PC plötzlich extrem langsam

#1 Hallo Experten

Seit dem 24.09.10 habe ich die folgenden Probleme mit meinem PC:

- Der PC ist extrem langsam
- Es kommt vor, dass sich gleich nach dem Start ganz kurz eine Art Dos-Fenster öffnet. Danach ein Fenster mit der Meldung „ Windows wird in weniger als einer Minute heruntergefahren“.
- Zeitweise gibt es einen totalen Absturz- blauer Bildschirm

Aufgetreten ist das Problem beim Surfen mit Firefox. Avira Antivir hat nach einem anschliessenden Scan drei Funde gemeldet:

Code

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Freitag, 24. September 2010  19:38

Es wird nach 2873353 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - FREE Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows Vista
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : DANI-PC

Versionsinformationen:
BUILD.DAT      : 10.0.0.567     32097 Bytes  19.04.2010 15:50:00
AVSCAN.EXE     : 10.0.3.0      433832 Bytes  01.04.2010 11:37:35
AVSCAN.DLL     : 10.0.3.0       56168 Bytes  30.03.2010 10:42:16
LUKE.DLL       : 10.0.2.3      104296 Bytes  07.03.2010 17:32:59
LUKERES.DLL    : 10.0.0.0       13672 Bytes  14.01.2010 10:59:47
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 15:49:45
VBASE001.VDF   : 7.10.1.0     1372672 Bytes  19.11.2009 15:49:45
VBASE002.VDF   : 7.10.3.1     3143680 Bytes  20.01.2010 19:56:51
VBASE003.VDF   : 7.10.3.75     996864 Bytes  26.01.2010 17:23:30
VBASE004.VDF   : 7.10.4.203   1579008 Bytes  05.03.2010 21:15:41
VBASE005.VDF   : 7.10.6.82    2494464 Bytes  15.04.2010 19:46:08
VBASE006.VDF   : 7.10.7.218   2294784 Bytes  02.06.2010 16:31:21
VBASE007.VDF   : 7.10.9.165   4840960 Bytes  23.07.2010 05:42:59
VBASE008.VDF   : 7.10.11.133  3454464 Bytes  13.09.2010 21:12:28
VBASE009.VDF   : 7.10.11.134     2048 Bytes  13.09.2010 21:12:28
VBASE010.VDF   : 7.10.11.135     2048 Bytes  13.09.2010 21:12:28
VBASE011.VDF   : 7.10.11.136     2048 Bytes  13.09.2010 21:12:29
VBASE012.VDF   : 7.10.11.137     2048 Bytes  13.09.2010 21:12:29
VBASE013.VDF   : 7.10.11.165   172032 Bytes  15.09.2010 15:45:27
VBASE014.VDF   : 7.10.11.202   144384 Bytes  18.09.2010 15:45:27
VBASE015.VDF   : 7.10.11.231   129024 Bytes  21.09.2010 15:45:27
VBASE016.VDF   : 7.10.12.4     126464 Bytes  23.09.2010 11:35:59
VBASE017.VDF   : 7.10.12.5       2048 Bytes  23.09.2010 11:35:59
VBASE018.VDF   : 7.10.12.6       2048 Bytes  23.09.2010 11:35:59
VBASE019.VDF   : 7.10.12.7       2048 Bytes  23.09.2010 11:35:59
VBASE020.VDF   : 7.10.12.8       2048 Bytes  23.09.2010 11:35:59
VBASE021.VDF   : 7.10.12.9       2048 Bytes  23.09.2010 11:35:59
VBASE022.VDF   : 7.10.12.10      2048 Bytes  23.09.2010 11:35:59
VBASE023.VDF   : 7.10.12.11      2048 Bytes  23.09.2010 11:35:59
VBASE024.VDF   : 7.10.12.12      2048 Bytes  23.09.2010 11:35:59
VBASE025.VDF   : 7.10.12.13      2048 Bytes  23.09.2010 11:35:59
VBASE026.VDF   : 7.10.12.14      2048 Bytes  23.09.2010 11:35:59
VBASE027.VDF   : 7.10.12.15      2048 Bytes  23.09.2010 11:35:59
VBASE028.VDF   : 7.10.12.16      2048 Bytes  23.09.2010 11:35:59
VBASE029.VDF   : 7.10.12.17      2048 Bytes  23.09.2010 11:35:59
VBASE030.VDF   : 7.10.12.18      2048 Bytes  23.09.2010 11:35:59
VBASE031.VDF   : 7.10.12.27     50176 Bytes  24.09.2010 11:35:59
Engineversion  : 8.2.4.60  
AEVDF.DLL      : 8.1.2.1       106868 Bytes  30.07.2010 05:43:09
AESCRIPT.DLL   : 8.1.3.45     1368443 Bytes  21.09.2010 15:45:32
AESCN.DLL      : 8.1.6.1       127347 Bytes  19.05.2010 05:59:06
AESBX.DLL      : 8.1.3.1       254324 Bytes  07.05.2010 19:46:16
AERDL.DLL      : 8.1.9.2       635252 Bytes  21.09.2010 15:45:31
AEPACK.DLL     : 8.2.3.7       471413 Bytes  21.09.2010 15:45:31
AEOFFICE.DLL   : 8.1.1.8       201081 Bytes  30.07.2010 05:43:06
AEHEUR.DLL     : 8.1.2.26     2916727 Bytes  21.09.2010 15:45:30
AEHELP.DLL     : 8.1.13.3      242038 Bytes  01.09.2010 06:03:25
AEGEN.DLL      : 8.1.3.22      401780 Bytes  21.09.2010 15:45:29
AEEMU.DLL      : 8.1.2.0       393588 Bytes  07.05.2010 19:46:12
AECORE.DLL     : 8.1.16.2      192887 Bytes  30.07.2010 05:43:03
AEBB.DLL       : 8.1.1.0        53618 Bytes  07.05.2010 19:46:12
AVWINLL.DLL    : 10.0.0.0       19304 Bytes  14.01.2010 10:59:10
AVPREF.DLL     : 10.0.0.0       44904 Bytes  14.01.2010 10:59:07
AVREP.DLL      : 10.0.0.8       62209 Bytes  18.02.2010 15:47:40
AVREG.DLL      : 10.0.3.0       53096 Bytes  01.04.2010 11:35:44
AVSCPLR.DLL    : 10.0.3.0       83816 Bytes  01.04.2010 11:39:49
AVARKT.DLL     : 10.0.0.14     227176 Bytes  01.04.2010 11:22:11
AVEVTLOG.DLL   : 10.0.0.8      203112 Bytes  26.01.2010 08:53:25
SQLITE3.DLL    : 3.6.19.0      355688 Bytes  28.01.2010 11:57:53
AVSMTP.DLL     : 10.0.0.17      63848 Bytes  16.03.2010 14:38:54
NETNT.DLL      : 10.0.0.0       11624 Bytes  19.02.2010 13:40:55
RCIMAGE.DLL    : 10.0.0.26    2550120 Bytes  28.01.2010 12:10:08
RCTEXT.DLL     : 10.0.53.0      98152 Bytes  09.04.2010 13:14:28

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel

Beginn des Suchlaufs: Freitag, 24. September 2010  19:38

Der Suchlauf nach versteckten Objekten wird begonnen.
c:\windows\explorer.exe
c:\Windows\explorer.exe
    [HINWEIS]   Der Prozess ist nicht sichtbar.
c:\program files\java\jre6\bin\ssvagent.exe
c:\Program Files\Java\jre6\bin\ssvagent.exe
    [HINWEIS]   Der Prozess ist nicht sichtbar.
c:\program files\java\jre6\bin\ssvagent.exe
c:\program files\java\jre6\bin\ssvagent.exe

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'iexplore.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashUtil10i_ActiveX.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '125' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqSTE08.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '138' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqtra08.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxext.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSMMgr.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'realsched.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuSchd2.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleDesktop.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'QtZyEmachine.EXE' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'BkupTray.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSASCui.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'niLxiDiscovery.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'nimdnsResponder.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAANTMon.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'SchedulerSvc.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'BackupSvc.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'tagsrv.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'nisvcloc.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'nidmsrv.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'nimxs.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'lktsrv.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'lkads.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'iviRegMgr.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'ETService.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'Agentsvc.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '151' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1658' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <OS>
C:\Users\Dani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\5029cd0e-2413405f
[0] Archivtyp: ZIP
  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.BH
--> dev/s/AdgredY.class
  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.BH
--> dev/s/DyesyasZ.class
  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.GS
--> dev/s/LoaderX.class
  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/ClassLoader.BO
Beginne mit der Suche in 'D:\' <DATA>

Beginne mit der Desinfektion:
C:\Users\Dani\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\5029cd0e-2413405f
    [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/ClassLoader.BO
    [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '48b751d9.qua' verschoben!


