[Windows Vista-64 bit] Trojan.FakeAV.LVT - Paules-PC-Forum.de

der dumme junge · 26.07.2011, 19:43

wie man oben vielleicht sehen kann war ich so blöd und habe mir diesen virus eingefangen. nun meine frage an euch wie bekomme ich ihn am besten los!
alles runter und neu aufbaun?
danke schonmal fürs antworten
lg

**Der Leo** · 26.07.2011, 20:14

Moin,

Hast du den Pc schoneinmal neugestartet? Wenn nicht dann lass es so, denn beim neustarten wird dein Anti-Virenprogramm deinstalliert und durch eine Fake Software ersetzt.

Hast du die Datei von dem vermeintlichen Video noch?

der dumme junge · 26.07.2011, 20:36

er hat leider schon einige mal selber neu gestartet -.-

nein leider nicht

**Der Leo** · 26.07.2011, 20:40

Okay dann möchte ich mir anschauen was alles verändert wurde und den schädling entfernen.

Schritt 1
OTL
Download: http://oldtimer.geekstogo.com/OTL.exe

1. Doppelklick auf die OTL.exe
2. User von Windows 7 und Vista: Rechtsklick als Administrator ausführen
3. Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal-Ausgabe
4. Setze einen Haken Oben bei Scanne alle Benutzer.
5. Unter "Extra Registrierung wähle "Benutze SafeList"
6. Rechts unten Haken setzen bei "LOP Prüfung" und "Purity Prüfung "
7. Kopiere in die Textbox (ohen das Wort Code: )

Code:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

8. Klicke "Scan"
9. Es werden 2 Reporte erstellt:
10. OTL.Txt sowie Extras.Txt
Bitte beide Logs Posten!

der dumme junge · 26.07.2011, 20:51

wo werden diese txt gespeichert?

**Der Leo** · 26.07.2011, 20:53

Direkt auf dem Desktop. Meistens sind sie auch nach dem neustart geöffnet.

Bitte stelle vorerst alle Online-Aktivitäten wie Online-Banking, Ebay ect. ein!
Ob das System formatiert werden muss werden wir sehen.

der dumme junge · 26.07.2011, 21:04

ebay uzw betreibe ich auf diesem pc nicht eher facebook usw...

okay

**Der Leo** · 26.07.2011, 21:13

Durch einen Link auf Facebook bist du auf eine gefälschte YouTube Seite geraten wo du eine Datei herunter geladen hast. Hast du den Link von der YouTube Seite noch?
Kannst du irgendwie den Link mir als Private Nachricht zukommen lassen? Aber bitte nicht von einem Sauberen System aus! Zunot machen wir das mit einem Live System.

der dumme junge · 26.07.2011, 21:20

OTL Extras logfile created on: 26.07.2011 20:44:45 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\lukas\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 53,98% Memory free
6,19 Gb Paging File | 4,54 Gb Available in Paging File | 73,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 20,51 Gb Free Space | 13,76% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 101,18 Gb Free Space | 72,64% Space Free | Partition Type: NTFS
Drive F: | 488,25 Mb Total Space | 3,78 Mb Free Space | 0,77% Space Free | Partition Type: FAT

