bist. Mit Betas sollte man vorsichtig sein, da diese noch sehr viele Fehler enthalten können. Betas sind eher für Testsysteme geeignet und nicht für Computer, die ganz normal zu Hause benutzt werden.
Zum Internet Explorer: Auch wenn du ihn nicht benutzt um zu surfen, wird er dennoch nötig sein, um die Windowsupdates downloaden zu können (mittlerweile gibt es aber auch ein Firefox-Addon dafür). Ausserdem ist der IE ziemlich stark ins Betriebssystem integriert, weshalb es immer wichtig ist, den aktuell zu halten (und besser auf Betas zu verzichten).

Hast du Hitman aus garantiert sicherer Quelle installiert?





1.) Malwarebytes Antimalware
Lasse dann erneut Malwarebytes Antimalware scannen: Bringe das Programm vorweg über den Reiter "Aktualisierung" auf den neuesten Stand. Starte danach über den Reiter "Suchlauf" einen "Vollständigen Suchlauf" (nicht den Quickscan!)
Werden Funde gemacht, lasse diese entfernen und poste mir abschliessend das Logfile hierher.





2.) Eset Online Scan
ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threads kein Hacken gesetzt ist.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.



3.) Sind die Probleme noch vorhanden?

Brauny 28.12.2010 22:48
Hitman ist aus einer Quelle, die garantiert NICHT sicher ist.Ich war schon am überlegen, denn hitman wurde genau an dem Tag installiert /fertig heruntergeladen, als die Probleme anfingen.Vlt. hat es ja was damit zu tun.


1.) lass ich heute über nacht laufen, der Eset Scan hat 3 stunden gedauert und ich hab keine Lust nochmal 3 Stunden zu warten bis ich wieder an den Computer kann

2.)ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=8bdcecd5b54eb145a317994d5d7764c6
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-12-28 03:03:48
# local_time=2010-12-28 04:03:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777215 100 0 6971863 6971863 0 0
# compatibility_mode=5892 16776573 100 100 5575 131071704 0 0
# compatibility_mode=8192 67108863 100 0 4023 4023 0 0
# scanned=423978
# found=0
# cleaned=0
# scan_time=9651


3) ja das problem ist immer noch da.Es tritt immer nach einiger Zeit auf (beispielsweise wenn ich zum ersten mal starte ist die Leitung perfekt, im Verlaufe des Tages wird es immer schlimmer)

rea 28.12.2010 23:08
Zitat:
Hitman ist aus einer Quelle, die garantiert NICHT sicher ist.Ich war schon am überlegen, denn hitman wurde genau an dem Tag installiert /fertig heruntergeladen, als die Probleme anfingen.Vlt. hat es ja was damit zu tun.
Deswegen frage ich, Hitman war nur leider das Einzige das an dem Tag auf deinen Rechner gekommen ist wenn man den Logs traut. Ich hoffe, es handelt sich hier nicht um so ne Keygensache...?

Ich würd dir auf jeden Fall raten, dich schnell wieder davon zu trennen, schmeiß alles runter von Hitman wir müssen dann sicher noch weitersuchen.

Edit: Was ist mit dem Internet Explorer?

Brauny 28.12.2010 23:24
Zitat:
Zitat von rea (Beitrag 603686)
Deswegen frage ich, Hitman war nur leider das Einzige das an dem Tag auf deinen Rechner gekommen ist wenn man den Logs traut. Ich hoffe, es handelt sich hier nicht um so ne Keygensache...?

Ich würd dir auf jeden Fall raten, dich schnell wieder davon zu trennen, schmeiß alles runter von Hitman wir müssen dann sicher noch weitersuchen.

Edit: Was ist mit dem Internet Explorer?
Hitman Sachen weg ( hatte das Spiel sowieso 2 Tage später deinstalliert ) Für den Internet Explorer finde ich leider keinen Uninstaller / Eintrag bei programme und funktionen, und wenn ich es so runterlade und ausführen will, steht da ich hab schon eine neuere version

rea 28.12.2010 23:53
Dann schau mal hier, ob dir das hilft: IE 9 deinstallieren
Wäre übrigens grad ein guter Zeitpunkt sich von jeglicher Software zu trennen, die aus nicht sicherer Quelle stammt ;)

Ich warte dann aufs Log von Mbam.

Brauny 29.12.2010 11:40
Code:
´Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5406

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

29.12.2010 04:09:50
mbam-log-2010-12-29 (04-09-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 541733
Laufzeit: 3 Stunde(n), 34 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

rea 29.12.2010 12:26
Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes in Codetags.

Brauny 29.12.2010 12:40
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows Vista Home Premium Edition
Windows Information:                Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:        MEDIONPC
BIOS Manufacturer:                American Megatrends Inc.
System Manufacturer:                MEDIONPC
System Product Name:                MS-7501
Logical Drives Mask:                0x000002fc

Kernel Drivers (total 153):
  0x83A43000 \SystemRoot\system32\ntkrnlpa.exe
  0x83A10000 \SystemRoot\system32\hal.dll
  0x80409000 \SystemRoot\system32\kdcom.dll
  0x80410000 \SystemRoot\system32\PSHED.dll
  0x80421000 \SystemRoot\system32\BOOTVID.dll
  0x80429000 \SystemRoot\system32\CLFS.SYS
  0x8046A000 \SystemRoot\system32\CI.dll
  0x8054A000 \SystemRoot\system32\drivers\klbg.sys
  0x80557000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x805D3000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8060D000 \SystemRoot\System32\Drivers\sphe.sys
  0x80700000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x80709000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x8072F000 \SystemRoot\system32\drivers\acpi.sys
  0x80775000 \SystemRoot\system32\drivers\msisadrv.sys
  0x8077D000 \SystemRoot\system32\drivers\pci.sys
  0x807A4000 \SystemRoot\System32\drivers\partmgr.sys
  0x807B3000 \SystemRoot\system32\drivers\volmgr.sys
  0x80C0C000 \SystemRoot\System32\drivers\volmgrx.sys
  0x80C56000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x80C5D000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x80C6B000 \SystemRoot\System32\drivers\mountmgr.sys
  0x80C7B000 \SystemRoot\system32\drivers\atapi.sys
  0x80C83000 \SystemRoot\system32\drivers\ataport.SYS
  0x80CA1000 \SystemRoot\system32\DRIVERS\msahci.sys
  0x80CAB000 \SystemRoot\system32\drivers\fltmgr.sys
  0x80CDD000 \SystemRoot\system32\drivers\fileinfo.sys
  0x80CED000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x80CF6000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x80E09000 \SystemRoot\system32\drivers\ndis.sys
  0x80F14000 \SystemRoot\system32\drivers\msrpc.sys
  0x80F3F000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8C205000 \SystemRoot\System32\drivers\tcpip.sys
  0x8C2EF000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8C403000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8C513000 \SystemRoot\system32\drivers\volsnap.sys
  0x8C54C000 \SystemRoot\System32\Drivers\spldr.sys
  0x8C554000 \SystemRoot\System32\Drivers\mup.sys
  0x8C563000 \SystemRoot\System32\drivers\ecache.sys
  0x8C58A000 \SystemRoot\system32\drivers\disk.sys
  0x8C59B000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8C5BC000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
  0x8C5C4000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8C5EF000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8C30A000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8C313000 \SystemRoot\system32\DRIVERS\processr.sys
  0x8C322000 \SystemRoot\system32\DRIVERS\atikmpag.sys
  0x91A02000 \SystemRoot\system32\DRIVERS\atipmdag.sys
  0x8C34C000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x91F69000 \SystemRoot\System32\drivers\watchdog.sys
  0x80D67000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x91F75000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
  0x91FB0000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x91FC0000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x91FCE000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x91FE6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x91FEC000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x80F7A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8C3ED000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x80FB8000 \SystemRoot\system32\DRIVERS\serial.sys
  0x91FF6000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x80FD2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x80FE5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x807C2000 \SystemRoot\System32\Drivers\a7at6a5m.SYS
  0x92404000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x92433000 \SystemRoot\system32\DRIVERS\storport.sys
  0x92474000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x9247F000 \SystemRoot\system32\DRIVERS\vcsvad.sys
  0x92484000 \SystemRoot\system32\DRIVERS\portcls.sys
  0x924B1000 \SystemRoot\system32\DRIVERS\drmk.sys
  0x924D6000 \SystemRoot\system32\DRIVERS\ks.sys
  0x92500000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x92517000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x92522000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x92545000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x92554000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x92568000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x9257D000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x9258D000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x92598000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x9259A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x925A4000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x925B1000 \SystemRoot\System32\drivers\vga.sys
  0x925BD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x925DE000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x9400F000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x94044000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x94055000 \SystemRoot\system32\drivers\RtHDMIV.sys
  0x9420F000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x944F6000 \SystemRoot\system32\DRIVERS\klif.sys
  0x94547000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x94550000 \SystemRoot\System32\Drivers\Null.SYS
  0x94557000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x9456C000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x9456E000 \SystemRoot\System32\Drivers\Beep.SYS
  0x9457E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x94585000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x9458D000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x94595000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x945A0000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x945AE000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x945B7000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x94609000 \SystemRoot\system32\DRIVERS\kl1.sys
  0x94B29000 \SystemRoot\system32\DRIVERS\RTL8192su.sys
  0x94BC9000 \SystemRoot\system32\DRIVERS\smb.sys
  0x9407A000 \SystemRoot\system32\drivers\afd.sys
  0x945CD000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x94BDD000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x94BF3000 \SystemRoot\system32\DRIVERS\klim6.sys
  0x94200000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x940C2000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x940D5000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x94111000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x9411B000 \SystemRoot\System32\Drivers\dfsc.sys
  0x94600000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x94132000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x94575000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x94142000 \SystemRoot\system32\DRIVERS\klmouflt.sys
  0x9414B000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x94173000 \SystemRoot\system32\DRIVERS\udfs.sys
  0x941AE000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x941BB000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x941C6000 \SystemRoot\System32\Drivers\dump_msahci.sys
  0x82000000 \SystemRoot\System32\win32k.sys
  0x941D0000 \SystemRoot\System32\drivers\Dxapi.sys
  0x82220000 \SystemRoot\System32\TSDDD.dll
  0x82240000 \SystemRoot\System32\cdd.dll
  0x941DA000 \SystemRoot\system32\drivers\luafv.sys
  0xA1606000 \SystemRoot\system32\drivers\spsys.sys
  0xA16B6000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0xA16C6000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0xA16F0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA16FA000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA170D000 \SystemRoot\system32\drivers\HTTP.sys
  0xA177A000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA1797000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA17B0000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA17C5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA2009000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA2042000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA205A000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA2082000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA20D0000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0xA2113000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0xA2118000 \SystemRoot\system32\drivers\peauth.sys
  0xA21F6000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA17E4000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x8C5CD000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x925ED000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0xA2000000 \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
  0x805E0000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x77C50000 \Windows\System32\ntdll.dll
  0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 66):
      0 System Idle Process
      4 System
    544 C:\Windows\System32\smss.exe
    632 csrss.exe
    672 C:\Windows\System32\wininit.exe
    680 csrss.exe
    724 C:\Windows\System32\services.exe
    736 C:\Windows\System32\lsass.exe
    768 C:\Windows\System32\lsm.exe
    932 C:\Windows\System32\svchost.exe
    976 C:\Windows\System32\winlogon.exe
    1052 C:\Windows\System32\svchost.exe
    1120 C:\Windows\System32\svchost.exe
    1204 C:\Windows\System32\atiesrxx.exe
    1236 C:\Windows\System32\svchost.exe
    1272 C:\Windows\System32\svchost.exe
    1292 C:\Windows\System32\svchost.exe
    1424 C:\Windows\System32\audiodg.exe
    1448 C:\Windows\System32\svchost.exe
    1476 C:\Windows\System32\SLsvc.exe
    1528 C:\Windows\System32\atieclxx.exe
    1608 C:\Windows\System32\svchost.exe
    1812 C:\Windows\System32\svchost.exe
    2040 C:\Windows\System32\spoolsv.exe
    276 C:\Windows\System32\svchost.exe
    796 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1260 C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe
    1552 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    1776 C:\Program Files\Bonjour\mDNSResponder.exe
    360 C:\Program Files\Common Files\MAGIX Shared\Database2\bin\FABS.exe
    2184 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
    2212 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    2308 C:\Windows\System32\IoctlSvc.exe
    2328 C:\Windows\System32\PnkBstrA.exe
    2360 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    2384 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    2440 C:\Windows\System32\svchost.exe
    2472 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    2536 C:\Windows\System32\svchost.exe
    2700 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2928 WUDFHost.exe
    3080 C:\Windows\System32\taskeng.exe
    3388 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    3996 C:\Windows\System32\taskeng.exe
    3400 C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    3740 C:\Windows\System32\dwm.exe
    3636 C:\Windows\explorer.exe
    820 C:\Program Files\Windows Defender\MSASCui.exe
    3532 C:\Windows\vsnpstd3.exe
    2960 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    1312 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    3752 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    1968 C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe
    2400 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2060 C:\Windows\ehome\ehtray.exe
    2596 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3788 C:\Windows\ehome\ehmsas.exe
    1360 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    4188 C:\Windows\System32\wbem\unsecapp.exe
    4252 WmiPrvSE.exe
    4892 C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
    5240 C:\Users\Brauny\Desktop\Rockstar Games\Grand Theft Auto San Andreas\samp.exe
    5352 C:\Users\Brauny\Desktop\1_Keybinder\chaosAD Keybinder.exe
    6028 C:\Users\Brauny\Desktop\Rockstar Games\Grand Theft Auto San Andreas\gta_sa.exe
    4020 C:\Users\Brauny\Desktop\MBRCheck.exe
    3320 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000091`4ae00000  (FAT32)