Ende des Suchlaufs: Freitag, 24. September 2010  21:00
Benötigte Zeit:  1:20:59 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  26665 Verzeichnisse wurden überprüft
 549760 Dateien wurden geprüft
      3 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 549757 Dateien ohne Befall
   3048 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise
 666027 Objekte wurden beim Rootkitscan durchsucht
      4 Versteckte Objekte wurden gefunden

Diese weiteren Schritte führte ich bereits aus:

- Update vom Java (auf dem Rechner war eine alte Version) und löschen der temporären Dateien
- Scan mit den Programmen: Malwarebytes und Superantispyware- beide Programme haben nichts gefunden
- Gleiche Scans im abgesicherten Modus- keine Funde


Logfiles von ODT

Code

OTL logfile created on: 08.10.2010 18:24:11 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Dani\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.44 Gb Total Space | 54.97 Gb Free Space | 49.33% Space Free | Partition Type: NTFS
Drive D: | 111.44 Gb Total Space | 106.30 Gb Free Space | 95.38% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DANI-PC
Current User Name: Dani
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Dani\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\National Instruments\Shared\Tagger\tagsrv.exe (National Instruments Corporation)
PRC - C:\Programme\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation)
PRC - C:\Windows\System32\lkads.exe (National Instruments Corporation)
PRC - C:\Windows\System32\lktsrv.exe (National Instruments Corporation)
PRC - C:\Programme\National Instruments\MAX\nimxs.exe (National Instruments Corporation)
PRC - C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation)
PRC - C:\Windows\System32\nisvcloc.exe (National Instruments Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe (National Instruments Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Launch Manager\QtZyEmachine.EXE (Dritek System Inc.)
PRC - C:\Programme\eMachines\eMachines Recovery Management\Service\ETService.exe ()
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Dani\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (NILM License Manager) -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation)
SRV - (NITaggerService) -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe (National Instruments Corporation)
SRV - (NIDomainService) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation)
SRV - (lkClassAds) -- C:\Windows\System32\lkads.exe (National Instruments Corporation)
SRV - (lkTimeSync) -- C:\Windows\System32\lktsrv.exe (National Instruments Corporation)
SRV - (mxssvr) -- C:\Program Files\National Instruments\MAX\nimxs.exe (National Instruments Corporation)
SRV - (nimDNSResponder) -- C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe (National Instruments Corporation)
SRV - (niSvcLoc) -- C:\Windows\System32\nisvcloc.exe (National Instruments Corporation)
SRV - (OpcEnum) -- C:\Windows\System32\Opcenum.exe (OPC Foundation)
SRV - (niLXIDiscovery) -- C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe (National Instruments Corporation)
SRV - (LkCitadelServer) -- C:\Windows\System32\lkcitdl.exe (National Instruments, Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ETService) -- C:\Programme\eMachines\eMachines Recovery Management\Service\ETService.exe ()
SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ()
SRV - (BUNAgentSvc) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (NewTech Infosystems, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (NiViPciK) -- C:\Windows\System32\drivers\NiViPciKl.sys (National Instruments Corporation)
DRV - (NiViPxiK) -- C:\Windows\System32\drivers\NiViPxiKl.sys (National Instruments Corporation)
DRV - (niorbk) -- C:\Windows\System32\drivers\niorbkl.sys (National Instruments Corporation)
DRV - (nipalusbedl) -- C:\Windows\System32\drivers\nipalusbedl.sys (National Instruments Corporation)
DRV - (NIPALK) -- C:\Windows\System32\drivers\nipalk.sys (National Instruments Corporation)
DRV - (nipalfwedl) -- C:\Windows\System32\drivers\nipalfwedl.sys (National Instruments Corporation)
DRV - (cvintdrv) -- C:\Windows\System32\drivers\cvintdrv.sys ()
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (NiViFWK) -- C:\Windows\System32\drivers\NiViFWKl.sys (National Instruments Corporation)
DRV - (silabser) -- C:\Windows\System32\drivers\silabser.sys (Silicon Laboratories)
DRV - (silabenm) -- C:\Windows\System32\drivers\silabenm.sys (Silicon Laboratories, Inc.)
DRV - (nipbcfk) -- C:\Windows\System32\drivers\nipbcfk.sys (National Instruments Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (nidimk) -- C:\Windows\System32\drivers\nidimkl.sys (National Instruments Corporation)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.google.ch/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.07 22:20:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.25 09:18:47 | 000,000,000 | ---D | M]
 
[2009.02.05 00:05:26 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\mozilla\Extensions
[2010.10.07 19:25:50 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\mozilla\Firefox\Profiles\ebzskph5.default\extensions
[2010.07.01 17:45:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dani\AppData\Roaming\mozilla\Firefox\Profiles\ebzskph5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.29 16:46:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dani\AppData\Roaming\mozilla\Firefox\Profiles\ebzskph5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.07.03 21:08:36 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\mozilla\Firefox\Profiles\ebzskph5.default\extensions\moveplayer@movenetworks.com
[2010.05.01 23:21:20 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2005.10.12 15:04:02 | 000,020,480 | ---- | M] (National Instruments) -- C:\Programme\Mozilla Firefox\plugins\NPLV80Win32.dll
[2007.02.08 10:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Programme\Mozilla Firefox\plugins\NPLV82Win32.dll
[2007.07.24 18:03:42 | 000,023,040 | ---- | M] (National Instruments) -- C:\Programme\Mozilla Firefox\plugins\nplv85win32.dll
[2008.12.10 14:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Programme\Mozilla Firefox\plugins\nplv86win32.dll
[2009.12.17 15:11:08 | 000,025,088 | ---- | M] (National Instruments) -- C:\Programme\Mozilla Firefox\plugins\nplv90win32.dll
[2010.03.14 21:27:57 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.14 21:27:57 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.14 21:27:57 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.14 21:27:57 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.14 21:27:57 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.10.08 15:58:59 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZyEmachine.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\eMachines\WR_PopUp\WarReg_PopUp.exe (eMachines)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Be32] C:\Users\Dani\AppData\Roaming\Adobe\Update\vidgui.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\eM3_Wide.bmp
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\eM3_Wide.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.10.08 18:21:20 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\Dani\Desktop\OTL.exe
[2010.10.08 18:19:07 | 000,000,000 | ---D | C] -- C:\Users\Dani\Desktop\Protecus
[2010.10.08 15:38:47 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.10.07 22:49:24 | 000,000,000 | ---D | C] -- C:\Users\Dani\AppData\Roaming\Malwarebytes
[2010.10.07 22:49:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.07 22:48:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.07 22:48:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.07 22:48:52 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.07 20:32:48 | 000,000,000 | ---D | C] -- C:\Users\Dani\AppData\Roaming\SUPERAntiSpyware.com
[2010.10.07 20:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.10.07 20:32:01 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.10.07 20:30:43 | 000,000,000 | ---D | C] -- C:\Users\Dani\Desktop\Dani_Vir
[2010.10.07 18:19:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.09.25 16:46:50 | 000,000,000 | ---D | C] -- C:\Users\Dani\Desktop\vi
[2010.09.25 12:32:54 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.09.15 17:11:58 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010.09.11 08:55:12 | 000,000,000 | ---D | C] -- C:\Users\Dani\dwhelper
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.10.08 18:27:17 | 002,621,440 | -HS- | M] () -- C:\Users\Dani\NTUSER.DAT
[2010.10.08 18:25:00 | 000,002,631 | ---- | M] () -- C:\Users\Dani\Desktop\Microsoft Office Word 2007.lnk
[2010.10.08 18:21:24 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Dani\Desktop\OTL.exe
[2010.10.08 18:19:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.08 18:10:24 | 001,432,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.10.08 18:10:24 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.08 18:10:24 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.08 18:10:24 | 000,125,378 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.08 18:10:24 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.08 18:06:47 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.10.08 18:05:10 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.08 18:04:26 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010.10.08 18:04:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.08 18:04:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.08 18:04:14 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.08 18:04:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.08 18:04:03 | 3146,641,408 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.08 18:04:01 | 231,610,569 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.10.08 17:46:26 | 000,524,288 | -HS- | M] () -- C:\Users\Dani\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010.10.08 17:46:26 | 000,065,536 | -HS- | M] () -- C:\Users\Dani\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010.10.08 17:46:25 | 006,291,456 | -H-- | M] () -- C:\Users\Dani\AppData\Local\IconCache.db
[2010.10.08 15:59:01 | 000,004,374 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2010.10.07 22:49:10 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.07 20:32:06 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.10.07 18:22:48 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.09.25 16:19:37 | 000,000,254 | ---- | M] () -- C:\Windows\win.ini
[2010.09.25 12:35:09 | 000,000,552 | ---- | M] () -- C:\Users\Dani\AppData\Local\d3d8caps.dat
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.10.08 16:01:49 | 3146,641,408 | -HS- | C] () -- C:\hiberfil.sys
[2010.10.08 15:38:33 | 231,610,569 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.10.07 23:19:37 | 000,004,374 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2010.10.07 22:49:10 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.07 20:32:06 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.10.07 18:22:48 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.09.25 12:35:09 | 000,000,552 | ---- | C] () -- C:\Users\Dani\AppData\Local\d3d8caps.dat
[2010.05.19 23:14:09 | 000,000,157 | ---- | C] () -- C:\Windows\System32\Vision Builder.ini
[2010.02.01 13:05:09 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll
[2010.02.01 13:05:07 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl66cl3.dll
[2010.01.11 20:38:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.12.21 22:26:56 | 000,000,000 | ---- | C] () -- C:\Windows\JCMKR32.INI
[2009.11.25 23:29:22 | 000,000,259 | ---- | C] () -- C:\Windows\WININIT.INI
[2009.09.19 15:31:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.06.14 14:15:52 | 000,000,244 | ---- | C] () -- C:\Windows\System32\nirpc.ini
[2009.06.11 16:23:34 | 000,039,968 | ---- | C] () -- C:\Windows\System32\LVWUtil32.dll
[2009.06.09 22:41:21 | 000,000,089 | ---- | C] () -- C:\Windows\System32\MSBII.dll
[2009.06.09 22:36:17 | 000,032,768 | ---- | C] () -- C:\Windows\System32\WKAuxil.dll
[2009.06.09 22:36:16 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2009.06.09 22:36:16 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
[2009.06.09 22:36:12 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2009.06.09 22:36:11 | 003,782,416 | ---- | C] () -- C:\Windows\System32\mso97.dll
[2009.05.26 20:34:58 | 000,003,520 | ---- | C] () -- C:\Windows\System32\nipalpg.dll
[2009.05.22 10:00:00 | 000,004,096 | ---- | C] () -- C:\Windows\System32\drivers\cvintdrv.sys
[2009.03.20 18:39:52 | 000,000,793 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.02.04 19:43:45 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009.02.03 21:25:09 | 000,011,776 | ---- | C] () -- C:\Users\Dani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.03 20:43:16 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.09.10 15:46:46 | 000,037,376 | ---- | C] () -- C:\Windows\System32\tbbmalloc.dll
[2008.06.02 10:37:57 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.06.02 10:37:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.06.02 01:45:41 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.06.02 01:45:41 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.06.02 01:23:24 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2009.09.14 08:24:52 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\Fuhay
[2010.08.24 22:35:46 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\gtk-2.0
[2009.11.12 22:25:42 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\ibf
[2010.04.21 10:50:13 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\Image Zone Express
[2009.11.11 15:53:50 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\InterVideo
[2009.03.29 20:06:01 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\PICC
[2009.03.20 18:51:20 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\Printer Info Cache
[2010.04.17 09:11:12 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\Sewoza
[2010.10.08 17:46:27 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A696643D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DB365884
< End of report >