Computer Name: MEINPC | User Name: lukas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4017913154-3825847846-2793962498-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"FirewallOverride" = 1
"DisableThumbnailCache" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir ewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir ewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir ewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir ewallPolicy\FirewallRules]
"{1CA62FDC-90B9-4799-A34B-6A86D175F09A}" = rport=139 | protocol=6 | dir=out | app=system |
"{385208DA-486B-4AA8-99DD-6E1ED5327450}" = lport=445 | protocol=6 | dir=in | app=system |
"{595A87F0-8153-473A-BC30-84D8044D0E39}" = lport=137 | protocol=17 | dir=in | app=system |
"{626BDC87-1519-4A6A-BDA1-C13358490183}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{67B94CE5-99D7-4ECF-A790-7866E226C9D1}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{8A073948-E334-42DD-B0FE-FBA7E1B67BC0}" = lport=138 | protocol=17 | dir=in | app=system |
"{9814EE72-5815-44E1-A2DC-4F42C5F9CD95}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{A17AE942-5847-47AB-B43D-5C820672D430}" = lport=139 | protocol=6 | dir=in | app=system |
"{A73FC682-A602-4DDC-8370-D8010297C15D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AF7A0E04-958D-496D-B059-7249968B4002}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BC66B233-EB26-4F05-8282-23A2888EC07E}" = rport=137 | protocol=17 | dir=out | app=system |
"{C1FBE7CA-0D06-43CB-8D98-AC2D4FCB2822}" = rport=445 | protocol=6 | dir=out | app=system |
"{ED935EDE-9287-47BB-98CE-7F377951BE1D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FBDF589A-2F2C-474F-8508-F3F83E6E02E4}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir ewallPolicy\FirewallRules]
"{041F0CC1-6BE9-419C-AC29-17D8F7582795}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0482C6F7-FDA9-4A10-953E-A911990236B3}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{168F992A-0095-45A4-9C6A-DF7C5790C34B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2BA80E87-7A0F-49E7-AA2E-093934B63894}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3A25AD9C-75D1-4A4A-B813-BC346DFB20F1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{40594C38-6AA6-418E-B2DC-4F9E25E8A000}" = protocol=6 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe |
"{4337F63E-D816-4AE7-9B51-A79784BDC5B2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4ECC1193-67CD-41CD-9680-2FB39798D010}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{4F637301-7271-417C-BB70-70B26018B44C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5C5B3892-919F-489F-96B7-997FEBBDFBAD}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{62B9A56D-E0E9-4946-81A3-B02D9D5E88FD}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{6BBBFBE3-BF99-4913-92E9-767490DBCB01}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6C577369-0C00-40A1-BFEE-CC4D2138B803}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{74FFBB06-C5F0-4436-BBF7-BA03F0518238}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{7CA69928-D4B6-4B19-AE4C-1F630C7C5E06}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{86A1BB12-2522-4689-B466-820220EE4B13}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{87C8CE63-AC5D-4E80-B514-0B3A403292BD}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{9362BE17-4B10-4032-A1B3-EE7064F7FC93}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{A73CA219-BAC1-4510-9B14-340D21D8604E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{AA8F2F4B-8E12-4902-9945-2E549F2DE9B6}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{C228A3C4-6C0A-4293-A9AE-5B1E6671F749}" = protocol=17 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe |
"{CE025BF5-F7B1-4C1C-B878-DD8E15D81258}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CE51BBD9-FB41-4AB0-A67F-D7A4033B8979}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D9AF75D5-121B-41C2-BC99-5AD2E4221B4C}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{DBD14708-D63C-48EC-9E0E-DFA47F43AB3A}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{DCC1B73A-E716-4E1B-9462-8AB531FEF87F}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{E3418755-D19D-4F74-8CAF-439E60899DE8}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{F629E4FF-C7B0-48B4-90CE-89A0BBB08121}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{FCDE4044-DEA1-4255-9076-C100F7E8EC12}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software
"{0733409B-F4AC-CE4B-29A2-6780AE0B31C0}" = Skins
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A4429CE-6364-D7BB-B256-4872BE4F3D9E}" = Catalyst Control Center Localization Russian
"{0AA35E34-8F21-5749-6F2D-E951D3CDFDFE}" = Catalyst Control Center Graphics Full Existing
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DF72BB0-1987-B5C5-A60C-0CA92748C274}" = Catalyst Control Center Localization Chinese Traditional
"{0E16D92F-F281-5EC8-98E7-724FB00ECE98}" = Catalyst Control Center Localization Danish
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{135108A2-EE1C-85B3-C344-1E80087E5EA6}" = CCC Help Hungarian
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{19CD2BFF-6104-F902-D257-38CFF32E6B6A}" = ccc-utility
"{1CA4F25C-491E-B759-4639-5EDDACE361DD}" = CCC Help Italian
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20F5A78C-611D-E54D-B4FA-A602CF310FA3}" = Catalyst Control Center Localization French
"{214D83A9-E08A-9E5C-C6FB-0F0D207F6C5B}" = Catalyst Control Center Localization Spanish
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
"{2862A3C1-0CD9-4D8B-A28C-8C337D4DD5EB}" = Express Gate
"{293BE8D0-7FE1-83BF-3BBA-2809B91A8E07}" = CCC Help Finnish
"{2A1ED448-F4DC-9F1B-71FD-44F1C3991995}" = ATI Catalyst Install Manager
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3825FAAB-E1BC-C226-505C-E83E211D7599}" = CCC Help Norwegian
"{387368F4-8190-D6F5-67AE-F0E8B6EAEC1A}" = Catalyst Control Center Localization Finnish
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41F166E3-9320-7C84-A46B-5512961BBEDC}" = Catalyst Control Center Localization Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DF2EED9-7369-A220-325E-50B70F5ED455}" = CCC Help Greek
"{4E86CC69-D727-21EF-E131-E85715E92B02}" = CCC Help Russian
"{4F760C04-80A7-24A7-AC60-4EE66AC47A39}" = CCC Help Spanish
"{565CB281-B789-34A0-6145-012AC0A08C85}" = CCC Help German
"{5664434C-B68F-8563-9709-B2EDF78A0920}" = Catalyst Control Center Graphics Previews Common
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59BBB3C7-B020-F02F-27B4-DA52B6AB8ADF}" = Catalyst Control Center Localization Greek
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5DB5B034-5EE9-9F5B-7A30-E0C51F96529B}" = Catalyst Control Center Localization Polish
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E1263C5-7EAC-2F91-EC96-095FF28CB680}" = CCC Help Thai
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65227FF2-D50A-231B-D30F-3358D61DA10F}" = CCC Help Korean
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{686A032A-2855-B333-3551-64943D174A3A}" = Catalyst Control Center Localization Hungarian
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BB522AD-28EE-674D-A046-2F108849359B}" = Catalyst Control Center Localization Dutch
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{852B4B87-C487-6A08-FCB8-31F6A870E59E}" = Catalyst Control Center Core Implementation
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{882A56F6-8DCA-0A30-9C68-46A926BB24A6}" = ccc-core-static
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B445CD1-2388-4E18-1A30-E7D493B464DA}" = CCC Help Portuguese
"{8B6F528B-2F58-F931-47C4-A935C02624DF}" = Catalyst Control Center Localization Norwegian
"{8D8DA4EC-7F07-9E99-21A2-DA635EC48AD3}" = CCC Help Dutch
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97040054-AEC3-E198-E6D0-F4BB9352278E}" = CCC Help English
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A6DBBE54-CCB6-2347-74CF-D0F7E3C49316}" = Catalyst Control Center Localization Czech
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AD6B37CD-781E-2E5E-D17B-F4141DF3A811}" = Catalyst Control Center Localization Italian
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0EA9DD7-ABD6-832A-6C4D-AFFB353879A7}" = CCC Help Czech
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B66C4937-65C3-78AA-1BFF-47DF439FC379}" = Catalyst Control Center Localization Turkish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B8808D7E-8117-03C9-91BD-1AC9355297B7}" = Catalyst Control Center Graphics Full New
"{BC2342D0-66CC-E877-FF74-2CCB4093EB67}" = Catalyst Control Center Localization German
"{BDFD0E5D-51B1-EB29-E2F4-3DAA88A2409A}" = CCC Help Chinese Traditional
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4437790-923C-5A7D-70CE-36C96C03FC34}" = Catalyst Control Center Localization Korean
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C653515F-58F7-F90B-7AA8-91DFC9B50BF9}" = Catalyst Control Center Localization Portuguese
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CAD00ED2-0B6D-02D8-FF61-AFE2D106F742}" = CCC Help Swedish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF02F0E8-2293-B1D3-CF88-F5A5F70C12A4}" = Catalyst Control Center Localization Japanese
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6BE54C0-947B-D867-1143-30CD92468F74}" = Catalyst Control Center Graphics Light
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D8D4AF9A-6ADE-4B14-A7F5-BA858792729E}" = ASUS Security Protect Manager
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{D9FF51F9-58E6-D71E-51DA-C2653669D95A}" = Catalyst Control Center Localization Chinese Standard
"{DD4D99AD-3F4B-CFA7-D22A-0F7AE61706C9}" = CCC Help Chinese Standard
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E03DD0E3-682A-B142-3BA9-0647DB801624}" = Catalyst Control Center Localization Swedish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E6EFD3F2-68AE-573F-EBD9-E7815813584C}" = Catalyst Control Center Graphics Previews Vista
"{E8BAC393-B023-48A1-F80F-BF3480AC20D3}" = CCC Help French
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB823850-BC46-5B5A-4298-FEE391601797}" = CCC Help Polish
"{EC870F56-6157-2547-43E7-963285E07BDB}" = CCC Help Turkish
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F56996B6-B0D0-813B-92BD-2B5E24DA1632}" = CCC Help Danish
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P
"{FEEA55B6-FB60-50C2-35F4-03336FFA8810}" = CCC Help Japanese
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Avira AntiVir Desktop" = Avira AntiVir Premium
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.7.23.324
"Google Desktop" = Google Desktop
"ICQToolbar" = ICQ Toolbar
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"KnightsAndMerchants" = KnightsAndMerchants
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Minecraft Beta Cracked" = Minecraft Beta Cracked
"Mozilla Firefox 5.0.1 (x86 de)" = Mozilla Firefox 5.0.1 (x86 de)
"NSS" = Norton Security Scan
"PROHYBRIDR" = 2007 Microsoft Office system
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"S2TNG" = Die Siedler II - Die nächste Generation
"Sierra-Dienstprogramme" = Sierra-Dienstprogramme
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 6" = TeamViewer 6
"TippKönigin Schule_is1" = TippKönigin Schule 5.5
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Uninstall_is1" = Uninstall 1.0.0.1
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XnView_is1" = XnView 1.97.4
"YouTube Song Downloader_is1" = YouTube Song Downloader
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4017913154-3825847846-2793962498-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26.07.2011 10:20:29 | Computer Name = meinpc | Source = EventSystem | ID = 4609
Description =

Error - 26.07.2011 10:24:13 | Computer Name = meinpc | Source = WinMgmt | ID = 10
Description =

Error - 26.07.2011 12:35:03 | Computer Name = meinpc | Source = WinMgmt | ID = 10
Description =

Error - 26.07.2011 14:00:06 | Computer Name = meinpc | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 26.07.2011 14:00:10 | Computer Name = meinpc | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 26.07.2011 14:03:39 | Computer Name = meinpc | Source = EventSystem | ID = 4609
Description =

Error - 26.07.2011 14:06:15 | Computer Name = meinpc | Source = WinMgmt | ID = 10
Description =

Error - 26.07.2011 14:12:10 | Computer Name = meinpc | Source = Windows Search Service | ID = 3013
Description =