PhysicalDrive0 Model Number: WDCWD6400AACS-00G8B1, Rev: 05.04C05

      Size  Device Name          MBR Status
  --------------------------------------------
    596 GB  \\.\PhysicalDrive0  Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

rea 29.12.2010 17:34
Räumen wir erstmal ein bisschen auf.


Ccleaner


Arbeite folgende Anleitung ab (Punkt 1 und 2): Ccleaner

Danach deinstalliere bitte über die Systemsteuerung alle Programme die du nicht mehr benötigst. Starte danach deinen Computer neu.
Starte dann erneut den Ccleaner, gehe auf den Menüpunkt Extras und dann unten links auf "Als Textdatei speichern". Speicher die Txt auf deinem Desktop und gehe danach die einzelnen noch installierten Softwares in dieser Liste durch und schreibe hinter jedes, ob du sie kennst und benötigst, oder ob sie dir unbekannt sind (zb "Bekannt" und "Unbekannt").
Poste mir diese Liste dann mit deinen Zusatzinfos hierher in Codetags in den Thread.

Brauny 29.12.2010 18:20
Also ich besitze schon seit langer Zeit Tune Up Utilities und wenn ich das mal so Vergleiche sehe ich keinen Unterschied zwischen den beiden Programmen...soll ich es trotzdem laufen lassen?

rea 29.12.2010 18:47
Der Unterschied ist, dass man sich mit Tune Up schnell mal das System zerschiessen kann. CCleaner ist da deutlich sicherer. Ich würd dir auch glatt vorschlagen, dich auch von Tune Up zu trennen :)

Brauny 29.12.2010 19:24
Code:
2007 Microsoft Office system        Microsoft Corporation        22.12.2010        525MB        12.0.6425.1000  kenn ich, office halt
7-Zip 9.04 beta                22.12.2010        3,23MB auch bekannt, zip programm
Activation Assistant for the 2007 Microsoft Office suites        Microsoft Corporation        22.12.2010        14,0MB        unbekannt
Active WebCam                22.12.2010        22,5MB        unbekannt
Adobe AIR        Adobe Systems Inc.        22.12.2010        30,7MB        2.0.2.12610  unbekannt
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        22.12.2010                10.0.45.2 kenn ich, mein flash player halt
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        22.12.2010                10.1.85.3 firefox plugin von adobe flash player
Adobe Shockwave Player 11.5        Adobe Systems, Inc.        22.12.2010        8,17MB        11.5.2.602 kenn ich
Apple Application Support        Apple Inc.        21.06.2010        42,8MB        1.3.0 unbekannt
Apple Mobile Device Support        Apple Inc.        21.06.2010        19,9MB        3.1.0.62 für mein Iphone
Apple Software Update        Apple Inc.        21.06.2010        2,26MB        2.1.2.120 updater für itunes und quicktime
ATI Catalyst Install Manager        ATI Technologies, Inc.        24.09.2010        16,6MB        3.0.790.0 für meine Grafikkarte
AutoHotkey 1.0.48.05        Chris Mallett        22.12.2010        2,59MB        1.0.48.05 auto-scripting programm, meine welt :)
Belkin Wireless USB Adapter Setup        Belkin        15.01.2010        0,95MB        2.20 mein Internetstick
Business Contact Manager für Outlook 2007 SP2        Microsoft Corporation        22.12.2010        31,4MB        3.0.8619.1 keine Ahnung
Call of Duty(R) 4 - Modern Warfare(TM)        Activision        06.04.2010        6.385MB        1.00.0000 unbekannt
Call of Duty: Modern Warfare 2        Infinity Ward        22.12.2010        11.496MB bekannt       
Call of Duty: Modern Warfare 2 - Multiplayer        Infinity Ward        22.12.2010        11.496MB bekannt
CCleaner        Piriform        28.12.2010        3,41MB        3.02 bekannt
Common RTP 1.0                22.12.2010                unbekannt
Counter-Strike: Source        Valve        22.12.2010        112,2MB        bekannt
Day of Defeat        Valve        22.12.2010                bekannt
Day of Defeat: Source        Valve        22.12.2010        8,21MB        bekannt
Driver Detective        PC Drivers HeadQuarters        04.04.2010        6,00MB        8.0.1 unbekannt
EAX Unified                22.12.2010        8,00KB        unbekannt
ESET Online Scanner v3                27.12.2010        104,5MB        bekannt
Feedback Tool        Microsoft Corporation        17.09.2010        2,28MB        1.1.0 bekannt
Firebird SQL Server - MAGIX Edition        MAGIX AG        04.04.2010        10,1MB        2.1.22.0 unbekannt
FlashGet 3.5        hxxp://www.FlashGet.com        22.12.2010        16,4MB        3.5.0.1126 bekannt, downloader für firefox
Foxit Reader                27.12.2010        7,17MB        bekannt
Fraps (remove only)                22.12.2010        10.741MB        recording Program, bekannt
Garry's Mod        Team Garry        22.12.2010        1.495MB        bekannt
GIMP 2.6.8                24.02.2010        98,6MB        bekannt
Google Chrome        Google Inc.        24.07.2010        222MB        8.0.552.224 bekannt, aber unbenutzt (wird entfernt)
Grand Theft Auto San Andreas        Rockstar Games        22.12.2010        4.839MB        1.00.00001 bekannt
iTunes        Apple Inc.        21.06.2010        160,8MB        9.2.0.61 bekannt
Java(TM) 6 Update 23        Oracle        26.12.2010        97,1MB        6.0.230 bekannt
Kaspersky Security Suite CBE 10        Kaspersky Lab        22.12.2010        36,5MB        9.0.0.747 antivirenprogramm
Malwarebytes' Anti-Malware        Malwarebytes Corporation        22.12.2010        4,80MB        bekannt
Media Go Video Playback Engine 1.32.101.05130        Sony        24.06.2010        19,3MB        1.32.101.05130 unbekannt
Medieval II: Total War        The Creative Assembly        22.12.2010        12.056MB        bekannt
Microsoft .NET Framework 1.1                22.12.2010               
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        22.12.2010        37,3MB       
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        22.12.2010        37,3MB       
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        22.12.2010        120,3MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        22.12.2010        24,5MB        4.0.30319
Microsoft .NET Framework 4 Extended        Microsoft Corporation        22.12.2010        38,0MB        4.0.30319
Microsoft .NET Framework 4 Extended DEU Language Pack        Microsoft Corporation        22.12.2010        7,50MB        4.0.30319
Microsoft .NET Framework 4 Multi-Targeting Pack        Microsoft Corporation        22.09.2010        83,5MB        4.0.30319
Microsoft Help Viewer 1.0        Microsoft Corporation        22.12.2010        6,09MB        1.0.30319
Microsoft Help Viewer 1.0 Language Pack - DEU        Microsoft Corporation        22.12.2010        6,09MB        1.0.30319
Microsoft Office 2003 Web Components        Microsoft Corporation        15.09.2010                11.0.8003.0
Microsoft Office 2007 Primary Interop Assemblies        Microsoft Corporation        08.06.2010                12.0.4518.1014
Microsoft Office Live Add-in 1.5        Microsoft Corporation        24.05.2010        0,49MB        2.0.4024.1
Microsoft Office Small Business Connectivity Components        Microsoft Corporation        23.07.2009        0,15MB        2.0.7024.0
Microsoft Silverlight        Microsoft Corporation        19.12.2010                4.0.51204.0
Microsoft SQL Server 2005        Microsoft Corporation        22.12.2010        58,4MB       
Microsoft SQL Server 2005 Compact Edition [DEU]        Microsoft Corporation        23.07.2009        0,32MB        3.1.0000
Microsoft SQL Server 2005 Compact Edition [ENU]        Microsoft Corporation        23.07.2009        1,74MB        3.1.0000
Microsoft SQL Server 2008 R2 Management Objects        Microsoft Corporation        22.09.2010        17,1MB        10.50.1447.4
Microsoft SQL Server Compact 3.5 SP2 DEU        Microsoft Corporation        22.09.2010        3,69MB        3.5.8080.0
Microsoft SQL Server Native Client        Microsoft Corporation        23.07.2009        2,63MB        9.00.4035.00
Microsoft SQL Server System CLR Types        Microsoft Corporation        22.09.2010        2,55MB        10.50.1447.4
Microsoft SQL Server VSS Writer        Microsoft Corporation        23.07.2009        0,68MB        9.00.4035.00
Microsoft Visual Basic 2010 Express - DEU        Microsoft Corporation        22.12.2010        228MB        10.0.30319
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        24.02.2010        0,25MB        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        13.05.2010        0,41MB        8.0.59193
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        24.02.2010        0,19MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        09.03.2010        1,41MB        9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411        Microsoft Corporation        16.01.2010        2,10MB        9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        24.01.2010        0,58MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        04.04.2010        0,57MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974        Microsoft Corporation        22.09.2010        0,58MB        9.0.30729.4974
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools        Microsoft Corporation        22.09.2010        35,4MB        10.0.30319
Mozilla Firefox (3.6.13)        Mozilla        22.12.2010        31,0MB        3.6.13 (de) mein web browser, bekannt
MSXML 4.0 SP2 (KB927978)        Microsoft Corporation        23.07.2009        34,00KB        4.20.9841.0 unbekannt
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        23.07.2009        1,28MB        4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        15.01.2010        1,34MB        4.20.9876.0 unbekannt
Nero 8 Essentials        Nero AG        23.07.2009        1.835MB        8.3.124 bekannt, unbenutzt
Nur Deinstallierung der CopyTrans Suite möglich.        WindSolutions        06.10.2010        14,5MB        2.15 bekannt, synch tool für Iphone
NVIDIA PhysX        NVIDIA Corporation        06.12.2010        120,0MB        9.09.0428 bekannt
PhotoScape                22.12.2010        25,9MB        bekannt
Picasa 3        Google, Inc.        22.12.2010        74,3MB        3.1 unbekannt
PlayStation(R)Network Downloader        Sony Computer Entertainment Inc.        21.07.2010        0,65MB        2.03.00126 bekannt, unbenutzt
PlayStation(R)Store        Sony Computer Entertainment Inc.        21.07.2010        3,21MB        3.2.11.09227 bekannt, unbenutzt
Portal        Valve        22.12.2010        155,3MB        bekannt
QuickTime        Apple Inc.        21.06.2010        73,8MB        7.66.73.0 bekannt
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        31.03.2010        13,7MB        6.0.1.6077 bekannt
Rome: Total War - Gold Edition        The Creative Assembly        22.12.2010        3.215MB        bekannt
Skype™ 5.0        Skype Technologies S.A.        13.12.2010        21,4MB        5.0.152 bekannt
StarCraft II        Blizzard Entertainment        22.12.2010        8.870MB        1.1.3.16939 bekannt
Steam        Valve Corporation        15.01.2010        1,49MB        1.0.0.0 bekannt
Team Fortress 2        Valve        22.12.2010        253MB        bekannt
TeamSpeak 2 RC2        Dominating Bytes Design        22.12.2010                2.0.32.60 bekannt
TeamSpeak 3 Client        TeamSpeak Systems GmbH        25.12.2010        29,5MB        bekannt
Titan Quest        IronLore        22.12.2010        2.635MB        bekannt
Titan Quest: Immortal Throne        IronLore        22.12.2010        1.201MB        bekannt
Torchlight        Runic Games, Inc.        22.12.2010        533MB        bekannt
Torchlight Editor        Runic Games, Inc.        22.12.2010        769MB        bekannt
TortoiseSVN 1.6.6.17493 (32 bit)        TortoiseSVN        16.01.2010        18,4MB        1.6.17493 bekannt
Trine        Frozenbyte        22.12.2010        685MB        bekannt
Unity Web Player        Unity Technologies ApS        14.07.2010        80,00KB        2.6.1f3_31223 bekannt
Unlocker 1.8.9        Cedrick Collomb        22.12.2010        0,21MB        1.8.9  bekannt, unlocker für dateien (wenn z.B. etwas nicht löschbar ist)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)        Microsoft Corporation        23.07.2009        30,6MB        9.00.4035.00
Vista Codec Package        Shark007        16.01.2010        43,9MB        4.7.0 unbekannt
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU        Microsoft Corporation        22.09.2010        11,2MB        4.0.8080.0 unbekannt
VTFEdit 1.2.5        Neil Jedrzejewski & Ryan Gregg        25.02.2010        2,66MB       
Windows Live Essentials        Microsoft Corporation        22.12.2010        136,5MB        14.0.8050.1202
Windows Live ID-Anmelde-Assistent        Microsoft Corporation        24.05.2010        4,69MB        6.500.3165.0
Windows Live Sync        Microsoft Corporation        23.07.2009        2,80MB        14.0.8050.1202
Windows Live-Uploadtool        Microsoft Corporation        23.07.2009        0,22MB        14.0.8014.1029
Windows Media Player Firefox Plugin        Microsoft Corp        07.07.2010        0,29MB        1.0.0.8
WinRAR                22.12.2010        3,78MB        bekannt
WinZip 12.1        WinZip Computing, S.L.        16.01.2010        15,9MB        12.1.8519 bekannt
World of Warcraft        Blizzard Entertainment        22.12.2010                3.3.5.12340 bekannt