Code

OTL Extras logfile created on: 08.10.2010 18:24:11 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Dani\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.44 Gb Total Space | 54.97 Gb Free Space | 49.33% Space Free | Partition Type: NTFS
Drive D: | 111.44 Gb Total Space | 106.30 Gb Free Space | 95.38% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DANI-PC
Current User Name: Dani
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0x00000000
"FirewallDisableNotify" = 0x00000000
"UpdatesDisableNotify" = 0x00000000
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021BA5A2-C9CA-4374-92B7-3F59FFE3B4BB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0A591AC3-A9A1-4620-8D6B-77901A4F5EE6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{150D0C78-769A-4E9C-90AE-A46C6E804042}" = lport=138 | protocol=17 | dir=in | app=system | 
"{32B2BAA8-46BF-4DE1-A235-CE035586ABF5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{358252BC-AAEA-4A74-8714-75FB39672E17}" = lport=445 | protocol=6 | dir=in | app=system | 
"{41F137BA-1544-4198-984C-31B8089362B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{47D43481-45D6-4734-B0A9-78F0514559C7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4D0CA4F5-3D6A-47FE-83A9-E9FE632172C6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5A540156-A3E4-443F-9315-6E62E414C2A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{686117DE-5FA9-40CF-840D-E1796BA06A60}" = lport=137 | protocol=17 | dir=in | app=system | 
"{860E9B3E-55FB-4AEE-A993-78F50C2C3D04}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8E3F39A8-E8AE-4F69-92E0-D973CA292F97}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{904515C4-4B02-4F4C-A710-405530917508}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{953D10B6-D433-43C4-B002-9F5E9690AD28}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{97F298AA-536D-479D-815B-8BCDDF324121}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B67F2BD0-B2FA-440A-9F14-0D05D9056858}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{BB550D88-C4DD-48FD-B7E1-532974C6735C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D9DE2898-934B-401D-9E22-1D0A8CB38B49}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F7C9E9B1-AF79-4A2E-AAFC-1EC7CF6E4081}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{231D1C54-6BFD-4802-86B6-B99E7D29D728}" = protocol=17 | dir=in | app=c:\program files\avira\antivir personaledition classic\avcenter.exe | 
"{2AE3657B-14A3-4474-9904-CEEBF2C7A4AD}" = protocol=6 | dir=in | app=c:\program files\avira\antivir personaledition classic\avcenter.exe | 
"{565540C3-9CBA-4AA0-802B-7ECBA44957F6}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{828398BB-E11D-457E-8379-FCFE58979CBF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{88BFE18B-A65F-4F3D-BD7D-B710F7929436}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{AE267FAE-E724-46BE-87D1-3D79758635F1}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{B2F13258-15BA-4105-896D-D5AE10086E97}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BA7F000B-2359-4245-AE07-447E6239B30F}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{C4EABFB1-D324-4CE8-B7F5-1A727E5DE03B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D9262D4C-86A4-4193-9CFC-F80DFFACE124}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{DB62387C-132F-4C9A-8D83-9C7EC9763CAB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E000DD71-5B28-4B67-86FD-63DC43AB0B59}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{EBC34403-47ED-4F91-A436-5738C0069F03}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"TCP Query User{A2CB5275-B731-4627-8877-71E2E8572E81}C:\users\dani\downloads\wuala_de.exe" = protocol=6 | dir=in | app=c:\users\dani\downloads\wuala_de.exe | 
"TCP Query User{A6784787-61B6-4137-A050-C9C47A79169C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{D102C828-0AB8-4C76-86BF-E59280C25A13}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{D7BF2636-B6A7-490D-8292-591578C1FA3D}C:\users\dani\desktop\wuala_de.exe" = protocol=6 | dir=in | app=c:\users\dani\desktop\wuala_de.exe | 
"TCP Query User{E6FFDB7D-7E76-437D-B990-80802E0C0F79}C:\users\dani\appdata\local\temp\wuala\roaming\wuala.exe" = protocol=6 | dir=in | app=c:\users\dani\appdata\local\temp\wuala\roaming\wuala.exe | 
"TCP Query User{F2FF35D3-0072-433A-A614-731589EF8151}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{0591010A-7050-42C6-BA1B-EB371FFC8906}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{3F76FE49-B639-4484-A0C2-1A03A2532FDF}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{4B31D2E8-BB51-4183-BC4C-907E9931AA32}C:\users\dani\appdata\local\temp\wuala\roaming\wuala.exe" = protocol=17 | dir=in | app=c:\users\dani\appdata\local\temp\wuala\roaming\wuala.exe | 
"UDP Query User{891159EB-CA55-450D-B8B6-7FE2876CB981}C:\users\dani\downloads\wuala_de.exe" = protocol=17 | dir=in | app=c:\users\dani\downloads\wuala_de.exe | 
"UDP Query User{C1BE17BA-C0C6-4601-9AB6-97FA3264E6D2}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{DBCC4BD6-DA81-4686-B58D-8F376CD42FF6}C:\users\dani\desktop\wuala_de.exe" = protocol=17 | dir=in | app=c:\users\dani\desktop\wuala_de.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0005EFFD-0635-4B40-B7B4-B9D35F7432EB}" = NI Vision Builder AI 3.6.1
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04B552B1-4EC5-4F1B-9F02-FD3DF5A71184}" = NI Assistant Framework
"{05046BCC-5E64-4A85-8615-D84DE4C1D865}" = NI VC2005MSMs x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0605CA4A-0149-474A-BA10-53CF2C646FC1}" = NI AFW Channel Configuration Tool
"{0631DA96-F943-4FEE-A800-D7EF7FE37FA5}" = NI LabVIEW 2009 Control Design and Simulation Module
"{065F29A4-D4D9-4BB9-85AF-8A878907BBD6}" = NI LabVIEW Run-Time Engine 8.5.1
"{07A99739-82EE-4537-AF2E-1607015D9992}" = NI Service Locator
"{08133ED0-B6EB-49CD-B0EF-60502E41D15E}" = NI Xerces Delay Load 2.7.1
"{094621AC-72E7-4167-8A06-CCDDBEBC233F}" = NI LabVIEW 2009 Help File
"{0AA68C51-02D5-4B67-8BC8-C4183D5180A0}" = NI AFW Custom UI
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0DFF0C5C-D82D-4C11-91AB-86411792D081}" = NI Uninstaller
"{0FB31DF8-38DF-4C9D-B313-AFAFC3FBA02B}" = NI LVBrokerAux 8.2.1
"{0FD812C9-3BBE-4CC5-A43C-B7304E3EC581}" = NI Web Pipeline 2.0.1
"{0FF78186-41DE-4C50-8C93-EF794068E600}" = NI LabVIEW 2009 Examples
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1538B06D-3F62-4622-B9D2-27B894C3496C}" = NI LVBrokerAux 8.5.0
"{163F89A3-2FD1-40FA-920C-91418E3632FC}" = NI LabVIEW 9.0.0 f3
"{16528ECF-7B7A-42D2-8D63-9BFD9CEBCAA7}" = NI System Identification Assistant LabVIEW Support
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{19C120B7-F7A6-4105-9D62-1F6305B2E2CF}" = NI DataSocket 4.7.0
"{1A710265-096B-46CB-8849-53A209D9A8CF}" = NI Certificates Deployment Support
"{1AC600E0-EACF-4FAA-9477-3CE8CE711E19}" = NI LabVIEW 2009 Help
"{1B06E3AF-1CE2-4085-AE4E-DFEC369E86D3}" = NI Logos XT Support
"{1C7CEF16-ACC3-4DD5-951F-D8124C1F9D1A}" = NI LabVIEW 2009 System Identification Toolkit
"{1D6F0B9D-F19E-43AB-9D8E-2E3653212C72}" = NI LabVIEW 2009 MeasAppChm File
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBC283A-8B22-48FA-9DFA-6C65E34455FA}" = NI LabVIEW Real-Time NBFifo
"{200927E3-5E45-493A-9343-508613BC59CE}" = NI LabVIEW Web Services Runtime
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2108E50D-978D-4D62-A837-4F12A61ADF15}" = NI LabVIEW 2009 License
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{240C8974-33A9-4EAB-8761-43F9B4D94816}" = NI 2009 Control Design Assistant
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{25FD6E1F-D73B-44EB-B840-261FF41CFAC5}" = NI Variable Engine LabVIEW 2009 Support
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{29603621-09E4-4705-8477-8DA13DA9DD64}" = NI Sound and Vibration Frequency Analysis 2009
"{297FA251-FF30-4F16-978C-4A65EA804EFF}" = NI LabVIEW Real-Time Error Dialog
"{2AD5E818-E2EE-4BBF-A2BF-29022C6FC236}" = NI Assistant Framework LabVIEW 2009 Support
"{2D72E0EC-D695-4BFB-A246-F07BAAA91AA1}" = NI Remote Provider for MAX 4.6.0
"{2FF17A1B-00A8-4A18-A0D7-6BF2D1510F38}" = NI LabVIEW 2009 Templates
"{30F064A1-6933-4027-BD62-B7BEB1F84711}" = NI LabVIEW 2009 VI.lib
"{33C22E6E-DAE6-467A-8CEC-672D8B989534}" = NI LabVIEW Run-Time Engine Interop 2009
"{33CFD572-E2C5-4554-A5FA-C8EC94DF078A}" = NI Vision Assistant 2009
"{34EE2F0F-D6EA-4C36-8315-41107048D48D}" = NI-DAQmx - LabVIEW shared documentation
"{36DC540B-3062-4538-B1D1-E367BC9F47FC}" = NI LVBrokerAux71
"{383AD0A2-FD79-4CF0-B823-C695E32BD08D}" = NI LabVIEW Run-Time Engine Web Services
"{39BA78A5-5F6C-47E8-98DC-F4398A541273}" = NI LabVIEW 2009 Manuals
"{3BA04F89-BD87-487F-87CD-AD33FAAD411E}" = NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 2.0
"{3BB7FF00-3716-4921-AC58-A600E94D80BF}" = NI mDNS Responder 1.1.0
"{3DA0D3CD-5D8E-44B0-A4C2-B90E1BDE3E14}" = NI LabVIEW 2009 MathScript RT Module License
"{3F188640-B4F5-44D5-BBF3-DAB70CF5629B}" = NI LabVIEW Compare Utility 9.0.0
"{40D9D764-7FD7-4036-B565-6D94DEEBD4A5}" = NI LabVIEW Merge Utility 9.0.0
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{416B50BB-64CE-46C5-81A6-7F842CC35CDC}" = NI LabVIEW MAX XML
"{419CCC6A-F243-4ED0-B269-FAB07FE12B79}" = VISA Shared Components
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{445D46D6-F012-4B33-A58B-FD0B3592BE3A}" = NI LabVIEW SignalExpress 2009 Datatypes LabVIEW 2009 Support
"{45A5461A-7D1D-4A91-B033-0B85E7AB25C2}" = NI MXS 4.6.0f0 for LabVIEW Real-Time
"{45FA54F6-8574-49D2-9E2D-0BDDE6237822}" = NI LabVIEW Run-Time Engine 8.2.1
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4D581C40-11D0-476B-A943-76506924B722}" = NI-DSM 2009
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50F9A1FC-39D8-46E8-8234-1A1A68A4033E}" = NI Variable Engine 2.3.0
"{5221FE7A-31B4-43AE-A899-FB7BBB9537BA}" = NI Sound and Vibration Frequency Analysis LabVIEW 2009 Support
"{52C3DD72-17E5-4E0D-83A8-FB42FCE3A8EF}" = NI-RPC 4.1.1f0 for Phar Lap ETS
"{53736430-DBEC-4582-B072-2F1F0A2C4EA6}" = NI LabVIEW Run-Time Engine 7.1.1
"{53A64579-F4A2-4BFC-8080-86E6446A021A}" = NI LabVIEW SignalExpress 2009
"{57B77060-04B4-468E-89A9-F68EEE466F57}" = NI USI 1.7.0
"{57F37CA1-6FA3-46D2-8F01-AD3A26FA4E9B}" = NI Assistant Framework LabVIEW Code Generator 2009
"{596C11D1-2285-4057-99F6-735B50EB87E1}" = NI System API RT
"{5A70FCD2-C019-4723-868F-07CD6C7755FF}" = NI Logos 5.1
"{5ACAF333-CED0-4652-B73C-8F63C65B0376}" = NI LabVIEW 2009 Instr.lib
"{5DE7D550-708E-4392-B9BC-672008A718E2}" = NI IVI Compliance Package 4.0