Error - 26.07.2011 14:13:59 | Computer Name = meinpc | Source = Windows Search Service | ID = 3013
Description =

Error - 26.07.2011 14:46:59 | Computer Name = meinpc | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

[ ASUS Security Protect Manager Events ]
Error - 13.06.2011 11:31:25 | Computer Name = meinpc | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: lukas@MEINPC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 16.06.2011 08:33:41 | Computer Name = meinpc | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: lukas@MEINPC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 19.06.2011 04:04:38 | Computer Name = meinpc | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: lukas@MEINPC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 29.06.2011 00:29:00 | Computer Name = meinpc | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: lukas@MEINPC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 02.07.2011 00:17:39 | Computer Name = meinpc | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: lukas@MEINPC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 15.07.2011 06:02:57 | Computer Name = meinpc | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: lukas@MEINPC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 15.07.2011 08:52:28 | Computer Name = meinpc | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: lukas@MEINPC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 15.07.2011 08:52:39 | Computer Name = meinpc | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: lukas@MEINPC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 18.07.2011 02:38:27 | Computer Name = meinpc | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: lukas@MEINPC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 18.07.2011 11:32:55 | Computer Name = meinpc | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: lukas@MEINPC Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

[ OSession Events ]
Error - 11.09.2009 13:36:42 | Computer Name = meinpc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 19.09.2009 14:51:29 | Computer Name = meinpc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 25.09.2009 13:29:13 | Computer Name = meinpc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 25.09.2009 13:29:17 | Computer Name = meinpc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error - 28.09.2009 12:46:35 | Computer Name = meinpc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 07.10.2009 11:08:04 | Computer Name = meinpc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 09.10.2009 12:49:06 | Computer Name = meinpc | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 93
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 26.07.2011 14:03:32 | Computer Name = meinpc | Source = DCOM | ID = 10005
Description =

Error - 26.07.2011 14:03:39 | Computer Name = meinpc | Source = DCOM | ID = 10005
Description =

Error - 26.07.2011 14:03:40 | Computer Name = meinpc | Source = DCOM | ID = 10005
Description =

Error - 26.07.2011 14:03:40 | Computer Name = meinpc | Source = DCOM | ID = 10005
Description =

Error - 26.07.2011 14:03:40 | Computer Name = meinpc | Source = DCOM | ID = 10005
Description =

Error - 26.07.2011 14:06:15 | Computer Name = meinpc | Source = Service Control Manager | ID = 7000
Description =

Error - 26.07.2011 14:06:15 | Computer Name = meinpc | Source = Service Control Manager | ID = 7000
Description =

Error - 26.07.2011 14:06:15 | Computer Name = meinpc | Source = Service Control Manager | ID = 7001
Description =

Error - 26.07.2011 14:06:15 | Computer Name = meinpc | Source = Service Control Manager | ID = 7001
Description =

Error - 26.07.2011 14:06:15 | Computer Name = meinpc | Source = Service Control Manager | ID = 7001
Description =

das wäre alles

**Der Leo** · 26.07.2011, 21:22

Das ist nur der Extras.Txt es fehlt noch der OTL.Txt

der dumme junge · 26.07.2011, 21:29

OTL logfile created on: 26.07.2011 20:44:45 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\lukas\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 53,98% Memory free
6,19 Gb Paging File | 4,54 Gb Available in Paging File | 73,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 20,51 Gb Free Space | 13,76% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 101,18 Gb Free Space | 72,64% Space Free | Partition Type: NTFS
Drive F: | 488,25 Mb Total Space | 3,78 Mb Free Space | 0,77% Space Free | Partition Type: FAT

Computer Name: MEINPC | User Name: lukas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\lukas\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\lukas\Downloads\bitdefender_isecurity.exe ()
PRC - C:\Windows\update.5.0\svchost.exe ()
PRC - C:\Windows\update.5.0\svchost.exe ()
PRC - C:\Windows\sysdriver32.exe ()
PRC - C:\Windows\systemup.exe ()
PRC - C:\Windows\l1rezerv.exe ()
PRC - C:\Windows\update.2\svchost.exe ()
PRC - C:\Windows\update.2\svchost.exe ()
PRC - C:\Windows\update.tray-8-0\svchost.exe ()
PRC - C:\Windows\update.tray-15-0\svchost.exe ()
PRC - C:\Windows\update.1\svchost.exe ()
PRC - C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\ufa\ufa.exe (Ufasoft)
PRC - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Users\lukas\AppData\Local\Temp\RarSFX1\setupdownloader.exe (BitDefender S.R.L.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe ()
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\ATK Hotkey\WDC.exe ()
PRC - C:\Program Files\ATK Hotkey\HControlUser.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ATK Hotkey\MsgTranAgt.exe ()
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe (Cognizance Corporation)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)

========== Modules (SafeList) ==========

MOD - C:\Users\lukas\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\BtMmHook.dll (Broadcom Corporation.)
MOD - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll (Cognizance Corporation)
MOD - C:\Windows\System32\APSHook.dll (Cognizance Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AntiVirWebService) -- File not found
SRV - (AntiVirService) -- File not found
SRV - (AntiVirSchedulerService) -- File not found
SRV - (AntiVirMailService) -- File not found
SRV - (srvbtcclient) -- C:\Windows\update.5.0\svchost.exe ()
SRV - (srvsysdriver32) -- C:\Windows\sysdriver32.exe ()
SRV - (srviecheck) -- C:\Windows\update.2\svchost.exe ()
SRV - (wxpdrivers) -- C:\Windows\update.1\svchost.exe ()
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (ASBroker) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll (Cognizance Corporation)
SRV - (ASChannel) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll (Cognizance Corporation)

========== Driver Services (SafeList) ==========

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=dpg&s={searchTerms}&f=4

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4017913154-3825847846-2793962498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKU\S-1-5-21-4017913154-3825847846-2793962498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKU\S-1-5-21-4017913154-3825847846-2793962498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4017913154-3825847846-2793962498-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-4017913154-3825847846-2793962498-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-4017913154-3825847846-2793962498-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4017913154-3825847846-2793962498-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\lukas\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\lukas\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.26 15:34:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.06 17:20:58 | 000,000,000 | ---D | M]