Bei den Windows Sachen halte ich mich raus, ich weiß das ich dafür viele für Spiele brauche, aber welche genau ist unbekannt.

Brauny 29.12.2010 22:48
grad läuft mein Internet übrigens perfekt, mal sehen wie lange

rea 29.12.2010 23:47
Folgendes kannst du noch deinstallieren:


Active WebCam 22.12.2010 22,5MB unbekannt
Adobe AIR Adobe Systems Inc. 22.12.2010 30,7MB 2.0.2.12610 unbekannt
Driver Detective PC Drivers HeadQuarters 04.04.2010 6,00MB 8.0.1 unbekannt
ESET Online Scanner v3
Google Chrome Google Inc. 24.07.2010 222MB 8.0.552.224 bekannt, aber unbenutzt (wird entfernt)
Media Go Video Playback Engine 1.32.101.05130 Sony 24.06.2010 19,3MB 1.32.101.05130 unbekannt
Nero 8 Essentials Nero AG 23.07.2009 1.835MB 8.3.124 bekannt, unbenutzt
Picasa 3 Google, Inc. 22.12.2010 74,3MB 3.1 unbekannt
PlayStation(R)Network Downloader Sony Computer Entertainment Inc. 21.07.2010 0,65MB 2.03.00126 bekannt, unbenutzt
PlayStation(R)Store Sony Computer Entertainment Inc. 21.07.2010 3,21MB 3.2.11.09227 bekannt, unbenutzt
7-Zip 9.04 beta 22.12.2010 3,23MB auch bekannt, zip programm

Und benötigst du gleichzeitig Gimp und PhotoScape?

Brauny 30.12.2010 00:32
eigentlich nicht, hab deswegen auch nun Photoscape deinstalliert.

So hab alles deinstalliert...was nun? :rolleyes:

rea 30.12.2010 00:37
Zitat:
Zitat von Brauny (Beitrag 604205)
grad läuft mein Internet übrigens perfekt, mal sehen wie lange
Nun warten wir erstmal ab :)

Brauny 31.12.2010 14:21
So sieht es übrigens aus, wenn man Internet wie grade total schlecht ist.Mein durchschnitts ping ist 34, bei downloads 244.Wie man sieht ist das ein abartig riesiger Ping.



hxxp://www.imagebanana.com/view/1vahiekn/Unbenannt.jpg

rea 31.12.2010 16:36
Erstell bitte nochmal zwei neue OTL-Logs:

Systemscan mit OTL
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Brauny 31.12.2010 20:53
Code:
OTL logfile created on: 31.12.2010 20:48:21 - Run 4
OTL by OldTimer - Version 3.2.18.0    Folder = C:\Users\Brauny\Desktop\Alle Ordner\Anti mal und spamware
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581,17 Gb Total Space | 272,02 Gb Free Space | 46,81% Space Free | Partition Type: NTFS
Drive D: | 14,99 Gb Total Space | 2,79 Gb Free Space | 18,64% Space Free | Partition Type: FAT32
 
Computer Name: BRAUNY-PC | User Name: Brauny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.26 22:42:14 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Brauny\Desktop\Alle Ordner\Anti mal und spamware\OTL.exe
PRC - [2010.11.05 14:27:18 | 007,168,768 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Programme\TeamSpeak 3 Client\ts3client_win32.exe
PRC - [2010.06.10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.05.06 08:08:30 | 000,207,448 | ---- | M] (Kaspersky Lab) -- C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtblfs.exe
PRC - [2010.03.26 17:02:56 | 008,546,848 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2010.03.03 05:12:32 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.03.03 05:11:58 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.10.20 00:11:52 | 000,616,712 | ---- | M] (hxxp://tortoisesvn.net) -- C:\Programme\TortoiseSVN\bin\TSVNCache.exe
PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.02.23 10:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008.12.16 09:52:02 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Shared\Database2\bin\FABS.exe
PRC - [2008.11.24 21:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.11.24 21:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2006.10.26 12:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe
PRC - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.26 22:42:14 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Brauny\Desktop\Alle Ordner\Anti mal und spamware\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Cyberlink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2010.12.10 21:52:05 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.08.18 00:49:16 | 000,797,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010.06.10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.05.06 08:10:22 | 000,361,120 | ---- | M] (Kaspersky Lab) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe -- (AVP)
SRV - [2010.03.18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010.03.18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2010.03.03 05:11:58 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.02.23 10:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008.12.16 09:52:02 | 001,155,072 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Shared\Database2\bin\FABS.exe -- (Fabs)
SRV - [2008.10.21 14:50:00 | 000,548,864 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2008.08.07 09:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\Database2\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Brauny\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\AmdLLD.sys -- (AmdLLD)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\DRIVERS\amdide.sys -- (amdide)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2010.11.25 06:59:16 | 000,541,800 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010.10.09 13:27:23 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.10.09 13:27:21 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.10.08 20:44:38 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010.03.26 17:24:58 | 003,048,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010.03.03 05:22:26 | 005,340,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2010.03.03 04:07:16 | 000,152,064 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.01.25 16:55:07 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.12.20 10:53:32 | 000,234,016 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.10.14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\klbg.sys -- (klbg)
DRV - [2009.10.02 18:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.09.23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.09.14 13:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009.09.01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009.05.20 17:04:40 | 000,157,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.12.26 11:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008.09.26 12:30:54 | 000,651,264 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2008.04.28 14:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.03.27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Brauny\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Amazon.de"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.autohotkey.com/docs/Tutorial.htm"
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.747
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 19:35:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.28 00:02:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\THBExt [2010.10.08 20:45:48 | 000,000,000 | ---D | M]
 