"{5E5A2B8E-CA40-45DE-A87A-7ECC5883C33D}" = NI-PAL 2.4.1f0
"{5FCEF50B-2832-433E-B336-FA41F63C933F}" = NI LabVIEW Modulation Toolkit 4.1
"{61912EB3-0D1B-4EDB-AD88-E96A3B851403}" = NI LabVIEW Run-Time Engine 2009
"{6447FE3A-8B2C-41DB-9791-322B8445B3E9}" = NI LabVIEW Deployable License 2009
"{644DAD90-2083-4871-BD49-721BF8FAE295}" = NI LabVIEW Run-Time Engine 8.6.1
"{658CBDD3-5ACF-4B78-9A8C-69979451E846}" = NI LabVIEW 2009 MathScript RT Module
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{65F1EE0F-F9D2-45E1-8E14-2EBFF34E90A0}" = NI LVBrokerAux8.0
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{672D5E0E-972E-4017-990E-66E08C51B40C}" = NI-IMAQ Camera Files
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C03909E-5D1A-4D7C-BF1D-B89876F44B56}" = IVI Shared Component
"{6D7CCB48-B0CB-4C01-992D-F16F3CDE356E}" = NI Vision .NET Run-Time Engine 2009
"{6E605604-E2CE-4331-AA19-5FEF273F3CFD}" = NI LabVIEW Real-Time FIFO for Runtime
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant
"{6F9E3BE2-9984-4E7E-946D-35B83800E3D4}" = NI LabVIEW 2009 Digital Filter Design Toolkit License
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{720C25DD-1987-4130-956F-EEEA4A31F47C}" = NI LabVIEW 2009 Digital Filter Design Toolkit RT Support
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7559B6F5-180B-479A-A8CD-2175EFBC61F8}" = NI LabVIEW 2009 Deployment Framework
"{760707F9-321F-435C-B2CF-CD0017D64426}" = NI LabVIEW SignalExpress 2009 Core LabVIEW Support
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774F12E3-96DA-4B4D-A11B-51D20C90E055}" = NI IVI Provider for MAX
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = eMachines ScreenSaver
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7ACFB216-29F7-4331-A5ED-2563AEB51F21}" = NI Trace Engine
"{7C62B54A-E524-4F3D-83E7-0F2ABAFC978A}" = NI Xalan Delay Load 1.10.1
"{7DF26441-EB0C-451E-BDE6-AC9562299D03}" = NI LabVIEW SignalExpress 2009 Steps
"{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime
"{7E7A035C-9DC5-40B0-B873-002B14CCE3B8}" = NI-RPC 4.1.1f0
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{7FBF5457-2290-4D25-AF40-4D36334728A2}" = NI LabVIEW 2009 Digital Filter Design Toolkit
"{80A509C2-1A67-476C-AF0F-DEDD5053036E}" = NI LabVIEW SignalExpress 2009 Tools
"{8150F817-E6CC-4A57-9F6A-96AFC7D0F5B4}" = NI LabVIEW EWB DeviceHandler 2009
"{82B8F87D-C75E-4270-B030-49ECDAFF1B53}" = NI MAX Remote Configuration Installer 4.6
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}" = eMachines
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110305887}" = Diner Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111265347}" = Luxor
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113537610}" = Build-a-lot
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113772953}" = Amazing Adventures The Lost Tomb
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11386547}" = Farm Frenzy
"{879CD33E-C5B0-4058-B583-88C337E34870}" = NI LabVIEW SignalExpress 2009 Datatypes
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88D1DA3C-09FA-4CA7-BB6B-2CEACCFA95D5}" = NI System State Publisher
"{89A7BD8C-0FC3-49EF-9072-5C8371C0A4D6}" = NI LabVIEW Web Services Runtime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A1369C7-A314-465C-8C96-040A427CBC85}" = NI LabVIEW 2009 Project
"{8AF869D1-F416-4855-8177-EB75D73CC992}" = NI LabVIEW 2009 Web Server
"{8B43117B-7D68-45D4-8774-32F0B10535B4}" = NI LabVIEW 2009 Deutsch
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9033A0BF-9B8A-4C27-812B-40BA10855E2D}" = NI LabVIEW 2009 Simulation
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90ABA0A4-9393-4A17-AB0E-534CE40FB9AF}" = NI LabVIEW 2009 CINtools
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{92769F9C-453B-40C9-B129-6E8E52586C8E}" = NI LabVIEW Broker
"{927C1DDA-61DC-4B95-A138-8A1377E33A9A}" = NI Portable Configuration 4.6.0
"{93B8921B-2AC6-4A58-A87C-19B633DB6860}" = NI Software Provider for MAX 4.6.0
"{94F8151E-1946-4D81-9FBF-E167DF25954A}" = NI LabVIEW Run-Time Engine 8.0
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{96094CE5-7920-47FD-8A02-68A7B5B1785F}" = NI System API Windows 32-bit
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{97C6E0FA-7D2B-4760-BA62-FAB862E29544}" = NI LabVIEW SignalExpress 2009 Core LabVIEW90 Support
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9F7DBC83-611C-4407-8817-8FD63E149288}" = NI SSL LabVIEW 2009 Support
"{A2215AA4-D097-4A68-8016-E1FABB65EA5D}" = NI DN 2.0 installer
"{A33CD149-DFFC-4BFA-AC9D-ADEBFD4E893D}" = NI LabVIEW 2009 System Identification Toolkit License
"{A34D1ADB-6E94-4F42-9D8E-BA2A94C6AAB2}" = NI LabVIEW 2009 gMath
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96395DA-AFC5-459E-A374-CE10E84FEEB2}" = NI TDM Excel Add-In 2.1
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABD79E99-F9E3-413B-8D18-11070754355F}" = NI Math Kernel Libraries
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AE0FC43D-EF45-4729-AC30-09BF193A9B9A}" = NI LabVIEW SignalExpress 2009 Core
"{AE9AA575-DE74-4711-B3B3-2977D76CC1BB}" = NI TDMS
"{AF32BE73-E284-444E-B310-7EE80192949B}" = NI LabWindows/CVI DLL Builder for LabVIEW
"{AFEDF70D-8DC3-40CB-93A0-F276E64BDF9C}" = NI VC2008MSMs x86
"{B09C152D-368F-430C-867B-9F2A5533987F}" = NI IVI Class Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D770EC-32E0-44C4-A2CF-51893E825B6B}" = NI IVI Online Help
"{B328F955-7237-4F6A-9AA7-644F7E1854BF}" = NI Vision Assistant 2009 .NET
"{B4285CA3-3EA6-43AD-BD87-DBF842581AB2}" = NI LabVIEW 2009 WWW
"{B5BD3DA8-1A63-4042-90FA-B26C361382C9}" = NI Remote PXI Provider for MAX 4.6.0
"{B5DE7937-303D-47C2-8104-D9A5E229A6FC}" = NI LabVIEW 2009 Control Design Shared VIs
"{B8E65E0D-30D8-49BD-B92C-0E77A09545D6}" = NI MAX LabVIEW Support 4.6.0
"{BBA6DF34-EA20-4FFB-8440-1F9657643F79}" = NI MDF Support
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C291EB2F-805C-46F7-8DC4-B3F2FF86E1C8}" = NI Measurement Studio Common .NET Assemblies for the .NET 3.5
"{C44029CD-EA25-4C95-B43A-3F31EE9732F0}" = NI IVI Engine
"{C58C5F18-0A13-4588-804A-2330C886C9AE}" = NI LabVIEW SignalExpress 2009 Licenses
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C84DBE54-E341-452E-BA71-57F5548C629D}" = NI Enhanced DSC Deployment Support 8.5
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{C9894B05-06D2-4F85-86C8-6B0D011A6BA5}" = NI License Manager
"{CA4D3547-E2D2-424E-BD41-7414C220D1AD}" = NI LabVIEW SignalExpress 2009 LabVIEW 2009 Support
"{CC84C43F-1CB2-47DB-AB8C-13035F30AADE}" = NI OCR Upgrade Manager
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CEDA69AF-DD7A-42A8-B6D3-65BA0592D34E}" = NI Instrument IO Assistant for LabVIEW 9.0 32
"{D1032C80-FBB6-450B-8C79-B7F9A64DFFEF}" = NI Logos LabVIEW 2009 Support
"{D507E350-1DEE-4FB8-AEEE-57D6B9DAB5F3}" = NI LabVIEW 2009 System Identification Toolkit VIs
"{D69E0672-CDB3-4F3D-BE65-9CDB6803F60E}" = NI LabVIEW 2009 Applibs
"{D6FC9FA9-3386-409A-8D62-EE026CA721D1}" = NI-VISA Runtime 4.5.1
"{D72AB2C1-D24D-4F17-B3DB-AF51223F293E}" = NI SSL Support
"{D9529709-28B0-4DA1-8749-8924C11AAFF2}" = NI Registration Wizard
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DB3A97C0-EEC1-43FE-AB56-E2EA972CF111}" = 1600
"{DB7B0959-C427-479A-AE95-71B82A7EF043}" = NI IMAQ Vision for Measurement Studio Upgrade Manager
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DE13B4F8-B77F-4C9C-9EB8-B14BC3FED121}" = NI IVI Class Simulation Drivers
"{DE2D4A5E-DEC1-486C-9D15-4D3F24E44774}" = NI LabVIEW Real-Time NBFifo
"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E1D35F75-FEA3-4F81-B6A8-59C272886598}" = NI Vision Run-Time Engine 2009
"{E1D60C68-016C-4951-8C1F-52E24DFE7836}" = NI CodeSignAPI
"{E35269EE-4191-454F-BFAA-C3564A69654D}" = NI-DIM 1.9.0f0
"{E37CCD6C-56C1-43C7-B2FA-24A32B6B09F7}" = NI Example Finder 9.0
"{E538C96B-606E-47E3-84D5-62BE82A69E39}" = NI LabVIEW 2009 Resource
"{E6A043D2-229B-4A75-96EB-F92898800251}" = NI LabVIEW Analog Modulation Toolkit 4.1
"{E6F385C0-79A1-44F0-9C15-70D1F2C74D01}" = NI EULA Depot
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E7BBA522-C9FC-4847-B9C7-FA3AF078F649}" = NI Vision .NET 2009
"{EA79DC46-98B0-4A26-A76F-448A032E5E4D}" = 1600Trb
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EBC6DA72-25C9-45E1-9CE4-7EEBC6440538}" = NI LabVIEW 2009 User.lib
"{F02055DF-EA46-4657-B32F-DEA1CB4F8EEA}" = NI Measurement Studio 8.1 Enterprise RunTime for VS2005
"{F0694221-1698-4BBF-871F-DCEB7FDD3FCA}" = NI LabVIEW 2009 System Identification Assistant
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F19E2B0A-2249-45DA-92DB-0CE0DEB8E8A4}" = NI OPC Support
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2C71A99-8D81-456F-AA25-B050A3532C3B}" = NI Vision 2009
"{F2D3406A-0A97-4EB9-9A09-F20A874C16F9}" = NI-ORB 1.9.3f0
"{F723A248-6AAC-4514-AFFB-7414BE02D95B}" = NI LabWindows/CVI 9.0 Run-Time Engine
"{F827F574-36ED-4D97-820A-AD6F74E02D0D}" = NI MXS 4.6.0
"{F870B987-18BC-45FC-9BE8-35C02DCDA10F}" = Broadcom Gigabit Integrated Controller
"{F8D407B1-B9A0-4128-8E79-17A6F9433F6C}" = NI Measurement & Automation Explorer 4.6.0
"{F8ECD2D6-659C-49EB-8454-5F8F7B526FCF}" = NI DN 2.0 Language Pack installer
"{FB84287D-6425-4867-89AE-6221FCDE2976}" = NI LabWindows/CVI Code Generator
"{FC36842D-E761-4338-9FD0-B75AB114A41F}" = NI LabVIEW SignalExpress 2009 LabVIEW Support
"{FD7D28C5-8A16-4AA8-9C7D-216B90D6F6D1}" = NI IVI Class Driver LabVIEW 2009 Support
"{FE24BCDF-9231-450D-AA08-D3550B81EE41}" = NI LabVIEW Web Server for Run-Time Engine
"{FEA5A8ED-93A1-44EE-9A7D-43103DB3F78D}" = 1600_Help
"{FEFA778A-05D2-4D0F-80A3-7AE24B8161C0}" = NI LabVIEW Web Server for Run-Time Engine
"{FF06AE31-83AF-4277-A719-E697C310D95C}" = NI LabVIEW 2009 Menus
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ELECTRA_is1" = ELECTRA 2.0.3
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"IviSharedComponent" = IVI Shared Components
"LManager" = Launch Manager
"MAKStripeExplorer_is1" = MAKStripeExplorer 1.22
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"NAVIGON Fresh" = NAVIGON Fresh 2.0.2
"NI Uninstaller" = Software von National Instruments
"PROR" = Microsoft Office Professional 2007
"RealPlayer 12.0" = RealPlayer
"Samsung CLP-660 Series" = Samsung CLP-660 Series
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Target 3001! V14 pcb-pool" = Target 3001! V14 pcb-pool
"VISASharedComponents" = VISA Shared Components
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 25.09.2010 04:47:04 | Computer Name = Dani-PC | Source = VSS | ID = 12289
Description = 
 