[2009.05.13 19:11:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lukas\AppData\Roaming\mozilla\Extensions
[2011.07.07 06:27:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lukas\AppData\Roaming\mozilla\Firefox\Profiles\ruvzuze6.default\extensi ons
[2011.06.23 19:10:20 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\lukas\AppData\Roaming\mozilla\Firefox\Profiles\ruvzuze6.default\extensi ons\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.06.20 19:08:48 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\lukas\AppData\Roaming\mozilla\Firefox\Profiles\ruvzuze6.default\extensi ons\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.09 11:39:05 | 000,000,000 | ---D | M] ("Heterosaurus Browze9r") -- C:\Users\lukas\AppData\Roaming\mozilla\Firefox\Profiles\ruvzuze6.default\extensi ons\Demarion@www.heterosaurusbrowze9r.org
[2011.07.07 06:27:09 | 000,000,000 | ---D | M] (FDislike) -- C:\Users\lukas\AppData\Roaming\mozilla\Firefox\Profiles\ruvzuze6.default\extensi ons\fbdislike@doweb.fr
[2011.02.01 19:39:43 | 000,001,840 | ---- | M] () -- C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\ruvzuze6.default\searchp lugins\bing.xml
[2010.11.22 19:50:46 | 000,000,961 | ---- | M] () -- C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\ruvzuze6.default\searchp lugins\icqplugin-1.xml
[2010.07.25 21:32:24 | 000,000,961 | ---- | M] () -- C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\ruvzuze6.default\searchp lugins\icqplugin-2.xml
[2010.08.21 22:37:53 | 000,000,961 | ---- | M] () -- C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\ruvzuze6.default\searchp lugins\icqplugin-3.xml
[2010.09.17 15:23:49 | 000,000,961 | ---- | M] () -- C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\ruvzuze6.default\searchp lugins\icqplugin-4.xml
[2010.10.09 19:59:25 | 000,000,950 | ---- | M] () -- C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\ruvzuze6.default\searchp lugins\icqplugin-5.xml
[2010.10.11 16:08:04 | 000,000,950 | ---- | M] () -- C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\ruvzuze6.default\searchp lugins\icqplugin-6.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\ruvzuze6.default\searchp lugins\icqplugin.xml
[2011.07.26 15:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011.06.19 23:03:30 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.08.11 09:23:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.17 22:23:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.19 21:44:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.06.06 17:23:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.19 10:09:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\LUKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RUVZUZE6.DEFAULT\EXTENSI ONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2009.08.31 07:57:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.07.08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.03.31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.04 21:10:24 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.07.26 20:05:24 | 000,203,160 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 vkontakte.ru
O1 - Hosts: 127.0.0.1 Äîáðî ïîæàëîâàòü
O1 - Hosts: 127.0.0.1 login.vk.com
O1 - Hosts: 127.0.0.1 vk.com
O1 - Hosts: 127.0.0.1 Herzlich Willkommen
O1 - Hosts: 127.0.0.1 odnoklassniki.ru
O1 - Hosts: 127.0.0.1 ?????????????
O1 - Hosts: 127.0.0.1 facebook.com
O1 - Hosts: 127.0.0.1 Willkommen bei Facebook - anmelden, registrieren oder mehr erfahren
O1 - Hosts: 127.0.0.1 af-za.facebook.com
O1 - Hosts: 127.0.0.1 az-az.facebook.com
O1 - Hosts: 127.0.0.1 id-id.facebook.com
O1 - Hosts: 127.0.0.1 ms-my.facebook.com
O1 - Hosts: 127.0.0.1 bs-ba.facebook.com
O1 - Hosts: 127.0.0.1 ca-es.facebook.com
O1 - Hosts: 127.0.0.1 cs-cz.facebook.com
O1 - Hosts: 127.0.0.1 cy-gb.facebook.com
O1 - Hosts: 127.0.0.1 da-dk.facebook.com
O1 - Hosts: 127.0.0.1 de-de.facebook.com
O1 - Hosts: 127.0.0.1 et-ee.facebook.com
O1 - Hosts: 127.0.0.1 en-gb.facebook.com
O1 - Hosts: 127.0.0.1 es-la.facebook.com
O1 - Hosts: 127.0.0.1 eo-eo.facebook.com
O1 - Hosts: 127.0.0.1 eu-es.facebook.com
O1 - Hosts: 50060 more lines...
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-4017913154-3825847846-2793962498-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-4017913154-3825847846-2793962498-1000\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [1290122.exe] C:\Users\lukas\AppData\Local\Temp\1290122.exe ()
O4 - HKLM..\Run: [2533739.exe] C:\Windows\Temp\2533739.exe ()
O4 - HKLM..\Run: [6219280.exe] C:\Windows\Temp\6219280.exe ()
O4 - HKLM..\Run: [79073921-loader2.exe] C:\Windows\Temp\79073921-loader2.exe ()
O4 - HKLM..\Run: [9062402.exe] C:\Windows\Temp\9062402.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE ()
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [avgnt] File not found
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [CognizanceTS] File not found
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()
O4 - HKLM..\Run: [l1rezerv.exe] C:\Windows\l1rezerv.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [sysdriver32.exe] C:\Windows\sysdriver32.exe ()
O4 - HKLM..\Run: [sysdriver32_.exe] C:\Windows\sysdriver32_.exe ()
O4 - HKLM..\Run: [systemup] C:\Windows\systemup.exe ()
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico0] C:\Windows\update.tray-8-0\svchost.exe ()
O4 - HKLM..\Run: [tray_ico1] C:\Windows\update.tray-15-0\svchost.exe ()
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O4 - HKLM..\Run: [wxpdrv] C:\Windows\services32.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4017913154-3825847846-2793962498-1000..\Run: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-4017913154-3825847846-2793962498-1000..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-4017913154-3825847846-2793962498-1000..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\S-1-5-21-4017913154-3825847846-2793962498-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4017913154-3825847846-2793962498-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-4017913154-3825847846-2793962498-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll (Bioscrypt Inc.)
O9 - Extra 'Tools' menuitem : ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll (Bioscrypt Inc.)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4017913154-3825847846-2793962498-1000\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKU\S-1-5-21-4017913154-3825847846-2793962498-1000\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL (Google)
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-4017913154-3825847846-2793962498-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O31 - SafeBoot: AlternateShell - services32.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{12966ee7-657a-11df-a436-b9181deafab1}\Shell - "" = AutoRun
O33 - MountPoints2\{12966ee7-657a-11df-a436-b9181deafab1}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{bcbab904-3fde-11de-a180-002243c0ed5e}\Shell - "" = AutoRun
O33 - MountPoints2\{bcbab904-3fde-11de-a180-002243c0ed5e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{c593d78c-e075-11df-86ce-002354710732}\Shell\AutoRun\command - "" = F:\urDrive.exe
O33 - MountPoints2\{ca22ec44-6f2a-11df-92f5-002354710732}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^lukas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk - C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: wxpdrivers - C:\Windows\update.1\svchost.exe ()
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: wxpdrivers - C:\Windows\update.1\svchost.exe ()
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()
Drivers32: wave2 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.07.26 20:12:04 | 000,000,000 | ---D | C] -- C:\Users\lukas\AppData\Roaming\QuickScan
[2011.07.26 20:03:24 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-15-0-lnk
[2011.07.26 20:03:24 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-15-0
[2011.07.26 20:00:26 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011.07.26 19:52:05 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011.07.26 19:47:34 | 000,000,000 | ---D | C] -- C:\Users\lukas\AppData\Roaming\Uniblue
[2011.07.26 19:47:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011.07.26 19:47:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011.07.26 19:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2011.07.26 19:47:17 | 000,000,000 | ---D | C] -- C:\Users\lukas\AppData\Local\PackageAware
[2011.07.26 18:29:43 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2011.07.26 18:29:43 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2011.07.26 18:29:36 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.07.26 14:07:47 | 000,000,000 | ---D | C] -- C:\Windows\ufa
[2011.07.26 14:07:47 | 000,000,000 | ---D | C] -- C:\Windows\rpcminer
[2011.07.26 14:07:47 | 000,000,000 | ---D | C] -- C:\Windows\phoenix
[2011.07.24 21:41:08 | 000,261,975 | ---- | C] (4bKDslbJp qfege.) -- C:\Windows\new111.exe
[2011.07.24 21:39:42 | 000,000,000 | -H-D | C] -- C:\Windows\update.5.0
[2011.07.24 21:35:17 | 000,000,000 | -H-D | C] -- C:\Windows\update.2
[2011.07.24 21:31:52 | 000,000,000 | ---D | C] -- C:\Windows\av_ico
[2011.07.24 21:30:02 | 000,000,000 | -H-D | C] -- C:\Windows\update.1
[2011.07.24 21:29:56 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-8-0-lnk
[2011.07.24 21:29:56 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-8-0
[2011.07.17 02:05:32 | 000,000,000 | ---D | C] -- C:\Users\lukas\Documents\Abelssoft
[2011.07.17 01:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2011.07.17 01:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Song Downloader
[2011.07.17 01:50:00 | 000,000,000 | ---D | C] -- C:\Users\lukas\AppData\Local\Abelssoft
[2011.07.17 01:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Song Downloader
[2011.07.13 17:40:33 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.07.13 17:28:45 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011.07.13 17:28:45 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.07.02 22:23:14 | 000,000,000 | ---D | C] -- C:\Users\lukas\Favorites\Desktop\server
[2011.07.02 21:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011.06.30 20:09:53 | 000,000,000 | ---D | C] -- C:\Users\lukas\Favorites\Desktop\neue
[2007.01.25 03:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.07.26 20:24:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4017913154-3825847846-2793962498-1000UA.job
[2011.07.26 20:06:05 | 000,001,777 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.07.26 20:05:24 | 000,203,160 | -H-- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.07.26 20:05:24 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hîsts
[2011.07.26 20:05:01 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011.07.26 20:04:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.26 20:04:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.26 20:04:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.26 20:02:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.07.26 19:59:40 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011.07.26 19:52:08 | 000,000,962 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011.07.26 19:47:32 | 000,001,599 | ---- | M] () -- C:\Users\lukas\Favorites\Desktop\Uniblue RegistryBooster.lnk
[2011.07.26 16:29:04 | 000,699,100 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.07.26 16:29:04 | 000,655,222 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.26 16:29:04 | 000,156,392 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.07.26 16:29:04 | 000,128,236 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.26 15:34:32 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.07.26 14:41:50 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2011.07.26 14:07:46 | 005,589,370 | ---- | M] () -- C:\Windows\phoenix.rar