[2010.01.16 22:31:11 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\mozilla\Extensions
[2010.12.30 22:17:37 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions
[2010.04.27 15:26:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Brauny\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.14 14:39:01 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Brauny\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.12.24 21:32:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Brauny\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.11.03 19:31:51 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\Brauny\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2010.04.27 15:26:13 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\mozilla\Firefox\Profiles\fr2rqa3m.default\extensions\youtube2mp3@mondayx.de
[2010.03.10 18:05:01 | 000,002,288 | ---- | M] () -- C:\Users\Brauny\AppData\Roaming\Mozilla\FireFox\Profiles\fr2rqa3m.default\searchplugins\call-of-duty-wiki-en.xml
[2010.12.05 20:51:42 | 000,002,062 | ---- | M] () -- C:\Users\Brauny\AppData\Roaming\Mozilla\FireFox\Profiles\fr2rqa3m.default\searchplugins\qip-search.xml
[2010.12.28 00:00:40 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.18 02:48:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.12.28 00:00:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.10.08 20:47:04 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.12.27 23:59:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.12.28 00:01:22 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010.07.22 13:44:58 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.21 14:00:00 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2010.07.22 13:44:58 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.22 13:44:58 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.22 13:44:58 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.22 13:44:58 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Brauny\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Brauny\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Brauny\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Brauny\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: 使用快车3下载 - C:\Users\Brauny\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Brauny\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 10\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5f0589ac-02cd-11df-96cc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5f0589ac-02cd-11df-96cc-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Installer.exe -- File not found
O33 - MountPoints2\{fa799ce1-09cb-11df-a2a2-002421e021bd}\Shell - "" = AutoRun
O33 - MountPoints2\{fa799ce1-09cb-11df-a2a2-002421e021bd}\Shell\AutoRun\command - "" = J:\MafiaLauncher.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.30 00:28:44 | 001,414,440 | ---- | C] (Nero AG) -- C:\Windows\System32\ShellManager310E2D762.dll
[2010.12.29 18:59:50 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.12.29 18:59:08 | 002,976,440 | ---- | C] (Piriform Ltd) -- C:\Users\Brauny\Desktop\ccsetup302.exe
[2010.12.29 18:33:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.12.29 16:04:49 | 000,000,000 | ---D | C] -- C:\Users\Brauny\AppData\Roaming\IrfanView
[2010.12.29 16:03:55 | 001,474,048 | ---- | C] (Irfan Skiljan) -- C:\Users\Brauny\Desktop\iview428_setup.exe
[2010.12.29 15:58:05 | 000,000,000 | ---D | C] -- C:\Users\Brauny\Desktop\Neuer Ordner
[2010.12.29 07:06:25 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.29 07:06:25 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.12.29 07:06:25 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.12.29 07:06:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.12.29 07:06:25 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.12.29 07:06:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.12.29 07:06:24 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.12.29 07:06:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.12.29 07:06:23 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.12.29 07:06:22 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.29 07:06:22 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.29 07:06:22 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.29 07:06:22 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.12.29 07:06:22 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.12.29 07:06:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.12.29 07:06:21 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.12.29 07:06:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.12.28 23:23:47 | 014,938,992 | ---- | C] (Microsoft Corporation) -- C:\Users\Brauny\Desktop\IE8-WindowsVista-x86-DEU.exe
[2010.12.28 19:27:26 | 000,000,000 | ---D | C] -- C:\Users\Brauny\Desktop\models
[2010.12.28 19:26:55 | 000,000,000 | ---D | C] -- C:\Users\Brauny\Desktop\kakawurst
[2010.12.28 18:53:04 | 000,000,000 | ---D | C] -- C:\Users\Brauny\Desktop\TXD Workshop 4.5
[2010.12.28 18:08:23 | 000,000,000 | ---D | C] -- C:\Users\Brauny\Desktop\Straßen Backup
[2010.12.28 00:02:13 | 000,000,000 | ---D | C] -- C:\Users\Brauny\AppData\Roaming\Foxit
[2010.12.28 00:01:53 | 000,000,000 | ---D | C] -- C:\Programme\Foxit Software
[2010.12.28 00:00:39 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.12.28 00:00:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.12.28 00:00:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.12.26 22:43:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.12.26 14:25:08 | 000,000,000 | ---D | C] -- C:\Programme\TeamSpeak 3 Client
[2010.12.24 23:47:43 | 000,000,000 | ---D | C] -- C:\Users\Brauny\AppData\Roaming\ENBSeries Configurator for GTA San Andreas
[2010.12.24 23:47:43 | 000,000,000 | ---D | C] -- C:\Programme\ENBSeries Configurator for GTA San Andreas
[2010.12.23 21:20:31 | 000,000,000 | ---D | C] -- C:\Users\Brauny\AppData\Roaming\Malwarebytes
[2010.12.23 21:20:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.23 21:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.23 21:20:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.23 21:20:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.12.23 12:18:59 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.12.23 12:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.12.23 10:55:41 | 000,000,000 | ---D | C] -- C:\Users\Brauny\Documents\GTA San Andreas User Files
[2010.12.23 10:38:22 | 000,000,000 | ---D | C] -- C:\Users\Brauny\Desktop\Rockstar Games
[2010.12.23 10:17:20 | 000,000,000 | ---D | C] -- C:\Programme\GAMI
[2010.12.17 08:37:34 | 000,000,000 | ---D | C] -- C:\Users\Brauny\Documents\Hitman Blood Money
[2010.12.17 08:28:38 | 000,000,000 | ---D | C] -- C:\Programme\Eidos
[2010.12.16 13:01:37 | 000,000,000 | ---D | C] -- C:\Users\Brauny\Documents\DVDVideoSoft
[2010.12.16 13:01:28 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DVDVideoSoft
[2010.12.15 16:08:51 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.15 16:08:43 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.15 16:08:41 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.15 16:08:40 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.15 16:08:40 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.15 16:07:17 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.15 16:07:17 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.15 16:07:17 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.15 16:07:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.14 09:52:57 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.12.11 09:36:22 | 001,227,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dx8vb.dll
[2010.12.05 20:50:50 | 000,000,000 | ---D | C] -- C:\Programme\QIP 2010
[2010.12.05 08:58:39 | 000,000,000 | ---D | C] -- C:\Programme\Mafia
[2010.12.05 08:56:01 | 000,139,264 | ---- | C] (Creative Technology Ltd) -- C:\Windows\System32\eax.dll
[2010.12.05 08:56:01 | 000,000,000 | ---D | C] -- C:\Programme\Creative
[2010.12.05 08:55:59 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010.11.26 18:57:29 | 000,254,464 | ---- | C] (Mpath Interactive) -- C:\Programme\MPLAYNOW.EXE
[2007.03.12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2005.11.23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.31 20:27:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.31 19:02:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.31 19:02:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.31 14:14:49 | 000,178,798 | ---- | M] () -- C:\Users\Brauny\Desktop\Unbenannt.jpg
[2010.12.31 13:40:29 | 000,001,730 | ---- | M] () -- C:\Users\Brauny\Desktop\cc_20101231_134026.reg
[2010.12.31 13:40:17 | 000,016,592 | ---- | M] () -- C:\Users\Brauny\Desktop\cc_20101231_134014.reg
[2010.12.31 13:06:34 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.31 13:02:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.30 22:20:58 | 070,451,014 | ---- | M] () -- C:\Users\Brauny\Desktop\ModpackExtremv1_4.rar
[2010.12.30 19:11:41 | 002,496,077 | ---- | M] () -- C:\Users\Brauny\Desktop\SAMERS IV.rar
[2010.12.30 19:10:45 | 001,161,603 | ---- | M] () -- C:\Users\Brauny\Desktop\Monster-ambulan.rar
[2010.12.30 15:14:22 | 000,000,684 | ---- | M] () -- C:\Users\Brauny\Desktop\Medic.ahk
[2010.12.30 14:55:34 | 000,207,233 | ---- | M] () -- C:\Users\Brauny\Desktop\Medic.exe
[2010.12.30 00:28:18 | 000,001,024 | ---- | M] () -- C:\Users\Brauny\.rnd
[2010.12.30 00:12:06 | 002,944,540 | ---- | M] () -- C:\Users\Brauny\Desktop\1293623998_F4E Phantom II.rar
[2010.12.30 00:08:10 | 000,932,550 | ---- | M] () -- C:\Users\Brauny\Desktop\1293483522_Mig31 Foxhound(2).rar
[2010.12.30 00:06:22 | 000,481,575 | ---- | M] () -- C:\Users\Brauny\Desktop\1293483522_Mig31 Foxhound.rar
[2010.12.29 20:08:50 | 000,742,356 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.29 20:08:50 | 000,690,518 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.29 20:08:50 | 000,173,876 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.29 20:08:50 | 000,141,156 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.29 19:06:31 | 000,000,454 | ---- | M] () -- C:\Users\Brauny\Desktop\cc_20101229_190628.reg
[2010.12.29 19:03:29 | 000,002,474 | ---- | M] () -- C:\Users\Brauny\Desktop\cc_20101229_190326.reg
[2010.12.29 19:03:14 | 000,000,568 | ---- | M] () -- C:\Users\Brauny\Desktop\cc_20101229_190310.reg
[2010.12.29 19:02:58 | 000,002,068 | ---- | M] () -- C:\Users\Brauny\Desktop\cc_20101229_190253.reg
[2010.12.29 19:02:39 | 000,072,262 | ---- | M] () -- C:\Users\Brauny\Desktop\cc_20101229_190223.reg
[2010.12.29 18:59:51 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.12.29 18:59:22 | 002,976,440 | ---- | M] (Piriform Ltd) -- C:\Users\Brauny\Desktop\ccsetup302.exe
[2010.12.29 18:53:53 | 014,347,039 | ---- | M] () -- C:\Users\Brauny\Desktop\sa-mp-0.3c-install(2).exe
[2010.12.29 18:53:15 | 012,237,783 | ---- | M] () -- C:\Users\Brauny\Desktop\sa-mp-0.3c-install.exe
[2010.12.29 16:11:46 | 000,002,704 | ---- | M] () -- C:\Users\Brauny\.recently-used.xbel
[2010.12.29 16:11:10 | 000,000,160 | ---- | M] () -- C:\Users\Brauny\Desktop\siteM16.png
[2010.12.29 16:04:19 | 001,474,048 | ---- | M] (Irfan Skiljan) -- C:\Users\Brauny\Desktop\iview428_setup.exe
[2010.12.29 12:39:09 | 000,080,384 | ---- | M] () -- C:\Users\Brauny\Desktop\MBRCheck.exe
[2010.12.29 00:14:54 | 000,002,048 | ---- | M] () -- C:\Users\Brauny\Desktop\Insert Coin.srm
[2010.12.29 00:14:47 | 000,276,315 | ---- | M] () -- C:\Users\Brauny\Desktop\Insert Coin.zst
[2010.12.29 00:04:35 | 002,097,664 | ---- | M] () -- C:\Users\Brauny\Desktop\Insert Coin.smc
[2010.12.29 00:03:54 | 000,043,615 | ---- | M] () -- C:\Users\Brauny\Desktop\lips101.zip
[2010.12.29 00:02:44 | 000,347,844 | ---- | M] () -- C:\Users\Brauny\Desktop\Super Mario World.zip
[2010.12.29 00:02:14 | 000,191,741 | ---- | M] () -- C:\Users\Brauny\Desktop\Insert Coin v. 1.24.zip
[2010.12.28 23:31:23 | 000,022,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.12.28 23:24:49 | 014,938,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Brauny\Desktop\IE8-WindowsVista-x86-DEU.exe
[2010.12.28 19:51:27 | 000,051,624 | ---- | M] () -- C:\Users\Brauny\Desktop\hud.txd
[2010.12.28 19:25:49 | 013,991,102 | ---- | M] () -- C:\Users\Brauny\Desktop\sa-mp-0.3c-RC6-install.zip
[2010.12.28 18:52:59 | 000,452,492 | ---- | M] () -- C:\Users\Brauny\Desktop\TXDWorkshop4.5.rar
[2010.12.28 17:52:10 | 077,796,038 | ---- | M] () -- C:\Users\Brauny\Desktop\Straßen Backup.rar
[2010.12.28 17:42:09 | 000,000,234 | ---- | M] () -- C:\Users\Brauny\Desktop\sSda.png
[2010.12.28 15:01:57 | 000,210,222 | ---- | M] () -- C:\Users\Brauny\Documents\ts3_clientui-win32-12815-2010-12-28 15_01_55.538160.dmp
[2010.12.27 23:59:58 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.12.27 23:59:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.12.27 23:59:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.12.27 23:59:57 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.12.27 23:35:33 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.12.25 14:40:56 | 000,040,960 | ---- | M] () -- C:\Users\Brauny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.25 11:42:14 | 000,000,287 | ---- | M] () -- C:\Users\Brauny\Desktop\radardisc.png
[2010.12.23 22:42:54 | 000,381,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.23 21:20:28 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.11 09:36:27 | 001,227,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dx8vb.dll
[2010.12.08 20:16:57 | 000,114,243 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.12.08 20:16:57 | 000,097,859 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010.12.05 08:57:34 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
 