Error - 25.09.2010 05:52:32 | Computer Name = Dani-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung rundll32.exe, Version 6.0.6000.16386, Zeitstempel
 0x4549b0e1, fehlerhaftes Modul SynTPCpl.dll, Version 10.2.4.0, Zeitstempel 0x4790f8b6,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0002dde6,  Prozess-ID 0x13bc, Anwendungsstartzeit
 01cb5c9759392501.
 
Error - 25.09.2010 06:22:48 | Computer Name = Dani-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.09.2010 06:28:29 | Computer Name = Dani-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.09.2010 06:34:45 | Computer Name = Dani-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 25.09.2010 06:35:49 | Computer Name = Dani-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.09.2010 06:35:49 | Computer Name = Dani-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung REFLEX.exe, Version 5.0.3.0, Zeitstempel 0x44dc94b4,
 fehlerhaftes Modul REFLEX.exe, Version 5.0.3.0, Zeitstempel 0x44dc94b4, Ausnahmecode
 0xc0000005, Fehleroffset 0x0001f6ec,  Prozess-ID 0x5dc, Anwendungsstartzeit 01cb5c9d52f9a642.
 
Error - 25.09.2010 10:19:36 | Computer Name = Dani-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.09.2010 10:40:15 | Computer Name = Dani-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.09.2010 13:34:16 | Computer Name = Dani-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 08.10.2010 09:40:25 | Computer Name = Dani-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 08.10.2010 09:59:57 | Computer Name = Dani-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 08.10.2010 09:59:57 | Computer Name = Dani-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 08.10.2010 10:00:30 | Computer Name = Dani-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 08.10.2010 10:00:30 | Computer Name = Dani-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 08.10.2010 10:03:38 | Computer Name = Dani-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.10.2010 11:44:47 | Computer Name = Dani-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 08.10.2010 um 17:42:47 unerwartet heruntergefahren.
 
Error - 08.10.2010 11:49:11 | Computer Name = Dani-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.10.2010 12:04:07 | Computer Name = Dani-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 08.10.2010 um 18:02:20 unerwartet heruntergefahren.
 