[2011.07.26 14:07:46 | 000,246,272 | ---- | M] () -- C:\Windows\unrar.exe
[2011.07.26 14:07:46 | 000,182,617 | ---- | M] () -- C:\Windows\ufa.rar
[2011.07.26 14:07:45 | 001,075,284 | ---- | M] () -- C:\Windows\rpcminer.rar
[2011.07.26 14:04:21 | 000,000,179 | ---- | M] () -- C:\Windows\info1
[2011.07.26 06:24:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4017913154-3825847846-2793962498-1000Core.job
[2011.07.25 17:36:14 | 000,256,000 | ---- | M] () -- C:\Windows\sysdriver32_.exe
[2011.07.25 17:36:14 | 000,256,000 | ---- | M] () -- C:\Windows\sysdriver32.exe
[2011.07.24 21:42:23 | 000,114,176 | ---- | M] () -- C:\Windows\systemup.exe
[2011.07.24 21:41:08 | 000,261,975 | ---- | M] (4bKDslbJp qfege.) -- C:\Windows\new111.exe
[2011.07.24 21:38:25 | 000,232,960 | ---- | M] () -- C:\Windows\l1rezerv.exe
[2011.07.24 21:35:10 | 000,904,792 | ---- | M] () -- C:\Windows\geoiplist.rar
[2011.07.24 21:33:05 | 000,000,000 | ---- | M] () -- C:\Windows\loader2.exe_ok
[2011.07.24 21:15:40 | 001,174,016 | ---- | M] () -- C:\Windows\services32.exe
[2011.07.24 07:57:01 | 000,000,680 | ---- | M] () -- C:\Users\lukas\AppData\Local\d3d9caps.dat
[2011.07.20 16:24:09 | 000,022,222 | ---- | M] () -- C:\Users\lukas\Documents\musik kake.odt
[2011.07.17 03:24:20 | 004,636,907 | ---- | M] () -- C:\Windows\geoiplist
[2011.07.17 01:50:00 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Song Downloader.lnk
[2011.07.15 03:26:10 | 000,394,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.07.15 03:02:43 | 000,002,055 | ---- | M] () -- C:\Users\lukas\Favorites\Desktop\Google Chrome.lnk
[2011.07.10 00:12:00 | 000,120,832 | ---- | M] () -- C:\Users\lukas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.05 23:15:15 | 000,017,807 | ---- | M] () -- C:\Users\lukas\Documents\milz handout.odt
[2011.07.03 11:18:16 | 000,000,293 | ---- | M] () -- C:\Windows\SIERRA.INI
[2011.06.30 20:11:10 | 000,000,938 | ---- | M] () -- C:\Users\lukas\Favorites\Desktop\Start Minecraft Beta Cracked.lnk
[2011.06.29 22:46:12 | 000,031,512 | ---- | M] () -- C:\Users\lukas\Documents\milz.odt
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.07.26 20:05:49 | 000,001,758 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Defender.lnk
[2011.07.26 19:59:40 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.07.26 19:52:08 | 000,000,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011.07.26 19:52:08 | 000,000,962 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011.07.26 19:47:36 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2011.07.26 19:47:32 | 000,001,599 | ---- | C] () -- C:\Users\lukas\Favorites\Desktop\Uniblue RegistryBooster.lnk
[2011.07.26 14:07:46 | 005,589,370 | ---- | C] () -- C:\Windows\phoenix.rar
[2011.07.26 14:07:46 | 000,182,617 | ---- | C] () -- C:\Windows\ufa.rar
[2011.07.26 14:07:45 | 001,075,284 | ---- | C] () -- C:\Windows\rpcminer.rar
[2011.07.24 21:42:31 | 000,114,176 | ---- | C] () -- C:\Windows\systemup.exe
[2011.07.24 21:38:29 | 000,232,960 | ---- | C] () -- C:\Windows\l1rezerv.exe
[2011.07.24 21:35:11 | 004,636,907 | ---- | C] () -- C:\Windows\geoiplist
[2011.07.24 21:35:10 | 000,904,792 | ---- | C] () -- C:\Windows\geoiplist.rar
[2011.07.24 21:35:10 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe
[2011.07.24 21:34:29 | 000,000,179 | ---- | C] () -- C:\Windows\info1
[2011.07.24 21:32:39 | 000,256,000 | ---- | C] () -- C:\Windows\sysdriver32_.exe
[2011.07.24 21:32:38 | 000,000,000 | ---- | C] () -- C:\Windows\loader2.exe_ok
[2011.07.24 21:32:22 | 000,256,000 | ---- | C] () -- C:\Windows\sysdriver32.exe
[2011.07.24 21:16:43 | 001,174,016 | ---- | C] () -- C:\Windows\services32.exe
[2011.07.20 16:24:08 | 000,022,222 | ---- | C] () -- C:\Users\lukas\Documents\musik kake.odt
[2011.07.17 01:50:00 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Song Downloader.lnk
[2011.07.05 23:15:13 | 000,017,807 | ---- | C] () -- C:\Users\lukas\Documents\milz handout.odt
[2011.06.30 20:11:10 | 000,000,938 | ---- | C] () -- C:\Users\lukas\Favorites\Desktop\Start Minecraft Beta Cracked.lnk
[2011.06.29 22:46:10 | 000,031,512 | ---- | C] () -- C:\Users\lukas\Documents\milz.odt
[2011.06.25 21:11:25 | 000,083,968 | ---- | C] () -- C:\Windows\UnGins.exe
[2011.06.25 21:11:04 | 000,473,600 | ---- | C] () -- C:\Windows\System32\Harmony.dll
[2011.06.25 21:11:04 | 000,237,568 | ---- | C] () -- C:\Windows\System32\Unlha32.dll
[2011.06.23 16:42:00 | 000,306,133 | ---- | C] () -- C:\Users\lukas\AppData\Roaming\PlasticCraft+(v2.0.1).zip
[2010.10.30 14:37:53 | 000,000,293 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010.10.20 14:50:50 | 000,001,940 | ---- | C] () -- C:\Users\lukas\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.09.02 17:15:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.06.05 16:49:17 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2010.06.05 16:43:52 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS61.DLL
[2009.12.08 09:26:20 | 000,010,752 | ---- | C] () -- C:\Windows\System32\KOAZXJ_L.DLL
[2009.12.03 10:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.09.12 09:51:47 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.12 09:51:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.15 14:29:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.06.14 17:04:28 | 000,031,007 | ---- | C] () -- C:\Users\lukas\AppData\Roaming\UserTile.png
[2009.05.31 21:59:54 | 000,000,680 | ---- | C] () -- C:\Users\lukas\AppData\Local\d3d9caps.dat
[2009.05.30 22:02:05 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.05.30 22:02:05 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.05.17 15:26:43 | 000,000,093 | ---- | C] () -- C:\Users\lukas\AppData\Local\fusioncache.dat
[2009.05.14 16:16:09 | 000,000,049 | ---- | C] () -- C:\Users\lukas\AppData\Roaming\AVSMediaPlayer.m3u
[2009.05.14 16:11:28 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.05.14 16:11:28 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.14 14:31:40 | 000,120,832 | ---- | C] () -- C:\Users\lukas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.13 18:56:27 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe
[2008.10.30 05:35:30 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2008.10.30 05:23:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.10.30 04:13:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.30 03:23:02 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.04.16 13:11:34 | 000,699,100 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.04.16 13:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.04.16 13:11:34 | 000,156,392 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.04.16 13:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008.03.28 18:19:11 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.03.28 17:51:09 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.03.06 04:40:53 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.03.04 13:01:59 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007.10.01 23:59:45 | 001,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007.05.10 00:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007.04.16 12:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,394,280 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,655,222 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,128,236 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.09 18:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.04.03 16:29:59 | 000,110,592 | R--- | C] () -- C:\Windows\System32\scardsyn.dll
[2001.11.14 22:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1998.05.06 21:09:59 | 000,069,632 | R--- | C] () -- C:\Windows\System32\ODMA32.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2011.02.20 16:19:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICQ
[2011.02.20 16:16:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2010.11.02 10:38:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TippKönigin Schule
[2011.07.24 01:32:17 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\.minecraft
[2010.12.17 23:26:55 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\DeepBurner
[2011.04.09 16:49:12 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\DVDVideoSoft
[2009.12.04 19:09:56 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\gtk-2.0
[2011.07.26 20:06:33 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\ICQ
[2009.08.26 10:37:47 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\InterTrust
[2010.02.23 17:11:20 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\Leadertech
[2011.03.20 23:28:43 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\OpenCandy
[2009.09.23 17:46:09 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\OpenOffice.org
[2010.12.25 22:28:36 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\PCFix
[2009.06.14 17:04:28 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\PeerNetworking
[2011.04.01 18:38:11 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\Phase6
[2011.07.26 20:12:08 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\QuickScan
[2011.07.26 20:07:33 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\TeamViewer
[2010.05.11 11:14:16 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\Tific
[2011.01.20 06:33:01 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\TippKönigin Schule
[2011.01.19 21:57:40 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\TuneUp Software
[2011.07.26 19:47:34 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\Uniblue
[2011.01.20 06:33:01 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\XnView
[2011.07.26 20:05:01 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2011.07.26 20:02:02 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.07.24 01:32:17 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\.minecraft
[2010.11.23 23:41:24 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\Adobe
[2009.06.10 10:10:35 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\AdobeUM
[2011.01.08 00:14:12 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\Apple Computer
[2009.05.13 19:02:24 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\ATI
[2011.04.05 16:39:53 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\Avira
[2010.01.29 22:38:38 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\AVS4YOU
[2010.05.25 22:35:00 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\CyberLink
[2010.12.17 23:26:55 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\DeepBurner
[2011.06.22 12:17:51 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\dvdcss
[2011.04.09 16:49:12 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\DVDVideoSoft
[2009.12.04 19:09:56 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\gtk-2.0
[2010.08.12 09:50:12 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\Hamachi
[2011.07.26 20:06:33 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\ICQ
[2009.05.13 19:01:39 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\Identities
[2010.01.29 22:42:37 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\InstallShield
[2009.08.26 10:37:47 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\InterTrust
[2010.02.23 17:11:20 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\Leadertech
[2009.05.13 19:02:03 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\Macromedia
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\Media Center Programs
[2010.11.23 23:41:24 | 000,000,000 | --SD | M] -- C:\Users\lukas\AppData\Roaming\Microsoft
[2011.04.01 18:38:13 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\Mozilla
[2011.03.20 23:28:43 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\OpenCandy
[2009.09.23 17:46:09 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\OpenOffice.org
[2010.12.25 22:28:36 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\PCFix
[2009.06.14 17:04:28 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\PeerNetworking