========== Files Created - No Company Name ==========
 
[2010.12.31 14:14:49 | 000,178,798 | ---- | C] () -- C:\Users\Brauny\Desktop\Unbenannt.jpg
[2010.12.31 13:40:28 | 000,001,730 | ---- | C] () -- C:\Users\Brauny\Desktop\cc_20101231_134026.reg
[2010.12.31 13:40:15 | 000,016,592 | ---- | C] () -- C:\Users\Brauny\Desktop\cc_20101231_134014.reg
[2010.12.30 22:13:53 | 070,451,014 | ---- | C] () -- C:\Users\Brauny\Desktop\ModpackExtremv1_4.rar
[2010.12.30 19:11:34 | 002,496,077 | ---- | C] () -- C:\Users\Brauny\Desktop\SAMERS IV.rar
[2010.12.30 19:10:43 | 001,161,603 | ---- | C] () -- C:\Users\Brauny\Desktop\Monster-ambulan.rar
[2010.12.30 14:55:32 | 000,207,233 | ---- | C] () -- C:\Users\Brauny\Desktop\Medic.exe
[2010.12.30 14:45:40 | 000,000,684 | ---- | C] () -- C:\Users\Brauny\Desktop\Medic.ahk
[2010.12.30 00:28:45 | 000,774,144 | ---- | C] () -- C:\Windows\System32\NEROINSTAEC43759.DB
[2010.12.30 00:28:16 | 000,001,024 | ---- | C] () -- C:\Users\Brauny\.rnd
[2010.12.30 00:11:03 | 002,944,540 | ---- | C] () -- C:\Users\Brauny\Desktop\1293623998_F4E Phantom II.rar
[2010.12.30 00:06:48 | 000,932,550 | ---- | C] () -- C:\Users\Brauny\Desktop\1293483522_Mig31 Foxhound(2).rar
[2010.12.30 00:05:01 | 000,481,575 | ---- | C] () -- C:\Users\Brauny\Desktop\1293483522_Mig31 Foxhound.rar
[2010.12.29 19:06:29 | 000,000,454 | ---- | C] () -- C:\Users\Brauny\Desktop\cc_20101229_190628.reg
[2010.12.29 19:03:28 | 000,002,474 | ---- | C] () -- C:\Users\Brauny\Desktop\cc_20101229_190326.reg
[2010.12.29 19:03:12 | 000,000,568 | ---- | C] () -- C:\Users\Brauny\Desktop\cc_20101229_190310.reg
[2010.12.29 19:02:56 | 000,002,068 | ---- | C] () -- C:\Users\Brauny\Desktop\cc_20101229_190253.reg
[2010.12.29 19:02:32 | 000,072,262 | ---- | C] () -- C:\Users\Brauny\Desktop\cc_20101229_190223.reg
[2010.12.29 18:59:51 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.12.29 18:53:41 | 014,347,039 | ---- | C] () -- C:\Users\Brauny\Desktop\sa-mp-0.3c-install(2).exe
[2010.12.29 18:50:30 | 012,237,783 | ---- | C] () -- C:\Users\Brauny\Desktop\sa-mp-0.3c-install.exe
[2010.12.29 16:13:32 | 000,051,624 | ---- | C] () -- C:\Users\Brauny\Desktop\hud.txd
[2010.12.29 16:11:46 | 000,002,704 | ---- | C] () -- C:\Users\Brauny\.recently-used.xbel
[2010.12.29 16:00:12 | 000,000,160 | ---- | C] () -- C:\Users\Brauny\Desktop\siteM16.png
[2010.12.29 12:39:08 | 000,080,384 | ---- | C] () -- C:\Users\Brauny\Desktop\MBRCheck.exe
[2010.12.29 00:14:52 | 000,002,048 | ---- | C] () -- C:\Users\Brauny\Desktop\Insert Coin.srm
[2010.12.29 00:06:07 | 000,276,315 | ---- | C] () -- C:\Users\Brauny\Desktop\Insert Coin.zst
[2010.12.29 00:03:54 | 000,043,615 | ---- | C] () -- C:\Users\Brauny\Desktop\lips101.zip
[2010.12.29 00:02:48 | 002,097,664 | ---- | C] () -- C:\Users\Brauny\Desktop\Insert Coin.smc
[2010.12.29 00:02:41 | 000,347,844 | ---- | C] () -- C:\Users\Brauny\Desktop\Super Mario World.zip
[2010.12.29 00:02:09 | 000,191,741 | ---- | C] () -- C:\Users\Brauny\Desktop\Insert Coin v. 1.24.zip
[2010.12.28 19:24:27 | 013,991,102 | ---- | C] () -- C:\Users\Brauny\Desktop\sa-mp-0.3c-RC6-install.zip
[2010.12.28 18:52:58 | 000,452,492 | ---- | C] () -- C:\Users\Brauny\Desktop\TXDWorkshop4.5.rar
[2010.12.28 17:46:34 | 077,796,038 | ---- | C] () -- C:\Users\Brauny\Desktop\Straßen Backup.rar
[2010.12.28 17:42:09 | 000,000,234 | ---- | C] () -- C:\Users\Brauny\Desktop\sSda.png
[2010.12.28 15:01:55 | 000,210,222 | ---- | C] () -- C:\Users\Brauny\Documents\ts3_clientui-win32-12815-2010-12-28 15_01_55.538160.dmp
[2010.12.24 22:25:31 | 000,000,287 | ---- | C] () -- C:\Users\Brauny\Desktop\radardisc.png
[2010.12.23 21:20:28 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.05 08:56:00 | 000,233,472 | ---- | C] () -- C:\Windows\System32\MafiaSetup.exe
[2010.11.26 18:57:30 | 005,180,072 | ---- | C] () -- C:\Programme\KATALYST.EXE
[2010.11.26 18:57:30 | 000,022,862 | ---- | C] () -- C:\Programme\README.TXT
[2010.11.26 18:57:30 | 000,002,483 | ---- | C] () -- C:\Programme\POSTAL.INI
[2010.11.26 18:57:29 | 001,020,416 | ---- | C] () -- C:\Programme\POSTAL.EXE
[2010.11.26 18:57:29 | 000,008,718 | ---- | C] () -- C:\Programme\DEISL1.ISU
[2010.11.26 18:57:29 | 000,005,832 | ---- | C] () -- C:\Programme\WEBULLET.HTM
[2010.11.26 18:57:29 | 000,000,460 | ---- | C] () -- C:\Programme\WB.INI
[2010.11.11 16:55:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.11.03 19:31:07 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010.10.09 13:27:23 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.09 13:27:21 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.05.24 22:18:13 | 000,024,206 | ---- | C] () -- C:\Users\Brauny\AppData\Roaming\UserTile.png
[2010.05.10 13:12:53 | 000,000,094 | ---- | C] () -- C:\Users\Brauny\AppData\Local\fusioncache.dat
[2010.05.02 09:07:24 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.04.07 14:37:23 | 000,022,328 | ---- | C] () -- C:\Users\Brauny\AppData\Roaming\PnkBstrK.sys
[2010.04.05 21:12:55 | 000,001,356 | ---- | C] () -- C:\Users\Brauny\AppData\Local\d3d9caps.dat
[2010.04.05 12:49:31 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.04.05 12:49:04 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.04.01 13:18:42 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.03.31 19:11:02 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010.03.28 04:37:33 | 000,000,552 | ---- | C] () -- C:\Users\Brauny\AppData\Local\d3d8caps.dat
[2010.03.18 11:51:23 | 000,462,249 | ---- | C] () -- C:\Users\Brauny\AppData\Roaming\SMW SRPI SNES.ips
[2010.03.03 04:06:00 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.01.25 16:46:51 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.01.16 19:49:22 | 000,040,960 | ---- | C] () -- C:\Users\Brauny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.07.24 09:02:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.06.12 20:36:38 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.04.12 07:41:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.04.12 07:30:20 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004.02.27 16:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
 
========== LOP Check ==========
 
[2010.10.24 17:41:35 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\.minecraft
[2010.10.12 20:59:33 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\Avnex
[2010.12.23 03:31:05 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\BITS
[2010.01.25 17:19:27 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\DAEMON Tools Lite
[2010.11.28 20:00:04 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\Downloaded Installations
[2010.12.24 23:49:39 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\ENBSeries Configurator for GTA San Andreas
[2010.11.03 19:31:03 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\FlashGet
[2010.11.03 19:30:59 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\FlashGetBHO
[2010.12.28 00:02:13 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\Foxit
[2010.11.14 15:01:30 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\GetRightToGo
[2010.12.25 11:34:30 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\gtk-2.0
[2010.12.24 15:12:03 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\HLSW
[2010.12.29 18:35:16 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\IrfanView
[2010.05.24 22:18:13 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\PeerNetworking
[2010.01.17 09:02:39 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\runic games
[2010.03.14 17:17:29 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\smc
[2010.04.08 23:10:46 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\Sony
[2010.04.08 23:08:04 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\Sony Setup
[2010.01.17 13:08:08 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\Subversion
[2010.02.25 15:49:55 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\TeamViewer
[2010.05.15 16:14:41 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\Teeworlds
[2010.02.17 14:19:26 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\The Creative Assembly
[2010.06.27 19:24:06 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\TS3Client
[2010.04.23 18:25:24 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\TubeBox
[2010.10.10 12:11:09 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\TuneUp Software
[2010.04.01 13:04:00 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\Uniblue
[2010.07.15 13:05:14 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\Unity
[2010.10.07 20:55:36 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\WindSolutions
[2010.12.31 01:57:49 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Code:
OTL Extras logfile created on: 31.12.2010 20:48:21 - Run 4
OTL by OldTimer - Version 3.2.18.0    Folder = C:\Users\Brauny\Desktop\Alle Ordner\Anti mal und spamware
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 581,17 Gb Total Space | 272,02 Gb Free Space | 46,81% Space Free | Partition Type: NTFS
Drive D: | 14,99 Gb Total Space | 2,79 Gb Free Space | 18,64% Space Free | Partition Type: FAT32
 