Error - 08.10.2010 12:05:50 | Computer Name = Dani-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

Logfile von Gmer

Code

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-08 20:22:40
Windows 6.0.6002 Service Pack 2
Running: vegwiskr.exe; Driver: C:\Users\Dani\AppData\Local\Temp\pxldapod.sys


---- System - GMER 1.0.15 ----

SSDT            \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS                                          ZwTerminateProcess [0x8FBC0620]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 621                                                               824E0D84 4 Bytes  [20, 06, BC, 8F]

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\explorer.exe[2800] ntdll.dll!NtCreateThread                                      778144F4 5 Bytes  CALL 00880000 
.text           C:\Windows\explorer.exe[2800] ntdll.dll!NtProtectVirtualMemory                              77814D34 5 Bytes  CALL 002D0000 
.text           C:\Windows\explorer.exe[2800] ntdll.dll!NtCreateUserProcess                                 77815804 5 Bytes  CALL 008A0000 
.text           C:\Windows\explorer.exe[2800] kernel32.dll!ExitProcess                                      773E41D8 5 Bytes  CALL 008C0000 
.text           C:\Program Files\Windows Defender\MSASCui.exe[5080] ntdll.dll!NtCreateThread                778144F4 5 Bytes  CALL 00840000 
.text           C:\Program Files\Windows Defender\MSASCui.exe[5080] ntdll.dll!NtProtectVirtualMemory        77814D34 3 Bytes  CALL 00820000 
.text           C:\Program Files\Windows Defender\MSASCui.exe[5080] ntdll.dll!NtProtectVirtualMemory + 4    77814D38 1 Byte  [89]
.text           C:\Program Files\Windows Defender\MSASCui.exe[5080] ntdll.dll!NtCreateUserProcess           77815804 5 Bytes  CALL 01910000 
.text           C:\Program Files\Windows Defender\MSASCui.exe[5080] kernel32.dll!ExitProcess                773E41D8 5 Bytes  CALL 01930000 
.text           C:\Program Files\Windows Defender\MSASCui.exe[5080] ADVAPI32.dll!CryptGenKey                7755553E 5 Bytes  CALL 01ED0000 
.text           C:\Program Files\Windows Defender\MSASCui.exe[5080] ADVAPI32.dll!CryptDeriveKey             7755FCAE 5 Bytes  CALL 01EF0000 
.text           C:\Program Files\Windows Defender\MSASCui.exe[5080] ADVAPI32.dll!CryptImportKey             77576649 5 Bytes  CALL 01EB0000 
.text           C:\Program Files\Windows Defender\MSASCui.exe[5080] USER32.dll!PeekMessageW                 76C9045A 5 Bytes  CALL 01D50000 
.text           C:\Program Files\Windows Defender\MSASCui.exe[5080] ws2_32.dll!send                         7776659B 5 Bytes  CALL 01E70000 
.text           C:\Program Files\Windows Defender\MSASCui.exe[5080] wininet.dll!CommitUrlCacheEntryA        76D20F78 5 Bytes  CALL 01C30000 
.text           C:\Program Files\Windows Defender\MSASCui.exe[5080] wininet.dll!InternetReadFile            76D2654B 5 Bytes  CALL 01950000 
.text           C:\Program Files\Windows Defender\MSASCui.exe[5080] wininet.dll!InternetCloseHandle         76D29088 5 Bytes  CALL 01D30000 
.text           C:\Program Files\Windows Defender\MSASCui.exe[5080] wininet.dll!InternetQueryDataAvailable  76D2BF7F 5 Bytes  CALL 019D0000 
.text           C:\Program Files\Windows Defender\MSASCui.exe[5080] wininet.dll!HttpAddRequestHeadersA      76D2CF46 5 Bytes  CALL 01CB0000 
.text           C:\Program Files\Windows Defender\MSASCui.exe[5080] wininet.dll!HttpOpenRequestA            76D2D508 5 Bytes  CALL 01CF0000 
.text           C:\Program Files\Windows Defender\MSASCui.exe[5080] wininet.dll!InternetConnectA            76D2DEAE 5 Bytes  CALL 019B0000 
.text           C:\Program Files\Windows Defender\MSASCui.exe[5080] wininet.dll!HttpSendRequestW            76D2FABE 5 Bytes  CALL 01C10000 
.text           C:\Program Files\Windows Defender\MSASCui.exe[5080] wininet.dll!HttpOpenRequestW            76D2FBFB 5 Bytes  CALL 01D10000 
.text           C:\Program Files\Windows Defender\MSASCui.exe[5080] wininet.dll!HttpAddRequestHeadersW      76D2FE49 5 Bytes  CALL 01CD0000 
.text           C:\Program Files\Windows Defender\MSASCui.exe[5080] wininet.dll!HttpSendRequestA            76D3EE89 5 Bytes  CALL 019F0000 
.text           C:\Program Files\Windows Defender\MSASCui.exe[5080] wininet.dll!CommitUrlCacheEntryW        76D43085 5 Bytes  CALL 01C50000 
.text           C:\Program Files\Windows Defender\MSASCui.exe[5080] wininet.dll!InternetReadFileExW         76D43349 5 Bytes  CALL 01990000 
.text           C:\Program Files\Windows Defender\MSASCui.exe[5080] wininet.dll!InternetReadFileExA         76D43381 5 Bytes  CALL 01970000 

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                     Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                     Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                    fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Kann mir jemand in meiner Verzweiflung weiterhelfen?
Besten Dank im Voraus für eure Bemühungen.

Gruss
Dani

[/b][/u][/i][/url]

#2 Hi,

1. Starte bitte OTL, kopiere unten in das Script-Feld rein:

Zitat

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll File not found
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKCU..\Run: [Be32] C:\Users\Dani\AppData\Roaming\Adobe\Update\vidgui.exe ()
[2009.09.14 08:24:52 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\Fuhay
[2010.04.17 09:11:12 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\Sewoza
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A696643D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DB365884

:Commands
[purity]
[emptytemp]
[emptyflash]

und klicke auf Fix. Unter Umständen ist ein Neustart notwendig. Poste bitte das Fix Log.

2. RootRepeal
http://sites.google.com/site/rootrepeal/
Starte RootRepeal.
Beende alle anderen Programme.
Gehe unten auf den Reiter Report.
Klicke auf Scan.
Setze alle Häkchen.
Bestätige mit OK.
Falls gefragt, wähle Laufwerk C:
Bestätige mit OK.
Am Ende des Scans wird ein Log eingeblendet, poste es bitte.

#3 Hallo Gangren

Besten Dank für die schnelle Antwort.

Hier die beiden Logs:

OTL:

Code

 

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Be32 deleted successfully.
C:\Users\Dani\AppData\Roaming\Adobe\Update\vidgui.exe moved successfully.
C:\Users\Dani\AppData\Roaming\Fuhay folder moved successfully.
C:\Users\Dani\AppData\Roaming\Sewoza folder moved successfully.
ADS C:\ProgramData\TEMP:A696643D deleted successfully.
ADS C:\ProgramData\TEMP:DB365884 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Dani
->Temp folder emptied: 1962628296 bytes
->Temporary Internet Files folder emptied: 75879493 bytes
->Java cache emptied: 313169 bytes
->FireFox cache emptied: 41925517 bytes
->Flash cache emptied: 2912080 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2580 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 126144207 bytes
RecycleBin emptied: 28246 bytes
 
Total Files Cleaned = 2'107.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Dani
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.14.1 log created on 10092010_103912

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

RootRepeal:

Code

 

