Paules-PC-Forum.de Anzeige:

Microsoft Windows Intune: PC-Verwaltung und -Sicherheit in der Cloud: Updateverwaltung, Anti-Virus und vieles mehr!


Zurück   Paules-PC-Forum.de > PC-Sicherheit > Viren-Forum
Virus -> Festplatte beschädigt? + Logs [Windows Vista-32 bit] Virus -> Festplatte beschädigt? + Logs
Startseite Registrieren Hilfe Kalender Suchen Heutige Beiträge Alle Foren als gelesen markieren

Viren-Forum über Viren, Dialer, Trojaner, Spyware etc.

EM-Tippspiel

Paule bei Facebook


Paule bei Twitter

Navigation

Letzte Forenthemen
Gehe zum ersten neuen Beitrag PPF - Spiel "Wörter weiter...
Aufrufe: 26915, Antworten: 4218
Gehe zum ersten neuen Beitrag Algorithmen Teil IV...
Aufrufe: 3326, Antworten: 122
Gehe zum ersten neuen Beitrag Von Live CD Windowspfad...
Aufrufe: 312, Antworten: 19
Bundesliga-Tippspiel Saision...
Aufrufe: 7643, Antworten: 185
Gehe zum ersten neuen Beitrag Captur 2.2 (Snow Leo)
Aufrufe: 20, Antworten: 0
Gehe zum ersten neuen Beitrag Captur 2.3 (Lion)
Aufrufe: 23, Antworten: 0
Gehe zum ersten neuen Beitrag Acer Aspire 8745ZG fährt...
Aufrufe: 58, Antworten: 6
Gehe zum ersten neuen Beitrag Rechner fährt herunter,...
Aufrufe: 146, Antworten: 9
Gehe zum ersten neuen Beitrag avs4you_com Lizenz oder Abo?
Aufrufe: 71, Antworten: 4
Gehe zum ersten neuen Beitrag PPF - Shoppingwahn
Aufrufe: 50944, Antworten: 1395
Zeige:

Anzeige:




Antwort
Seite 1 von 3 1 23
 
LinkBack Themen-Optionen Ansicht
Alt 20.04.2011, 01:35   #1 (Direktlink)
Erfolgreich angemeldet
 
Registriert seit: 20.04.2011
Beiträge: 18
Standard Virus -> Festplatte beschädigt? + Logs
Hallo liebe "Paulaner",

Gestern kam mein 16 jähriger Bruder zu mir und meinte: "mein PC ist kaputt".

Ums kurz zu machen - Er hatte wohl irgendeine Spiele-Software von einem
Freund installiert und sich auf zwielichtigen Seiten rumgetrieben und sich dabei einen Virus eingefangen.

Der PC ist soweit bedienbar, büßt aber merklich an Leistung ein und viele Anwendungen stürzen bei Betrieb ab.

Das schlimmste ist wohl, dass scheinbar die meisten der "Eigenen Dateien" verschwunden sind.
Viele Verknüpfungen und Ordner auf dem Desktop sind weg, ebenso wie das Meiste aus seinem Benutzer-Ordner, sprich Musik Dokumente etc.

Seltsam ist, dass manche Ordner, welche keine Dateien enthalten in ihren Eigenschaften als sehr groß angezeigt werden, so als ob sie die Dateien noch enthalten.
Vom Volumen der Festplatte her ist also nichts verschwunden.

Er hatte mir gesagt, dass während der PC "in die Knie" ging eine Fehlermedlung auftrat,
die ungefähr so lautete wie: "Die Festplatte ist beschädigt. Bitte Starten Sie das System neu."

Ein Freund von mir hat mir empfohlen die Festplatte an ein anderes System anzuschliessen , um zu sehen ob sie noch funktioniert.
Ist das Ratsam? Kann das System dann nicht auch infiziert werden? Kann ich das verhindern?

Es wäre schön wenn man die Daten retten könnte, da auch viele Bilder und Videos dabei waren.



Jetzt zum für euch relevanten Teil:

Mein Bruder hat wohl direkt nach Auftreten des Problems eine Systemwiederherstellung durchgeführt - ohne Erfolg, wie es aussieht.

Ich hab dann "Phase I" eurer Anleitung durchgeführt. RSIT und MalwareBytes Logs folgen. Außerdem den Antivirguard von AVG und die Freeware Ausgabe von Avast (Außer MalwareBytes keine Funde).

RSIT Log:
Code:
Logfile of random's system information tool 1.08 (written by random/random)
Run by Stani at 2011-04-19 16:02:56
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 159 GB (33%) free of 477 GB
Total RAM: 3326 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:03:13, on 19.04.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\wuauclt.exe
C:\Programme II\FireFox\firefox.exe
C:\Programme II\FireFox\plugin-container.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\AVG\AVG10\avgui.exe
C:\Program Files\AVG\AVG10\avgscanx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Users\Stani\Desktop\RSIT.exe
C:\Program Files\trend micro\Stani.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme II\Orbitdownloader\orbitcth.dll
O2 - BHO: SparweltGutscheinAlarm.Sparwelt_Gutschein_Tool - {10945114-b19f-4614-8450-b25e444a1020} - mscoree.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme II\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [CAHeadless] C:\Programme II\PhotoshopElements8\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: &Download by Orbit - res://C:\Programme II\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme II\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme II\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme II\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme II\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme II\ICQ7.4\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Programme II\PhotoshopElements8\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\System32\bgsvcgen.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe

--
End of file - 8274 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Norton Security Scan for Stani.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Programme II\Orbitdownloader\orbitcth.dll [2011-01-13 241464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10945114-b19f-4614-8450-b25e444a1020}]
SparweltGutscheinAlarm.Sparwelt_Gutschein_Tool - C:\Windows\system32\mscoree.dll [2009-11-08 297808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll [2011-01-07 2731872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Programme II\Orbitdownloader\GrabPro.dll [2011-01-13 687808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-02-06 4374528]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe [2011-01-07 2747744]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-01-26 15026056]
"CAHeadless"=C:\Programme II\PhotoshopElements8\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe [2009-09-06 615808]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Programme II\AdobeReader\Reader\Reader_sl.exe [2009-12-22 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAHeadless]
C:\Programme II\PhotoshopElements8\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe [2009-09-06 615808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Programme II\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-09-01 1164584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Programme II\ICQ7.4\ICQ.exe [2011-03-11 119608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQUpdater]
C:\Users\Stani\AppData\Local\Temp\IcqUpdater.exe -update 1796 C:\PROGRA~4\ICQ6.5\updates C:\PROGRA~4\ICQ6.5 C:\PROGRA~4\ICQ6.5\ICQ.exe noupdater=1 /autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Programme II\iTunesHelper.exe [2010-09-01 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster]
C:\Program Files\Uniblue\RegistryBooster\launcher.exe delay 20000  []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Spiele\Steam\Steam.exe [2011-01-19 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HD Writer.lnk]
C:\PROGRA~1\COMMON~1\PANASO~1\HDWRIT~1\HDWRIT~1.EXE [2010-02-16 308640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Stani^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Stani^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-12-15 384000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Programme II\Orbitdownloader\orbitdm.exe"="C:\Programme II\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Programme II\Orbitdownloader\orbitnet.exe"="C:\Programme II\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2011-04-19 16:02:56 ----D---- C:\rsit
2011-04-19 16:02:56 ----D---- C:\Program Files\trend micro
2011-04-17 02:44:26 ----D---- C:\Windows\system32\Unleashed
2011-04-15 16:13:42 ----A---- C:\Windows\system32\atmlib.dll
2011-04-15 16:13:42 ----A---- C:\Windows\system32\atmfd.dll
2011-04-15 16:13:40 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-04-15 16:13:40 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-04-15 16:13:40 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-04-15 16:13:40 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-04-15 16:13:39 ----A---- C:\Windows\system32\mfc42u.dll
2011-04-15 16:13:39 ----A---- C:\Windows\system32\mfc42.dll
2011-04-15 16:13:38 ----A---- C:\Windows\system32\drivers\srv.sys
2011-04-15 16:13:37 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-04-15 16:13:37 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-04-15 16:13:36 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-04-15 16:13:36 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-04-15 16:13:36 ----A---- C:\Windows\system32\dnsapi.dll
2011-04-15 16:13:33 ----A---- C:\Windows\system32\mshtml.dll
2011-04-15 16:13:32 ----A---- C:\Windows\system32\wininet.dll
2011-04-15 16:13:32 ----A---- C:\Windows\system32\urlmon.dll
2011-04-15 16:13:32 ----A---- C:\Windows\system32\mshtmled.dll
2011-04-15 16:13:32 ----A---- C:\Windows\system32\ieframe.dll
2011-04-15 16:13:31 ----A---- C:\Windows\system32\mstime.dll
2011-04-15 16:13:31 ----A---- C:\Windows\system32\msfeeds.dll
2011-04-15 16:13:31 ----A---- C:\Windows\system32\iepeers.dll
2011-04-15 16:13:31 ----A---- C:\Windows\system32\ieencode.dll
2011-04-15 16:13:31 ----A---- C:\Windows\system32\ieapfltr.dll
2011-04-15 16:13:28 ----A---- C:\Windows\system32\win32k.sys
2011-04-15 16:13:27 ----A---- C:\Windows\system32\vbscript.dll
2011-04-15 16:13:26 ----A---- C:\Windows\system32\jscript.dll
2011-04-15 16:13:23 ----A---- C:\Windows\system32\inetcomm.dll
2011-04-03 16:43:41 ----ASH---- C:\hiberfil.sys
2011-04-03 10:22:21 ----D---- C:\ProgramData\gLe31001jLdEc31001
2011-03-23 13:42:30 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-03-23 13:42:30 ----A---- C:\Windows\system32\FntCache.dll
2011-03-23 13:42:30 ----A---- C:\Windows\system32\DWrite.dll

======List of files/folders modified in the last 1 months======

2011-04-19 16:03:14 ----D---- C:\Windows\Temp
2011-04-19 16:03:10 ----D---- C:\Windows\Prefetch
2011-04-19 16:02:56 ----RD---- C:\Program Files
2011-04-19 07:28:39 ----D---- C:\Windows\System32
2011-04-19 07:28:38 ----D---- C:\Programme II
2011-04-19 07:09:48 ----SHD---- C:\System Volume Information
2011-04-19 07:07:04 ----D---- C:\Windows\inf
2011-04-19 07:07:04 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-04-19 07:04:27 ----D---- C:\Windows\system32\drivers\AVG
2011-04-19 07:03:58 ----D---- C:\Users\Stani\AppData\Roaming\Skype
2011-04-19 07:02:57 ----HD---- C:\Users\Stani\AppData\Roaming\skypePM
2011-04-19 07:00:48 ----HD---- C:\Users\Stani\AppData\Roaming\WTablet
2011-04-19 07:00:44 ----D---- C:\ProgramData\NVIDIA
2011-04-19 07:00:39 ----D---- C:\Windows\system32\spool
2011-04-19 07:00:02 ----D---- C:\Windows\system32\Msdtc
2011-04-19 06:59:59 ----D---- C:\Windows\system32\wbem
2011-04-19 06:59:59 ----D---- C:\Windows
2011-04-19 06:53:25 ----D---- C:\Windows\system32\config
2011-04-19 06:52:52 ----SHD---- C:\Windows\Installer
2011-04-19 06:52:52 ----D---- C:\Windows\Tasks
2011-04-19 06:52:52 ----D---- C:\Windows\system32\catroot2
2011-04-19 06:52:39 ----D---- C:\Users\Stani\AppData\Roaming\vlc
2011-04-19 06:52:39 ----D---- C:\Users\Stani\AppData\Roaming\Thunderbird
2011-04-19 06:52:36 ----D---- C:\Users\Stani\AppData\Roaming\Hamachi
2011-04-19 06:52:36 ----D---- C:\Users\Stani\AppData\Roaming\Elluminate
2011-04-19 06:52:34 ----D---- C:\Spiele
2011-04-19 06:52:33 ----HD---- C:\ProgramData\~0
2011-04-19 06:52:33 ----HD---- C:\ProgramData
2011-04-19 06:52:03 ----D---- C:\Windows\registration
2011-04-19 06:17:05 ----D---- C:\Windows\system32\drivers
2011-04-19 05:09:48 ----RSD---- C:\Windows\assembly
2011-04-19 05:03:25 ----HD---- C:\Users\Stani\AppData\Roaming\ICQ
2011-04-18 19:09:43 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-04-18 19:04:25 ----SD---- C:\ProgramData\Microsoft
2011-04-18 03:02:22 ----D---- C:\Windows\winsxs
2011-04-17 02:53:47 ----SD---- C:\Users\Stani\AppData\Roaming\Microsoft
2011-04-16 07:54:23 ----D---- C:\Windows\Microsoft.NET
2011-04-16 03:04:22 ----D---- C:\Windows\system32\catroot
2011-04-16 03:04:09 ----D---- C:\Program Files\Windows Mail
2011-04-16 03:01:57 ----A---- C:\Windows\system32\mrt.exe
2011-04-14 16:12:55 ----A---- C:\Windows\system32\PnkBstrB.exe
2011-04-06 23:41:34 ----D---- C:\Users\Stani\AppData\Roaming\Orbit
2011-04-06 19:39:25 ----D---- C:\downloads
2011-04-05 18:03:58 ----D---- C:\Program Files\Common Files\Adobe AIR
2011-04-03 16:42:38 ----D---- C:\Windows\system32\drivers\etc
2011-04-03 16:42:38 ----D---- C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
2011-04-03 16:42:38 ----D---- C:\Windows\1C4551A64743409391E41477CD655043.TMP
2011-04-03 16:42:38 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-04-03 16:42:38 ----D---- C:\ProgramData\PMB Files
2011-04-03 16:42:38 ----D---- C:\Program Files\Sparwelt.de
2011-04-03 16:42:38 ----D---- C:\Program Files\ICQ6Toolbar
2011-04-03 16:42:35 ----D---- C:\Windows\system32\WindowsPowerShell
2011-04-03 16:42:34 ----D---- C:\Users\Stani\AppData\Roaming\HILTI
2011-04-03 16:42:34 ----D---- C:\Program Files\Microsoft XNA
2011-04-03 16:42:33 ----D---- C:\ProgramData\ICQ
2011-03-24 04:34:24 ----D---- C:\Windows\rescache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-06-16 44944]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2009-02-03 59000]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\Windows\System32\drivers\sfsync02.sys [2006-07-10 27032]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2007-02-08 83320]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-01-04 691696]
R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2010-12-08 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2010-09-07 34384]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2010-11-12 299984]
R1 cdrbsdrv;cdrbsdrv; C:\Windows\system32\drivers\cdrbsdrv.sys [2006-02-20 33408]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2009-09-01 128016]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-10-02 281760]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-10-02 25888]
R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-03 123472]
R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-03 30288]
R3 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\AVGIDSShim.Sys [2010-08-03 27216]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-02-06 1739816]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-10-22 10084360]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-01-15 70144]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
R3 WacomVKHid;Virtual Keyboard Driver; C:\Windows\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 a2wm01na;a2wm01na; C:\Windows\system32\drivers\a2wm01na.sys []
S3 ALLOW-IO;ALLOW-IO; \??\D:\ALLOW-IO.sys []
S3 Dot4;MS IEEE-1284.4-Treiber; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-01-08 16224]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8; C:\Programme II\PhotoshopElements8\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-01-06 6128720]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\Windows\System32\bgsvcgen.exe [2007-06-15 145504]
R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 NVSvc;NVIDIA Driver Helper Service; C:\Windows\system32\nvvsvc.exe [2010-10-16 600680]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-11-30 75136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 TabletServicePen;TabletServicePen; C:\Windows\system32\Pen_Tablet.exe [2007-09-07 1373480]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-02-08 72704]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-04-30 867080]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-09-01 820008]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-15 87288]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------
RSIT Info:

Code:
info.txt logfile of random's system information tool 1.08 2011-04-19 16:03:16

======Uninstall list======

-->C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10p_Plugin.exe -maintain plugin
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe InDesign CS3-->C:\Program Files\Common Files\Adobe\Installers\8fbf74eb27c84640370f87306e8981b\Setup.exe
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop Elements 8.0-->msiexec /i {17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}
Adobe Premiere Elements 8.0 Templates-->msiexec /I {17C4A35A-2041-42C0-8D10-DEF55B47BE56} REMOVEFROMARP=1
Adobe Premiere Elements 8.0 Templates-->MsiExec.exe /X{17C4A35A-2041-42C0-8D10-DEF55B47BE56}
Adobe Premiere Elements 8.0-->msiexec /I {A0E583D1-23F7-4C35-9620-B169D7715E4B} REMOVEPREFS=1 
Adobe Premiere Elements 8.0-->MsiExec.exe /I{A0E583D1-23F7-4C35-9620-B169D7715E4B}
Adobe Reader 9.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Adobe Setup-->MsiExec.exe /I{AE585DDE-7230-4B57-926B-428C94AA5850}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Alien Swarm-->"C:\Spiele\Steam\steam.exe" steam://uninstall/630
Apple Application Support-->MsiExec.exe /I{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}
Apple Mobile Device Support-->MsiExec.exe /I{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG 2011-->"C:\Program Files\AVG\AVG10\avgmfapx.exe" /AppMode=SETUP /Uninstall
AVG 2011-->MsiExec.exe /I{B3AEF776-7FFF-4C50-A402-9119E3849EE0}
AVG 2011-->MsiExec.exe /I{D4E53304-1F6C-4111-9872-1BCD2CF5B642}
Battlefield: Bad Company™ 2-->MsiExec.exe /X{3AC8457C-0385-4BEA-A959-E095F05D6D67}
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
CamStudio-->C:\Programme II\CamStudio\uninstall.exe
Crysis® 2-->MsiExec.exe /X{6033673D-2530-4587-8AD0-EB059FC263F9}
DivX Converter-->C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
DivX Plus DirectShow Filters-->C:\ProgramData\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe /DSFILTERS
DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
Hamachi 1.0.1.3-->C:\Programme II\Hamachi1.0.1.3\uninstall.exe
HD Writer AE 2.1-->"C:\Program Files\InstallShield Installation Information\{AC4BDEB4-E06A-4605-B5D2-2FE6750681A5}\setup.exe" -runfromtemp -l0x0407  -removeonly
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6-->C:\Program Files\HP\Digital Imaging\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}\setup\hpzscr01.exe -datfile hposcr44.dat -onestop -forcereboot
ICQ7.4-->"C:\Program Files\InstallShield Installation Information\{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
IKEA Home Planner-->MsiExec.exe /I{B3276CB1-20B6-4AF9-AAEC-E72C83816495}
iTunes-->MsiExec.exe /I{350FB27C-CF62-4EF3-AF9D-70FF313FE221}
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
League of Legends-->"C:\Program Files\InstallShield Installation Information\{918A9082-6287-4D25-9002-5E5D5E4971CB}\setup.exe" -runfromtemp -l0x0407  -removeonly
Live 8.0.3-->C:\PROGRA~4\LIVE80~1.3\Install\UNWISE.EXE C:\PROGRA~4\LIVE80~1.3\Install\INSTALL.LOG
LizardTech DjVu Control-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}\Setup.exe" -l0x7 
Mass Effect 2 German-->"C:\Spiele\Mass Effect 2\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{1FDA5A37-B22D-43FF-B582-B8964050DC13}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{86A4C6D9-29EE-4719-AFA1-BA3341862B83}
Microsoft SQL Server Compact 3.5 SP1 English-->MsiExec.exe /I{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{6AFCA4E1-9B78-3640-8F72-A7BF33448200}
Microsoft XNA Framework Redistributable 3.1-->MsiExec.exe /I{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}
Mozilla Firefox (3.6.16)-->C:\Programme II\FireFox\uninstall\helper.exe
Mozilla Thunderbird (3.1.7)-->C:\Programme II\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NVIDIA 3D Vision Treiber 260.99-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.3DVision
NVIDIA Grafiktreiber 260.99-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA PhysX-->MsiExec.exe /X{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}
NVIDIA PhysX-Systemsoftware 9.10.0514-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.PhysX
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
OpenOffice.org 3.2-->MsiExec.exe /I{192A107E-C6B9-41B9-BDBF-38E3AA226054}
Orbit Downloader-->"C:\Programme II\Orbitdownloader\unins000.exe"
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
PFPortChecker 1.0.36-->C:\Programme II\PFPortChecker\uninst.exe
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PunkBuster Services-->C:\Windows\system32\pbsvc_bc2.exe -u
QuickTime-->MsiExec.exe /I{E7004147-2CCA-431C-AA05-2AB166B9785D}
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
simfy-->msiexec /qb /x {03F97923-7EB6-0414-0F98-C3211D00BAF5}
simfy-->MsiExec.exe /I{03F97923-7EB6-0414-0F98-C3211D00BAF5}
Skype Toolbars-->MsiExec.exe /I{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Skype™ 5.1-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
SmartSound Quicktracks for Premiere Elements 8.0-->"C:\Program Files\InstallShield Installation Information\{4685A344-6718-4923-AA9D-158A0A2E1CFB}\setup.exe" -runfromtemp -l0x0409 -removeonly
SmartSound Quicktracks for Premiere Elements 8.0-->MsiExec.exe /I{4685A344-6718-4923-AA9D-158A0A2E1CFB}
Sony Media Manager 2.2-->MsiExec.exe /X{C9E129BC-27D3-436E-BAAC-4CE81E0962F1}
Sony Vegas 7.0-->MsiExec.exe /X{96965E6C-41DB-4E0A-BC65-D92381D51D2A}
Sparwelt.de Gutschein Alarm-->MsiExec.exe /I{5943B7F7-678B-477E-9AEE-6E4C6962322B}
SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"C:\Programme\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Stifttablett-->C:\Program Files\Tablet\Pen\Remove.exe /u
The Witcher-->"C:\Program Files\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0007 -removeonly
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Virtual DJ Home - Atomix Productions-->C:\PROGRA~4\VIRTUA~1\UNWISE.EXE C:\PROGRA~4\VIRTUA~1\INSTALL.LOG
VLC media player 1.1.4-->C:\Programme II\VLC\uninstall.exe
Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Warhammer 40,000: Dawn of War II-->"C:\Spiele\Steam\steam.exe" steam://uninstall/15620
Windows Live Call-->MsiExec.exe /I{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}
Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{CAFA57E8-8927-4912-AFCF-B0AA3837E989}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}
Windows Live Messenger-->MsiExec.exe /X{AED2DD42-9853-407E-A6BC-8A1D6B715909}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR-->C:\Programme\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1    007guard.com - 007guard and Free Antivirus
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    008k.com
127.0.0.1    008k.com
127.0.0.1    00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Stani-PC
Event Code: 1001
Message: Die Windows-Defender-Überprüfung wurde fertig gestellt.
     Überprüfungs-ID: {BE245237-524D-450E-9633-6FBBFDEA2038}
      Überprüfungstyp: AntiSpyware
     Überprüfungsparameter: Schnellscan
     Benutzer: NT-AUTORITÄT\NETZWERKDIENST
     Überprüfungszeit: 0:07:02
Record Number: 93810
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20100731235123.000000-000
Event Type: Informationen
User: 

Computer Name: Stani-PC
Event Code: 1000
Message: Die Windows-Defender-Überprüfung wurde gestartet.
     Überprüfungs-ID: {BE245237-524D-450E-9633-6FBBFDEA2038}
      Überprüfungstyp: AntiSpyware
     Überprüfungsparameter: Schnellscan
      Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Record Number: 93809
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20100731234421.000000-000
Event Type: Informationen
User: 

Computer Name: Stani-PC
Event Code: 7036
Message: Dienst "WinHTTP-Web Proxy Auto-Discovery-Dienst" befindet sich jetzt im Status "Ausgeführt".
Record Number: 93808
Source Name: Service Control Manager
Time Written: 20100731234400.000000-000
Event Type: Informationen
User: 

Computer Name: Stani-PC
Event Code: 7036
Message: Dienst "Geschützter Speicher" befindet sich jetzt im Status "Ausgeführt".
Record Number: 93807
Source Name: Service Control Manager
Time Written: 20100731190446.000000-000
Event Type: Informationen
User: 

Computer Name: Stani-PC
Event Code: 1
Message: Das System wurde aus dem Energiesparmodus reaktiviert.