der dumme junge · 26.07.2011, 21:29

[2011.04.01 18:38:11 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\Phase6
[2011.07.26 20:12:08 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\QuickScan
[2010.05.26 11:15:40 | 000,000,000 | RH-D | M] -- C:\Users\lukas\AppData\Roaming\SecuROM
[2011.07.26 18:49:59 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\Skype
[2011.06.19 23:02:11 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\skypePM
[2009.05.13 19:02:18 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\Symantec
[2011.07.26 20:07:33 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\TeamViewer
[2010.05.11 11:14:16 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\Tific
[2011.01.20 06:33:01 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\TippKönigin Schule
[2011.01.19 21:57:40 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\TuneUp Software
[2010.03.19 21:43:59 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\U3
[2011.07.26 19:47:34 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\Uniblue
[2011.06.22 14:14:58 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\vlc
[2010.03.11 21:01:51 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\WinRAR
[2011.01.20 06:33:01 | 000,000,000 | ---D | M] -- C:\Users\lukas\AppData\Roaming\XnView

< %APPDATA%\*.exe /s >
[2011.03.01 15:26:14 | 000,270,848 | ---- | M] (Teckda) -- C:\Users\lukas\AppData\Roaming\.minecraft\Minecraft Beta Cracked.exe
[2011.03.01 15:26:14 | 000,270,848 | ---- | M] (Teckda) -- C:\Users\lukas\AppData\Roaming\.minecraft\Minecraft Cracked Startup.exe
[2010.10.21 03:00:02 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\lukas\AppData\Roaming\.minecraft\Minecraft Updater.exe
[2010.09.25 11:15:25 | 000,232,159 | ---- | M] () -- C:\Users\lukas\AppData\Roaming\.minecraft\Minecraft.exe
[2011.04.22 13:17:15 | 000,093,226 | ---- | M] () -- C:\Users\lukas\AppData\Roaming\.minecraft\Uninstal.exe
[2011.06.30 20:11:10 | 000,290,835 | ---- | M] () -- C:\Users\lukas\AppData\Roaming\.minecraft\Uninstall.exe
[2009.06.25 17:27:12 | 000,010,134 | R--- | M] () -- C:\Users\lukas\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011.03.20 23:28:59 | 000,962,216 | ---- | M] () -- C:\Users\lukas\AppData\Roaming\OpenCandy\OpenCandy_165D158DAACC4A6E867E870E63B3B 42E\GutscheinrauschFirefox_wp1v1.exe
[2011.03.20 23:28:47 | 000,415,816 | ---- | M] () -- C:\Users\lukas\AppData\Roaming\OpenCandy\OpenCandy_165D158DAACC4A6E867E870E63B3B 42E\LatestDLMgr.exe
[2007.10.23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Users\lukas\AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 11:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\lukas\AppData\Roaming\U3\temp\Launchpad Removal.exe