Computer Name: BRAUNY-PC | User Name: Brauny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18D8B309-1F10-43AF-BD58-816B23D2BA85}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server |
"{60185C11-81FD-44E2-8829-D72BE8E97C54}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) |
"{77881CE2-49D0-4300-B296-7584E61D9171}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{79F9F2B1-FFDB-4B94-9E92-33E7F5A9BEBA}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{A92A184E-2EDF-45F8-9781-D7B9EEEF1089}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{BFCC54E2-8064-4110-B1A6-AF39C16AF4C1}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) |
"{F4E97F4F-1827-4A2C-A878-8FAA9BE7560E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{FFD5E3EA-0C01-4DBF-A65F-1D7B3ADC1B17}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0015B30F-2C2E-43BE-A908-A16F66E3F83A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{019A3477-E66C-4603-9E3A-DCE9FDFA34D6}" = protocol=6 | dir=in | app=c:\starcraft ii\starcraft ii.exe |
"{04A7C978-F044-4FD4-8D5F-E9FBC5C5FE1E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{075ED6B4-9D3E-4297-8B85-C90A709D2C5D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{084A3554-9D06-4EFC-8959-A69BA0A9E3DF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B7AAD56-7B6D-4D29-8E41-C363620B153F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0CDF5960-7FD7-406D-96AD-7061F8E7D2C9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0F04B2F1-707D-41AE-A384-566DB9B29222}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{0F404EA9-3F07-4667-A789-4A7E9C9E2709}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{11F8D904-0456-46B0-BD7B-E72DD9EAD9DB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D8C49FC-EB02-4CC8-A96A-8A229B39BA5F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2391E4BF-D0B5-49AA-A738-FE9086DDB235}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{24B9FD5B-9A3F-4C11-9D59-75BE7985E484}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{269A4FCF-1E07-4531-A252-A174A97AC02A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{27C03EE0-0C58-4C73-82E4-EA736998F478}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{28A602AD-6EAF-4478-87A4-F8A88A21070F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{29C59390-C436-4B84-BBFD-0682CB9BB551}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{30007948-BD6D-4347-BFAA-379731AA9DFC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3000EFBB-095C-490B-A9DC-021F1AB4541C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw.exe |
"{31FB10EE-957B-4746-A23E-F9D0FC389A1F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe |
"{320C7255-94E8-4CAF-AB2C-E16834D16EE9}" = protocol=6 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe |
"{332A233B-B2F3-4DC8-8EA5-F3FCB30F5895}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{37047DE3-7AFC-4201-A489-506BCC9A4CEF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3862D832-BAE1-46A8-A8CE-6F495B6F8EAA}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{3A4AE8C6-E383-40B4-94E4-CC025828F2E2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\help.htm |
"{3D7ED399-2B0D-42EF-A847-DD23556A17ED}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\help.htm |
"{3DFB454E-E253-490E-8817-7884C1F5A909}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4163060A-2CE9-4F79-AAA1-0FCDC52B53CB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\satansdevil\day of defeat\hl.exe |
"{418CE828-7DE0-4079-8577-72CD5267F8B3}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{47587DFB-9FD1-4B3D-8547-E40AE6C132B8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torched\editor.exe |
"{490211D8-AD58-4ABE-8086-1660E7C6B324}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5694E7C5-9FF9-4CCE-8D76-54CC5DDA8FF6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57ACC302-6672-49C4-8926-5170A629CA18}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw.exe |
"{5838F3FC-919B-4C6E-ABE8-FBA1BB05B5D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D52019D-1325-409E-BB9A-025DF89295B5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5DDB32D2-A019-4214-BEB8-9B4B3B0BE92C}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{5DE62AF9-E7CC-480A-888F-CAA22BD5E5D9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{60DF8CF5-6804-4E26-B125-0275F6CC3BEF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{630617CF-9BC1-4729-ADE4-0D7A28B04E28}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{661F07DD-C536-4834-8663-39658DF38C80}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest immortal throne\help.htm |
"{67354739-9435-471F-9741-3C6C786FB1A6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{67521540-DDEB-4E98-8C50-78FC948445A2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\satansdevil\day of defeat\hl.exe |
"{795C97F8-A0F0-4379-831C-05E83EAE9C5C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7C54F273-DE94-4992-8CF2-F19186562C2A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7F4EA9FA-D2F1-4A20-B574-5B48B4B5A100}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7FB79324-EEDB-477A-AD42-241BBE4F6B4E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{83B18C70-4E8E-4B86-88BA-A33EEC073C83}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{83F9FA0C-6EA1-4912-82B0-DB378A8FF663}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8400D72A-3DBE-4209-AF6E-24130861A2D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{84D933F7-5F34-47BC-96D1-DA6DF116E75E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A99ADF7-3C63-43B9-9912-BF3BF91D172A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BD2374E-CBBA-48A9-A685-F908D2DA541B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest immortal throne\help.htm |
"{8BEF610C-0359-4A45-91ED-F8D2C3BF0DC3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8DB1D253-6DE8-4362-8529-A422FDEF86E1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\satansdevil\garrysmod\hl2.exe |
"{8E86D4FC-C764-4346-B93C-09323B8CD204}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{927CB7BD-D2E0-4943-ADFA-B7A708C3A550}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{94638789-C49C-48B4-8084-24440A415618}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{97122998-E718-47FE-B957-81AA96BEEB5D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{98477BA8-2D27-483D-8237-A8948ABC0ECE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{98EE0D59-D4BE-4FC1-9030-245A5A7B0DAD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trine\trine_launcher.exe |
"{9D7B9A3B-0B9F-4CD2-BFD1-EFD1D4522A0F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9DB41C33-56C1-43CF-A2AB-2E7098270090}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9DF25309-D057-4D2F-9948-5A44C7A11F8D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest immortal throne\tqit.exe |
"{9E2B576C-2892-403B-B0EF-0A6F20673ADF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trine\trine_launcher.exe |
"{A647D6E6-7BBF-4175-95E6-368F6A34FB87}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A93092A0-C85E-431A-828C-8F088A7AF84B}" = protocol=17 | dir=in | app=c:\starcraft ii\starcraft ii.exe |
"{AECF544E-DD0B-4DE3-A1C5-CE03BF27A8A6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AED8C1C0-1918-4EFF-B72E-74C3A0EE4F58}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest immortal throne\tqit.exe |
"{AF216EE2-521A-4BA4-8E20-996CC5382DA9}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{B8D68992-B9D1-4B95-AF1B-7A11DB5B0651}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\satansdevil\garrysmod\hl2.exe |
"{BA789A8F-47BF-4EF2-A3E1-B7D5FE34A454}" = protocol=17 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe |
"{BC9FACD4-BAA8-4D0E-9176-EDECF3CECAE2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{C5C802C9-7280-4E60-A19A-D2E735B9C1FD}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{CC4D1298-CE1F-4418-B824-64D0C9FCDCFC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD09CE19-5BE4-406E-B8D9-B686903BF022}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D0120BF9-49D8-461B-B637-B431C0D57FBA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{D1668BF5-3F95-4768-906B-CDD7B9134559}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5BC38ED-3D08-4472-BF52-3416BEA78839}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5E1EB80-E488-4689-9C8E-8A69C502B61E}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{D5E4BCD6-AE50-45E0-A297-9DFD6036FACA}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{DCD2D5D4-407C-4A11-B4DE-70AA959E51F4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DDD7B56B-DDA3-49C6-9D88-75E6BCCE7590}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{E356EADC-4DBC-426C-A21A-71DDCD882967}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E3EFEBC3-E137-4213-B262-68C75785AA06}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E88CF489-A548-451B-94CD-1949E96C2CAA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torched\editor.exe |
"{E92A05F7-052B-4ADA-AC96-78DEDF0777F7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe |
"{ECAE8295-A0A4-4FE2-9060-6D3A5603E86C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED9C17F4-9E77-4A69-A4E6-E8C2DBBB5CEB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F6EAAB43-C41F-4EFF-8A2A-331EE16A91D2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{FA7B874D-2C26-4EAE-BC0F-5FDFFDB2721D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"TCP Query User{00FBF39C-E456-4676-89AA-3CE1B0E92D9E}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{0B00423C-14F0-4355-8352-E10F3DA36B59}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{14B3D75E-AED7-4ABB-9B1C-97F87E5901D0}C:\users\public\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\launcher.exe |
"TCP Query User{3C9CD4E3-BEFF-4E2C-A002-475EAF823ADE}C:\program files\steam\steamapps\common\titan quest\titan quest.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\titan quest.exe |
"TCP Query User{4219818A-225D-42A1-86FF-599B56EF760D}C:\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\starcraft\starcraft.exe |
"TCP Query User{5DF21010-E94B-42C3-97C5-B0478348FDA3}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{779332E5-E980-4D83-83EF-831138F025D6}C:\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\starcraft ii\versions\base16605\sc2.exe |
"TCP Query User{C50E8E54-17B6-4F2A-A50D-01DA802DD7E2}C:\program files\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"TCP Query User{CC7A1841-6F23-4D37-9CD6-C8B0EDBB495C}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe.exe |
"TCP Query User{DC26D9A1-E676-4691-B886-77F5A234304D}C:\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{DE70B447-D396-490F-BA54-49F311DE6D75}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{DE84835B-EC48-40EB-8CE5-41E416450DD8}C:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"TCP Query User{FD6C44BC-4A25-41A9-B8D8-7DD9F05A1A62}C:\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=c:\starcraft ii\versions\base16561\sc2.exe |
"UDP Query User{1409DF71-9998-41E8-90CD-33DDD54D9157}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{303A4053-CBB9-40F9-86E8-D5780E63050D}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{35B57E77-41E3-43BD-90A8-5C6489B43068}C:\users\public\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\launcher.exe |
"UDP Query User{3A026671-C200-4A50-B999-2A6E234A275F}C:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{5F9EA9E9-4C91-4659-9C7D-5B4D1FB9EB86}C:\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\starcraft\starcraft.exe |
"UDP Query User{600B51AD-3439-4885-A9D7-EAFC73203825}C:\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{9054F45D-FC3F-431E-AE66-2BC04FC87B2B}C:\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=c:\starcraft ii\versions\base16561\sc2.exe |
"UDP Query User{97F16B50-4249-40EF-B923-DA6BF9D67C3C}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{AC8A45D4-D32E-4706-AB49-E1C5B41CF89E}C:\program files\steam\steamapps\common\titan quest\titan quest.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\titan quest\titan quest.exe |
"UDP Query User{B40390C6-9C4B-4014-A2B4-3B4158959097}C:\program files\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"UDP Query User{BCBB972E-6791-411C-AD20-DCF4CD170BEC}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{DD97E332-F69B-4CA3-B3C6-9876BE8CB927}C:\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\starcraft ii\versions\base16605\sc2.exe |
"UDP Query User{FADBA5B6-08B4-4274-8E08-CD430E29F5DE}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{090EFAEF-E0C1-5311-7A96-817BC18B43BB}" = ccc-utility
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{19666E73-D9E5-44D4-8F33-037ED151ECBC}" = Firebird SQL Server - MAGIX Edition
"{1BF43B74-1EDE-060E-A612-56A116A381F8}" = Catalyst Control Center Core Implementation
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{437220AC-2A97-8338-E012-74B8DF30E9DA}" = Catalyst Control Center InstallProxy
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4E2CD272-0F2F-98EA-9596-510EF0D24E28}" = ccc-core-static
"{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin Wireless USB Adapter Setup
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72C02F89-9E8E-2DBD-11D7-EB5F075FE081}" = Catalyst Control Center Graphics Previews Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C19FFB1-25FC-43FC-AC78-919E5E2A6DD0}" = TortoiseSVN 1.6.6.17493 (32 bit)
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"{9DD16C0E-B9E7-417C-0C30-E57916C353E3}" = CCC Help English
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A1E1D1EE-3F04-CC1A-8498-0D48463F579D}" = Catalyst Control Center Localization All
"{A680643A-1155-02F6-6B29-BF4FBA1190E8}" = Catalyst Control Center Graphics Full Existing
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{ABB6F00C-9722-82C2-FE1E-893313CCF612}" = Catalyst Control Center Graphics Light
"{B04836D8-4170-D430-6297-3DD084AAEC09}" = Catalyst Control Center Graphics Full New
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BCC78381-4B63-5352-BF57-BDBF7A77823A}" = Catalyst Control Center HydraVision Full
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE03D1DC-FD8D-2F5C-5FAD-02570BA0383B}" = Catalyst Control Center InstallProxy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EE02955B-74BC-3995-6B67-2A9D1651D4F5}" = Catalyst Control Center Graphics Previews Vista
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F34D6DAE-7777-5C40-E143-8A0D6A048F75}" = ATI Catalyst Install Manager
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AutoHotkey" = AutoHotkey 1.0.48.05
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"EAX Unified" = EAX Unified
"FlashGet 3.5" = FlashGet 3.5
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps (remove only)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"PROHYBRIDR" = 2007 Microsoft Office system
"RPGAdvocates_RTP_1.0" = Common RTP 1.0
"StarCraft II" = StarCraft II
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 240" = Counter-Strike: Source
"Steam App 30" = Day of Defeat
"Steam App 300" = Day of Defeat: Source
"Steam App 35700" = Trine
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 41500" = Torchlight
"Steam App 41520" = Torchlight Editor
"Steam App 440" = Team Fortress 2
"Steam App 4540" = Titan Quest
"Steam App 4550" = Titan Quest: Immortal Throne
"Steam App 4700" = Medieval II: Total War
"Steam App 4760" = Rome: Total War - Gold Edition
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unlocker" = Unlocker 1.8.9
"VTFEdit_is1" = VTFEdit 1.2.5
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.12.2010 17:00:58 | Computer Name = Brauny-PC | Source = Application Hang | ID = 1002
Description = Programm StarCraft II.exe, Version 2.1.2.2105 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 83c  Anfangszeit: 01cba6d24d458ca3  Zeitpunkt
 der Beendigung: 0
 