Zeit im Energiesparmodus: 2010-07-31T04:58:09.838Z
Reaktivierungszeit: 2010-07-31T16:14:55.774Z

Reaktivierungsquelle: Unbekannt
Record Number: 93806
Source Name: Microsoft-Windows-Power-Troubleshooter
Time Written: 20100731161458.818803-000
Event Type: Informationen
User: NT-AUTORITÄT\LOKALER DIENST

=====Application event log=====

Computer Name: 26L2233B1-13
Event Code: 5615
Message: Der Windows-Verwaltungsinstrumentationsdienst wurde erfolgreich gestartet.
Record Number: 5
Source Name: Microsoft-Windows-WMI
Time Written: 20091002155046.000000-000
Event Type: Informationen
User: 

Computer Name: WIN-I3GQBFGGDBJ
Event Code: 4625
Message: Das EventSystem-Subsystem unterdrückt duplizierte Ereignisprotokolleinträge für eine Dauer von 86400 Sekunden. Dieses Zeitlimit kann durch den REG_DWORD-Wert SuppressDuplicateDuration unter folgendem Registrierungsschlüssel gesteuert werden: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 4
Source Name: Microsoft-Windows-EventSystem
Time Written: 20091002155044.000000-000
Event Type: Informationen
User: 

Computer Name: WIN-I3GQBFGGDBJ
Event Code: 900
Message: Der Softwarelizenzierungsdienst wird gestartet.

Record Number: 3
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20091002155044.000000-000
Event Type: Informationen
User: 

Computer Name: WIN-I3GQBFGGDBJ
Event Code: 1531
Message: Der Benutzerprofildienst wurde erfolgreich gestartet.  


Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091002155043.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: 26L2233B1-13
Event Code: 2
Message: Der Zertifikatdiensteclient wurde angehalten.
Record Number: 1
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20080121025830.046400-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Security event log=====

Computer Name: Stani-PC
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
    Sicherheits-ID:        S-1-5-18
    Kontoname:        SYSTEM
    Kontodomäne:        NT-AUTORITÄT
    Anmelde-ID:        0x3e7

Berechtigungen:        SeAssignPrimaryTokenPrivilege
            SeTcbPrivilege
            SeSecurityPrivilege
            SeTakeOwnershipPrivilege
            SeLoadDriverPrivilege
            SeBackupPrivilege
            SeRestorePrivilege
            SeDebugPrivilege
            SeAuditPrivilege
            SeSystemEnvironmentPrivilege
            SeImpersonatePrivilege
Record Number: 7363
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091207152249.788468-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Stani-PC
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
    Sicherheits-ID:        S-1-5-18
    Kontoname:        STANI-PC$
    Kontodomäne:        WORKGROUP
    Anmelde-ID:        0x3e7

Anmeldetyp:            5

Neue Anmeldung:
    Sicherheits-ID:        S-1-5-18
    Kontoname:        SYSTEM
    Kontodomäne:        NT-AUTORITÄT
    Anmelde-ID:        0x3e7
    Anmelde-GUID:        {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
    Prozess-ID:        0x254
    Prozessname:        C:\Windows\System32\services.exe

Netzwerkinformationen:
    Arbeitsstationsname:    
    Quellnetzwerkadresse:    -
    Quellport:        -

Detaillierte Authentifizierungsinformationen:
    Anmeldeprozess:        Advapi  
    Authentifizierungspaket:    Negotiate
    Übertragene Dienste:    -
    Paketname (nur NTLM):    -
    Schlüssellänge:        0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
     - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
    - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
    - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
    - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 7362
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091207152249.788468-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Stani-PC
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
    Sicherheits-ID:        S-1-5-18
    Kontoname:        STANI-PC$
    Kontodomäne:        WORKGROUP
    Anmelde-ID:        0x3e7
    Anmelde-GUID:        {00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
    Kontoname:        SYSTEM
    Kontodomäne:        NT-AUTORITÄT
    Anmelde-GUID:        {00000000-0000-0000-0000-000000000000}

Zielserver:
    Zielservername:    localhost
    Weitere Informationen:    localhost

Prozessinformationen:
    Prozess-ID:        0x254
    Prozessname:        C:\Windows\System32\services.exe

Netzwerkinformationen:
    Netzwerkadresse:    -
    Port:            -

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 7361
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091207152249.788468-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Stani-PC
Event Code: 4647
Message: Benutzerinitiierte Abmeldung:

Antragsteller:
    Sicherheits-ID:        S-1-5-21-4080323560-1050015258-1802708261-1000
    Kontoname:        Stani
    Kontodomäne:        Stani-PC
    Anmelde-ID:        0x35d99

Dieses Ereignis wird generiert, wenn eine Abmeldung initiiert wird, aber die Anzahl der Tokenreferenzen nicht Null ist und die Anmeldesitzung nicht zerstört werden kann. Es kann keiner Benutzerinitiierte Aktion erfolgen. Dieses Ereignis kann als Abmeldeereignis interpretiert werden.
Record Number: 7360
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091207152248.897843-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: Stani-PC
Event Code: 1100
Message: Der Ereignisprotokollierungsdienst wurde heruntergefahren.
Record Number: 7359
Source Name: Microsoft-Windows-Eventlog
Time Written: 20091207152250.413468-000
Event Type: Überwachung erfolgreich
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\NVIDIA Corporation\PhysX\Common;%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

-----------------EOF-----------------
MalwareBytes Log (3 Funde):

Code:
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6400

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

19.04.2011 23:22:11
mbam-log-2011-04-19 (23-21-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 388564
Laufzeit: 1 Stunde(n), 27 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programme ii\cryptload\ocr\netload.in\asmcaptcha\test.exe (Malware.Packer) -> No action taken.
c:\Users\Stani\AppData\LocalLow\Sun\Java\deployment\cache\6.0\4\263a9144-39fdac63 (Trojan.Agent) -> No action taken.
c:\zrpt.xml (Malware.Trace) -> No action taken.
Danke schonmal, dass ihr euch durch die vielen Worte quält. Es sollten eigentlich weniger werden.

Mfg Smoodoo
Smoodoo ist offline   Mit Zitat antworten
Werbung

Windows 7 Tipps und Tricks in Bildern

Alt 20.04.2011, 07:47   #2 (Direktlink)
Super-Moderator
 
Registriert seit: 08.02.2010
Beiträge: 1.728
Standard
Hallo,

die Datein sind nicht weg sie sind nur versteckt. Anscheind hat dein Bruder siche eine Rogue Software eingehandelt.
Rogue-Software ? Wikipedia

Du hast AVG und Avast gleichzeitig laufen. Entscheide dich für 1 Programm und deinstalliere es befor du mit den Schritten fort fährst. Ich würde bei Avast bleiben.
Hast du Spybot S&D benutzt?

Schritt 1
Unhide
Download: unhide.exe
  • Speicher die unhide.exe auf dem Desktop und führe sie aus.
  • User von Windows 7 und Vista: Rechtsklick als Administrator ausführen.
  • Solang das Tool arbeitet bitte keine anderen Anwendungen starten oder ausführen.
Nun sollten alle Daten wieder sichtbar sein.

Schritt 2
Combofix
Download: Combofix.exe
  • Speicher die Combofix.exe auf dem Desktop und führe sie aus.
  • User von Windows 7 und Vista: Rechtsklick als Administrator ausführen
  • Vor dem Ausführen unbedingt alle Antiviren – Antispyware- Programme deaktivieren. Dies geht meistens per rechtsklick im Systemtray.
  • Doppelklick auf die Combofix.exe und befolge die Anweisungen
  • Es ist möglich, dass der PC während der Bereinigung neustartet.
  • Nach dem Neustart erscheint eine Textdatei. Diesen Inhalt komplett in deinem Beitrag kopieren.
  • Nicht vergessen nach dem Scan alle Antiviren – Antispyware- Programme wieder zu Aktivieren.
Schritt 3
Kaspersky TDSSKiller
Download : TDSSKiller.zip
  • Lade die TDSSKiller.zip herunter und entpacken es in einen einzelnen Ordner auf dem Desktop.
  • Starte die Datei TDSSKiller.exe
  • (User von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
  • Warte bis zum Ende der Untersuchung und der Desinfektion.
  • Poste das Ergebnis
__________________
Gruß Leo
Der Leo ist offline   Mit Zitat antworten
Alt 20.04.2011, 08:01   #3 (Direktlink)
Super-Moderator
 
Benutzerbild von Michi
 
Registriert seit: 07.12.2002
Ort: Oldenburg
Alter: 40
Beiträge: 13.041
Standard
Hallo,

das System ist verhältnismäßig stark belastet, da Trojaner nicht ausgeschlossen werden können, sollte der PC nicht mehr zur Anwendung kommen, ansonsten können weitere Datenverluste die Folge sein. Auch Unregelmäßigkeiten im Treiberbereich könnten möglich sein, die im schlimmsten Fall die Festplatten löschen. Für den Support am besten einen anderen PC verwenden.

Das Malware Team wird so schnell wie möglich Empfehlungen für die Bereinigung bereitstellen. Wir bitten um etwas Geduld!

Nachtrag
Das ging aber schnell!
__________________
Mit freundlichen Grüßen
Michi
Michi ist offline   Mit Zitat antworten
Alt 20.04.2011, 08:42   #4 (Direktlink)
Erfolgreich angemeldet
 
Registriert seit: 20.04.2011
Beiträge: 18
Standard
Hallo Leo und Michi,

wow das ging ja super schnell, danke dafür! Zum Thema: Nein, ich hab' nicht AVG und Avast gleichzeitig benutzt.
Vielmehr war AVG bereits auf dem System und ich habe es benutzt.
Nachdem ich dann hier gelandet bin und Avast empfohlen wurde habe ich AVG deinstalliert (dann Neustart) und Avast installiert.

Spybot S&D habe ich auch schon probiert - keine Funde.

Ich werde jetzt Unhide, Combofix und TDSSKiller benutzen und dann meinen Beitrag mit dem Ergebnis editieren.

Edit: Leider kriege ich Avast nicht geschlossen, wasauchimmer ich woauchimmer probiere. Dienstemanager im Adminmodus hat auch versagt.
Das Maximum, das ich erreiche ist, dass ich per Taskmanager den Dienst "Avast" beende, was dazu führt, dass es im System-Tray mit einem roten "X" versehen wird.
Reicht das aus um Combofix drüberlaufen zu lassen? MsConfig und dann Avast aus der Startdatei nehmen hat auch nicht funktioniert - beim Neustart lief es fröhlich weiter.
Muss ich Avast am Ende noch deinstallieren? Oder ginge vielleicht der "Abgesicherte Modus"?

Edit 2: Das mit dem Avast deaktivieren hat sich erledigt. Man muss in Avast bei den Einstellungen -> Fehlerbehandlung den Selbstschutz deaktivieren, dann kann man den Prozess regulär beenden. Nur wieder anmachen nicht vergessen

Nun zum Update:

1. Unhide hatte den gewünschten Effekt: phänomenal.

2. Combofix hat erst noch gemeckert, dass Avast laufen würde
(was aber defintiv nichtmehr der Fall war),
dann aber folgendes zu Tage gefördert:

Code:
ComboFix 11-04-19.01 - Stani 20.04.2011   9:59.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3326.2324 [GMT 2:00]
ausgeführt von:: c:\users\Stani\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-20 bis 2011-04-20  ))))))))))))))))))))))))))))))
.
.
2011-04-20 08:14 . 2011-04-20 08:15    --------    d-----w-    c:\users\Stani\AppData\Local\temp
2011-04-20 08:14 . 2011-04-20 08:14    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-04-20 07:33 . 2011-04-20 07:33    --------    d-----w-    c:\program files\Common Files\Java
2011-04-19 22:23 . 2011-04-18 07:15    7071056    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{EB05F8E9-B58A-4FAB-A91B-EB5DA4AC6C45}\mpengine.dll
2011-04-19 21:40 . 2011-04-18 17:12    19544    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2011-04-19 21:40 . 2011-04-18 17:17    307288    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2011-04-19 21:40 . 2011-04-18 17:16    49240    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2011-04-19 21:40 . 2011-04-18 17:13    25432    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2011-04-19 21:40 . 2011-04-18 17:17    441176    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2011-04-19 21:40 . 2011-04-18 17:13    53592    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2011-04-19 21:39 . 2011-04-18 17:25    40112    ----a-w-    c:\windows\avastSS.scr
2011-04-19 21:39 . 2011-04-18 17:25    199304    ----a-w-    c:\windows\system32\aswBoot.exe
2011-04-19 21:38 . 2011-04-19 21:38    --------    d-----w-    c:\programdata\AVAST Software
2011-04-19 19:49 . 2011-04-19 19:49    --------    d-----w-    c:\users\Stani\AppData\Roaming\Malwarebytes
2011-04-19 19:49 . 2011-04-19 19:49    --------    d-----w-    c:\programdata\Malwarebytes
2011-04-19 19:49 . 2010-12-20 16:09    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-19 19:49 . 2010-12-20 16:08    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-04-19 14:02 . 2011-04-19 20:06    --------    d-----w-    c:\program files\trend micro
2011-04-19 14:02 . 2011-04-19 14:03    --------    d-----w-    C:\rsit
2011-04-17 00:44 . 2011-04-19 04:52    --------    d-----w-    c:\windows\system32\Unleashed
2011-04-03 08:22 . 2011-04-03 08:22    --------    d-----w-    c:\programdata\gLe31001jLdEc31001
2011-03-23 11:42 . 2011-02-22 14:13    288768    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2011-03-23 11:42 . 2011-02-22 13:33    1068544    ----a-w-    c:\windows\system32\DWrite.dll
2011-03-23 11:42 . 2011-02-22 13:33    797696    ----a-w-    c:\windows\system32\FntCache.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 14:13 . 2010-03-09 20:22    140248    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2011-04-14 14:12 . 2010-03-09 21:26    266400    ----a-w-    c:\windows\system32\PnkBstrB.xtr
2011-04-14 14:12 . 2010-03-09 20:22    266400    ----a-w-    c:\windows\system32\PnkBstrB.exe
2011-04-14 14:07 . 2010-03-09 20:22    215128    ----a-w-    c:\windows\system32\PnkBstrB.ex0
2011-04-12 18:46 . 2009-08-18 10:30    564632    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-04-12 18:46 . 2009-08-18 10:24    18328    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-02 19:40 . 2010-10-29 12:31    472808    ----a-w-    c:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2009-10-02 16:47    222080    ------w-    c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-09 05:39    638336    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 05:39    478720    ----a-w-    c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 05:39    219648    ----a-w-    c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 05:39    189952    ----a-w-    c:\windows\system32\d3d10core.dll
2011-01-20 16:08 . 2011-02-09 05:39    160768    ----a-w-    c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 05:39    1029120    ----a-w-    c:\windows\system32\d3d10.dll
2011-01-20 16:07 . 2011-02-09 05:39    37376    ----a-w-    c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 05:39    258048    ----a-w-    c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 05:39    586240    ----a-w-    c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 05:39    2873344    ----a-w-    c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 05:39    26112    ----a-w-    c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 05:39    209920    ----a-w-    c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 05:39    98816    ----a-w-    c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 05:39    1554432    ----a-w-    c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 05:39    876032    ----a-w-    c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 05:39    667648    ----a-w-    c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 05:39    847360    ----a-w-    c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 05:39    135680    ----a-w-    c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 05:39    979456    ----a-w-    c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 05:39    357376    ----a-w-    c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 05:39    302592    ----a-w-    c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 05:39    261632    ----a-w-    c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 05:39    1172480    ----a-w-    c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 05:39    486400    ----a-w-    c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 05:39    683008    ----a-w-    c:\windows\system32\d2d1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25    122512    ----a-w-    c:\programme ii\Avast Free AntiVirus\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"CAHeadless"="c:\programme ii\PhotoshopElements8\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-09-06 615808]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-06 4374528]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HD Writer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk
backup=c:\windows\pss\HD Writer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Stani^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Stani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Stani^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Stani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37    932288    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57    35760    ----a-w-    c:\programme ii\AdobeReader\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]
2011-04-18 17:25    3460784    ----a-w-    c:\programme ii\Avast Free AntiVirus\AvastUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAHeadless]
2009-09-06 02:40    615808    ----a-w-    c:\programme ii\PhotoshopElements8\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57    369200    ----a-w-    c:\programme ii\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39    1164584    ----a-w-    c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-03-10 23:33    119608    ----a-w-    c:\programme ii\ICQ7.4\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 06:32    421160    ----a-w-    c:\programme ii\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12    3872080    ----a-w-    c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07    2260480    --sha-r-    c:\programme\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-01-19 01:05    1242448    ----a-w-    c:\spiele\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25    202240    ----a-w-    c:\program files\Windows Media Player\wmpnscfg.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ALLOW-IO;ALLOW-IO;D:\ALLOW-IO.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-03 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\programme ii\PhotoshopElements8\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-04-18 53592]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-09-07 1373480]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\programme ii\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programme ii\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\programme ii\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programme ii\Orbitdownloader\orbitmxt.dll/202
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\programme ii\ICQ7.4\ICQ.exe
FF - ProfilePath - c:\users\Stani\AppData\Roaming\Mozilla\Firefox\Profiles\4cs6pn8h.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme ii\FireFox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\programme ii\FireFox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programme ii\FireFox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\programme ii\FireFox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: BugMeNot: {987311C6-B504-4aa2-90BF-60CC49808D42} - %profile%\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: Ghostery: firefox@ghostery.com - %profile%\extensions\firefox@ghostery.com
FF - Ext: HTTPS-Everywhere: https-everywhere@eff.org - %profile%\extensions\https-everywhere@eff.org
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: wrc@avast.com - c:\programme ii\Avast Free AntiVirus\WebRep\FF
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-ICQUpdater - c:\users\Stani\AppData\Local\Temp\IcqUpdater.exe
MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
AddRemove-Mass Effect 2 German_is1 - c:\spiele\Mass Effect 2\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-20 10:15
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
.
c:\users\Stani\AppData\Local\Temp\catchme.dll 53248 bytes executable
c:\windows\TEMP\_avast_\unp233567229.tmp 827956 bytes executable
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 2
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4080323560-1050015258-1802708261-1000\Software\SecuROM\License information*]
"datasecu"=hex:e8,55,90,81,78,b7,60,21,7a,76,bb,18,ed,34,77,fc,56,f4,c9,bc,0e,
   61,3c,89,35,c8,18,8a,12,aa,97,7a,1d,c1,b3,1d,89,5b,7a,c6,e7,ea,5b,52,16,df,\
"rkeysecu"=hex:ea,df,5f,b2,71,80,21,c3,78,f8,51,aa,9c,41,93,cf
.
Zeit der Fertigstellung: 2011-04-20  10:19:30
ComboFix-quarantined-files.txt  2011-04-20 08:19
.
Vor Suchlauf: 12 Verzeichnis(se), 178.354.565.120 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 178.523.136.000 Bytes frei
.
- - End Of File - - DA91105504B12F330F95591CDE7EDA96
Geändert von Smoodoo (20.04.2011 um 10:46 Uhr) Grund: Logs
Smoodoo ist offline   Mit Zitat antworten
Alt 20.04.2011, 10:49   #5 (Direktlink)
Erfolgreich angemeldet
 