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bb eb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647b bd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261ea b99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a218 9ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2008.05.07 11:40:01 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\drivers\iaStor.sys
[2008.05.07 11:40:01 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1ab0331f\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af1152788 7c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327be fea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\sce cli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\sce cli.dll

< MD5 for: USERINIT.EXE >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WS2IFSL.SYS >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.03.24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) Unable to obtain MD5 -- C:\Windows\system32\drivers\bdfsfltr.sys

< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008.03.28 18:19:21 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
[2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

der dumme junge · 26.07.2011, 21:30

so das war jetzt alles
hoffe du kannst dmait as anfangen

**Der Leo** · 26.07.2011, 21:47

Ja das sieht gut

Für deinen PC leider nicht

Lade bitte folgende Datei bei http://www.virustotal.com/ hoch und lasse sie ggf. neu Analysieren:

Zitat:

C:\Windows\services32.exe

Warte bis bei Current status: finished steht. Kopiere dann die URL in deinem Beitrag.

der dumme junge · 26.07.2011, 21:49

Zitat:

Zitat von Der Leo

Durch einen Link auf Facebook bist du auf eine gefälschte YouTube Seite geraten wo du eine Datei herunter geladen hast. Hast du den Link von der YouTube Seite noch?
Kannst du irgendwie den Link mir als Private Nachricht zukommen lassen? Aber bitte nicht von einem Sauberen System aus! Zunot machen wir das mit einem Live System.

ja gauen seid dem kann ich fb auch nicht wieder aufrufen -.- ich verscuhe dir den link zu kommen zu lassen

26.07.2011, 19:43	#1 (Direktlink)
der dumme junge Ist öfter hier Registriert seit: 26.07.2011 Beiträge: 73	Trojan.FakeAV.LVT wie man oben vielleicht sehen kann war ich so blöd und habe mir diesen virus eingefangen. nun meine frage an euch wie bekomme ich ihn am besten los! alles runter und neu aufbaun? danke schonmal fürs antworten lg

26.07.2011, 20:14	#2 (Direktlink)
Der Leo Super-Moderator Registriert seit: 08.02.2010 Beiträge: 1.728	Moin, Hast du den Pc schoneinmal neugestartet? Wenn nicht dann lass es so, denn beim neustarten wird dein Anti-Virenprogramm deinstalliert und durch eine Fake Software ersetzt. Hast du die Datei von dem vermeintlichen Video noch? __________________ Gruß Leo

26.07.2011, 20:40	#4 (Direktlink)
Der Leo Super-Moderator Registriert seit: 08.02.2010 Beiträge: 1.728	Okay dann möchte ich mir anschauen was alles verändert wurde und den schädling entfernen. Schritt 1 OTL Download: http://oldtimer.geekstogo.com/OTL.exe 1. Doppelklick auf die OTL.exe 2. User von Windows 7 und Vista: Rechtsklick als Administrator ausführen 3. Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal-Ausgabe 4. Setze einen Haken Oben bei Scanne alle Benutzer. 5. Unter "Extra Registrierung wähle "Benutze SafeList" 6. Rechts unten Haken setzen bei "LOP Prüfung" und "Purity Prüfung " 7. Kopiere in die Textbox (ohen das Wort Code: ) Code: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\. %ALLUSERSPROFILE%\Application Data\.exe /s %APPDATA%\. %APPDATA%\.exe /s %SYSTEMDRIVE%\.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\.sys /lockedfiles %systemroot%\System32\config\.sav %systemroot%\. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 8. Klicke "Scan" 9. Es werden 2 Reporte erstellt: 10. OTL.Txt sowie Extras.Txt Bitte beide Logs Posten! __________________ Gruß Leo

26.07.2011, 20:53	#6 (Direktlink)
Der Leo Super-Moderator Registriert seit: 08.02.2010 Beiträge: 1.728	Direkt auf dem Desktop. Meistens sind sie auch nach dem neustart geöffnet. Bitte stelle vorerst alle Online-Aktivitäten wie Online-Banking, Ebay ect. ein! Ob das System formatiert werden muss werden wir sehen. __________________ Gruß Leo

26.07.2011, 21:13	#8 (Direktlink)
Der Leo Super-Moderator Registriert seit: 08.02.2010 Beiträge: 1.728	Durch einen Link auf Facebook bist du auf eine gefälschte YouTube Seite geraten wo du eine Datei herunter geladen hast. Hast du den Link von der YouTube Seite noch? Kannst du irgendwie den Link mir als Private Nachricht zukommen lassen? Aber bitte nicht von einem Sauberen System aus! Zunot machen wir das mit einem Live System. __________________ Gruß Leo

26.07.2011, 20:36	#3 (Direktlink)
der dumme junge Ist öfter hier Registriert seit: 26.07.2011 Beiträge: 73	er hat leider schon einige mal selber neu gestartet -.- nein leider nicht

26.07.2011, 20:51	#5 (Direktlink)
der dumme junge Ist öfter hier Registriert seit: 26.07.2011 Beiträge: 73	wo werden diese txt gespeichert?

26.07.2011, 21:04	#7 (Direktlink)
der dumme junge Ist öfter hier Registriert seit: 26.07.2011 Beiträge: 73	ebay uzw betreibe ich auf diesem pc nicht eher facebook usw... okay

26.07.2011, 21:22	#10 (Direktlink)
Der Leo Super-Moderator Registriert seit: 08.02.2010 Beiträge: 1.728	Das ist nur der Extras.Txt es fehlt noch der OTL.Txt __________________ Gruß Leo