Error - 28.12.2010 19:30:46 | Computer Name = Brauny-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 29.12.2010 06:17:22 | Computer Name = Brauny-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 29.12.2010 13:25:10 | Computer Name = Brauny-PC | Source = VSS | ID = 8194
Description =
 
Error - 29.12.2010 14:10:04 | Computer Name = Brauny-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 29.12.2010 19:18:28 | Computer Name = Brauny-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung gta_sa.exe, Version 0.0.0.0, Zeitstempel 0x427101ca,
 fehlerhaftes Modul gta_sa.exe, Version 0.0.0.0, Zeitstempel 0x427101ca, Ausnahmecode
 0xc0000005, Fehleroffset 0x00346929,  Prozess-ID 0x1204, Anwendungsstartzeit 01cba7aeb2f4df48.
 
Error - 29.12.2010 19:18:32 | Computer Name = Brauny-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung gta_sa.exe, Version 0.0.0.0, Zeitstempel 0x427101ca,
 fehlerhaftes Modul gta_sa.exe, Version 0.0.0.0, Zeitstempel 0x427101ca, Ausnahmecode
 0xc0000005, Fehleroffset 0x00346929,  Prozess-ID 0xd80, Anwendungsstartzeit 01cba7aeb57eb6a8.
 
Error - 30.12.2010 05:52:18 | Computer Name = Brauny-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 30.12.2010 17:20:10 | Computer Name = Brauny-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung gta_sa.exe, Version 0.0.0.0, Zeitstempel 0x427101ca,
 fehlerhaftes Modul gta_sa.exe, Version 0.0.0.0, Zeitstempel 0x427101ca, Ausnahmecode
 0xc0000005, Fehleroffset 0x00346929,  Prozess-ID 0x129c, Anwendungsstartzeit 01cba867561e8dac.
 
Error - 31.12.2010 08:03:49 | Computer Name = Brauny-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 29.12.2010 06:17:23 | Computer Name = Brauny-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 29.12.2010 06:17:23 | Computer Name = Brauny-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 29.12.2010 13:15:54 | Computer Name = Brauny-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.3 für die Netzwerkkarte mit der Netzwerkadresse
 94445243D62A wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 29.12.2010 14:10:06 | Computer Name = Brauny-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 29.12.2010 14:10:06 | Computer Name = Brauny-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 30.12.2010 05:52:18 | Computer Name = Brauny-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 30.12.2010 05:52:18 | Computer Name = Brauny-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 30.12.2010 07:50:02 | Computer Name = Brauny-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.6 für die Netzwerkkarte mit der Netzwerkadresse
 94445243D62A wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 31.12.2010 08:03:49 | Computer Name = Brauny-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 31.12.2010 08:03:49 | Computer Name = Brauny-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >

Mein Internet läuft aber grade wieder perfekt =)

Brauny 01.01.2011 13:58
und mal wieder ist mein internet grade richtig schlecht :(

würde echt gern wissen woran das liegen kann

rea 01.01.2011 15:17
qip.ru, da hast du haufenweise Einträge, zb deine Internetstartseite im IE. Brauchst du das unbedingt? Wenn nicht, führe Schritt 1 durch, das sollte qip.ru entfernen.



1.) Fixen mit OTL
  • Starte bitte die OTL.exe.
    Vista-&Win7-User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt der folgenden Codebox in die Benutzerdefinierte Scans/Fixes - Textbox.


    Code:
    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://qip.ru
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
    IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
    IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Brauny\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
    FF - prefs.js..browser.search.defaultenginename: "QIP Search"
    FF - prefs.js..keyword.URL: "hxxp://search.qip.ru/search?from=FF&query="
    [2010.12.05 20:51:42 | 000,002,062 | ---- | M] () -- C:\Users\Brauny\AppData\Roaming\Mozilla\FireFox\Profiles\fr2rqa3m.default\searchplugins\qip-search.xml
    O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Brauny\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
    O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
    O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
    O33 - MountPoints2\{5f0589ac-02cd-11df-96cc-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{5f0589ac-02cd-11df-96cc-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Installer.exe -- File not found
    O33 - MountPoints2\{fa799ce1-09cb-11df-a2a2-002421e021bd}\Shell - "" = AutoRun
    O33 - MountPoints2\{fa799ce1-09cb-11df-a2a2-002421e021bd}\Shell\AutoRun\command - "" = J:\MafiaLauncher.EXE -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
    [2010.12.17 08:37:34 | 000,000,000 | ---D | C] -- C:\Users\Brauny\Documents\Hitman Blood Money
    [2010.12.17 08:28:38 | 000,000,000 | ---D | C] -- C:\Programme\Eidos
    [2010.12.05 20:50:50 | 000,000,000 | ---D | C] -- C:\Programme\QIP 2010
    [2010.12.29 18:59:22 | 002,976,440 | ---- | M] (Piriform Ltd) -- C:\Users\Brauny\Desktop\ccsetup302.exe
    [2010.12.29 16:04:19 | 001,474,048 | ---- | M] (Irfan Skiljan) -- C:\Users\Brauny\Desktop\iview428_setup.exe
    [2010.10.10 12:11:09 | 000,000,000 | ---D | M] -- C:\Users\Brauny\AppData\Roaming\TuneUp Software
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf OK.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.





2.) CKScanner
Downloade dir bitte CKScanner

Wichtig: Save Speichere die Datei am Desktop.
  • Doppelklick auf die CKScanner.exe und klicke auf Search For Files.
  • Danach klick auf Save List To File.
  • Es wird eine Box aufpoppen was dir mitteilt das die Datei gespeichert wurde (file saved)
  • Öffne die CKFiles.txt auf deinem Desktop und poste den Inhalt hier.





Arbeite folgende Anleitung ab (Mit dem CCleaner kannst du überspringen): PC wird immer langsamer, was tun. Auch wenn das das Problem nicht lösen wird, kanns dennoch nicht schaden.





Warum diese ganzen Rar und Zip und sonstige Dateien auf deinem Desktop?
Code:
[2010.12.30 22:20:58 | 070,451,014 | ---- | M] () -- C:\Users\Brauny\Desktop\ModpackExtremv1_4.rar
[2010.12.30 19:11:41 | 002,496,077 | ---- | M] () -- C:\Users\Brauny\Desktop\SAMERS IV.rar
[2010.12.30 19:10:45 | 001,161,603 | ---- | M] () -- C:\Users\Brauny\Desktop\Monster-ambulan.rar
[2010.12.30 00:12:06 | 002,944,540 | ---- | M] () -- C:\Users\Brauny\Desktop\1293623998_F4E Phantom II.rar
[2010.12.30 00:08:10 | 000,932,550 | ---- | M] () -- C:\Users\Brauny\Desktop\1293483522_Mig31 Foxhound(2).rar
[2010.12.30 00:06:22 | 000,481,575 | ---- | M] () -- C:\Users\Brauny\Desktop\1293483522_Mig31 Foxhound.rar
[2010.12.29 00:14:54 | 000,002,048 | ---- | M] () -- C:\Users\Brauny\Desktop\Insert Coin.srm
[2010.12.29 00:14:47 | 000,276,315 | ---- | M] () -- C:\Users\Brauny\Desktop\Insert Coin.zst
[2010.12.29 00:04:35 | 002,097,664 | ---- | M] () -- C:\Users\Brauny\Desktop\Insert Coin.smc
[2010.12.29 00:03:54 | 000,043,615 | ---- | M] () -- C:\Users\Brauny\Desktop\lips101.zip
[2010.12.29 00:02:44 | 000,347,844 | ---- | M] () -- C:\Users\Brauny\Desktop\Super Mario World.zip
[2010.12.29 00:02:14 | 000,191,741 | ---- | M] () -- C:\Users\Brauny\Desktop\Insert Coin v. 1.24.zip
[2010.12.28 19:25:49 | 013,991,102 | ---- | M] () -- C:\Users\Brauny\Desktop\sa-mp-0.3c-RC6-install.zip
[2010.12.28 18:52:59 | 000,452,492 | ---- | M] () -- C:\Users\Brauny\Desktop\TXDWorkshop4.5.rar
[2010.12.28 17:52:10 | 077,796,038 | ---- | M] () -- C:\Users\Brauny\Desktop\Straßen Backup.rar







Übrigens: Lies dir bitte nochmal die Hinweise durch:
Installiere während der Bereinigung keine weiteren Programme, ausser denen, die wir dir für die Bereinigung anordnen.
Von Irfan View war hier nirgendwo die Rede...