Registriert seit: 20.04.2011
Beiträge: 18
Standard
3. TDSSKiller hat auch einen Fund gemacht:

Code:
2011/04/20 10:27:09.0767 1524    TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/20 10:27:09.0802 1524    ================================================================================
2011/04/20 10:27:09.0802 1524    SystemInfo:
2011/04/20 10:27:09.0802 1524    
2011/04/20 10:27:09.0802 1524    OS Version: 6.0.6002 ServicePack: 2.0
2011/04/20 10:27:09.0802 1524    Product type: Workstation
2011/04/20 10:27:09.0802 1524    ComputerName: STANI-PC
2011/04/20 10:27:09.0802 1524    UserName: Stani
2011/04/20 10:27:09.0802 1524    Windows directory: C:\Windows
2011/04/20 10:27:09.0802 1524    System windows directory: C:\Windows
2011/04/20 10:27:09.0802 1524    Processor architecture: Intel x86
2011/04/20 10:27:09.0802 1524    Number of processors: 4
2011/04/20 10:27:09.0802 1524    Page size: 0x1000
2011/04/20 10:27:09.0802 1524    Boot type: Normal boot
2011/04/20 10:27:09.0802 1524    ================================================================================
2011/04/20 10:27:10.0348 1524    Initialize success
2011/04/20 10:27:27.0398 4892    ================================================================================
2011/04/20 10:27:27.0398 4892    Scan started
2011/04/20 10:27:27.0398 4892    Mode: Manual; 
2011/04/20 10:27:27.0398 4892    ================================================================================
2011/04/20 10:27:28.0680 4892    ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/20 10:27:28.0944 4892    adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/20 10:27:29.0059 4892    adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/20 10:27:29.0169 4892    adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/20 10:27:29.0235 4892    adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/20 10:27:29.0389 4892    AFD             (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/20 10:27:29.0496 4892    agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/20 10:27:29.0540 4892    aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/20 10:27:29.0623 4892    aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/20 10:27:29.0705 4892    amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/20 10:27:29.0736 4892    amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/20 10:27:29.0807 4892    AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/20 10:27:29.0851 4892    AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/20 10:27:29.0956 4892    arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/20 10:27:30.0028 4892    arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/20 10:27:30.0154 4892    aswFsBlk        (9bdb29e81abceb883556df44649696c4) C:\Windows\system32\drivers\aswFsBlk.sys
2011/04/20 10:27:30.0246 4892    aswMonFlt       (a80fb17ce4ed7af4a5f24aaa753e4168) C:\Windows\system32\drivers\aswMonFlt.sys
2011/04/20 10:27:30.0298 4892    aswRdr          (a90cf680ca7a323913ca3a0810c8e02d) C:\Windows\system32\drivers\aswRdr.sys
2011/04/20 10:27:30.0527 4892    aswSnx          (f7969934cca2e566e95df17380a3cb11) C:\Windows\system32\drivers\aswSnx.sys
2011/04/20 10:27:30.0663 4892    aswSP           (478d6a0e0630c31bf4a7f5eb0a05b92c) C:\Windows\system32\drivers\aswSP.sys
2011/04/20 10:27:30.0721 4892    aswTdi          (e52e45743e27fd6184c55618a10b81ab) C:\Windows\system32\drivers\aswTdi.sys
2011/04/20 10:27:30.0794 4892    AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/20 10:27:30.0876 4892    atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/20 10:27:30.0991 4892    atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
2011/04/20 10:27:31.0140 4892    Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/20 10:27:31.0314 4892    blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/20 10:27:31.0422 4892    bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/20 10:27:31.0522 4892    BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/20 10:27:31.0578 4892    BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/20 10:27:31.0679 4892    Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/20 10:27:31.0722 4892    BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/20 10:27:31.0749 4892    BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/20 10:27:31.0806 4892    BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/20 10:27:31.0852 4892    BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/20 10:27:32.0082 4892    cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/20 10:27:32.0228 4892    cdrbsdrv        (e0042bd5bef17a6a3ef1df576bde24d1) C:\Windows\system32\drivers\cdrbsdrv.sys
2011/04/20 10:27:32.0324 4892    cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/20 10:27:32.0387 4892    circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/20 10:27:32.0487 4892    CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/20 10:27:32.0556 4892    cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/20 10:27:32.0599 4892    Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/04/20 10:27:32.0696 4892    crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/20 10:27:32.0746 4892    Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/20 10:27:32.0844 4892    DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/20 10:27:32.0954 4892    disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/20 10:27:33.0058 4892    Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/04/20 10:27:33.0160 4892    Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/04/20 10:27:33.0225 4892    dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/04/20 10:27:33.0315 4892    drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/20 10:27:33.0450 4892    DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/20 10:27:33.0491 4892    E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/20 10:27:33.0713 4892    Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/20 10:27:33.0894 4892    elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/20 10:27:34.0006 4892    ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/20 10:27:34.0132 4892    exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/20 10:27:34.0259 4892    fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/20 10:27:34.0359 4892    fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/20 10:27:34.0442 4892    FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/20 10:27:34.0483 4892    Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/20 10:27:34.0542 4892    flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/20 10:27:34.0612 4892    FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/20 10:27:34.0687 4892    Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/20 10:27:34.0724 4892    gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/20 10:27:34.0795 4892    GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/20 10:27:34.0869 4892    hamachi         (85f4e4617dbd603c2202354cedfdf249) C:\Windows\system32\DRIVERS\hamachi.sys
2011/04/20 10:27:35.0021 4892    HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/20 10:27:35.0211 4892    HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/20 10:27:35.0267 4892    HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/20 10:27:35.0313 4892    HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/20 10:27:35.0411 4892    HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/20 10:27:35.0463 4892    HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/20 10:27:35.0670 4892    HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/20 10:27:35.0770 4892    i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/20 10:27:35.0873 4892    i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/20 10:27:35.0978 4892    iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/20 10:27:36.0058 4892    iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/20 10:27:36.0231 4892    IntcAzAudAddService (f92f433a1b38041b365bfd4b021e42d2) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/20 10:27:36.0313 4892    intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/20 10:27:36.0352 4892    intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/20 10:27:36.0417 4892    IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/20 10:27:36.0492 4892    IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/20 10:27:36.0541 4892    IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/20 10:27:36.0602 4892    IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/20 10:27:36.0638 4892    isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/20 10:27:36.0715 4892    iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/20 10:27:36.0755 4892    iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/20 10:27:36.0829 4892    iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/20 10:27:36.0881 4892    kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/20 10:27:36.0948 4892    kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/20 10:27:37.0049 4892    kl1             (ce3958f58547454884e97bda78cd7040) C:\Windows\system32\DRIVERS\kl1.sys
2011/04/20 10:27:37.0110 4892    KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/20 10:27:37.0194 4892    lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/04/20 10:27:37.0266 4892    lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/20 10:27:37.0323 4892    LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/20 10:27:37.0364 4892    LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/20 10:27:37.0417 4892    LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/20 10:27:37.0474 4892    luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/20 10:27:37.0550 4892    megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/20 10:27:37.0654 4892    MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/20 10:27:37.0764 4892    Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/20 10:27:37.0842 4892    monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/20 10:27:37.0890 4892    mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/20 10:27:37.0931 4892    mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/20 10:27:37.0969 4892    MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/20 10:27:38.0037 4892    mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/20 10:27:38.0086 4892    mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/20 10:27:38.0147 4892    Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/20 10:27:38.0199 4892    MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/20 10:27:38.0288 4892    mrxsmb          (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/20 10:27:38.0401 4892    mrxsmb10        (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/20 10:27:38.0494 4892    mrxsmb20        (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/20 10:27:38.0557 4892    msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/04/20 10:27:38.0670 4892    msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/20 10:27:38.0759 4892    Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/20 10:27:38.0845 4892    msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/20 10:27:38.0912 4892    MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/20 10:27:39.0005 4892    MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/20 10:27:39.0093 4892    MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/20 10:27:39.0133 4892    MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/20 10:27:39.0181 4892    mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/20 10:27:39.0261 4892    MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/20 10:27:39.0310 4892    Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/20 10:27:39.0404 4892    NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/20 10:27:39.0590 4892    NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/20 10:27:39.0652 4892    NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/20 10:27:39.0714 4892    Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/20 10:27:39.0866 4892    NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/20 10:27:39.0959 4892    NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/20 10:27:40.0047 4892    NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/20 10:27:40.0157 4892    netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/20 10:27:40.0291 4892    nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/20 10:27:40.0367 4892    Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/20 10:27:40.0405 4892    nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/20 10:27:40.0647 4892    Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/20 10:27:40.0730 4892    ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/20 10:27:40.0792 4892    Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/20 10:27:41.0624 4892    nvlddmkm        (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/20 10:27:41.0952 4892    nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/20 10:27:42.0048 4892    nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/20 10:27:42.0125 4892    nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/20 10:27:42.0315 4892    ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/20 10:27:42.0372 4892    Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/20 10:27:42.0476 4892    partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/20 10:27:42.0546 4892    Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/20 10:27:42.0640 4892    pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/20 10:27:42.0731 4892    pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/04/20 10:27:42.0837 4892    pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/20 10:27:42.0966 4892    PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/20 10:27:43.0161 4892    PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/20 10:27:43.0243 4892    Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/04/20 10:27:43.0355 4892    PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/20 10:27:43.0427 4892    PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/20 10:27:43.0685 4892    ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/20 10:27:43.0762 4892    ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/20 10:27:43.0828 4892    QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/20 10:27:43.0885 4892    RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/20 10:27:43.0914 4892    Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/20 10:27:43.0989 4892    RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/20 10:27:44.0101 4892    RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/20 10:27:44.0193 4892    rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/20 10:27:44.0250 4892    RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/20 10:27:44.0395 4892    rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/04/20 10:27:44.0433 4892    RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/20 10:27:44.0514 4892    RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/20 10:27:44.0561 4892    rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/20 10:27:44.0630 4892    RTL8169         (904fd29ec1ff2709099ae2cd1c09a913) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/04/20 10:27:44.0711 4892    sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/20 10:27:44.0803 4892    secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/20 10:27:44.0848 4892    Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/20 10:27:44.0894 4892    Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/20 10:27:44.0954 4892    sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/20 10:27:45.0074 4892    sfdrv01         (b7018644e132a8dfb12ed90106e06739) C:\Windows\system32\drivers\sfdrv01.sys
2011/04/20 10:27:45.0143 4892    sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/20 10:27:45.0195 4892    sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/20 10:27:45.0245 4892    sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/20 10:27:45.0376 4892    sfhlp02         (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
2011/04/20 10:27:45.0423 4892    sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/20 10:27:45.0483 4892    sfsync02        (6dc03269f4c71e4ab313c3597f42a340) C:\Windows\system32\drivers\sfsync02.sys
2011/04/20 10:27:45.0585 4892    sfvfs02         (197cef62eb4bc043e1578529fa2b9a48) C:\Windows\system32\drivers\sfvfs02.sys
2011/04/20 10:27:45.0692 4892    sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/20 10:27:45.0765 4892    SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/20 10:27:45.0871 4892    SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/20 10:27:45.0973 4892    Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/20 10:27:46.0152 4892    spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/20 10:27:46.0403 4892    sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/04/20 10:27:46.0404 4892    Suspicious file (NoAccess):  C:\Windows\system32\Drivers\sptd.sys. md5:  cdddec541bc3c96f91ecb48759673505
2011/04/20 10:27:46.0410 4892    sptd - detected Locked file (1)
2011/04/20 10:27:46.0574 4892    srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/04/20 10:27:46.0622 4892    srv2            (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/20 10:27:46.0664 4892    srvnet          (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/20 10:27:46.0770 4892    swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/20 10:27:46.0799 4892    Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/20 10:27:46.0879 4892    Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/20 10:27:46.0907 4892    Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/20 10:27:47.0095 4892    Tcpip           (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/04/20 10:27:47.0157 4892    Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/20 10:27:47.0237 4892    tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/20 10:27:47.0304 4892    TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/20 10:27:47.0370 4892    TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/20 10:27:47.0476 4892    tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/20 10:27:47.0598 4892    TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/20 10:27:47.0678 4892    tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/20 10:27:47.0756 4892    tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/20 10:27:47.0816 4892    tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/20 10:27:47.0920 4892    uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/20 10:27:48.0031 4892    udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/20 10:27:48.0158 4892    uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/20 10:27:48.0225 4892    uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/20 10:27:48.0290 4892    UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/20 10:27:48.0357 4892    ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/20 10:27:48.0419 4892    umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/20 10:27:48.0576 4892    usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/20 10:27:48.0725 4892    usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/20 10:27:48.0829 4892    usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/20 10:27:48.0923 4892    usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/20 10:27:48.0966 4892    usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/20 10:27:49.0016 4892    usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/20 10:27:49.0144 4892    usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/20 10:27:49.0190 4892    USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/20 10:27:49.0286 4892    usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/20 10:27:49.0386 4892    vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/20 10:27:49.0454 4892    VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/20 10:27:49.0507 4892    viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/20 10:27:49.0575 4892    ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/20 10:27:49.0616 4892    viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/20 10:27:49.0677 4892    volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/20 10:27:49.0848 4892    volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/20 10:27:49.0972 4892    volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/20 10:27:50.0028 4892    vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/20 10:27:50.0120 4892    wacommousefilter  (427a8bc96f16c40df81c2d2f4edd32dd)  C:\Windows\system32\DRIVERS\wacommousefilter.sys
2011/04/20 10:27:50.0173 4892    WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/20 10:27:50.0245 4892    wacomvhid       (73e6f16a1f187d71fb26af308551e54a) C:\Windows\system32\DRIVERS\wacomvhid.sys
2011/04/20 10:27:50.0290 4892    WacomVKHid      (889459833432b161cb99cfdf84a1a9bb) C:\Windows\system32\DRIVERS\WacomVKHid.sys
2011/04/20 10:27:50.0333 4892    Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/20 10:27:50.0381 4892    Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/20 10:27:50.0491 4892    Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/20 10:27:50.0737 4892    Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/20 10:27:50.0898 4892    WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/20 10:27:50.0974 4892    ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/20 10:27:51.0059 4892    WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/20 10:27:51.0178 4892    ================================================================================
Smoodoo ist offline   Mit Zitat antworten
Werbung

Windows 7 Tipps und Tricks in Bildern

Alt 20.04.2011, 10:50   #6 (Direktlink)
Erfolgreich angemeldet
 
Registriert seit: 20.04.2011
Beiträge: 18
Standard
und der Rest des TDSSKiller-Log:

Code:
2011/04/20 10:27:51.0178 4892    Scan finished
2011/04/20 10:27:51.0178 4892    ================================================================================
2011/04/20 10:27:51.0196 4832    Detected object count: 1
2011/04/20 10:28:04.0707 4832    Locked file(sptd) - User select action: Skip 
2011/04/20 10:28:46.0284 4916    ================================================================================
2011/04/20 10:28:46.0284 4916    Scan started
2011/04/20 10:28:46.0285 4916    Mode: Manual; 
2011/04/20 10:28:46.0285 4916    ================================================================================
2011/04/20 10:28:47.0833 4916    ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/20 10:28:48.0041 4916    adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/20 10:28:48.0141 4916    adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/20 10:28:48.0184 4916    adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/20 10:28:48.0233 4916    adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/20 10:28:48.0288 4916    AFD             (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/20 10:28:48.0353 4916    agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/20 10:28:48.0389 4916    aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/20 10:28:48.0430 4916    aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/20 10:28:48.0480 4916    amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/20 10:28:48.0535 4916    amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/20 10:28:48.0573 4916    AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/20 10:28:48.0625 4916    AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/20 10:28:48.0672 4916    arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/20 10:28:48.0710 4916    arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/20 10:28:48.0762 4916    aswFsBlk        (9bdb29e81abceb883556df44649696c4) C:\Windows\system32\drivers\aswFsBlk.sys
2011/04/20 10:28:48.0847 4916    aswMonFlt       (a80fb17ce4ed7af4a5f24aaa753e4168) C:\Windows\system32\drivers\aswMonFlt.sys
2011/04/20 10:28:48.0890 4916    aswRdr          (a90cf680ca7a323913ca3a0810c8e02d) C:\Windows\system32\drivers\aswRdr.sys
2011/04/20 10:28:48.0970 4916    aswSnx          (f7969934cca2e566e95df17380a3cb11) C:\Windows\system32\drivers\aswSnx.sys
2011/04/20 10:28:49.0106 4916    aswSP           (478d6a0e0630c31bf4a7f5eb0a05b92c) C:\Windows\system32\drivers\aswSP.sys
2011/04/20 10:28:49.0196 4916    aswTdi          (e52e45743e27fd6184c55618a10b81ab) C:\Windows\system32\drivers\aswTdi.sys
2011/04/20 10:28:49.0253 4916    AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/20 10:28:49.0320 4916    atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/20 10:28:49.0375 4916    atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
2011/04/20 10:28:49.0458 4916    Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/20 10:28:49.0507 4916    blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/20 10:28:49.0566 4916    bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/20 10:28:49.0608 4916    BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/20 10:28:49.0664 4916    BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/20 10:28:49.0748 4916    Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/20 10:28:49.0832 4916    BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/20 10:28:49.0885 4916    BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/20 10:28:49.0934 4916    BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/20 10:28:49.0979 4916    BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/20 10:28:50.0276 4916    cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/20 10:28:50.0330 4916    cdrbsdrv        (e0042bd5bef17a6a3ef1df576bde24d1) C:\Windows\system32\drivers\cdrbsdrv.sys
2011/04/20 10:28:50.0410 4916    cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/20 10:28:50.0465 4916    circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/20 10:28:50.0580 4916    CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/20 10:28:50.0625 4916    cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/20 10:28:50.0692 4916    Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/04/20 10:28:50.0740 4916    crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/20 10:28:50.0790 4916    Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/20 10:28:50.0847 4916    DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/20 10:28:50.0924 4916    disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/20 10:28:51.0016 4916    Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/04/20 10:28:51.0064 4916    Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/04/20 10:28:51.0096 4916    dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/04/20 10:28:51.0201 4916    drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/20 10:28:51.0313 4916    DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/20 10:28:51.0378 4916    E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/20 10:28:51.0459 4916    Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/20 10:28:51.0516 4916    elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/20 10:28:51.0561 4916    ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/20 10:28:51.0622 4916    exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/20 10:28:51.0723 4916    fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/20 10:28:51.0773 4916    fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/20 10:28:51.0823 4916    FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/20 10:28:51.0864 4916    Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/20 10:28:51.0897 4916    flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/20 10:28:51.0977 4916    FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/20 10:28:52.0003 4916    Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/20 10:28:52.0055 4916    gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/20 10:28:52.0086 4916    GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/20 10:28:52.0150 4916    hamachi         (85f4e4617dbd603c2202354cedfdf249) C:\Windows\system32\DRIVERS\hamachi.sys
2011/04/20 10:28:52.0219 4916    HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/20 10:28:52.0335 4916    HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/20 10:28:52.0365 4916    HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/20 10:28:52.0412 4916    HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/20 10:28:52.0453 4916    HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/20 10:28:52.0504 4916    HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/20 10:28:52.0605 4916    HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/20 10:28:52.0777 4916    i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/20 10:28:52.0973 4916    i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/20 10:28:53.0043 4916    iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/20 10:28:53.0116 4916    iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/20 10:28:53.0534 4916    IntcAzAudAddService (f92f433a1b38041b365bfd4b021e42d2) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/20 10:28:53.0570 4916    intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/20 10:28:53.0595 4916    intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/20 10:28:53.0674 4916    IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/20 10:28:53.0749 4916    IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/20 10:28:53.0789 4916    IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/20 10:28:53.0833 4916    IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/20 10:28:53.0869 4916    isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/20 10:28:53.0938 4916    iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/20 10:28:53.0986 4916    iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/20 10:28:54.0027 4916    iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/20 10:28:54.0063 4916    kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/20 10:28:54.0113 4916    kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/20 10:28:54.0198 4916    kl1             (ce3958f58547454884e97bda78cd7040) C:\Windows\system32\DRIVERS\kl1.sys
2011/04/20 10:28:54.0333 4916    KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/20 10:28:54.0426 4916    lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/04/20 10:28:54.0464 4916    lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/20 10:28:54.0514 4916    LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/20 10:28:54.0546 4916    LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/20 10:28:54.0591 4916    LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/20 10:28:54.0615 4916    luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/20 10:28:54.0674 4916    megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/20 10:28:54.0720 4916    MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/20 10:28:54.0763 4916    Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/20 10:28:54.0825 4916    monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/20 10:28:54.0881 4916    mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/20 10:28:54.0923 4916    mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/20 10:28:54.0967 4916    MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/20 10:28:55.0012 4916    mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/20 10:28:55.0069 4916    mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/20 10:28:55.0114 4916    Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/20 10:28:55.0199 4916    MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/20 10:28:55.0270 4916    mrxsmb          (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/20 10:28:55.0392 4916    mrxsmb10        (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/20 10:28:55.0444 4916    mrxsmb20        (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/20 10:28:55.0491 4916    msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/04/20 10:28:55.0545 4916    msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/20 10:28:55.0618 4916    Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/20 10:28:55.0670 4916    msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/20 10:28:55.0729 4916    MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/20 10:28:55.0797 4916    MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/20 10:28:55.0851 4916    MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/20 10:28:55.0899 4916    MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/20 10:28:55.0940 4916    mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/20 10:28:55.0978 4916    MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/20 10:28:56.0011 4916    Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/20 10:28:56.0096 4916    NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/20 10:28:56.0283 4916    NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/20 10:28:56.0328 4916    NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/20 10:28:56.0374 4916    Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/20 10:28:56.0425 4916    NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/20 10:28:56.0469 4916    NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/20 10:28:56.0515 4916    NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/20 10:28:56.0577 4916    netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/20 10:28:56.0643 4916    nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/20 10:28:56.0719 4916    Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/20 10:28:56.0785 4916    nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/20 10:28:56.0910 4916    Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/20 10:28:56.0951 4916    ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/20 10:28:56.0987 4916    Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/20 10:28:57.0648 4916    nvlddmkm        (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/20 10:28:57.0957 4916    nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/20 10:28:58.0078 4916    nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/20 10:28:58.0155 4916    nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/20 10:28:58.0344 4916    ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/20 10:28:58.0392 4916    Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/20 10:28:58.0439 4916    partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/20 10:28:58.0477 4916    Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/20 10:28:58.0526 4916    pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/20 10:28:58.0570 4916    pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/04/20 10:28:58.0618 4916    pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/20 10:28:58.0897 4916    PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/20 10:28:58.0992 4916    PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/20 10:28:59.0056 4916    Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/04/20 10:28:59.0152 4916    PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/20 10:28:59.0191 4916    PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/20 10:28:59.0375 4916    ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/20 10:28:59.0418 4916    ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/20 10:28:59.0459 4916    QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/20 10:28:59.0517 4916    RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/20 10:28:59.0562 4916    Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/20 10:28:59.0612 4916    RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/20 10:28:59.0666 4916    RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/20 10:28:59.0799 4916    rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/20 10:28:59.0840 4916    RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/20 10:28:59.0902 4916    rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/04/20 10:28:59.0923 4916    RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/20 10:29:00.0013 4916    RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/20 10:29:00.0084 4916    rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/20 10:29:00.0122 4916    RTL8169         (904fd29ec1ff2709099ae2cd1c09a913) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/04/20 10:29:00.0152 4916    sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/20 10:29:00.0203 4916    secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/20 10:29:00.0248 4916    Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/20 10:29:00.0293 4916    Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/20 10:29:00.0346 4916    sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/20 10:29:00.0448 4916    sfdrv01         (b7018644e132a8dfb12ed90106e06739) C:\Windows\system32\drivers\sfdrv01.sys
2011/04/20 10:29:00.0501 4916    sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/20 10:29:00.0544 4916    sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/20 10:29:00.0585 4916    sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/20 10:29:00.0634 4916    sfhlp02         (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys
2011/04/20 10:29:00.0673 4916    sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/20 10:29:00.0733 4916    sfsync02        (6dc03269f4c71e4ab313c3597f42a340) C:\Windows\system32\drivers\sfsync02.sys
2011/04/20 10:29:00.0777 4916    sfvfs02         (197cef62eb4bc043e1578529fa2b9a48) C:\Windows\system32\drivers\sfvfs02.sys
2011/04/20 10:29:00.0858 4916    sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/20 10:29:00.0891 4916    SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/20 10:29:00.0939 4916    SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/20 10:29:00.0991 4916    Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/20 10:29:01.0037 4916    spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/20 10:29:01.0156 4916    sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/04/20 10:29:01.0156 4916    Suspicious file (NoAccess):   C:\Windows\system32\Drivers\sptd.sys. md5:   cdddec541bc3c96f91ecb48759673505
2011/04/20 10:29:01.0162 4916    sptd - detected Locked file (1)
2011/04/20 10:29:01.0235 4916    srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/04/20 10:29:01.0270 4916    srv2            (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/20 10:29:01.0326 4916    srvnet          (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/20 10:29:01.0390 4916    swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/20 10:29:01.0418 4916    Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/20 10:29:01.0466 4916    Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/20 10:29:01.0501 4916    Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/20 10:29:01.0614 4916    Tcpip           (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/04/20 10:29:01.0682 4916    Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/20 10:29:01.0741 4916    tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/20 10:29:01.0783 4916    TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/20 10:29:01.0840 4916    TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/20 10:29:01.0888 4916    tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/20 10:29:01.0986 4916    TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/20 10:29:02.0040 4916    tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/20 10:29:02.0069 4916    tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/20 10:29:02.0112 4916    tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/20 10:29:02.0151 4916    uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/20 10:29:02.0187 4916    udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/20 10:29:02.0231 4916    uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/20 10:29:02.0288 4916    uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/20 10:29:02.0404 4916    UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/20 10:29:02.0453 4916    ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/20 10:29:02.0484 4916    umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/20 10:29:02.0557 4916    usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/20 10:29:02.0598 4916    usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/20 10:29:02.0677 4916    usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/20 10:29:02.0730 4916    usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/20 10:29:02.0790 4916    usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/20 10:29:02.0823 4916    usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/20 10:29:02.0909 4916    usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/20 10:29:02.0955 4916    USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/20 10:29:02.0986 4916    usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/20 10:29:03.0036 4916    vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/20 10:29:03.0063 4916    VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/20 10:29:03.0107 4916    viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/20 10:29:03.0208 4916    ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/20 10:29:03.0241 4916    viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/20 10:29:03.0310 4916    volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/20 10:29:03.0381 4916    volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/20 10:29:03.0455 4916    volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/20 10:29:03.0496 4916    vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/20 10:29:03.0596 4916    wacommousefilter   (427a8bc96f16c40df81c2d2f4edd32dd)   C:\Windows\system32\DRIVERS\wacommousefilter.sys
2011/04/20 10:29:03.0640 4916    WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/20 10:29:03.0665 4916    wacomvhid       (73e6f16a1f187d71fb26af308551e54a) C:\Windows\system32\DRIVERS\wacomvhid.sys
2011/04/20 10:29:03.0716 4916    WacomVKHid      (889459833432b161cb99cfdf84a1a9bb) C:\Windows\system32\DRIVERS\WacomVKHid.sys
2011/04/20 10:29:03.0767 4916    Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/20 10:29:03.0800 4916    Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/20 10:29:03.0843 4916    Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/20 10:29:03.0914 4916    Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/20 10:29:04.0033 4916    WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/20 10:29:04.0084 4916    ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/20 10:29:04.0154 4916    WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/20 10:29:04.0205 4916    ================================================================================
2011/04/20 10:29:04.0205 4916    Scan finished
2011/04/20 10:29:04.0205 4916    ================================================================================
2011/04/20 10:29:04.0220 5128    Detected object count: 1
2011/04/20 10:29:18.0635 5128    HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted after reboot
2011/04/20 10:29:18.0676 5128    HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted after reboot
2011/04/20 10:29:18.0698 5128    C:\Windows\system32\Drivers\sptd.sys - will be deleted after reboot
2011/04/20 10:29:18.0698 5128    Locked file(sptd) - User select action: Delete
Smoodoo ist offline   Mit Zitat antworten
Alt 20.04.2011, 15:09   #7 (Direktlink)
Super-Moderator
 
Registriert seit: 08.02.2010
Beiträge: 1.728
Standard
Hallo,

sieht soweit alles gut aus.

Schritt 1
OTL
Download: http://oldtimer.geekstogo.com/OTL.exe


1. Doppelklick auf die OTL.exe
2. User von Windows 7 und Vista: Rechtsklick als Administrator ausführen
3. Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal-Ausgabe
4. Hake an "scan all users"
5. Unter "Extra Registrierung wähle:
"Benutze SafeList" "LOP Prüfung" "Purity Prüfung "
6. Kopiere in die Textbox (ohen das Wort Code):


netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT


 7. Klicke "Scan"
8. Es werden 2 Reporte erstellt:
OTL.Txt sowie Extras.Txt
Bitte beide Logs Posten!

Schritt 2
MBRCheck
Downloade: MBRCheck
  • Speicher die MBRCheck.exe auf dem Desktop und führe sie aus.
  • User von Windows 7 und Vista: Rechtsklick als Administrator ausführen.
  • MBRCheck braucht nur wenige Sekunden.
  • Klicke im schwarzen Fenster ENTER um das Fenster zu schließen.
  • Poste das Textdokument MBRCheck_<Datum>_<Uhrzeit>.txt in dein Beitrag.

Schritt 3
Systemsäuberung mit Ccleaner
Download: CCLEANER Systemsäuberung

Bitte an die Anleitung halten und abarbeiten. Außerdem möchte ich einen Einblick in deine Installieren Programme haben. Schreibe jeweils hinter jedes Programm notwendig (wenn es häufig verwendet wird), unbekannt (wenn es dir unbekannt ist), unnötig (wenn es nicht mehr benötigt wird)
  • Öffne Ccleaner
  • Reiter Extras auswählen
  • Reiter Programme Deinstallieren auswählen
  • Unten rechts auf Als Textdatei speichern...

__________________
Gruß Leo
Der Leo ist offline   Mit Zitat antworten
Alt 20.04.2011, 16:30   #8 (Direktlink)
Erfolgreich angemeldet
 
Registriert seit: 20.04.2011
Beiträge: 18
Standard
Okay hier sind schonmal die benötigten Logs,
die Liste mit den installierten Programmen kommt nach.
Die mach ich gleich zusammen mit meine Bruder,
jetzt muss ich eben Mittagessen machen .

OTL.txt Teil 1:

Code:
OTL logfile created on: 20.04.2011 15:55:11 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Stani\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 161,33 Gb Free Space | 34,64% Space Free | Partition Type: NTFS
 
Computer Name: STANI-PC | User Name: Stani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Stani\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme II\Avast Free AntiVirus\AvastUI.exe (AVAST Software)
PRC - C:\Programme II\Avast Free AntiVirus\AvastSvc.exe (AVAST Software)
PRC - C:\Programme II\FireFox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme II\FireFox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme II\PhotoshopElements8\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Windows\System32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Stani\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme II\Avast Free AntiVirus\snxhk.dll (AVAST Software)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (avast! Antivirus) -- C:\Programme II\Avast Free AntiVirus\AvastSvc.exe (AVAST Software)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Programme II\PhotoshopElements8\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TabletServicePen) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\Windows\System32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4080323560-1050015258-1802708261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
IE - HKU\S-1-5-21-4080323560-1050015258-1802708261-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-4080323560-1050015258-1802708261-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4080323560-1050015258-1802708261-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "http://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.5.2
FF - prefs.js..extensions.enabledItems: https-everywhere@eff.org:0.9.5
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme II\Avast Free AntiVirus\WebRep\FF [2011.04.19 23:39:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.17 15:43:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.09.17 15:43:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.17 15:43:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.09.17 15:43:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.17 15:43:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.09.17 15:43:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.17 15:43:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.09.17 15:43:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.17 15:43:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.09.17 15:43:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.17 15:43:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.09.17 15:43:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Programme II\FireFox\components [2011.03.25 21:24:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Programme II\FireFox\plugins [2011.03.25 21:24:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.17 15:43:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.09.17 15:43:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.17 15:43:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.09.17 15:43:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Programme II\Mozilla Thunderbird\components [2010.12.16 23:50:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Programme II\Mozilla Thunderbird\plugins
 
[2010.10.29 13:55:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stani\AppData\Roaming\mozilla\Extensions
[2010.10.29 13:55:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stani\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.20 10:45:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stani\AppData\Roaming\mozilla\Firefox\Profiles\4cs6pn8h.default\extensions
[2011.04.19 06:52:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Stani\AppData\Roaming\mozilla\Firefox\Profiles\4cs6pn8h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.19 06:52:38 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Stani\AppData\Roaming\mozilla\Firefox\Profiles\4cs6pn8h.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2011.04.20 00:18:57 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Stani\AppData\Roaming\mozilla\Firefox\Profiles\4cs6pn8h.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.04.20 00:19:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Stani\AppData\Roaming\mozilla\Firefox\Profiles\4cs6pn8h.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.04.20 00:19:00 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Users\Stani\AppData\Roaming\mozilla\Firefox\Profiles\4cs6pn8h.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2011.04.20 00:18:58 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Stani\AppData\Roaming\mozilla\Firefox\Profiles\4cs6pn8h.default\extensions\firefox@ghostery.com
[2011.04.20 00:18:57 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Stani\AppData\Roaming\mozilla\Firefox\Profiles\4cs6pn8h.default\extensions\https-everywhere@eff.org
[2011.04.16 01:32:53 | 000,001,056 | ---- | M] () -- C:\Users\Stani\AppData\Roaming\Mozilla\Firefox\Profiles\4cs6pn8h.default\searchplugins\icqplugin.xml
[2010.04.27 15:16:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.04.27 12:50:53 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011.04.19 23:39:14 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAMME II\AVAST FREE ANTIVIRUS\WEBREP\FF
[2010.10.29 14:31:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAMME II\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.31 21:09:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAMME II\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.04.20 09:32:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAMME II\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.01.23 11:38:04 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\PROGRAMME II\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER
[2009.07.31 14:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Programme\Mozilla Firefox\plugins\npdjvu.dll
 
O1 HOSTS File: ([2010.10.10 05:31:02 | 000,421,800 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 14547 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme II\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} -  File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme II\Avast Free AntiVirus\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme II\Avast Free AntiVirus\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme II\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-4080323560-1050015258-1802708261-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme II\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [avast] C:\Programme II\Avast Free AntiVirus\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-4080323560-1050015258-1802708261-1000..\Run: [CAHeadless] C:\Programme II\PhotoshopElements8\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-4080323560-1050015258-1802708261-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4080323560-1050015258-1802708261-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4080323560-1050015258-1802708261-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Programme II\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Programme II\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Programme II\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Programme II\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme II\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme II\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.97.10
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Stani\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Stani\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HD Writer.lnk - C:\Programme\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe - (Panasonic Corporation)
MsConfig - StartUpFolder: C:^Users^Stani^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk - C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^Users^Stani^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme II\AdobeReader\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: CAHeadless - hkey= - key= - C:\Programme II\PhotoshopElements8\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Programme II\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Programme II\ICQ7.4\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programme II\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Spiele\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: klmdb.sys - Driver
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: klmdb.sys - Driver
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {716A2F3B-855A-3191-36E9-D9CE34DDFC63} - Browser Customizations
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {CE4CD7E3-8370-16A7-3C18-E06C7A0BE901} - Internet Explorer
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: VIDC.CFHD - C:\Windows\System32\cfhd.dll (CineForm Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.20 15:49:45 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Stani\Desktop\OTL.exe
[2011.04.20 10:25:23 | 000,000,000 | ---D | C] -- C:\Users\Stani\Desktop\TDSSKiller
[2011.04.20 10:19:37 | 000,000,000 | ---D | C] -- C:\Users\Stani\AppData\Local\temp
[2011.04.20 10:18:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.04.20 09:55:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.04.20 09:55:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.04.20 09:55:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.04.20 09:55:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.20 09:54:56 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.04.20 09:53:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.04.20 09:49:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.04.20 09:33:22 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2011.04.20 09:32:48 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.04.20 09:32:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.04.20 09:32:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.04.19 23:40:12 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.04.19 23:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011.04.19 23:40:11 | 000,307,288 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.04.19 23:40:07 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.04.19 23:40:07 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.04.19 23:40:06 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.04.19 23:40:05 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.04.19 23:39:06 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.04.19 23:39:06 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.04.19 23:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011.04.19 23:09:33 | 001,955,560 | ---- | C] (SANDBOXIE L.T.D) -- C:\Users\Stani\Desktop\SandboxieInstall.exe
[2011.04.19 22:14:18 | 105,652,112 | ---- | C] (                                                            ) -- C:\Users\Stani\Desktop\setup_9.0.0.722_19.04.2011_22-57(2).exe
[2011.04.19 22:12:39 | 020,541,344 | ---- | C] (TuneUp Software) -- C:\Users\Stani\Desktop\TuneUpUtilities2011_de-DE.exe
[2011.04.19 22:10:23 | 003,050,664 | ---- | C] (Piriform Ltd) -- C:\Users\Stani\Desktop\ccsetup305_1409.exe
[2011.04.19 21:49:51 | 000,000,000 | ---D | C] -- C:\Users\Stani\AppData\Roaming\Malwarebytes
[2011.04.19 21:49:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.19 21:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.19 21:49:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.19 21:47:08 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Stani\Desktop\mbam-setup-1.50.1.1100.exe
[2011.04.19 16:10:38 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Stani\Desktop\HiJackThis204.exe
[2011.04.19 16:02:56 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2011.04.19 16:02:56 | 000,000,000 | ---D | C] -- C:\rsit
[2011.04.19 07:28:39 | 000,000,000 | ---D | C] -- C:\Users\Stani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
[2011.04.17 02:44:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\Unleashed
[2011.04.17 02:10:02 | 000,000,000 | ---D | C] -- C:\Users\Stani\Desktop\Colin McRae DIRT 2
[2011.04.17 01:58:50 | 000,000,000 | R--D | C] -- C:\Users\Stani\Desktop\SNES
[2011.04.17 01:41:42 | 000,000,000 | ---D | C] -- C:\Users\Stani\Desktop\Che
[2011.04.15 16:13:42 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.15 16:13:42 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.15 16:13:39 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.15 16:13:39 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.15 16:13:36 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.15 16:13:31 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.15 16:13:31 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.15 16:13:31 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.15 16:13:31 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.15 16:13:31 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.15 16:13:31 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.15 16:13:28 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.15 16:13:27 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.15 16:13:26 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.12 14:35:20 | 000,000,000 | ---D | C] -- C:\Users\Stani\Desktop\Dan Simmons - Drood
[2011.04.03 10:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\gLe31001jLdEc31001
[2011.03.23 13:42:30 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.03.23 13:42:30 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.20 15:50:49 | 000,080,384 | ---- | M] () -- C:\Users\Stani\Desktop\MBRCheck.exe
[2011.04.20 15:49:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Stani\Desktop\OTL.exe
[2011.04.20 15:45:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.20 14:32:29 | 000,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.20 14:32:29 | 000,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.20 10:32:24 | 3488,079,872 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.20 08:33:26 | 000,504,657 | ---- | M] () -- C:\Users\Stani\Desktop\unhide.exe
[2011.04.20 01:39:22 | 004,324,798 | R--- | M] () -- C:\Users\Stani\Desktop\ComboFix.exe
[2011.04.20 01:38:39 | 000,000,918 | ---- | M] () -- C:\Users\Stani\Desktop\VistaScan.zip
[2011.04.19 23:40:12 | 000,001,676 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.04.19 23:40:05 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011.04.19 23:09:41 | 001,955,560 | ---- | M] (SANDBOXIE L.T.D) -- C:\Users\Stani\Desktop\SandboxieInstall.exe
[2011.04.19 22:15:39 | 105,652,112 | ---- | M] (                                                            ) -- C:\Users\Stani\Desktop\setup_9.0.0.722_19.04.2011_22-57(2).exe
[2011.04.19 22:12:52 | 020,541,344 | ---- | M] (TuneUp Software) -- C:\Users\Stani\Desktop\TuneUpUtilities2011_de-DE.exe
[2011.04.19 22:10:26 | 003,050,664 | ---- | M] (Piriform Ltd) -- C:\Users\Stani\Desktop\ccsetup305_1409.exe
[2011.04.19 21:51:54 | 056,189,640 | ---- | M] () -- C:\Users\Stani\Desktop\setup_av_free.exe
[2011.04.19 21:49:20 | 000,000,815 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.19 21:47:13 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Stani\Desktop\mbam-setup-1.50.1.1100.exe
[2011.04.19 16:10:39 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Stani\Desktop\HiJackThis204.exe
[2011.04.19 15:40:18 | 000,339,991 | ---- | M] () -- C:\Users\Stani\Desktop\RSIT.exe
[2011.04.19 07:28:39 | 000,000,913 | ---- | M] () -- C:\Users\Stani\Desktop\PC Inspector File Recovery.lnk
[2011.04.19 07:07:04 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.19 07:07:04 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.19 07:07:04 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.19 07:07:04 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.19 06:25:55 | 000,000,336 | ---- | M] () -- C:\ProgramData\44097288
[2011.04.18 19:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.04.18 19:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.04.18 19:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.04.18 19:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.04.18 19:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.04.18 19:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.04.18 19:13:09 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.04.18 19:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.04.17 16:00:51 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.04.17 02:26:26 | 000,184,832 | ---- | M] () -- C:\Users\Stani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.16 07:41:11 | 000,260,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.14 16:13:04 | 000,140,248 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.04.14 16:12:55 | 000,266,400 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.04.14 16:07:56 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2011.04.03 16:44:49 | 000,000,190 | ---- | M] () -- C:\Users\Stani\Desktop\goblins.url
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.20 15:50:48 | 000,080,384 | ---- | C] () -- C:\Users\Stani\Desktop\MBRCheck.exe
[2011.04.20 09:55:32 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.04.20 09:55:31 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.04.20 09:55:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.04.20 09:55:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.04.20 09:55:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.04.20 08:33:23 | 000,504,657 | ---- | C] () -- C:\Users\Stani\Desktop\unhide.exe
[2011.04.20 01:38:58 | 004,324,798 | R--- | C] () -- C:\Users\Stani\Desktop\ComboFix.exe
[2011.04.20 01:38:37 | 000,000,918 | ---- | C] () -- C:\Users\Stani\Desktop\VistaScan.zip
[2011.04.19 23:40:12 | 000,001,676 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.04.19 21:51:14 | 056,189,640 | ---- | C] () -- C:\Users\Stani\Desktop\setup_av_free.exe
[2011.04.19 21:49:20 | 000,000,815 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.19 15:40:15 | 000,339,991 | ---- | C] () -- C:\Users\Stani\Desktop\RSIT.exe
[2011.04.19 07:28:39 | 000,000,913 | ---- | C] () -- C:\Users\Stani\Desktop\PC Inspector File Recovery.lnk
[2011.04.19 06:25:55 | 000,000,336 | ---- | C] () -- C:\ProgramData\44097288
[2011.04.17 01:43:41 | 1557,608,448 | ---- | C] () -- C:\Users\Stani\Desktop\Che Revolucion.avi
[2011.04.03 16:43:41 | 3488,079,872 | -HS- | C] () -- C:\hiberfil.sys
[2011.01.23 12:00:48 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.12.13 19:21:12 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.09.12 16:57:30 | 000,000,031 | ---- | C] () -- C:\Programme\plugins-04041e-3e8.dat
[2010.07.11 18:16:29 | 000,084,996 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.07.08 09:11:20 | 000,146,688 | ---- | C] () -- C:\Windows\hpoins44.dat
[2010.07.08 09:11:20 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat
[2010.05.24 17:29:06 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.05.22 02:22:40 | 034,104,048 | R--- | C] () -- C:\Windows\GTAIV_Patch_V2.exe
[2010.03.09 22:22:32 | 000,140,248 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.03.09 22:22:32 | 000,138,056 | ---- | C] () -- C:\Users\Stani\AppData\Roaming\PnkBstrK.sys
[2010.03.09 22:22:20 | 000,266,400 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.03.09 22:22:18 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.03.09 22:22:18 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.02.26 22:56:06 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009.10.19 20:27:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.19 20:27:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.10.07 21:11:47 | 000,119,590 | ---- | C] () -- C:\Windows\War3Unin.dat
[2009.10.02 19:35:52 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.10.02 19:35:51 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.10.02 18:52:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.10.02 18:33:46 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.10.02 18:06:11 | 000,184,832 | ---- | C] () -- C:\Users\Stani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.02 17:58:48 | 000,001,356 | ---- | C] () -- C:\Users\Stani\AppData\Local\d3d9caps.dat
[2008.01.21 09:15:58 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,126,248 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,260,576 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
Smoodoo ist offline   Mit Zitat antworten
Alt 20.04.2011, 16:31   #9 (Direktlink)
Erfolgreich angemeldet
 