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:        2010/10/09 10:48
Program Version:        Version 1.3.5.0
Windows Version:        Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x90A0C000    Size: 888832    File Visible: No    Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xAEB86000    Size: 49152    File Visible: No    Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1f36f507-c7fe-11df-872c-00238b050d53}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{212417ea-c8d9-11df-9bcf-00238b050d53}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{36136b9a-c874-11df-8c14-00238b050d53}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{51cda329-c875-11df-94bd-00238b050d53}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{51cda32a-c875-11df-94bd-00238b050d53}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{51cda343-c875-11df-94bd-00238b050d53}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{54ec570c-d233-11df-93e7-00238b050d53}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{54ec570d-d233-11df-93e7-00238b050d53}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{565861d8-c58f-11df-9a38-00238b050d53}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{5b6be94e-d22d-11df-91d9-00238b050d53}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{5b6be97e-d22d-11df-91d9-00238b050d53}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8ca77f54-d250-11df-82c4-00238b050d53}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d7d3f019-c8ca-11df-9ac8-00238b050d53}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ff8983ae-c86e-11df-99fe-00238b050d53}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6f1efda8-c480-11df-9866-00238b050d53}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{780ae059-d2aa-11df-92a3-00238b050d53}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{780ae05d-d2aa-11df-92a3-00238b050d53}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{780ae060-d2aa-11df-92a3-00238b050d53}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{780ae086-d2aa-11df-92a3-00238b050d53}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8b5095f7-c7cf-11df-9219-00238b050d53}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\System32\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\System32\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0bcaee084e72e5d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.0.2.0_none_6a1e9669df5e3841.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.1_none_118a7387f9d14a82.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.0.2.0_none_3473ce69dd3e3b0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7658964504b9f3b6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_0e9108e3b72e14d4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f47e1bd6f6571810.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_db5f5c9d98cb161f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_dc9917e997f80c63.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_ecff360cfb2594f3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.1.0.0_none_6c030d6fdc86522c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_54c1279468b7b84b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_80b7c8a91e9dd16a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e507087.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.91_none_0e9c342f74fd2e58.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_58b1a5ca663317c4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.91_none_d6c3f1519bae0514.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.91_none_588445e3d272feb1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_5c400d5e63e93b68.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.1_none_9f63b3c292618dec.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\26340819d2ef86080d9001c6f2737d70fd6602ddf4b86b6c26b326ef81cc3342.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\ef483ae0673e2975dd4224fe26749623c1c702b8b3fded10161417459e1771a7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\2d3cb7907b1336ea5889a2b731d5e97ad40903a4efd2287c1c117bc30f208f46.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\a2492fa83366394b7c17fa6c9650ce5688b887d0ad0ad79743a3422debf4d997.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\d14225a52543aa5a9605b00dd7574812bf89c605ebc73a9730e1e386bfc965f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\bd83dce340498e7c363093c2fc74dfb58e1ec17770453905172c7471fadd9333.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\dd72f7ab2def5f75f58d01b24643b308750c38685daaed50bcddf61c18460dee.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\989e628160e12c984a435d2bb2a335ad043e006646150c7b1f3bb52dccd842cc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\d5ecf2ab9387e082648bbcccd6eceb9d67b096939150833d0ae3066b3a1a676e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\91ca50cec42075fff02b366323bf3b45d2053b24544bd12b622b65621bd0edd5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\b3beb16c28db357e654a6b132f59cd48cb95cee949d7b97587f8f02f233f3ce1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\18860672a5c66d86c814094edcbe638747283dd1b644f8e960f40ca51d409ff2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\935df4549e21123a2efb986a707f54475380a037519679510e4b4dfc4bdb5767.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\88b03fe13d2710ad787d5d96cd0e5cbeda3a61c2a0a2bdc0c0984a48365242e2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\b080e112e69d2e9c8e71acd39a81f0d469d837625ceb8ed73b5b87da1fd1424c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\8b414e757cb8b153bff77dd00a36556aea3adab25ce15f3e8b184ffbf41ba7a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\a951d53950c367acc37622f0dd619a954df5de2c4ec40296e6636605aa33714a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\71503c1b988fb27a41668f3ba35468d268daf07e8e79cf7b82a1ef64a8d213a1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\f7bf65ca621d8ad32ead1500a08827be239d0f49d83dc20dabf57d2eb17adbd7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\821b5699c772c1952968a54dadc77cc29ec0b1dd2fa6ce6df6977a8a00498e13.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_mscorlib.resources_b77a5c561934e089_6.0.6000.16720_de-de_65722c179a7be658\MSCORL~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_mscorlib.resources_b77a5c561934e089_6.0.6000.20883_de-de_4eaa42bbb41e2b4b\MSCORL~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SEC3A2~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SED8D0~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SEC3C2~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SED85F~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SEC362~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..onent-sku-homebasic_31bf3856ad364e35_6.0.6002.18005_none_6fb05fed465ff4c8\SEB414~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.16708_en-us_b9851a92245b1b73\SQLPER~2.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.20864_en-us_b9c9d6ad3dacfd87\SQLPER~2.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18096_en-us_bb08077221cc7808\SQLPER~2.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.16720_none_f570e12815568682\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6000.20883_none_dea8f7cc2ef8cb75\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.18111_none_f54bc5de15a89323\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6001.22230_none_de80367a2f4e0c36\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-machine_config_ocm_b03f5f7f11d50a3a_6.0.6002.18005_none_f52661bc15faf3ee\MACHIN~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6000.16720_none_8d57832b7d03f5e1\MICROS~3.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6000.16720_none_8d57832b7d03f5e1\MICROS~2.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6000.20883_none_768f99cf96a63ad4\MICROS~3.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6000.20883_none_768f99cf96a63ad4\MICROS~2.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_commontypes_schema_b03f5f7f11d50a3a_6.0.6001.22230_none_599095f00849688b\MICROS~1.XSD
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_a2f69a4627a6df36\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_8c2eb0ea41492429\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_a2d17efc27f8ebd7\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_8c05ef98419e64ea\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_c5e14f032f533a9c\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_c6260b1e48a51cb0\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_c7643be32cc49731\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_c8512a7445976b57\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_c71adcbf2e98b7f5\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_c75f98da47ea9a09\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_c89dc99f2c0a148a\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_c98ab83044dce8b0\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6000.16708_none_9958372092944487\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6000.20864_none_999cf33babe6269b\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6001.18096_none_9adb24009005a11c\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_7ab8208b3397ed7d\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_7afcdca64ce9cf91\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_7c3b0d6b31094a12\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_7d27fbfc49dc1e38\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_807ba2c12fe38edc\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6001.22208_none_9bc81291a8d87542\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6001.22208_none_774cb313a84bb30c\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_80c05edc493570f0\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6000.16708_none_319b7f14a2b4f78c\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6000.20864_none_31e03b2fbc06d9a0\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6001.18096_none_331e6bf4a0265421\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6001.22208_none_340b5a85b8f92847\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globalserifcf_31bf3856ad364e35_6.0.6002.18005_none_356532909d048bea\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-globaluserinterfacecf_31bf3856ad364e35_6.0.6000.16708_none_ac1fffb2b6ba9be9\GLOBAL~1.COM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6000.16708_none_7fdeb5cb1f6006f4\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6000.20864_none_802371e638b1e908\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxlist_31bf3856ad364e35_6.0.6000.16708_none_3efe98f4f2db4bc1\WINFXL~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxlist_31bf3856ad364e35_6.0.6000.20864_none_3f4355100c2d2dd5\WINFXL~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxlist_31bf3856ad364e35_6.0.6001.18096_none_408185d4f04ca856\WINFXL~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxlist_31bf3856ad364e35_6.0.6001.22208_none_416e7466091f7c7c\WINFXL~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-winfxlist_31bf3856ad364e35_6.0.6002.18005_none_42c84c70ed2ae01f\WINFXL~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6000.16708_none_1dbee32b03599791\PERFCO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6000.20864_none_1e039f461cab79a5\PERFCO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6001.18096_none_1f41d00b00caf426\PERFCO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6001.22208_none_202ebe9c199dc84c\PERFCO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cperfcnt_31bf3856ad364e35_6.0.6002.18005_none_218896a6fda92bef\PERFCO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wpf-system.speech_31bf3856ad364e35_6.0.6001.18096_none_8161a2ab1cd16389\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6001.18111_none_8d3267e17d560282\MICROS~3.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6001.18111_none_8d3267e17d560282\MICROS~2.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6001.22230_none_7666d87d96fb7b95\MICROS~3.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_targetfiles_b03f5f7f11d50a3a_6.0.6001.22230_none_7666d87d96fb7b95\MICROS~2.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7cb07809421da431\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.20883_none_65e88ead5bbfe924\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7c8b5cbf426fb0d2\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.22230_none_65bfcd5b5c1529e5\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ddac10e22fd3c967\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_a05f40e791345747\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8997578baad69c3a\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_a03a259d918663e8\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_896e9639ab2bdcfb\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_32a2a55c0f70152b\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_1bdabc0029125a1e\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_327d8a120fc221cc\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_1bb1faae29679adf\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_f49cbb9015dc43b3\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ddd4d2342f7e88a6\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_f477a046162e5054\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_7aa059d88e5323b0\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_7ae515f3a7a505c4\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_7c2346b88bc48045\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_7d103549a497546b\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\WindoProcesses
-------------------
Path: System
PID: 4    Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1312    Status: Locked to the Windows API!

SSDT
-------------------
#: 334    Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS" at address 0x8f7c9620

==EOF==

#4 Habe noch etwas vergessen: Alle Programme, die wir einsetzen, bitte mit Rechtsklick "Als Administrator" starten.

Arbeite bitte diese Anleitung ab, und poste das Log:
http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird

#5 Hallo Gangren

Beim erstellen der früheren Logs habe ich alle Programme als Administrator gestartet.

Hier das Log von ComboFix:

Code

ComboFix 10-10-08.01 - Dani 09.10.2010  16:09:22.1.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.41.1031.18.3000.1812 [GMT 2:00]
ausgeführt von:: c:\users\Dani\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tmp.reg

.
(((((((((((((((((((((((   Dateien erstellt von 2010-09-09 bis 2010-10-09  ))))))))))))))))))))))))))))))
.

2010-10-09 14:15 . 2010-10-09 14:15    --------    d-----w-    c:\users\Default\AppData\Local\temp
2010-10-09 08:39 . 2010-10-09 08:39    --------    d-----w-    C:\_OTL
2010-10-07 20:49 . 2010-10-07 20:49    --------    d-----w-    c:\users\Dani\AppData\Roaming\Malwarebytes
2010-10-07 20:49 . 2010-04-29 13:39    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-07 20:48 . 2010-10-07 20:48    --------    d-----w-    c:\programdata\Malwarebytes
2010-10-07 20:48 . 2010-04-29 13:39    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-10-07 20:48 . 2010-10-07 20:49    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-10-07 18:35 . 2010-10-07 18:35    63488    ----a-w-    c:\users\Dani\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-10-07 18:35 . 2010-10-07 18:35    52224    ----a-w-    c:\users\Dani\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-10-07 18:35 . 2010-10-07 18:35    117760    ----a-w-    c:\users\Dani\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-10-07 18:32 . 2010-10-07 18:32    --------    d-----w-    c:\users\Dani\AppData\Roaming\SUPERAntiSpyware.com
2010-10-07 18:32 . 2010-10-07 18:32    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2010-10-07 18:32 . 2010-10-07 18:33    --------    d-----w-    c:\program files\SUPERAntiSpyware
2010-10-07 16:19 . 2010-06-22 13:30    2048    ----a-w-    c:\windows\system32\tzres.dll
2010-09-25 10:35 . 2010-09-25 10:35    552    ----a-w-    c:\users\Dani\AppData\Local\d3d8caps.dat
2010-09-15 15:12 . 2010-04-16 16:46    502272    ----a-w-    c:\windows\system32\usp10.dll
2010-09-15 15:11 . 2010-08-17 14:11    128000    ----a-w-    c:\windows\system32\spoolsv.exe
2010-09-15 15:11 . 2010-04-05 17:02    317952    ----a-w-    c:\windows\system32\MP4SDECD.DLL
2010-09-15 15:11 . 2010-05-27 20:08    739328    ----a-w-    c:\windows\system32\inetcomm.dll
2010-09-11 06:55 . 2010-09-11 06:55    --------    d-----w-    c:\users\Dani\dwhelper