26.07.2011, 21:29	#12 (Direktlink)
der dumme junge Ist öfter hier Registriert seit: 26.07.2011 Beiträge: 73	[2011.04.01 18:38:11 \| 000,000,000 \| ---D \| M] -- C:\Users\lukas\AppData\Roaming\Phase6 [2011.07.26 20:12:08 \| 000,000,000 \| ---D \| M] -- C:\Users\lukas\AppData\Roaming\QuickScan [2010.05.26 11:15:40 \| 000,000,000 \| RH-D \| M] -- C:\Users\lukas\AppData\Roaming\SecuROM [2011.07.26 18:49:59 \| 000,000,000 \| ---D \| M] -- C:\Users\lukas\AppData\Roaming\Skype [2011.06.19 23:02:11 \| 000,000,000 \| ---D \| M] -- C:\Users\lukas\AppData\Roaming\skypePM [2009.05.13 19:02:18 \| 000,000,000 \| ---D \| M] -- C:\Users\lukas\AppData\Roaming\Symantec [2011.07.26 20:07:33 \| 000,000,000 \| ---D \| M] -- C:\Users\lukas\AppData\Roaming\TeamViewer [2010.05.11 11:14:16 \| 000,000,000 \| ---D \| M] -- C:\Users\lukas\AppData\Roaming\Tific [2011.01.20 06:33:01 \| 000,000,000 \| ---D \| M] -- C:\Users\lukas\AppData\Roaming\TippKönigin Schule [2011.01.19 21:57:40 \| 000,000,000 \| ---D \| M] -- C:\Users\lukas\AppData\Roaming\TuneUp Software [2010.03.19 21:43:59 \| 000,000,000 \| ---D \| M] -- C:\Users\lukas\AppData\Roaming\U3 [2011.07.26 19:47:34 \| 000,000,000 \| ---D \| M] -- C:\Users\lukas\AppData\Roaming\Uniblue [2011.06.22 14:14:58 \| 000,000,000 \| ---D \| M] -- C:\Users\lukas\AppData\Roaming\vlc [2010.03.11 21:01:51 \| 000,000,000 \| ---D \| M] -- C:\Users\lukas\AppData\Roaming\WinRAR [2011.01.20 06:33:01 \| 000,000,000 \| ---D \| M] -- C:\Users\lukas\AppData\Roaming\XnView < %APPDATA%\.exe /s > [2011.03.01 15:26:14 \| 000,270,848 \| ---- \| M] (Teckda) -- C:\Users\lukas\AppData\Roaming\.minecraft\Minecraft Beta Cracked.exe [2011.03.01 15:26:14 \| 000,270,848 \| ---- \| M] (Teckda) -- C:\Users\lukas\AppData\Roaming\.minecraft\Minecraft Cracked Startup.exe [2010.10.21 03:00:02 \| 000,695,296 \| ---- \| M] (AnjoCaido) -- C:\Users\lukas\AppData\Roaming\.minecraft\Minecraft Updater.exe [2010.09.25 11:15:25 \| 000,232,159 \| ---- \| M] () -- C:\Users\lukas\AppData\Roaming\.minecraft\Minecraft.exe [2011.04.22 13:17:15 \| 000,093,226 \| ---- \| M] () -- C:\Users\lukas\AppData\Roaming\.minecraft\Uninstal.exe [2011.06.30 20:11:10 \| 000,290,835 \| ---- \| M] () -- C:\Users\lukas\AppData\Roaming\.minecraft\Uninstall.exe [2009.06.25 17:27:12 \| 000,010,134 \| R--- \| M] () -- C:\Users\lukas\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2011.03.20 23:28:59 \| 000,962,216 \| ---- \| M] () -- C:\Users\lukas\AppData\Roaming\OpenCandy\OpenCandy_165D158DAACC4A6E867E870E63B3B 42E\GutscheinrauschFirefox_wp1v1.exe [2011.03.20 23:28:47 \| 000,415,816 \| ---- \| M] () -- C:\Users\lukas\AppData\Roaming\OpenCandy\OpenCandy_165D158DAACC4A6E867E870E63B3B 42E\LatestDLMgr.exe [2007.10.23 10:27:20 \| 000,110,592 \| ---- \| M] () -- C:\Users\lukas\AppData\Roaming\U3\temp\cleanup.exe [2008.05.02 11:41:48 \| 003,493,888 \| -H-- \| M] (SanDisk Corporation) -- C:\Users\lukas\AppData\Roaming\U3\temp\Launchpad Removal.exe < %SYSTEMDRIVE%\.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 \| 000,056,376 \| ---- \| M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 \| 000,056,376 \| ---- \| M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 \| 000,056,376 \| ---- \| M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 \| 000,056,376 \| ---- \| M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bb eb0d97a\AGP440.sys [2008.01.21 04:23:01 \| 000,056,376 \| ---- \| M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647b bd2a4c6\AGP440.sys [2006.11.02 11:49:52 \| 000,053,864 \| ---- \| M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 \| 000,019,944 \| ---- \| M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 \| 000,019,944 \| ---- \| M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 \| 000,019,944 \| ---- \| M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261ea b99e8\atapi.sys [2008.01.21 04:23:00 \| 000,021,560 \| ---- \| M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 \| 000,021,560 \| ---- \| M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a218 9ce9c\atapi.sys [2006.11.02 11:49:36 \| 000,019,048 \| ---- \| M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 \| 000,011,776 \| ---- \| M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 \| 000,011,776 \| ---- \| M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTOR.SYS > [2008.05.07 11:40:01 \| 000,317,976 \| ---- \| M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\drivers\iaStor.sys [2008.05.07 11:40:01 \| 000,317,976 \| ---- \| M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1ab0331f\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 \| 000,235,064 \| ---- \| M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 \| 000,235,064 \| ---- \| M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 \| 000,235,064 \| ---- \| M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af1152788 7c7fa8f\iaStorV.sys [2006.11.02 11:51:25 \| 000,232,040 \| ---- \| M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 \| 000,592,896 \| ---- \| M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 \| 000,592,896 \| ---- \| M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 \| 000,592,384 \| ---- \| M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 \| 000,040,040 \| ---- \| M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 \| 000,045,112 \| ---- \| M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 \| 000,045,112 \| ---- \| M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 \| 000,045,112 \| ---- \| M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327be fea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 \| 000,177,152 \| ---- \| M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\sce cli.dll [2009.04.11 08:28:24 \| 000,177,152 \| ---- \| M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 \| 000,177,152 \| ---- \| M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\sce cli.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 \| 000,025,088 \| ---- \| M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 \| 000,025,088 \| ---- \| M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 \| 000,015,872 \| ---- \| M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 \| 000,015,872 \| ---- \| M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\.sys /lockedfiles > [2011.03.24 15:36:18 \| 000,353,096 \| ---- \| M] (BitDefender) Unable to obtain MD5* -- C:\Windows\system32\drivers\bdfsfltr.sys < %systemroot%\System32\config\.sav > [2008.01.21 05:14:18 \| 016,846,848 \| ---- \| M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 \| 000,106,496 \| ---- \| M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 \| 000,020,480 \| ---- \| M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 \| 010,133,504 \| ---- \| M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 \| 001,826,816 \| ---- \| M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\. /mp /s > < %systemroot%\system32\.dll /lockedfiles > [2008.03.28 18:19:21 \| 000,372,736 \| ---- \| M] (Advanced Micro Devices, Inc.) Unable to obtain MD5* -- C:\Windows\system32\ATIDEMGX.dll [2009.03.08 13:31:42 \| 000,348,160 \| ---- \| M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2009.03.08 13:31:37 \| 000,216,064 \| ---- \| M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll [1 C:\Windows\system32\.tmp files -> C:\Windows\system32\.tmp -> ]

26.07.2011, 21:30	#13 (Direktlink)
der dumme junge Ist öfter hier Registriert seit: 26.07.2011 Beiträge: 73	so das war jetzt alles hoffe du kannst dmait as anfangen

Themen-Optionen
Druckbare Version zeigen Jemanden per E-Mail auf dieses Thema hinweisen
Ansicht
Linear-Darstellung Zur Hybrid-Darstellung wechseln Zur Baum-Darstellung wechseln

Ähnliche Themen
Thema	Autor	Forum	Antworten	Letzter Beitrag
[Windows 7-64 bit] Trojanisches Pferd TR/Dldr.FakeAV.XD	saschispatz	Viren-Forum	2	12.07.2011 15:32
Trojan.Brisv.A	Chris81	Viren-Forum	8	02.03.2009 17:19
Trojan Spy Win.32@mx ect.	Tyree	Viren-Forum	1	27.08.2007 13:04
trojan spy.win 32@mx	ides	Viren-Forum	6	12.07.2007 20:53
Trojan.BAT.Zapchast	Maiorian	Viren-Forum	1	19.12.2006 23:04