Registriert seit: 20.04.2011
Beiträge: 18
Standard
OTL.txt Teil2:

Code:
========== LOP Check ==========
 
[2010.11.10 20:28:45 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\.minecraft
[2010.12.17 18:20:44 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Ableton
[2011.02.09 23:01:43 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\AVG10
[2011.03.08 01:11:54 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Braid
[2010.01.04 00:24:51 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\DAEMON Tools Lite
[2010.11.28 21:36:50 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\eBookPro6
[2011.04.19 06:52:36 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Elluminate
[2010.02.11 01:35:31 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\GrabPro
[2011.04.03 16:42:34 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\HILTI
[2011.04.19 05:03:25 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\ICQ
[2010.02.03 15:03:55 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Leadertech
[2010.05.12 17:25:04 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\LolClient
[2010.03.19 23:34:48 | 000,000,000 | ---D | M] --  C:\Users\Stani\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010.04.30 16:31:54 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\No Company Name
[2010.04.06 20:31:25 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\OpenOffice.org
[2010.02.08 22:45:29 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Opera
[2011.04.06 23:41:34 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Orbit
[2010.10.25 11:27:50 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\ProgSense
[2010.04.23 23:10:45 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Publish Providers
[2010.02.10 20:33:10 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\runic games
[2011.02.17 18:23:14 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Simfy
[2010.04.23 23:10:31 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Sony
[2010.04.27 12:34:09 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\SparweltGutschein
[2011.03.03 11:35:59 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\The Creative Assembly
[2011.04.19 06:52:39 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Thunderbird
[2010.02.10 19:48:54 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\UDC Profiles
[2010.12.13 19:13:35 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Uniblue
[2011.04.20 10:31:09 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.11.10 20:28:45 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\.minecraft
[2010.12.17 18:20:44 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Ableton
[2010.10.05 13:57:13 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Adobe
[2010.06.27 22:39:44 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Apple Computer
[2011.02.09 23:01:43 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\AVG10
[2011.03.08 01:11:54 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Braid
[2010.01.04 00:24:51 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\DAEMON Tools Lite
[2010.05.04 20:03:36 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\DivX
[2010.11.28 21:36:50 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\eBookPro6
[2011.04.19 06:52:36 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Elluminate
[2010.02.11 01:35:31 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\GrabPro
[2011.04.19 06:52:36 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Hamachi
[2011.04.03 16:42:34 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\HILTI
[2011.04.19 05:03:25 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\ICQ
[2009.10.02 17:58:51 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Identities
[2009.10.02 19:45:03 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\InstallShield
[2010.02.03 15:03:55 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Leadertech
[2010.05.12 17:25:04 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\LolClient
[2010.03.19 23:34:48 | 000,000,000 | ---D | M] --  C:\Users\Stani\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2009.10.02 18:49:13 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Macromedia
[2011.04.19 21:49:51 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Media Center Programs
[2011.04.17 02:53:47 | 000,000,000 | --SD | M] -- C:\Users\Stani\AppData\Roaming\Microsoft
[2010.04.27 15:18:06 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Mozilla
[2010.04.30 16:31:54 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\No Company Name
[2010.07.09 19:07:02 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\NVIDIA
[2010.04.06 20:31:25 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\OpenOffice.org
[2010.02.08 22:45:29 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Opera
[2011.04.06 23:41:34 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Orbit
[2010.10.25 11:27:50 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\ProgSense
[2010.04.23 23:10:45 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Publish Providers
[2010.02.10 20:33:10 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\runic games
[2009.11.25 01:05:14 | 000,000,000 | R--D | M] -- C:\Users\Stani\AppData\Roaming\SecuROM
[2011.02.17 18:23:14 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Simfy
[2011.04.20 10:33:39 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Skype
[2011.04.20 09:02:35 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\skypePM
[2010.04.23 23:10:31 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Sony
[2010.04.27 12:34:09 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\SparweltGutschein
[2011.03.03 11:35:59 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\The Creative Assembly
[2011.04.19 06:52:39 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Thunderbird
[2010.02.10 19:48:54 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\UDC Profiles
[2010.12.13 19:13:35 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Uniblue
[2011.04.19 06:52:39 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\vlc
[2009.10.14 00:14:16 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\WinRAR
[2011.04.20 10:32:46 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\WTablet
 
< %APPDATA%\*.exe /s >
[2011.04.05 18:03:37 | 000,053,632 | ---- | M] (Adobe Systems Inc.) --  C:\Users\Stani\AppData\Roaming\Macromedia\Flash  Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.04.27 02:16:54 | 000,005,550 | R--- | M] () --  C:\Users\Stani\AppData\Roaming\Microsoft\Installer\{5943B7F7-678B-477E-9AEE-6E4C6962322B}\_6FEFF9B68218417F98F549.exe
[2010.11.01 04:19:13 | 000,040,960 | R--- | M] (InstallShield Software  Corp.) --  C:\Users\Stani\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
[2010.11.01 04:19:13 | 000,040,960 | R--- | M] (InstallShield Software  Corp.) --  C:\Users\Stani\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
[2010.11.01 04:19:13 | 000,008,854 | R--- | M] () --  C:\Users\Stani\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation)  MD5=13F9E33747E6B41A3FF305C37DB0D360 --  C:\Windows\ERDNT\cache\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation)  MD5=13F9E33747E6B41A3FF305C37DB0D360 --  C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation)  MD5=13F9E33747E6B41A3FF305C37DB0D360 --  C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation)  MD5=13F9E33747E6B41A3FF305C37DB0D360 --  C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation)  MD5=13F9E33747E6B41A3FF305C37DB0D360 --  C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation)  MD5=13F9E33747E6B41A3FF305C37DB0D360 --  C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation)  MD5=EF23439CDD587F64C2C1B8825CEAD7D8 --  C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation)  MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation)  MD5=1F05B78AB91C9075565A9D8A4B880BC4 --  C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation)  MD5=1F05B78AB91C9075565A9D8A4B880BC4 --  C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation)  MD5=1F05B78AB91C9075565A9D8A4B880BC4 --  C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation)  MD5=2D9C903DC76A66813D350A562DE40ED9 --  C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation)  MD5=2D9C903DC76A66813D350A562DE40ED9 --  C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation)  MD5=4F4FCB8B6EA06784FB6D475B7EC7300F --  C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation)  MD5=7F15B4953378C8B5161D65C26D5FED4D --  C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation)  MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation)  MD5=7F15B4953378C8B5161D65C26D5FED4D --  C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2010.02.04 16:25:20 | 000,043,520 | ---- | M] (Panasonic Corporation)  MD5=D78D83DA933FB75ADE969C81D91FB2EB -- C:\Programme  II\Panasonic\HdWriter2.1\Core\EventLog\EventLog.dll
[2010.02.04 16:25:20 | 000,043,520 | ---- | M] (Panasonic Corporation)  MD5=D78D83DA933FB75ADE969C81D91FB2EB -- C:\Programme  II\Panasonic\HdWriter2.1\Core\Spec\AVCHD\BDCore\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation)  MD5=54155EA1B0DF185878E0FC9EC3AC3A14 --  C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation)  MD5=54155EA1B0DF185878E0FC9EC3AC3A14 --  C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation)  MD5=54155EA1B0DF185878E0FC9EC3AC3A14 --  C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation)  MD5=C957BF4B5D80B46C5017BF0101E6C906 --  C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation)  MD5=95DAECF0FB120A7B5DA679CC54E37DDE --  C:\Windows\ERDNT\cache\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation)  MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation)  MD5=95DAECF0FB120A7B5DA679CC54E37DDE --  C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation)  MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F --  C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation)  MD5=9E0BA19A28C498A6D323D065DB76DFFC --  C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation)  MD5=ABED0C09758D1D97DB0042DBB2688177 --  C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation)  MD5=ABED0C09758D1D97DB0042DBB2688177 --  C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation)  MD5=ABED0C09758D1D97DB0042DBB2688177 --  C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation)  MD5=28B84EB538F7E8A0FE8B9299D591E0B9 --  C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation)  MD5=8FC182167381E9915651267044105EE1 --  C:\Windows\ERDNT\cache\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation)  MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation)  MD5=8FC182167381E9915651267044105EE1 --  C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation)  MD5=0E135526E9785D085BCD9AEDE6FBCBF9 --  C:\Windows\ERDNT\cache\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation)  MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation)  MD5=0E135526E9785D085BCD9AEDE6FBCBF9 --  C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation)  MD5=E3A3CB253C0EC2494D4A61F5E43A389C --  C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation)  MD5=E3A3CB253C0EC2494D4A61F5E43A389C --  C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
Smoodoo ist offline   Mit Zitat antworten
Alt 20.04.2011, 16:32   #10 (Direktlink)
Erfolgreich angemeldet
 
Registriert seit: 20.04.2011
Beiträge: 18
Standard
Extras.txt :

Code:
OTL Extras logfile created on: 20.04.2011 15:55:11 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Stani\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 161,33 Gb Free Space | 34,64% Space Free | Partition Type: NTFS
 