Brauny 01.01.2011 15:56
Code:
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
C:\Users\Brauny\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
Prefs.js: "QIP Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.qip.ru/search?from=FF&query=" removed from keyword.URL
C:\Users\Brauny\AppData\Roaming\Mozilla\FireFox\Profiles\fr2rqa3m.default\searchplugins\qip-search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.
File C:\Users\Brauny\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f0589ac-02cd-11df-96cc-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f0589ac-02cd-11df-96cc-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f0589ac-02cd-11df-96cc-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f0589ac-02cd-11df-96cc-806e6f6e6963}\ not found.
File H:\Installer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa799ce1-09cb-11df-a2a2-002421e021bd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa799ce1-09cb-11df-a2a2-002421e021bd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fa799ce1-09cb-11df-a2a2-002421e021bd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa799ce1-09cb-11df-a2a2-002421e021bd}\ not found.
File J:\MafiaLauncher.EXE not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
C:\Users\Brauny\Documents\Hitman Blood Money\Profiles\Brauny folder moved successfully.
C:\Users\Brauny\Documents\Hitman Blood Money\Profiles folder moved successfully.
C:\Users\Brauny\Documents\Hitman Blood Money folder moved successfully.
C:\Programme\Eidos\Hitman Blood Money folder moved successfully.
Folder move failed. C:\Programme\Eidos scheduled to be moved on reboot.
C:\Programme\QIP 2010\Sounds\QIP Infium sounds folder moved successfully.
C:\Programme\QIP 2010\Sounds folder moved successfully.
C:\Programme\QIP 2010\Smilies\QIP Infium smilies folder moved successfully.
C:\Programme\QIP 2010\Smilies folder moved successfully.
C:\Programme\QIP 2010\Skins\QIP2005 folder moved successfully.
C:\Programme\QIP 2010\Skins\QIP folder moved successfully.
C:\Programme\QIP 2010\Skins folder moved successfully.
C:\Programme\QIP 2010\Protos\XIMSS folder moved successfully.
C:\Programme\QIP 2010\Protos\Social folder moved successfully.
C:\Programme\QIP 2010\Protos\MRA\Clients folder moved successfully.
C:\Programme\QIP 2010\Protos\MRA folder moved successfully.
C:\Programme\QIP 2010\Protos\Jabber\Clients folder moved successfully.
C:\Programme\QIP 2010\Protos\Jabber folder moved successfully.
C:\Programme\QIP 2010\Protos\InfICQ\Clients folder moved successfully.
C:\Programme\QIP 2010\Protos\InfICQ folder moved successfully.
C:\Programme\QIP 2010\Protos folder moved successfully.
C:\Programme\QIP 2010\Profiles\techn-on@qip.ru\RcvdFiles folder moved successfully.
C:\Programme\QIP 2010\Profiles\techn-on@qip.ru\Jabber folder moved successfully.
C:\Programme\QIP 2010\Profiles\techn-on@qip.ru\ICQ\Traf folder moved successfully.
C:\Programme\QIP 2010\Profiles\techn-on@qip.ru\ICQ folder moved successfully.
C:\Programme\QIP 2010\Profiles\techn-on@qip.ru\History\Archive folder moved successfully.
C:\Programme\QIP 2010\Profiles\techn-on@qip.ru\History folder moved successfully.
C:\Programme\QIP 2010\Profiles\techn-on@qip.ru\BackupCL folder moved successfully.
C:\Programme\QIP 2010\Profiles\techn-on@qip.ru folder moved successfully.
C:\Programme\QIP 2010\Profiles\ICQ\Traf folder moved successfully.
C:\Programme\QIP 2010\Profiles\ICQ folder moved successfully.
C:\Programme\QIP 2010\Profiles folder moved successfully.
C:\Programme\QIP 2010\Core\XStatuses folder moved successfully.
C:\Programme\QIP 2010\Core folder moved successfully.
Folder move failed. C:\Programme\QIP 2010 scheduled to be moved on reboot.
C:\Users\Brauny\Desktop\ccsetup302.exe moved successfully.
C:\Users\Brauny\Desktop\iview428_setup.exe moved successfully.
C:\Users\Brauny\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\Cache folder moved successfully.
C:\Users\Brauny\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens folder moved successfully.
C:\Users\Brauny\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\LogoAnimations\Cache folder moved successfully.
C:\Users\Brauny\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\LogoAnimations folder moved successfully.
C:\Users\Brauny\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\BootScreens\Cache folder moved successfully.
C:\Users\Brauny\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\BootScreens folder moved successfully.
C:\Users\Brauny\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler folder moved successfully.
C:\Users\Brauny\AppData\Roaming\TuneUp Software\TuneUp Utilities\StartUp Manager folder moved successfully.
C:\Users\Brauny\AppData\Roaming\TuneUp Software\TuneUp Utilities\Speed Optimizer folder moved successfully.
C:\Users\Brauny\AppData\Roaming\TuneUp Software\TuneUp Utilities\Program Statistics folder moved successfully.
C:\Users\Brauny\AppData\Roaming\TuneUp Software\TuneUp Utilities\Dashboard folder moved successfully.
C:\Users\Brauny\AppData\Roaming\TuneUp Software\TuneUp Utilities\Backups folder moved successfully.
C:\Users\Brauny\AppData\Roaming\TuneUp Software\TuneUp Utilities folder moved successfully.
C:\Users\Brauny\AppData\Roaming\TuneUp Software folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Brauny
->Temp folder emptied: 32632 bytes
->Temporary Internet Files folder emptied: 82322 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 86992679 bytes
->Flash cache emptied: 1254 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49632 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 83,00 mb
 

 
OTL by OldTimer - Version 3.2.18.0 log created on 01012011_154331

Files\Folders moved on Reboot...
Folder move failed. C:\Programme\Eidos scheduled to be moved on reboot.
Folder move failed. C:\Programme\QIP 2010 scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Code:
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
c:\program files\steam\steamapps\common\empire total war\data\ui\campaign ui\pips\military-crackdown-repression.tga
c:\program files\steam\steamapps\common\torchlight\torched\media\levelsets\props\lava_props\lava_cracked_ground.material
c:\program files\steam\steamapps\common\torchlight\torched\media\levelsets\props\lava_props\lava_cracked_ground.mesh
c:\program files\steam\steamapps\common\torchlight\torched\media\missiles\quakecrack.layout
c:\program files\steam\steamapps\common\torchlight\torched\media\missiles\quakecrack.layout.adm
c:\program files\steam\steamapps\common\torchlight\torched\media\particles\pieces\quakecracks.layout
c:\program files\steam\steamapps\common\torchlight\torched\media\spawnclasses\recipe_gem_any_cracked.dat
c:\program files\steam\steamapps\common\torchlight\torched\media\spawnclasses\recipe_gem_any_cracked.dat.adm
c:\program files\steam\steamapps\satansdevil\garrysmod\garrysmod\addons\sbep_models\models\slyfo\rover1_glasscrack.dx80.vtx
c:\program files\steam\steamapps\satansdevil\garrysmod\garrysmod\addons\sbep_models\models\slyfo\rover1_glasscrack.dx90.vtx
c:\program files\steam\steamapps\satansdevil\garrysmod\garrysmod\addons\sbep_models\models\slyfo\rover1_glasscrack.mdl
c:\program files\steam\steamapps\satansdevil\garrysmod\garrysmod\addons\sbep_models\models\slyfo\rover1_glasscrack.phy
c:\program files\steam\steamapps\satansdevil\garrysmod\garrysmod\addons\sbep_models\models\slyfo\rover1_glasscrack.sw.vtx
c:\program files\steam\steamapps\satansdevil\garrysmod\garrysmod\addons\sbep_models\models\slyfo\rover1_glasscrack.vvd
c:\program files\steam\steamapps\satansdevil\garrysmod\garrysmod\gamemodes\darkrp\entities\weapons\keypad_cracker\shared.lua
c:\program files\steam\steamapps\sourcemods\cspromod\materials\cspromod\nuke\dustcrackb.vmt
c:\program files\steam\steamapps\sourcemods\cspromod\materials\cspromod\nuke\dustcrackb.vtf
c:\users\brauny\desktop\alle ordner\alle\dada\crack.ifp
c:\users\brauny\desktop\alle ordner\alle\dada\crack.ipl
c:\users\brauny\desktop\alle ordner\alle\dada\crackbuild_sfs.dff
c:\users\brauny\desktop\alle ordner\alle\dada\crackdrive_sfse.txd
c:\users\brauny\desktop\alle ordner\alle\dada\crackfactdem_sfs.txd
c:\users\brauny\desktop\alle ordner\alle\dada\crackfactfence_sfs.dff
c:\users\brauny\desktop\alle ordner\alle\dada\crackfactjump_sfs.dff
c:\users\brauny\desktop\alle ordner\alle\dada\crackfacttanks2_sfs.dff
c:\users\brauny\desktop\alle ordner\alle\dada\crackfacttanks_sfs.dff
c:\users\brauny\desktop\alle ordner\alle\dada\crackfacttanks_sfs.txd
c:\users\brauny\desktop\alle ordner\alle\dada\crackfactvats_sfs.dff
c:\users\brauny\desktop\alle ordner\alle\dada\crackfactwalk.dff
c:\users\brauny\desktop\alle ordner\alle\dada\crackfactwalkb.dff
c:\users\brauny\desktop\alle ordner\alle\dada\crackfactwalkb.txd
c:\users\brauny\desktop\alle ordner\alle\dada\crackfactwalkc.dff
c:\users\brauny\desktop\alle ordner\alle\dada\crackfactwalkd.dff
c:\users\brauny\desktop\alle ordner\alle\dada\crackfactwalke.dff
c:\users\brauny\desktop\alle ordner\alle\dada\crackfact_sfs.dff
c:\users\brauny\desktop\alle ordner\alle\dada\crackfact_sfse.txd
c:\users\brauny\desktop\alle ordner\alle\dada\crackhseskid.dff
c:\users\brauny\desktop\alle ordner\alle\dada\crack_int1.dff
c:\users\brauny\desktop\alle ordner\alle\dada\crack_int2.dff
c:\users\brauny\desktop\alle ordner\alle\dada\crack_intkb.txd
c:\users\brauny\desktop\alle ordner\alle\dada\crack_int_sfse.txd
c:\users\brauny\desktop\alle ordner\alle\dada\crack_wins_sfs.dff
c:\users\brauny\desktop\alle ordner\alle\dada\laecrackmotel1.dff
c:\users\brauny\desktop\alle ordner\alle\dada\laecrackmotel4.dff
c:\users\brauny\desktop\alle ordner\alle\dada\lodcrackfact_sfs.dff
c:\users\brauny\desktop\alle ordner\alle\dada\lodxscrackmotel1.dff
c:\users\brauny\desktop\alle ordner\alle\dada\lodxscrackmotel4.dff
c:\users\brauny\desktop\alle ordner\backups gta\models\data\decision\craig\crack1.ped
c:\users\brauny\desktop\alle ordner\crack\stronghold crusader.exe
c:\users\brauny\desktop\alle ordner\crack\stronghold_crusader_extreme.exe
c:\users\brauny\desktop\alle ordner\starcraft\crack\scbw_syk0.rar
c:\users\brauny\desktop\rockstar games\grand theft auto san andreas\data\decision\craig\crack1.ped
scanner sequence 3.ZZ.11
 ----- EOF -----
Im Ordner alle befinden sich .txd und .dff dateien aus dem Spiel GTA San Andreas.

rea 01.01.2011 22:18
Was ist mit dem Rest? Du kannst, wenn du mit der Anleitung oben fertig bist noch diesen Scan hier machen:



Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
(Danke @ Larusso :))
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**

http://i266.photobucket.com/albums/i...ownload_FF.gif

http://i94.photobucket.com/albums/l8...x-Download.png
  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
    • Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
    • Bitte poste mir den Inhalt von C:\ComboFix.txt hier in den Thread.

rea 06.01.2011 17:05
Moin Brauny,

gehts hier noch weiter? Ansonsten lösche ich diesen Thread in einer Woche aus meinen Abos, damit ich wieder Platz für einen anderen User habe.

Brauny 09.01.2011 00:54
Ne geht schon.
Liegt anscheinend doch an unserer 2k Leitung, werde mir nun ein Lan Kabel besorgen.

rea 09.01.2011 01:02
Wie hast du das jetzt rausgefunden, dass es daran liegt? :) Kannst ja dann berichten, obs tatsächlich geholfen hat.


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:20 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131