Computer Name: STANI-PC | User Name: Stani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-4080323560-1050015258-1802708261-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme II\FireFox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme II\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme II\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme II\Orbitdownloader\orbitdm.exe" = C:\Programme II\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Programme II\Orbitdownloader\orbitnet.exe" = C:\Programme II\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0050A357-A81F-48FC-9E06-881896C05B0C}" = lport=6903 | protocol=6 | dir=in | name=league of legends launcher | 
"{0811B9B0-0E02-46FA-B84D-C4940AA05943}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{1797222B-BF02-47DC-A111-7066D8DDE460}" = lport=6932 | protocol=17 | dir=in | name=league of legends launcher | 
"{28FAEE51-BABA-4DA6-AC0F-A49EC915C602}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{2C463E84-DF5C-4995-AE3F-50E1CB7F6E7C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{443B0A66-00A7-4FC4-9E32-28C6F8B34D27}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{463DE43D-6C2E-4E3B-89F9-8BE1A441EDBA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{477C76FC-1CB2-4D99-BA61-5119BD27369C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4FA3BBF9-4661-45CA-8050-70ADDD2BC735}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | 
"{529AD3B1-D42C-4BC6-8C50-E32B1FE7B488}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{579B4BDE-38AF-4438-A63A-D14CE7847EAE}" = lport=6938 | protocol=6 | dir=in | name=league of legends launcher | 
"{61FDB9D6-56E8-4D76-B984-F89C3B6720F9}" = lport=25565 | protocol=6 | dir=in | name=minecraft | 
"{6A5D0A15-C38E-41F7-BF69-27E5DCD4F458}" = lport=6903 | protocol=17 | dir=in | name=league of legends launcher | 
"{6A77597B-4454-40C2-803D-3F57A2318DB4}" = lport=6908 | protocol=17 | dir=in | name=league of legends launcher | 
"{6B9315CD-2B43-4F8F-A3D8-228E480B0188}" = lport=6975 | protocol=6 | dir=in | name=league of legends launcher | 
"{6CCD1C34-7272-4791-8B8D-9D45A78A2D51}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{6E57CB96-614D-4B9C-A0BC-748865EC73C8}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{776575EA-D3A3-4A0E-BEE4-3E97E180B28C}" = lport=6908 | protocol=6 | dir=in | name=league of legends launcher | 
"{84DD8898-B306-475F-B27A-BADA3A43A417}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{928CFBB1-9A02-49C4-8F36-B21A324B6F53}" = lport=6932 | protocol=6 | dir=in | name=league of legends launcher | 
"{95C44FA1-0E8E-4596-8660-A423D52497DD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AB164FBD-2920-4182-A4D8-19DDA677D6D5}" = lport=6938 | protocol=17 | dir=in | name=league of legends launcher | 
"{AC907BA0-7A69-47FD-9728-5F2683CA1868}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | 
"{AE3A2097-42D5-4CDB-A7F2-CF59E25FA95A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B8755154-2688-46AE-9C36-8E2675B4B5A3}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{BD0587B6-D5F7-4596-9896-C1B8ED08BD78}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{C4BC4FF0-DA29-46FA-B836-9204985B42F1}" = lport=6975 | protocol=17 | dir=in | name=league of legends launcher | 
"{CE4EEE1C-E80F-4C63-A723-8D0B6FFD9F47}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D18DC55C-9985-4C46-89F8-94174F0DB509}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{EEFC7D3C-62AB-4419-9367-9E9CD2735281}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F9AD193A-FC12-4A08-A884-AB039765137E}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0187E08B-B978-4EB7-AAB2-55545F0A9A53}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{06C3FC57-6F95-4339-BE1E-BCF3317A7489}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{083F5880-D0E6-4543-AF32-844AA687A29E}" = protocol=6 | dir=in | app=c:\spiele\leageoflegends\air\lolclient.exe | 
"{09A6794F-D4FE-4CC6-AFD9-3AE2B650E778}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0A46C6DA-7F83-4B79-9AB5-1887EAA44BF6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0A64EA17-7DAC-469E-ABD8-66740BEB2F5A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0A9A0F31-6387-4267-96AD-58BA0AD06666}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{0B0C98E9-0818-4967-9504-845F7A590EAB}" = protocol=6 | dir=in | app=c:\programme ii\icq7.4\icq.exe | 
"{0CE677BF-DC00-4DB3-B4BB-14FB9D98CDC8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0DEEBDB0-6C5D-4C5A-9E54-941620703846}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0F561136-3523-4AA3-9C19-A6732BF983C9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1010CCFE-5ED6-45E7-AC7F-4589339E49E3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{103B0AFF-8169-4541-96D1-78DBE4423060}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{10EE67BA-66D6-42A8-A987-C21AF5F7CB84}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1235F833-EBA5-4D1B-9279-D292FE4CBBA6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{124D7D44-96E6-4B3D-BDED-A0A323D55552}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{131A927F-2EAE-4B2F-8850-1AE9813DD60C}" = protocol=6 | dir=in | app=c:\users\stani\desktop\minecraft server alpha 0.2.1\minecraft_server.exe | 
"{1351BF38-8470-4CAD-8222-08C1B95F56E0}" = protocol=17 | dir=in | app=c:\spiele\league of legends\air\lolclient.exe | 
"{13901F6D-CBA9-41D3-BAB7-EE1384016F14}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{16A0F75E-2C53-41C9-92B1-1C0B47E84EEA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{17D5B85E-0D9A-4C78-933A-CBE26CAEBCCE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{187C2EF9-F653-4B20-843C-ACA021C4BBF9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{18B3A451-57FC-477A-AE76-79A490B79AA5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1C20AB37-0488-48E3-8E49-1AA3CF2F8B2E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1D090570-E92C-4306-AD45-71847507F280}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1E27AC8F-427D-455A-A914-04DE6DC2F70A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1E3AD541-A183-423A-8EAF-FEF470323D83}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1EAB48C1-3D12-42F3-A0AE-175929D7C084}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{22872230-E757-4842-B4D0-6A79C5DDB119}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2289D687-EDA8-449C-98BD-FD7AF204FEE0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2337363B-7193-4233-B57E-19F29123B18D}" = protocol=17 | dir=in | app=c:\spiele\leageoflegends\air\lolclient.exe | 
"{2410DB34-54D7-46FF-A226-60640C08A2CE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{273CDD14-C2FB-4E9B-B9DA-AE7B8060F79E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{281F754B-C053-49EE-A477-F2AC8F1332A3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{28537434-7554-43ED-B891-48A83E73F771}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2A875F57-8ABE-4BD1-B0F7-5770A03831D2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2D5CDF9D-276A-4A41-A1CE-6F72BAE0865B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2D9398E7-95A7-4D1B-831E-26FDF9184BC0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2F17F79A-0E97-4E08-8453-272EDA3FB773}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{32BA1247-0D12-4073-957E-B63F44C8F0F5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3301E455-25A5-4A2F-8AEF-946B03EEEFC2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3509E0A7-95FE-4598-A51D-69A421C11548}" = protocol=17 | dir=in | app=c:\spiele\leageoflegends\game\league of legends.exe | 
"{36D1C595-AA92-4035-9DE7-B943686EE648}" = protocol=17 | dir=in | app=c:\spiele\battlefield bad company 2\bfbc2updater.exe | 
"{36D89276-80E2-4754-85D5-05A526AD053E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3838808A-76E1-4F85-8CD8-B97767564B38}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3A8E2CA1-4806-445A-B734-F28FA8725FB7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3AE629EB-E9F1-4712-97A0-1170B2812EFC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3C85342E-01CF-40EC-8C9A-D569B8E6D30C}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{3CA002A2-C15B-4CAF-89F6-8590582F9E36}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3EAC65D8-EF9D-406A-8D05-5AC7F3386D02}" = protocol=6 | dir=in | app=c:\programme ii\icq7.4\icq.exe | 
"{3F3878A0-18BA-43C0-A04A-D4220992FFDC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3F70C296-260D-4F16-9FAE-FB01BD547E82}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{403D5BED-5F3A-4204-A821-2DAF5CFBDCD6}" = protocol=6 | dir=in | app=c:\spiele\leageoflegends\game\league of legends.exe | 
"{4047667D-51CB-4C1F-8FDF-2A1F5E90C35E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{40E58445-A57F-448A-8A7B-453B87EDDD99}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\global agenda live\binaries\globalagenda.exe | 
"{42D2A201-8D42-45FD-9570-A8DCE41E56E4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{44FDB5A8-4404-4414-8AA2-AB41CD6DDE3B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{49853489-A99D-4503-9EA9-107F2B65CD54}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4EF0754A-5CB2-4513-A3F0-FBA8129368C0}" = protocol=6 | dir=in | app=c:\users\stani\desktop\minecraft.exe | 
"{4F3C0854-4C07-4309-9252-4B4F902AE3B5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{50DC5AC0-A08C-46EB-8DE6-97B93E605005}" = protocol=6 | dir=in | app=c:\spiele\league of legends\game\league of legends.exe | 
"{52B99233-C32C-432F-87DC-D8E1B4617B1C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{553B414F-F070-4B32-9AD6-20AF9390978B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{55607233-64B0-4B56-BF78-D1E1BABB2081}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{58390C52-BC77-47CF-B3D4-EBF3BD2509BA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{5995D582-352F-4B92-A480-5DFFBE7F00CC}" = protocol=17 | dir=in | app=c:\spiele\league of legends\air\lolclient.exe | 
"{59AEF6E6-2CB1-4263-9F9F-9636FB52303C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5C747967-9EAC-4ABD-816B-09B134A43E62}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5CBD1904-85F4-4B59-8836-0F4048F43EB7}" = protocol=17 | dir=in | app=c:\spiele\leageoflegends\air\lolclient.exe | 
"{5D2084AB-DA5F-4FC0-A881-28F8586A21E5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5F3B8646-A70C-4036-95C1-2CBC56EDF865}" = protocol=17 | dir=in | app=c:\spiele\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{603721DA-2F49-462B-B666-EA359C54A096}" = protocol=6 | dir=in | app=c:\spiele\league of legends\game\league of legends.exe | 
"{61B1C0B1-6722-4CAB-804A-FE92E2C32F35}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{64663769-16DB-4D6D-9F30-A18A77D0A50E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{64F42BEF-4B73-4A7E-B5DB-B190F6B89AB7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{65E1504C-5A74-4E8A-B4AF-890E03F692AE}" = protocol=17 | dir=in | app=c:\spiele\league of legends\game\league of legends.exe | 
"{667EEDCA-8D1E-42DD-9E51-AA10B68FFFF8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{670ED0D7-CC91-472E-98BE-5E748675E6A4}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{67CE1977-AF47-40D3-943C-7917A6EA95D6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{69222E80-B753-4AE8-B4F5-C73B5AB37C11}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6A15366F-E319-4A64-AFE5-DEF17C9812A2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6A1D7776-87FF-458F-B946-C5738944F351}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6B6EC104-9F0B-404B-AE5B-6CF558238744}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6DB5F336-C06A-454D-921E-DAF4FA5D3793}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{712D30EF-8983-4765-B879-452169A79498}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{716F037E-1540-4CA9-BCF0-3A457C1F753F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7180FEE1-6C07-47AA-A272-C75A7C0F3657}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{751F61CB-DA97-4599-819A-07D44FA53161}" = protocol=17 | dir=in | app=c:\programme ii\icq7.4\icq.exe | 
"{756F30D7-7C42-4601-BF4A-6E711E51C553}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{758517D4-A293-4279-A816-D08467E91B67}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{75E1CDDA-5690-41F1-87E8-C91CC02ACFBB}" = protocol=17 | dir=in | app=c:\spiele\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{760BDB9D-311A-4DEF-ABF2-A960DCDA1C04}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{76D2B135-488B-4825-90A0-A80876578B9E}" = protocol=6 | dir=in | app=c:\spiele\rockstar games\gta4\grand theft auto iv\launchgtaiv.exe | 
"{770E0917-9F90-44FD-9637-3C943EB3F53B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{77530346-7DCA-4BC0-8832-17F977326B6B}" = protocol=6 | dir=in | app=c:\spiele\battlefield bad company 2\bfbc2updater.exe | 
"{77B7DD37-0C45-4662-9D99-E14175F94CB6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{782D8110-9EE3-46D3-AB1E-1321B15D8A42}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{789F07D1-E414-4923-841A-C38D92F59AA1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{79D3689C-767B-41AC-B492-A159FB2935EF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{7BC0CEF0-3BB8-4FDF-B2DC-CA712717387B}" = protocol=6 | dir=in | app=c:\spiele\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{7CF17EBD-DE47-4E45-B5AB-1BFEE8777E32}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8055DC15-665E-4B37-8BC1-89B77E06030D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{819523C0-9FF7-46ED-8F71-C5A98535024E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8206F859-1001-499F-97AB-018D976697E9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{831E4358-6C55-481B-B515-2AAC89C79562}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{83BD424C-3934-49F6-BD08-F50DE509ACE0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8507988C-7559-44BE-8C5A-8DE75A21EEE0}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{86BB6771-C5FC-41F2-B8EA-E16A2BE6FAED}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8A1CF5F5-1AF3-42FA-B45D-22097FBFC7F0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8BA2B2A3-6063-45D1-B37C-54E50E1008FD}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\alien swarm\swarm.exe | 
"{8C4AF3B3-6346-4AD0-8FB4-CB3F15728AE2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8E76F4CC-DE07-4D33-9DC3-6FB3EC375116}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{903B24F1-E290-4295-ADA7-B560AC92074D}" = protocol=17 | dir=in | app=c:\spiele\rockstar games\gta4\grand theft auto iv\launchgtaiv.exe | 
"{93397AC6-465E-4C1A-9DF2-80157B59EC79}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{940E8D12-5F50-49A2-B266-BC2BA885929B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9419975A-EDC7-4E3D-AE36-2B4252A14198}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{94783E74-0D55-47E1-BA27-67E29324BD9E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{94B6D55B-7A2C-40CA-AA7C-D46D63980A1A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{94E33950-92E0-4405-83BA-98933DB6CA34}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{9543961D-B6EF-4CEA-B96C-0169999C3BC6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{95975828-082F-42DE-98B8-28AEE324C7F6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{9633B96A-BD62-47FF-8AE7-47D2A1860847}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{96421240-4280-4564-A462-C198CB6D0A78}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{97F72A80-D862-4BD4-B56A-D056770B747E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{981DAB98-0835-455E-9E7D-0BA944DB5FCB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{98328D6B-7ED2-449F-A6C6-8DA393A482CC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9ACD7465-FE13-4761-9763-8602C1C7A2B1}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{9B99EC79-05C9-491F-97F3-FC91340F2C9C}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\alien swarm\srcds.exe | 
"{9C832BE5-D8F4-4308-A12D-D56311AD742B}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\global agenda live\binaries\globalagenda.exe | 
"{9D64C46A-9E39-478A-AD69-4F65AB16FAC4}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{9DAB607E-916F-4C4A-97F0-DD28F3C182AC}" = protocol=6 | dir=in | app=c:\spiele\league of legends\air\lolclient.exe | 
"{A0BF48C3-35C1-46FD-8C48-51DD02002FD2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A2A3A26B-F355-4220-A3AC-55180075158A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A5CF894B-8BE3-4572-BFB4-3E570FE2A76F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A5FF98DF-D971-47D5-A62A-A2110A032960}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A6370B15-D3A1-40A3-8D41-FDD1FB77D132}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A700355C-DE50-4AD8-84C0-AB69EFEFFE76}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A9320825-59D0-48A2-84AB-0E08BBCACEDC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AA4C5CD2-F0D1-41CE-A2D9-2FCFB0F6DB60}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AAD7A0E4-1287-44D4-91BA-C86515153BDA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ABA75CE2-E5B8-4DB6-87D5-410402A5A030}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AF9300D0-B400-4C39-8437-DFAA6D64DC10}" = protocol=6 | dir=in | app=c:\spiele\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{B03EA7ED-1300-4D97-ADD2-2CFE8B2A3658}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B15747FD-9D41-466D-A6C9-1A42575E988C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B1A5B8FD-0EE6-4888-AC96-72952073C8C1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B1EE7A49-8039-457E-B5D3-21F7C0B55F9D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{B22BC61E-9357-4DB1-958A-4F2557946614}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B242FABF-7395-412A-B92F-5EE631308074}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{B31F8E7D-9538-4CB1-8617-23B0B2382AF5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B396B72E-3FD9-45D5-B8B9-81FBBA843641}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B4C03651-60B5-4EEF-94CB-99C6FEBD8AD1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B5CD35B3-B5FA-4576-A317-31DCC3AC29BB}" = protocol=17 | dir=in | app=c:\users\stani\desktop\minecraft server alpha 0.2.1\minecraft_server.exe | 
"{B71508A5-82ED-435F-89DF-AEAA923DD158}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B7874874-2398-4DFC-AD9B-9C3AEAD1F1C6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B954EA47-F0B2-4F3A-9C8A-E8DDFD2079A9}" = dir=in | app=c:\programme ii\itunes.exe | 
"{BB535928-08C2-4673-B0DA-EED603A86F7A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BEE0E2AC-7160-4865-BEE1-2CEBD9628421}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BFA3E762-436E-4211-B86E-5D7C72B2598C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C03FB3E0-9404-4C24-B8AA-6956455D1AD4}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{C053E052-F991-4593-992E-2C55E13F1B58}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C2EB2DE8-CF03-4565-BBE7-79222122EE66}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C32AFAE8-CA95-4296-B1CB-7B640D559483}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C57DDD8E-5AD0-4757-B6E9-35D5567C29B2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C7449641-D004-4FB7-BD2C-13647778E5ED}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CA03AC95-153A-436E-8C73-D34FF0567B01}" = protocol=17 | dir=in | app=c:\spiele\leageoflegends\game\league of legends.exe | 
"{CA57A337-29DC-4568-8DE6-770CC96141A3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CAEAEE48-02EE-40EC-8F93-8C0D6AAC1A6E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CBC6250B-23E2-46D7-947C-F07C9530F803}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CCC57F5F-D959-414E-8A75-9EE4352B3509}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CE0D9896-3A8D-44C5-8DB3-88858B90CDA6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CFC37B8E-69ED-4DA6-885A-10B6BB502E3E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{D026A810-0FAB-4E44-AED4-81F3847DB50D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D331DFF2-CAE7-4A9A-AAA6-9F4D697887B4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D5041146-EF96-4E9C-A25E-268200040645}" = protocol=17 | dir=in | app=c:\users\stani\desktop\minecraft.exe | 
"{D687F79D-7203-47C2-BAB3-1A473436BC40}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D7A6302B-535C-46E5-BA20-5C12A3FDE019}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D802D7CD-B941-4283-AC30-C18068FFEAA5}" = protocol=6 | dir=in | app=c:\spiele\league of legends\air\lolclient.exe | 
"{D8484943-F2EF-4584-B2A2-0E93BE658E9A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DB3A2DD6-D3B6-4359-B3E9-A55AA387AC3A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DCB0A778-270E-4FE7-BDA3-E37FF8A0FE94}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DD8A60F6-AFEA-4F27-865C-E495987E3849}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E0ED9DE1-5C1A-4800-9100-921B0554AAF3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E1248B5E-0000-4B64-BB46-F9F85C5CADBE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E3232EDF-0563-43F4-A7C2-DC7A302865AC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E3CAECDE-8E26-47D9-9885-7438D5EA747E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E4B557BC-26F5-4973-B7CA-71A1DDBA4347}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E582CD57-5FC8-479B-B7FD-F3C166BD677C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E62819E3-6B55-4458-8D86-81E89BEBFB8E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E717EBD7-B0D9-41BC-A257-7B44CC96AC3E}" = protocol=17 | dir=in | app=c:\spiele\league of legends\game\league of legends.exe | 
"{E7DC25F2-6297-4D24-93C9-151DC2C3ED49}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E7EE265B-0DE7-487C-B0FA-D7544DE91EAB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EAE68894-A173-43EA-94CF-B6CD9FDFE863}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EB038EBB-0FAD-4E09-A8F2-57B774DFEEFF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ECC764C7-B824-4F91-ABD3-1386F84DE6F9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EEE76DA3-7A61-4A09-BCBC-9B43CCA69AF8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F03632BE-456C-45B3-BDD2-A1E113BFBDF2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F140FC8F-70DD-49E3-91E5-286BCD54E19B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F152FA0C-3D95-4597-B962-D0758465A4A9}" = protocol=6 | dir=in | app=c:\spiele\leageoflegends\air\lolclient.exe | 
"{F19A206D-FF48-4960-A473-37C5407E37A4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F27A918F-D336-44A4-91A4-DF044F1003E8}" = protocol=17 | dir=in | app=c:\programme ii\icq7.4\icq.exe | 
"{F294BABB-81EE-4D54-B37C-5B02EEC70E07}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F31615F8-B865-4534-8586-EF1CA9C77D77}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{F4E1A1DE-565F-41A9-8A00-334E7B2BEF44}" = protocol=17 | dir=in | app=c:\spiele\steam\steamapps\common\alien swarm\srcds.exe | 
"{F8749C6F-9BB7-4A1E-8F27-96514448D55E}" = protocol=6 | dir=in | app=c:\spiele\leageoflegends\game\league of legends.exe | 
"{FB0DEF17-3170-467D-8774-A6EE6D87797D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FCFB13B0-90F0-46FE-B6EC-B03C7559D7A9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FD30BAFB-18BD-40AD-B493-5C57A7462139}" = protocol=6 | dir=in | app=c:\spiele\steam\steamapps\common\alien swarm\swarm.exe | 
"{FEDA25A1-41B6-4688-BE36-0D3923E3C3C8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FFA11073-1078-4CD6-B5A1-ED29C120AAC1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{065038BF-44C8-4437-A5DE-D8D3FAAD2266}C:\spiele\trackmania sunrise\tmsunrise.exe" = protocol=6 | dir=in | app=c:\spiele\trackmania sunrise\tmsunrise.exe | 
"TCP Query User{097BB189-E0C3-471B-9B52-ECEE3EF34A34}C:\programme ii\cryptload\routerclient.exe" = protocol=6 | dir=in | app=c:\programme ii\cryptload\routerclient.exe | 
"TCP Query User{0D11B537-073A-4510-8012-487333004584}C:\spiele\steam\steam.exe" = protocol=6 | dir=in | app=c:\spiele\steam\steam.exe | 
"TCP Query User{11EE6FBB-9C28-498B-B0D2-AA46FB1AAD20}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{13F2B88A-0F64-484D-9FD7-204ECCFBD497}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{1B307C98-23C8-49FD-976F-433937F32113}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{2B0D1BB9-E982-4356-8851-25464725E6F7}C:\spiele\mass effect 2\binaries\masseffect2.exe" = protocol=6 | dir=in | app=c:\spiele\mass effect 2\binaries\masseffect2.exe | 
"TCP Query User{2BACFFB1-8DD9-4A89-93D2-4F93E869E370}C:\programme ii\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\programme ii\orbitdownloader\orbitnet.exe | 
"TCP Query User{37736337-7059-4F61-9625-0E7923F5944D}C:\spiele\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\spiele\warcraft iii\war3.exe | 
"TCP Query User{38CED2DA-93AD-43DF-A844-E58AEAAD887B}C:\spiele\titanquest\immortalthrone\tqit.exe" = protocol=6 | dir=in | app=c:\spiele\titanquest\immortalthrone\tqit.exe | 
"TCP Query User{4336396E-DCD5-451A-95AE-77CDE6C67DF9}C:\spiele\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\spiele\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{4EEABDDD-7935-4EEC-B214-5C8D8174C828}C:\programme ii\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\programme ii\icq6.5\icq.exe | 
"TCP Query User{4FFBBED7-732F-4729-BE53-EA68EB2CA7B7}C:\spiele\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\spiele\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{71DB5E33-4C40-4A0B-A808-4F0B2825F7C9}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{748E463E-3EF8-4FDF-9BC9-44FAF6F34169}C:\users\stani\desktop\command and conquer\game.dat" = protocol=6 | dir=in | app=c:\users\stani\desktop\command and conquer\game.dat | 
"TCP Query User{7C23CDBF-5A22-4444-99E4-D03BF7AE1696}C:\spiele\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\spiele\dragon age\bin_ship\daorigins.exe | 
"TCP Query User{813CF26C-584C-4A4C-9730-C4D4601E90E2}C:\spiele\trackmania sunrise\tmsunrise.exe" = protocol=6 | dir=in | app=c:\spiele\trackmania sunrise\tmsunrise.exe | 
"TCP Query User{902FD51F-D8BF-47B1-9515-5431725378CC}C:\spiele\fallout3\fallout3.exe" = protocol=6 | dir=in | app=c:\spiele\fallout3\fallout3.exe | 
"TCP Query User{971C1F76-30F3-405E-94DD-59F6D0A9C8F4}C:\users\stani\desktop\warcraft iii lan\war3.exe" = protocol=6 | dir=in | app=c:\users\stani\desktop\warcraft iii lan\war3.exe | 
"TCP Query User{9F160BA4-1D57-456A-A5DC-A20B4BC2A77F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{A2D09591-D5FD-4E61-921B-8932E6E7173C}C:\spiele\electronic arts\crytek\crysis2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\spiele\electronic arts\crytek\crysis2\bin32\crysis2.exe | 
"TCP Query User{A76254F9-8897-470C-8080-63F663506E1C}C:\users\stani\desktop\routerclient.exe" = protocol=6 | dir=in | app=c:\users\stani\desktop\routerclient.exe | 
"TCP Query User{A7D96F74-67A1-4146-8ABD-914488A74614}C:\spiele\ut2004\system\ut2004.exe" = protocol=6 | dir=in | app=c:\spiele\ut2004\system\ut2004.exe | 
"TCP Query User{AD271AD6-E9E3-4EA6-B43F-74F4B9EE2EDC}C:\programme ii\firefox\firefox.exe" = protocol=6 | dir=in | app=c:\programme ii\firefox\firefox.exe | 
"TCP Query User{B317F6B9-2893-4C11-A6C1-A955B5CE23ED}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{CCA1CC4B-143D-4CE3-8D6F-E0DFD72E07D5}C:\spiele\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\spiele\warcraft iii\war3.exe | 
"TCP Query User{D1774E07-D23A-420C-B366-2E788A39545E}C:\users\stani\desktop\command and conquer\game.dat" = protocol=6 | dir=in | app=c:\users\stani\desktop\command and conquer\game.dat | 
"TCP Query User{E695848B-CF58-4558-9C16-27145D36D1D4}C:\spiele\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\spiele\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{E9F51B85-310C-46BE-A3AD-D0EA2F3CD7D5}C:\programme ii\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\programme ii\icq6.5\icq.exe | 
"TCP Query User{EFD0183A-C3E0-40E2-8BB4-C988133DC2C5}C:\users\stani\desktop\warcraft iii lan\war3.exe" = protocol=6 | dir=in | app=c:\users\stani\desktop\warcraft iii lan\war3.exe | 
"TCP Query User{F09D4026-EBD0-452A-BC52-21D39E70939B}C:\spiele\titanquest\immortalthrone\tqit.exe" = protocol=6 | dir=in | app=c:\spiele\titanquest\immortalthrone\tqit.exe | 
"TCP Query User{FDBC66CC-C708-4A1A-85C8-9D98629147BB}C:\programme ii\pfportchecker\pfportchecker.exe" = protocol=6 | dir=in | app=c:\programme ii\pfportchecker\pfportchecker.exe | 
"TCP Query User{FF6A5C41-C5D5-4781-BFC4-4E7F6EA506BF}C:\spiele\battlefield2\bf2.exe" = protocol=6 | dir=in | app=c:\spiele\battlefield2\bf2.exe | 
"UDP Query User{05130922-0616-4C8C-84C1-AC5B58BE1009}C:\spiele\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\spiele\dragon age\bin_ship\daorigins.exe | 
"UDP Query User{087DEB0B-D652-4EE1-801F-C8A001508904}C:\users\stani\desktop\warcraft iii lan\war3.exe" = protocol=17 | dir=in | app=c:\users\stani\desktop\warcraft iii lan\war3.exe | 
"UDP Query User{1F1D10CF-5595-49C6-A9AD-2CA6FFE33ED1}C:\users\stani\desktop\command and conquer\game.dat" = protocol=17 | dir=in | app=c:\users\stani\desktop\command and conquer\game.dat | 
"UDP Query User{2C73EA8D-D5C3-470B-B3CD-0F12B6E24C96}C:\spiele\mass effect 2\binaries\masseffect2.exe" = protocol=17 | dir=in | app=c:\spiele\mass effect 2\binaries\masseffect2.exe | 
"UDP Query User{3070AA56-F479-4047-8B1C-38E17C0DF78E}C:\spiele\electronic arts\crytek\crysis2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\spiele\electronic arts\crytek\crysis2\bin32\crysis2.exe | 
"UDP Query User{33BCA3B5-90FB-4F97-946B-9D212C6911E6}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{34F23E67-74E8-46A7-9235-77EEA1E379BD}C:\spiele\titanquest\immortalthrone\tqit.exe" = protocol=17 | dir=in | app=c:\spiele\titanquest\immortalthrone\tqit.exe | 
"UDP Query User{4092E11D-0173-4DBD-93FF-AE098319C2EE}C:\spiele\ut2004\system\ut2004.exe" = protocol=17 | dir=in | app=c:\spiele\ut2004\system\ut2004.exe | 
"UDP Query User{4ACD31C6-3ACF-41AF-AC0A-DE9C356DAC9F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{4ED4A0BB-D794-4120-A15C-42A8A69AB536}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{566D1FCC-143B-4FC7-B33F-230542D9FAEB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{648E650E-880B-49AE-94BA-4EBE046F49DC}C:\users\stani\desktop\warcraft iii lan\war3.exe" = protocol=17 | dir=in | app=c:\users\stani\desktop\warcraft iii lan\war3.exe | 
"UDP Query User{6EF93C5E-1584-4BA0-8155-DF3A667CC16D}C:\spiele\fallout3\fallout3.exe" = protocol=17 | dir=in | app=c:\spiele\fallout3\fallout3.exe | 
"UDP Query User{70BB0203-7970-4853-A84E-A3359F2CE626}C:\spiele\trackmania sunrise\tmsunrise.exe" = protocol=17 | dir=in | app=c:\spiele\trackmania sunrise\tmsunrise.exe | 
"UDP Query User{77D21AC0-7C57-499B-923D-FABA078AABC6}C:\spiele\battlefield2\bf2.exe" = protocol=17 | dir=in | app=c:\spiele\battlefield2\bf2.exe | 
"UDP Query User{885E49DC-EB4E-4B7F-B120-2B80CC961C14}C:\spiele\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\spiele\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{8CD82D24-BA83-45B2-9E8E-604930DF4BB0}C:\programme ii\pfportchecker\pfportchecker.exe" = protocol=17 | dir=in | app=c:\programme ii\pfportchecker\pfportchecker.exe | 
"UDP Query User{8D4B89B3-3DA2-4872-B1CD-708610C0FC42}C:\users\stani\desktop\command and conquer\game.dat" = protocol=17 | dir=in | app=c:\users\stani\desktop\command and conquer\game.dat | 
"UDP Query User{93F386AF-5919-43DD-8DFD-4F74DF2D0866}C:\programme ii\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\programme ii\orbitdownloader\orbitnet.exe | 
"UDP Query User{98B5858D-D214-4E28-9F7D-4F251302762B}C:\spiele\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\spiele\warcraft iii\war3.exe | 
"UDP Query User{A3B7A01A-24CD-4B50-9D96-8D7B1004AB39}C:\spiele\titanquest\immortalthrone\tqit.exe" = protocol=17 | dir=in | app=c:\spiele\titanquest\immortalthrone\tqit.exe | 
"UDP Query User{B180D84C-55D3-444A-B866-5BB0E15831E8}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{B3F472B3-C128-48CF-8468-949BE4DDADEF}C:\spiele\steam\steam.exe" = protocol=17 | dir=in | app=c:\spiele\steam\steam.exe | 
"UDP Query User{BA4EF366-6D59-4BBE-A01F-793E83698843}C:\spiele\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\spiele\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{BE93E8C3-17DB-438F-A393-7CA0F8F4CC9F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{C84D61F9-54A4-4CF5-8879-1F4F35085E51}C:\programme ii\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\programme ii\icq6.5\icq.exe | 
"UDP Query User{CB903815-C81F-4E9A-AD29-6364D229C9A8}C:\programme ii\cryptload\routerclient.exe" = protocol=17 | dir=in | app=c:\programme ii\cryptload\routerclient.exe | 
"UDP Query User{CC91F361-68E1-4706-8088-33CB2509FEA5}C:\spiele\trackmania sunrise\tmsunrise.exe" = protocol=17 | dir=in | app=c:\spiele\trackmania sunrise\tmsunrise.exe | 
"UDP Query User{CE1D5388-C3E3-48BA-AFE7-9E12964B7C1F}C:\programme ii\firefox\firefox.exe" = protocol=17 | dir=in | app=c:\programme ii\firefox\firefox.exe | 
"UDP Query User{D5E85456-5FA9-456C-AAC1-7980C3BF749D}C:\spiele\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\spiele\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{E4AD847B-1D83-433E-9A84-2431DBECEDB0}C:\users\stani\desktop\routerclient.exe" = protocol=17 | dir=in | app=c:\users\stani\desktop\routerclient.exe | 
"UDP Query User{F700615D-990D-4E6B-8529-EA418365B030}C:\programme ii\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\programme ii\icq6.5\icq.exe | 
"UDP Query User{F8458F4D-F960-42F3-B722-F71D45845961}C:\spiele\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\spiele\warcraft iii\war3.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03F97923-7EB6-0414-0F98-C3211D00BAF5}" = simfy
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17C4A35A-2041-42C0-8D10-DEF55B47BE56}" = Adobe Premiere Elements 8.0 Templates
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 24
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5546F4E9-B0F4-4F54-B949-2AB006C9284F}" = DJ_AIO_06_F2400_SW_Min
"{5943B7F7-678B-477E-9AEE-6E4C6962322B}" = Sparwelt.de Gutschein Alarm
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{819CA3BC-2FF8-4811-B42F-421F7BFD3559}" = HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{96965E6C-41DB-4E0A-BC65-D92381D51D2A}" = Sony Vegas 7.0
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{AC4BDEB4-E06A-4605-B5D2-2FE6750681A5}" = HD Writer AE 2.1
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE585DDE-7230-4B57-926B-428C94AA5850}" = Adobe Setup
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C9E129BC-27D3-436E-BAAC-4CE81E0962F1}" = Sony Media Manager 2.2
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe_8fbf74eb27c84640370f87306e8981b" = Adobe InDesign CS3
"avast" = avast! Free Antivirus
"CamStudio" = CamStudio
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Hamachi" = Hamachi 1.0.1.3
"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"Live 8.0.3" = Live 8.0.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"NSS" = Norton Security Scan
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"Pen Tablet Driver" = Stifttablett
"PFPortChecker" = PFPortChecker 1.0.36
"PremElem80" = Adobe Premiere Elements 8.0
"PremElem80Templates" = Adobe Premiere Elements 8.0 Templates
"PunkBusterSvc" = PunkBuster Services
"Simfy" = simfy
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"Steam App 630" = Alien Swarm
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"VLC media player" = VLC media player 1.1.4
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4080323560-1050015258-1802708261-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.04.2011 08:33:12 | Computer Name = Stani-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3938
 
Error - 20.04.2011 08:33:14 | Computer Name = Stani-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 20.04.2011 08:33:14 | Computer Name = Stani-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5891
 
Error - 20.04.2011 08:33:14 | Computer Name = Stani-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5891
 
Error - 20.04.2011 08:33:16 | Computer Name = Stani-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 20.04.2011 08:33:16 | Computer Name = Stani-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7844
 
Error - 20.04.2011 08:33:16 | Computer Name = Stani-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7844
 
Error - 20.04.2011 08:33:18 | Computer Name = Stani-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 20.04.2011 08:33:18 | Computer Name = Stani-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9829
 
Error - 20.04.2011 08:33:18 | Computer Name = Stani-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9829
 
[ System Events ]
Error - 20.04.2011 03:53:34 | Computer Name = Stani-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 20.04.2011 03:53:34 | Computer Name = Stani-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 20.04.2011 03:57:12 | Computer Name = Stani-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 20.04.2011 03:59:20 | Computer Name = Stani-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 20.04.2011 04:09:39 | Computer Name = Stani-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 20.04.2011 04:15:03 | Computer Name = Stani-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 20.04.2011 04:25:33 | Computer Name = Stani-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 20.04.2011 04:30:46 | Computer Name = Stani-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 20.04.2011 04:34:10 | Computer Name = Stani-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 20.04.2011 04:39:02 | Computer Name = Stani-PC | Source = Service Control Manager | ID = 7022
Description = 
 
 
< End of report >
Smoodoo ist offline   Mit Zitat antworten
Werbung

Windows 7 Tipps und Tricks in Bildern

Alt 20.04.2011, 16:34   #11 (Direktlink)
Erfolgreich angemeldet
 
Registriert seit: 20.04.2011
Beiträge: 18
Standard
MBRCheck.txt:

(Install.txt kommt nacheditiert)

Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:            
Windows Version:        Windows Vista Home Premium Edition
Windows Information:        Service Pack 2 (build 6002), 32-bit
Logical Drives Mask:        0x0000000d

Kernel Drivers (total 153):
  0x82448000 \SystemRoot\system32\ntkrnlpa.exe
  0x82415000 \SystemRoot\system32\hal.dll
  0x80400000 \SystemRoot\system32\kdcom.dll
  0x80407000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x80477000 \SystemRoot\system32\PSHED.dll
  0x80488000 \SystemRoot\system32\BOOTVID.dll
  0x80490000 \SystemRoot\system32\CLFS.SYS
  0x804D1000 \SystemRoot\system32\CI.dll
  0x805B1000 \SystemRoot\system32\drivers\klmdb.sys
  0x80605000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x80681000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8068E000 \SystemRoot\System32\Drivers\sptd.sys
  0x80781000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x8078A000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x807B0000 \SystemRoot\system32\drivers\acpi.sys
  0x807F6000 \SystemRoot\system32\drivers\msisadrv.sys
  0x805C3000 \SystemRoot\system32\drivers\pci.sys
  0x805EA000 \SystemRoot\System32\drivers\partmgr.sys
  0x82A04000 \SystemRoot\system32\drivers\volmgr.sys
  0x82A13000 \SystemRoot\System32\drivers\volmgrx.sys
  0x82A5D000 \SystemRoot\system32\drivers\pciide.sys
  0x82A64000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x82A72000 \SystemRoot\System32\drivers\mountmgr.sys
  0x82A82000 \SystemRoot\System32\drivers\sfsync02.sys
  0x82A8B000 \SystemRoot\system32\drivers\atapi.sys
  0x82A93000 \SystemRoot\system32\drivers\ataport.SYS
  0x82AB1000 \SystemRoot\system32\drivers\fltmgr.sys
  0x82AE3000 \SystemRoot\system32\drivers\fileinfo.sys
  0x82AF3000 \SystemRoot\System32\Drivers\PxHelp20.sys
  0x82AFD000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8300D000 \SystemRoot\system32\drivers\ndis.sys
  0x83118000 \SystemRoot\system32\drivers\msrpc.sys
  0x83143000 \SystemRoot\system32\drivers\NETIO.SYS
  0x83209000 \SystemRoot\System32\drivers\tcpip.sys
  0x832F3000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8B401000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8B511000 \SystemRoot\system32\drivers\volsnap.sys
  0x8B54A000 \SystemRoot\System32\Drivers\spldr.sys
  0x8B552000 \SystemRoot\System32\drivers\sfvfs02.sys
  0x8B56A000 \SystemRoot\System32\drivers\sfhlp02.sys
  0x8B572000 \SystemRoot\System32\drivers\sfdrv01.sys
  0x8B585000 \SystemRoot\System32\Drivers\mup.sys
  0x8B594000 \SystemRoot\System32\drivers\ecache.sys
  0x8B5BB000 \SystemRoot\system32\drivers\disk.sys
  0x8B5CC000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8B5ED000 \SystemRoot\system32\drivers\crcdisk.sys
  0x83326000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x83331000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8333A000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8F804000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x901A1000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
  0x83349000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x901A3000 \SystemRoot\System32\drivers\watchdog.sys
  0x901AF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x901BA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x833E9000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x82B6E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8317E000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
  0x83193000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x831A3000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x831B1000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x83200000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS
  0x831BC000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x901F8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x901FE000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
  0x831D4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x833F8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8F800000 \SystemRoot\system32\DRIVERS\WacomVKHid.sys
  0x9040C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x9043B000 \SystemRoot\system32\DRIVERS\storport.sys
  0x9047C000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x90487000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x9049E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x904A9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x904CC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x904DB000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x904EF000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x90504000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x90514000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x9051F000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x9052A000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x9052C000 \SystemRoot\system32\DRIVERS\ks.sys
  0x90556000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x90560000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x9056D000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x905A2000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x905AC000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x905B4000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
  0x905BC000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x905C5000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x90E01000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x90FA9000 \SystemRoot\system32\drivers\portcls.sys
  0x90FD6000 \SystemRoot\system32\drivers\drmk.sys
  0x91008000 \SystemRoot\System32\Drivers\aswSnx.SYS
  0x91078000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x91081000 \SystemRoot\System32\Drivers\Null.SYS
  0x91088000 \SystemRoot\System32\Drivers\Beep.SYS
  0x910A2000 \SystemRoot\System32\drivers\vga.sys
  0x910AE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x910CF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x910D7000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x910DF000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x910EA000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x910F8000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x91101000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x91117000 \SystemRoot\System32\Drivers\aswTdi.SYS
  0x91121000 \SystemRoot\system32\DRIVERS\smb.sys
  0x9160D000 \SystemRoot\system32\DRIVERS\kl1.sys
  0x91B2D000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x91B36000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x91B38000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x91B6A000 \SystemRoot\system32\drivers\afd.sys
  0x91BB2000 \SystemRoot\System32\Drivers\aswRdr.SYS
  0x91BB7000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x91BCD000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x91BDB000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x91135000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x91BEE000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x91171000 \SystemRoot\System32\Drivers\dfsc.sys
  0x91188000 \SystemRoot\System32\Drivers\aswSP.SYS
  0x91600000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x911D1000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x91BF8000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x9A070000 \SystemRoot\System32\win32k.sys
  0x911DC000 \SystemRoot\System32\drivers\Dxapi.sys
  0x911E6000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x9A290000 \SystemRoot\System32\TSDDD.dll
  0x9A2B0000 \SystemRoot\System32\cdd.dll
  0x905D6000 \SystemRoot\system32\drivers\luafv.sys
  0x81000000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
  0x81038000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
  0x8103B000 \SystemRoot\system32\drivers\spsys.sys
  0x810EB000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x810FB000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x8110E000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x81117000 \SystemRoot\system32\drivers\HTTP.sys
  0x81184000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x811A1000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x811BA000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x811CF000 \SystemRoot\system32\drivers\mrxdav.sys
  0xA080D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA082C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA0865000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA087D000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA08A5000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA08F4000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0xA0937000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0xA160D000 \SystemRoot\system32\drivers\peauth.sys
  0xA16EB000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA16F5000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA1701000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0xA1717000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x77840000 \Windows\System32\ntdll.dll

Processes (total 62):
       0 System Idle Process
       4 System
     456 C:\Windows\System32\smss.exe
     528 csrss.exe
     588 C:\Windows\System32\wininit.exe
     600 csrss.exe
     632 C:\Windows\System32\services.exe
     644 C:\Windows\System32\lsass.exe
     656 C:\Windows\System32\lsm.exe
     760 C:\Windows\System32\winlogon.exe
     844 C:\Windows\System32\svchost.exe
     896 C:\Windows\System32\nvvsvc.exe
     932 C:\Windows\System32\svchost.exe
     992 C:\Windows\System32\svchost.exe
    1060 C:\Windows\System32\svchost.exe
    1100 C:\Windows\System32\svchost.exe
    1112 C:\Windows\System32\svchost.exe
    1172 C:\Windows\System32\audiodg.exe
    1220 C:\Windows\System32\SLsvc.exe
    1272 C:\Windows\System32\svchost.exe
    1420 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    1432 C:\Windows\System32\nvvsvc.exe
    1512 C:\Windows\System32\wisptis.exe
    1552 C:\Windows\System32\svchost.exe
    1616 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    1724 C:\Programme II\Avast Free AntiVirus\AvastSvc.exe
     520 C:\Windows\System32\spoolsv.exe
     604 C:\Windows\System32\svchost.exe
    1348 C:\Programme II\PhotoshopElements8\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    2152 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2192 C:\Windows\System32\bgsvcgen.exe
    2220 C:\Program Files\Bonjour\mDNSResponder.exe
    2400 C:\Windows\System32\PnkBstrA.exe
    2444 C:\Windows\System32\svchost.exe
    2540 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    2560 C:\Windows\System32\svchost.exe
    2588 C:\Windows\System32\Pen_Tablet.exe
    2644 C:\Windows\System32\svchost.exe
    2696 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2716 C:\Windows\System32\SearchIndexer.exe
    3072 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    3276 C:\Windows\System32\dwm.exe
    3304 C:\Windows\System32\taskeng.exe
    3320 C:\Windows\System32\wisptis.exe
    3328 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    3492 C:\Windows\explorer.exe
    3688 C:\Windows\System32\WTablet\Pen_TabletUser.exe
    3700 C:\Windows\System32\Pen_Tablet.exe
    3776 C:\Windows\System32\taskeng.exe
    3832 C:\Windows\RtHDVCpl.exe
    4020 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    4028 C:\Programme II\Avast Free AntiVirus\AvastUI.exe
    4036 C:\Program Files\Windows Media Player\wmpnscfg.exe
    4072 C:\Program Files\Windows Media Player\wmpnetwk.exe
     804 C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
    5000 C:\Windows\System32\svchost.exe
    5812 C:\Programme II\FireFox\firefox.exe
    5740 C:\Programme II\FireFox\plugin-container.exe
    5324 C:\Windows\System32\wuauclt.exe
    5432 C:\Users\Stani\Desktop\OTL.exe
    4224 C:\Users\Stani\Desktop\MBRCheck.exe
    1748 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000  (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD502IJ, Rev: 1AA01112

      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \\.\PhysicalDrive0   Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
UPDATE, hier ist die Install.txt mit Einschätzung unsererseits:

Code:
Adobe AIR    Adobe Systems Incorporated    04.04.2011    30,7MB    2.6.0.19120 -- unbekannt
Adobe Flash Player 10 ActiveX    Adobe Systems Incorporated    01.10.2009        10.0.12.36 -- unbekannt
Adobe Flash Player 10 Plugin    Adobe Systems Incorporated    18.04.2011        10.2.159.1 -- unbekannt
Adobe InDesign CS3    Adobe Systems Incorporated    16.11.2009        5.0 -- unnötig (Rest einer fehlgeschlagenen Deinstallation)
Adobe Photoshop CS2    Adobe Systems, Inc.    07.02.2010    218MB    9.0 -- unnötig (Rest einer fehlgeschlagenen Deinstallation)
Adobe Photoshop Elements 8.0    Adobe Systems Incorporated    29.04.2010    749MB    8.0 -- notwendig
Adobe Premiere Elements 8.0    Adobe Systems Incorporated    29.04.2010    5.658MB    8.0 -- notwendig
Adobe Premiere Elements 8.0 Templates    Adobe Systems Incorporated    29.04.2010    5.045MB    8.0 -- notwendig
Adobe Reader 9.3 - Deutsch    Adobe Systems Incorporated    07.03.2010    162,6MB    9.3.0 -- unbekannt
Alien Swarm    Valve    10.08.2010    2.032MB    -- notwendig
Apple Application Support    Apple Inc.    07.09.2010    42,8MB    1.3.2 -- unbekannt (benutzt iTunes)    
Apple Mobile Device Support    Apple Inc.    07.09.2010    20,1MB    3.2.0.47 -- unbekannt (benutzt iTunes)
Apple Software Update    Apple Inc.    11.10.2009    2,16MB    2.1.1.116 -- unbekannt (benutzt iTunes)
avast! Free Antivirus    AVAST Software    18.04.2011    204MB    6.0.1091.0 -- notwendig
Battlefield: Bad Company™ 2    Electronic Arts    08.03.2010    1.773MB    1.0.0.0 -- notwendig
Bonjour    Apple Inc.    22.07.2010    0,76MB    2.0.2.0 -- unbekannt (benutzt iTunes)
CamStudio        15.10.2009    8,23MB -- unnötig
CCleaner    Piriform    19.04.2011    3,60MB    3.05 -- notwendig
DivX Converter    DivX, Inc.    02.05.2010    45,3MB    7.1.0 -- unbekannt (benutzt DivX)
DivX Plus DirectShow Filters    DivX, Inc.    02.05.2010    1,58MB -- unbekannt (benutzt DivX)
DivX-Setup    DivX, Inc.     01.12.2010    2,11MB    2.1.2.2 -- notwendig
Hamachi 1.0.1.3        07.01.2010    0,77MB -- notwendig
HD Writer AE 2.1    Panasonic Corporation    23.04.2010    172,5MB    2.01.141.1031 -- unnötig
HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6    HP    07.07.2010    10,6MB    14.0 -- notwendig
ICQ7.4    ICQ    10.03.2011    47,8MB    7.4 -- notwendig
IKEA Home Planner    IKEA IT    26.03.2010    167,3MB    2.0.3 -- unnötig
iTunes    Apple Inc.    07.09.2010    135,9MB    10.0.0.68 -- notwendig
Java(TM) 6 Update 24    Sun Microsystems, Inc.    05.04.2010    97,1MB    6.0.240 -- unbekannt
League of Legends    Riot Games    08.03.2011    1.703MB    1.02.0000 -- notwendig
Live 8.0.3        16.12.2010    1.601MB    -- notwendig
LizardTech DjVu Control        09.02.2010    0,82MB -- notwendig
Malwarebytes' Anti-Malware    Malwarebytes Corporation    18.04.2011    4,80MB    -- notwendig
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU    Microsoft Corporation    02.10.2009    37,0MB    -- unbekannt
Microsoft .NET Framework 3.5 SP1    Microsoft Corporation    17.08.2010    27,8MB    -- unbekannt
Microsoft .NET Framework 4 Client Profile    Microsoft Corporation    24.06.2010    120,3MB    4.0.30319 -- unbekannt
Microsoft Games for Windows - LIVE    Microsoft Corporation    15.11.2010    6,01MB    3.4.54.0 -- notwendig
Microsoft Games for Windows - LIVE Redistributable    Microsoft Corporation    15.11.2010    31,3MB    3.4.18.0 -- notwendig
Microsoft SQL Server Compact 3.5 SP1 English    Microsoft Corporation    23.04.2010    2,60MB    3.5.5692.0 -- unbekannt
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    13.12.2009    0,41MB    8.0.59193 -- unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148    Microsoft Corporation    15.01.2010    0,19MB    9.0.30729.4148 -- unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022    Microsoft Corporation    01.02.2010    1,41MB    9.0.21022 -- unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729    Microsoft Corporation    15.04.2011    0,23MB    9.0.30729 -- unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17    Microsoft Corporation    05.10.2009    0,58MB    9.0.30729 -- unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148    Microsoft Corporation    23.04.2010    0,58MB    9.0.30729.4148 -- unbekannt
Microsoft XNA Framework Redistributable 3.1    Microsoft Corporation    03.03.2011    7,55MB    3.1.10527.0 -- unbekannt
Mozilla Firefox (3.6.16)    Mozilla    24.03.2011    30,6MB    3.6.16 (de) -- notwendig
Mozilla Thunderbird (3.1.7)    Mozilla    15.12.2010    33,4MB    3.1.7 (de) -- notwendig 
MSXML 4.0 SP2 (KB927978)    Microsoft Corporation    09.07.2010    34,00KB    4.20.9841.0 -- unbekannt
MSXML 4.0 SP2 (KB954430)    Microsoft Corporation    09.07.2010    1,28MB    4.20.9870.0 -- unbekannt
MSXML 4.0 SP2 (KB973688)    Microsoft Corporation    09.07.2010    1,34MB    4.20.9876.0 -- unbekannt
NVIDIA 3D Vision Treiber 260.99    NVIDIA Corporation    02.01.2011    18,1MB    260.99 -- notwendig
NVIDIA Grafiktreiber 260.99    NVIDIA Corporation    02.01.2011    84,9MB    260.99 -- notwendig
NVIDIA PhysX-Systemsoftware 9.10.0514    NVIDIA Corporation    02.01.2011    73,3MB    9.10.0514 -- notwendig
OpenAL        16.08.2010    0,77MB -- notwendig    
OpenOffice.org 3.2    OpenOffice.org    05.04.2010    370MB    3.2.9483 -- notwendig
Orbit Downloader    www.orbitdownloader.com    22.01.2011    8,73MB -- notwendig    
Pando Media Booster    Pando Networks Inc.    09.03.2011    7,18MB    2.3.5.2 -- unbekannt
PFPortChecker 1.0.36    Portforward.com    20.10.2010    0,14MB    1.0.36 -- notwendig
Project64 1.6    Project64    31.10.2010    3,47MB    1.6 -- notwendig
PunkBuster Services    Even Balance, Inc.    08.03.2010        0.988 -- notwendig
QuickTime    Apple Inc.    16.09.2010    72,8MB    7.68.75.0 -- notwendig
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista    Realtek    01.10.2009    0,58MB    1.00.0000 -- notwendig
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    01.10.2009    12,1MB    6.0.1.5371 -- notwendig
simfy    simfy GmbH    16.02.2011    2,71MB    1.3.5 -- notwendig
Skype Toolbars    Skype Technologies S.A.    18.02.2011    7,11MB    5.0.4137 -- unnötig
Skype™ 5.1    Skype Technologies S.A.    18.02.2011    21,4MB    5.1.112 -- notwendig
SmartSound Quicktracks for Premiere Elements 8.0    SmartSound Software Inc    29.04.2010    2,01MB    3.11.3090 -- notwendig
Sony Media Manager 2.2    Sony    22.04.2010    14,4MB    2.2.119 -- unbekannt
Sony Vegas 7.0    Sony    22.04.2010    172,9MB    7.0.192 -- unnötig (Deinstallationsrest)
Sparwelt.de Gutschein Alarm    Sparwelt.de    26.04.2010    7,91MB    1.0.0 -- unnötig (Verdacht auf irgendeinen Virus)
SpeechRedist    Epic Games Inc.    25.02.2010    58,8MB    1.0.0 -- unbekannt
Spelling Dictionaries Support For Adobe Reader 9    Adobe Systems Incorporated    07.03.2010    29,7MB    9.0.0 -- notwendig
Spybot - Search & Destroy    Safer Networking Limited    01.10.2009    51,6MB    1.6.2 -- notwendig
Steam    Valve    29.11.2009    42,1MB    1.0.0.0 -- notwendig 
Stifttablett    Wacom Technology Corp.    07.02.2010    26,4MB -- notwendig    
The Witcher    CD Projekt Red    13.12.2009    8.521MB    1.00.0000 -- notwendig
Uninstall 1.0.0.1        14.04.2010    27,8MB -- unbekannt    
Virtual DJ Home - Atomix Productions        12.12.2010    19,0MB -- notwendig
VLC media player 1.1.4    VideoLAN    11.09.2010    73,1MB    1.1.4 -- notwendig
Warcraft III        06.10.2009    1.232MB -- notwendig    
Warcraft III: All Products        06.10.2009    1.232MB    -- notwendig
Warhammer 40,000: Dawn of War II    Relic    29.11.2009    3.912MB    -- notwendig
Windows Live Essentials    Microsoft Corporation    26.01.2011    44,0MB    14.0.8117.0416 -- unbekannt
Windows Live ID Sign-in Assistant    Microsoft Corporation    15.11.2010    4,69MB    6.500.3165.0 -- unbekannt
Windows Live-Uploadtool    Microsoft Corporation    13.01.2010    0,22MB    14.0.8014.1029 -- unbekannt
Windows Media Player Firefox Plugin    Microsoft Corp    06.11.2009    0,29MB    1.0.0.8 -- unbekannt
WinRAR        01.10.2009    3,82MB    -- notwendig
Adobe AIR    Adobe Systems Incorporated    04.04.2011    30,7MB    2.6.0.19120 -- unbekannt
Adobe Flash Player 10 ActiveX    Adobe Systems Incorporated    01.10.2009        10.0.12.36 -- unbekannt
Adobe Flash Player 10 Plugin    Adobe Systems Incorporated    18.04.2011        10.2.159.1 -- unbekannt
Adobe InDesign CS3    Adobe Systems Incorporated    16.11.2009        5.0 -- unnötig (Rest einer fehlgeschlagenen Deinstallation)
Adobe Photoshop CS2    Adobe Systems, Inc.    07.02.2010    218MB    9.0 -- unnötig (Rest einer fehlgeschlagenen Deinstallation)
Adobe Photoshop Elements 8.0    Adobe Systems Incorporated    29.04.2010    749MB    8.0 -- notwendig
Adobe Premiere Elements 8.0    Adobe Systems Incorporated    29.04.2010    5.658MB    8.0 -- notwendig
Adobe Premiere Elements 8.0 Templates    Adobe Systems Incorporated    29.04.2010    5.045MB    8.0 -- notwendig
Adobe Reader 9.3 - Deutsch    Adobe Systems Incorporated    07.03.2010    162,6MB    9.3.0 -- unbekannt
Alien Swarm    Valve    10.08.2010    2.032MB    -- notwendig
Apple Application Support    Apple Inc.    07.09.2010    42,8MB    1.3.2 -- unbekannt (benutzt iTunes)    
Apple Mobile Device Support    Apple Inc.    07.09.2010    20,1MB    3.2.0.47 -- unbekannt (benutzt iTunes)
Apple Software Update    Apple Inc.    11.10.2009    2,16MB    2.1.1.116 -- unbekannt (benutzt iTunes)
avast! Free Antivirus    AVAST Software    18.04.2011    204MB    6.0.1091.0 -- notwendig
Battlefield: Bad Company™ 2    Electronic Arts    08.03.2010    1.773MB    1.0.0.0 -- notwendig
Bonjour    Apple Inc.    22.07.2010    0,76MB    2.0.2.0 -- unbekannt (benutzt iTunes)
CamStudio        15.10.2009    8,23MB -- unnötig
CCleaner    Piriform    19.04.2011    3,60MB    3.05 -- notwendig
DivX Converter    DivX, Inc.    02.05.2010    45,3MB    7.1.0 -- unbekannt (benutzt DivX)
DivX Plus DirectShow Filters    DivX, Inc.    02.05.2010    1,58MB -- unbekannt (benutzt DivX)
DivX-Setup    DivX, Inc.     01.12.2010    2,11MB    2.1.2.2 -- notwendig
Hamachi 1.0.1.3        07.01.2010    0,77MB -- notwendig
HD Writer AE 2.1    Panasonic Corporation    23.04.2010    172,5MB    2.01.141.1031 -- unnötig
HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6    HP    07.07.2010    10,6MB    14.0 -- notwendig
ICQ7.4    ICQ    10.03.2011    47,8MB    7.4 -- notwendig
IKEA Home Planner    IKEA IT    26.03.2010    167,3MB    2.0.3 -- unnötig
iTunes    Apple Inc.    07.09.2010    135,9MB    10.0.0.68 -- notwendig
Java(TM) 6 Update 24    Sun Microsystems, Inc.    05.04.2010    97,1MB    6.0.240 -- unbekannt
League of Legends    Riot Games    08.03.2011    1.703MB    1.02.0000 -- notwendig
Live 8.0.3        16.12.2010    1.601MB    -- notwendig
LizardTech DjVu Control        09.02.2010    0,82MB -- notwendig
Malwarebytes' Anti-Malware    Malwarebytes Corporation    18.04.2011    4,80MB    -- notwendig
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU    Microsoft Corporation    02.10.2009    37,0MB    -- unbekannt
Microsoft .NET Framework 3.5 SP1    Microsoft Corporation    17.08.2010    27,8MB    -- unbekannt
Microsoft .NET Framework 4 Client Profile    Microsoft Corporation    24.06.2010    120,3MB    4.0.30319 -- unbekannt
Microsoft Games for Windows - LIVE    Microsoft Corporation    15.11.2010    6,01MB    3.4.54.0 -- notwendig
Microsoft Games for Windows - LIVE Redistributable    Microsoft Corporation    15.11.2010    31,3MB    3.4.18.0 -- notwendig
Microsoft SQL Server Compact 3.5 SP1 English    Microsoft Corporation    23.04.2010    2,60MB    3.5.5692.0 -- unbekannt
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    13.12.2009    0,41MB    8.0.59193 -- unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148    Microsoft Corporation    15.01.2010    0,19MB    9.0.30729.4148 -- unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022    Microsoft Corporation    01.02.2010    1,41MB    9.0.21022 -- unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729    Microsoft Corporation    15.04.2011    0,23MB    9.0.30729 -- unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17    Microsoft Corporation    05.10.2009    0,58MB    9.0.30729 -- unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148    Microsoft Corporation    23.04.2010    0,58MB    9.0.30729.4148 -- unbekannt
Microsoft XNA Framework Redistributable 3.1    Microsoft Corporation    03.03.2011    7,55MB    3.1.10527.0 -- unbekannt
Mozilla Firefox (3.6.16)    Mozilla    24.03.2011    30,6MB    3.6.16 (de) -- notwendig
Mozilla Thunderbird (3.1.7)    Mozilla    15.12.2010    33,4MB    3.1.7 (de) -- notwendig 
MSXML 4.0 SP2 (KB927978)    Microsoft Corporation    09.07.2010    34,00KB    4.20.9841.0 -- unbekannt
MSXML 4.0 SP2 (KB954430)    Microsoft Corporation    09.07.2010    1,28MB    4.20.9870.0 -- unbekannt
MSXML 4.0 SP2 (KB973688)    Microsoft Corporation    09.07.2010    1,34MB    4.20.9876.0 -- unbekannt
NVIDIA 3D Vision Treiber 260.99    NVIDIA Corporation    02.01.2011    18,1MB    260.99 -- notwendig
NVIDIA Grafiktreiber 260.99    NVIDIA Corporation    02.01.2011    84,9MB    260.99 -- notwendig
NVIDIA PhysX-Systemsoftware 9.10.0514    NVIDIA Corporation    02.01.2011    73,3MB    9.10.0514 -- notwendig
OpenAL        16.08.2010    0,77MB -- notwendig    
OpenOffice.org 3.2    OpenOffice.org    05.04.2010    370MB    3.2.9483 -- notwendig
Orbit Downloader    www.orbitdownloader.com    22.01.2011    8,73MB -- notwendig    
Pando Media Booster    Pando Networks Inc.    09.03.2011    7,18MB    2.3.5.2 -- unbekannt
PFPortChecker 1.0.36    Portforward.com    20.10.2010    0,14MB    1.0.36 -- notwendig
Project64 1.6    Project64    31.10.2010    3,47MB    1.6 -- notwendig
PunkBuster Services    Even Balance, Inc.    08.03.2010        0.988 -- notwendig
QuickTime    Apple Inc.    16.09.2010    72,8MB    7.68.75.0 -- notwendig
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista    Realtek    01.10.2009    0,58MB    1.00.0000 -- notwendig
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    01.10.2009    12,1MB    6.0.1.5371 -- notwendig
simfy    simfy GmbH    16.02.2011    2,71MB    1.3.5 -- notwendig
Skype Toolbars    Skype Technologies S.A.    18.02.2011    7,11MB    5.0.4137 -- unnötig
Skype™ 5.1    Skype Technologies S.A.    18.02.2011    21,4MB    5.1.112 -- notwendig
SmartSound Quicktracks for Premiere Elements 8.0    SmartSound Software Inc    29.04.2010    2,01MB    3.11.3090 -- notwendig
Sony Media Manager 2.2    Sony    22.04.2010    14,4MB    2.2.119 -- unbekannt
Sony Vegas 7.0    Sony    22.04.2010    172,9MB    7.0.192 -- unnötig (Deinstallationsrest)
Sparwelt.de Gutschein Alarm    Sparwelt.de    26.04.2010    7,91MB    1.0.0 -- unnötig (Verdacht auf irgendeinen Virus)
SpeechRedist    Epic Games Inc.    25.02.2010    58,8MB    1.0.0 -- unbekannt
Spelling Dictionaries Support For Adobe Reader 9    Adobe Systems Incorporated    07.03.2010    29,7MB    9.0.0 -- notwendig
Spybot - Search & Destroy    Safer Networking Limited    01.10.2009    51,6MB    1.6.2 -- notwendig
Steam    Valve    29.11.2009    42,1MB    1.0.0.0 -- notwendig 
Stifttablett    Wacom Technology Corp.    07.02.2010    26,4MB -- notwendig    
The Witcher    CD Projekt Red    13.12.2009    8.521MB    1.00.0000 -- notwendig
Uninstall 1.0.0.1        14.04.2010    27,8MB -- unbekannt    
Virtual DJ Home - Atomix Productions        12.12.2010    19,0MB -- notwendig
VLC media player 1.1.4    VideoLAN    11.09.2010    73,1MB    1.1.4 -- notwendig
Warcraft III        06.10.2009    1.232MB -- notwendig    
Warcraft III: All Products        06.10.2009    1.232MB    -- notwendig
Warhammer 40,000: Dawn of War II    Relic    29.11.2009    3.912MB    -- notwendig
Windows Live Essentials    Microsoft Corporation    26.01.2011    44,0MB    14.0.8117.0416 -- unbekannt
Windows Live ID Sign-in Assistant    Microsoft Corporation    15.11.2010    4,69MB    6.500.3165.0 -- unbekannt
Windows Live-Uploadtool    Microsoft Corporation    13.01.2010    0,22MB    14.0.8014.1029 -- unbekannt
Windows Media Player Firefox Plugin    Microsoft Corp    06.11.2009    0,29MB    1.0.0.8 -- unbekannt
WinRAR        01.10.2009    3,82MB    -- notwendig
Geändert von Smoodoo (20.04.2011 um 18:21 Uhr)
Smoodoo ist offline   Mit Zitat antworten
Alt 20.04.2011, 20:02   #12 (Direktlink)
Super-Moderator
 
Registriert seit: 08.02.2010
Beiträge: 1.728
Standard
Hi,

starte die OTL.exe mit Adminrechten.
Kopiere unten in die Box "Benutzerdefinierte Scans/Fixes" folgenden Text (ohne das Wort Code: )

Code:
:OTL
[2011.04.19 06:25:55 | 000,000,336 | ---- | C] () -- C:\ProgramData\44097288
[2010.12.13 19:13:35 | 000,000,000 | ---D | M] -- C:\Users\Stani\AppData\Roaming\Uniblue
:files
C:\Windows\System32\*.tmp
C:\Windows\*.tmp
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[resethosts]
Klicke dann oben auf Fix. Berichte wie der Rechner läuft.

Ich brauch etwas Zeit um mir die Installierten Programme anzuschauen. Ist so einiges Installiert.
__________________
Gruß Leo
Der Leo ist offline   Mit Zitat antworten
Alt 20.04.2011, 20:42   #13 (Direktlink)
Erfolgreich angemeldet
 
Registriert seit: 20.04.2011
Beiträge: 18
Standard
Ok werd ich machen. Lass dir mit der Auswertung ruig Zeit Leo.
Viel von dem Kram ist sicherlich durch Adobe, Windows Live, iTunes
und Flash draufgekommen. Viel von den installierten Programmen
haben scheinbar etwas damit zu tun. Ich editiere dann das Update rein.

UPDATE:

Also alles in allem läuft der PC jetzt wieder sehr gut. Vielleicht sogar besser als vor dem Virus.
Manchmal ist er nach dem Boot etwas langsam, aber das ist dann nach ner Zeit auch besser.

Soll ich den PC jetzt so lassen? Ich hatte ja quasi mit 'ner Formatierung gerechnet.
Kann ich externe Festplatten/ USB-Sticks etc. wieder anschliessen ohne Gefahr zu laufen, dass diese infiziert werden?

Hier ist noch das Log von dem OTL Fix:

Code:
All processes killed
========== OTL ==========
File C:\ProgramData\44097288 not found.
Folder C:\Users\Stani\AppData\Roaming\Uniblue\ not found.
========== FILES ==========
File\Folder C:\Windows\System32\*.tmp not found.
File\Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Stani
->Flash cache emptied: 700 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Stani
->Temp folder emptied: 5414571 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 73848319 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 473020 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 76,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.22.3 log created on 04212011_024522

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Geändert von Smoodoo (21.04.2011 um 16:49 Uhr)
Smoodoo ist offline   Mit Zitat antworten
Alt 21.04.2011, 20:00   #14 (Direktlink)
Super-Moderator
 
Registriert seit: 08.02.2010
Beiträge: 1.728
Standard
Hallo,

bitte führe OTL erneut aus (so wie oben beschrieben) und poste die aktuellen Ergebnisse.

So wie ich das sehe geht keine Gefahr für Externe Festplatten aus.
Ganz durch sind wir noch nicht.
__________________
Gruß Leo
Der Leo ist offline   Mit Zitat antworten
Alt 21.04.2011, 22:48   #15 (Direktlink)
Erfolgreich angemeldet
 
Registriert seit: 20.04.2011
Beiträge: 18
Standard
Okay, komme grad von Basketball-Training,
sonst hätte ich früher geantwortet .

Also hier is das OTL-Fix Log2:

Code:
All processes killed
========== OTL ==========
File C:\ProgramData\44097288 not found.
Folder C:\Users\Stani\AppData\Roaming\Uniblue\ not found.
========== FILES ==========
File\Folder C:\Windows\System32\*.tmp not found.
File\Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Stani
->Flash cache emptied: 725 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Stani
->Temp folder emptied: 61868366 bytes
->Temporary Internet Files folder emptied: 98706 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 87582964 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 524920 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 143,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.22.3 log created on 04212011_221904

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP00000027E5122DBA54F86FAD not found!

Registry entries deleted on Reboot...
Smoodoo ist offline   Mit Zitat antworten
Werbung

Windows 7 Tipps und Tricks in Bildern

Antwort
Seite 1 von 3 1 23

  Paules-PC-Forum.de > PC-Sicherheit > Viren-Forum

Lesezeichen

« Vorheriges Thema | Nächstes Thema »
Themen-Optionen
Ansicht
Linear-Darstellung Linear-Darstellung

Forumregeln
Es ist Ihnen erlaubt, neue Themen zu verfassen.
Es ist Ihnen erlaubt, auf Beiträge zu antworten.
Es ist Ihnen nicht erlaubt, Anhänge hochzuladen.
Es ist Ihnen nicht erlaubt, Ihre Beiträge zu bearbeiten.
BB-Code ist an.
Smileys sind an.
[IMG] Code ist an.
HTML-Code ist aus.
Trackbacks are an
Pingbacks are an
Refbacks are an

Ähnliche Themen
Thema Autor Forum Antworten Letzter Beitrag
Externe Festplatte - Bilddateien beschädigt???? shakatak Hardware - Problemlösungen 3 07.12.2009 15:11
Extrene Festplatte Datenträgerstruktur beschädigt unlesbar Miri Hardware - Problemlösungen 1 07.03.2008 18:06
pc stürzt ab und beschädigt den bootsektor der festplatte seba81 Hardware - Problemlösungen 6 30.11.2007 00:29
Maxtor Festplatte beschädigt? &gt;mrgoblin&lt; Hardware - Problemlösungen 3 16.02.2007 08:25
Masterdateitabelle bei Festplatte beschädigt Cjara Hardware - Problemlösungen 1 25.11.2003 16:44



Alle Zeitangaben in WEZ +2. Es ist jetzt 06:55 Uhr.

Kontakt - Paules-PC-Forum.de - Archiv - Nach oben

Powered by vBulletin® Version 3.8.7 (Deutsch)
Copyright ©2000 - 2012, vBulletin Solutions, Inc.
Powered by vBCMS® 2.7.0 ©2002 - 2012 vbdesigns.de
(c) Paules-PC-Forum.de

::: Impressum :::

Search Engine Optimization by vBSEO 3.3.2