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-09 14:03 . 2008-01-21 08:21    623280    ----a-w-    c:\windows\system32\perfh007.dat
2010-10-09 14:03 . 2008-01-21 08:21    125378    ----a-w-    c:\windows\system32\perfc007.dat
2010-10-09 11:27 . 2006-11-02 10:25    51200    ----a-w-    c:\windows\Inf\infpub.dat
2010-10-09 11:27 . 2006-11-02 10:25    143360    ----a-w-    c:\windows\Inf\infstrng.dat
2010-10-09 09:58 . 2009-03-29 16:03    --------    d-----w-    c:\program files\REFLEX
2010-10-08 17:13 . 2009-03-21 20:09    --------    d-----w-    c:\programdata\Google Updater
2010-10-08 13:59 . 2009-02-03 18:39    --------    d-----w-    c:\program files\Google
2010-10-07 16:53 . 2010-02-17 21:29    --------    d-----w-    c:\program files\Microsoft Silverlight
2010-09-25 07:18 . 2008-06-01 23:49    --------    d-----w-    c:\programdata\Microsoft Help
2010-09-25 07:18 . 2006-11-02 11:18    --------    d-----w-    c:\program files\Windows Mail
2010-08-24 20:35 . 2010-01-16 13:05    --------    d-----w-    c:\users\Dani\AppData\Roaming\gtk-2.0
2004-03-15 15:51 . 2004-03-15 15:51    114688    ----a-w-    c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2005-10-12 13:04 . 2005-10-12 13:04    131072    ----a-w-    c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2007-02-08 08:48 . 2007-02-08 08:48    133920    ----a-w-    c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-24 16:03 . 2007-07-24 16:03    118784    ----a-w-    c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
2008-12-10 12:50 . 2008-12-10 12:50    118784    ----a-w-    c:\program files\internet explorer\plugins\LV86ActiveXControl.dll
2009-12-17 13:11 . 2009-12-17 13:11    158720    ----a-w-    c:\program files\internet explorer\plugins\LV90ActiveXControl.dll
2010-08-06 15:26 . 2010-02-10 17:33    119808    ----a-w-    c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-06 6265376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-11 1033512]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-21 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-21 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-21 145944]
"WarReg_PopUp"="c:\program files\eMachines\WR_PopUp\WarReg_PopUp.exe" [2008-05-09 49152]
"LManager"="c:\progra~1\LAUNCH~1\QtZyEmachine.EXE" [2008-06-24 817672]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-06 30192]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-20 148888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-08 198160]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-12-12 524288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Skytel"="Skytel.exe" [2008-08-06 1833504]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 gupdate1c9aa612ee38f0;Google Update Service (gupdate1c9aa612ee38f0);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 133104]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-06 30192]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2008-06-13 11360]
R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2009-05-26 11904]
R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2009-05-26 11896]
R3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [2009-03-05 11384]
R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2009-06-21 11360]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2008-08-27 17920]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2008-08-27 60544]
S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys [2008-08-21 15448]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 ETService;Empowering Technology Service;c:\program files\EMACHINES\eMachines Recovery Management\Service\ETService.exe [2008-06-11 24576]
S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [2009-03-05 131704]
S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2009-06-04 193648]
S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2009-06-21 11360]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2006-11-24 5120]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-06-25 212992]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork    REG_MULTI_SZ       PLA DPS BFE mpssvc
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-10-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-03 20:09]

2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 20:09]

2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 20:09]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.ch/
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Dani\AppData\Roaming\Mozilla\Firefox\Profiles\ebzskph5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nplv85win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nplv86win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nplv90win32.dll
FF - plugin: c:\users\Dani\AppData\Roaming\Mozilla\Firefox\Profiles\ebzskph5.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60


.
Zeit der Fertigstellung: 2010-10-09  16:16:59
ComboFix-quarantined-files.txt  2010-10-09 14:16

Vor Suchlauf: 10 Verzeichnis(se), 60'619'661'312 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 60'557'623'296 Bytes frei

- - End Of File - - 9E30EB3C73FD82628A3FE85263A84F07

#6 1. Panda ActiveScan2.0
http://www.pandasecurity.com/homeusers/solutions/activescan/

Klicke auf Scan your PC now
Wähle Schneller Scan, klicke auf Jetzt scannen und folge den Anweisungen.
Am Ende des Scans wird eine Ergebnisseite angezeigt, oben rechts kann man die Ergebnisse in eine Textdatei speichern (Export In: ). Den Inhalt der Datei bitte posten.

2. Mache bitte erneut einen kompletten Scan mit AntiVir.

3. Kontrollscan mit OTL: Starte bitte OTL, klicke auf Quick Scan und poste die Otl.txt (Extras.txt wird diesmal nicht benötigt)

4. Macht der Rechner noch Probleme?

#7 Hallo Gangren

Bei Panda ActiveScan habe ich die Möglichkeit das Resultat zu speichern nicht gefunden. Folgendes wurde aber nach der Prüfung angezeigt:
>keine Viren/Trojaner erkannt
>keine verdächtigen Dateien erkannt
>keine Schwachstellen erkannt

AntiVir hat auch nichts gefunden.

Log vom OTL:

Code

OTL logfile created on: 09.10.2010 19:25:46 - Run 2
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Dani\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.44 Gb Total Space | 56.31 Gb Free Space | 50.53% Space Free | Partition Type: NTFS
Drive D: | 111.44 Gb Total Space | 106.30 Gb Free Space | 95.38% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DANI-PC
Current User Name: Dani
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010.10.08 18:21:24 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Dani\Desktop\OTL.exe
PRC - [2010.08.06 17:26:10 | 000,030,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.11.08 20:18:16 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe
PRC - [2009.06.23 13:29:48 | 000,740,968 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\Tagger\tagsrv.exe
PRC - [2009.06.18 07:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\Security\nidmsrv.exe
PRC - [2009.06.18 06:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\lkads.exe
PRC - [2009.06.18 06:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\lktsrv.exe
PRC - [2009.06.15 20:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\MAX\nimxs.exe
PRC - [2009.06.04 09:31:10 | 000,193,648 | ---- | M] (National Instruments Corporation) -- C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
PRC - [2009.06.04 04:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\nisvcloc.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.05 16:17:12 | 000,131,704 | ---- | M] (National Instruments Corporation) -- C:\Programme\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
PRC - [2008.08.06 11:18:52 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.07.21 03:23:00 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2008.07.20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.07.20 17:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.06.24 10:33:44 | 000,817,672 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\QtZyEmachine.EXE
PRC - [2008.06.11 12:18:30 | 000,024,576 | ---- | M] () -- C:\Programme\eMachines\eMachines Recovery Management\Service\ETService.exe
PRC - [2008.04.06 22:42:36 | 000,034,040 | ---- | M] () -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
PRC - [2008.04.06 22:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008.03.03 13:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008.01.21 04:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.12.12 07:59:10 | 000,524,288 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010.10.08 18:21:24 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Dani\Desktop\OTL.exe
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.01.21 04:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2010.08.06 17:26:10 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.09.18 10:10:28 | 001,007,616 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2009.06.23 13:29:48 | 000,740,968 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService)
SRV - [2009.06.18 07:01:50 | 000,356,912 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2009.06.18 06:57:28 | 000,042,544 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\System32\lkads.exe -- (lkClassAds)
SRV - [2009.06.18 06:56:32 | 000,053,296 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync)
SRV - [2009.06.15 20:44:40 | 000,012,696 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr)
SRV - [2009.06.04 09:31:10 | 000,193,648 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)
SRV - [2009.06.04 04:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\System32\nisvcloc.exe -- (niSvcLoc)
SRV - [2009.06.03 10:26:34 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\System32\Opcenum.exe -- (OpcEnum)
SRV - [2009.03.05 16:17:12 | 000,131,704 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe -- (niLXIDiscovery)
SRV - [2008.10.31 14:52:54 | 000,695,136 | ---- | M] (National Instruments, Inc.) [On_Demand | Stopped] -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2008.07.20 17:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.06.11 12:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\eMachines\eMachines Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008.04.06 22:42:24 | 000,050,424 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008.04.04 03:03:14 | 000,131,072 | ---- | M] () [Auto | Stopped] -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008.03.03 13:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.06.21 13:58:10 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NiViPciKl.sys -- (NiViPciK)
DRV - [2009.06.21 13:58:08 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NiViPxiKl.sys -- (NiViPxiK)
DRV - [2009.06.14 15:32:28 | 000,011,344 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\niorbkl.sys -- (niorbk)
DRV - [2009.05.26 20:35:50 | 000,011,896 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nipalusbedl.sys -- (nipalusbedl)
DRV - [2009.05.26 20:34:52 | 000,592,472 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nipalk.sys -- (NIPALK)
DRV - [2009.05.26 20:33:32 | 000,011,904 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nipalfwedl.sys -- (nipalfwedl)
DRV - [2009.05.22 10:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2009.04.29 13:43:14 | 000,058,912 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009.03.05 16:16:06 | 000,011,384 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NiViFWKl.sys -- (NiViFWK)
DRV - [2008.08.27 15:14:36 | 000,060,544 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2008.08.27 15:14:36 | 000,017,920 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2008.08.21 21:04:58 | 000,015,448 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nipbcfk.sys -- (nipbcfk)
DRV - [2008.08.06 11:11:06 | 002,164,248 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.07.21 03:23:00 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.07.10 04:43:00 | 000,917,504 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.06.25 16:39:42 | 000,212,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008.06.13 14:51:06 | 000,011,360 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nidimkl.sys -- (nidimk)
DRV - [2008.06.11 12:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.02.11 19:39:00 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008.01.30 11:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008.01.30 11:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008.01.23 13:18:28 | 001,187,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008.01.21 04:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006.11.24 05:34:48 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2006.11.24 05:34:46 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006.11.02 15:29:36 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.google.ch/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.07 22:20:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.25 09:18:47 | 000,000,000 | ---D | M]
 
[2009.02.05 00:05:26 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\mozilla\Extensions
[2010.10.09 11:45:03 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\mozilla\Firefox\Profiles\ebzskph5.default\extensions
[2010.07.01 17:45:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dani\AppData\Roaming\mozilla\Firefox\Profiles\ebzskph5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.29 16:46:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dani\AppData\Roaming\mozilla\Firefox\Profiles\ebzskph5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.07.03 21:08:36 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\mozilla\Firefox\Profiles\ebzskph5.default\extensions\moveplayer@movenetworks.com
[2010.05.01 23:21:20 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2005.10.12 15:04:02 | 000,020,480 | ---- | M] (National Instruments) -- C:\Programme\Mozilla Firefox\plugins\NPLV80Win32.dll
[2007.02.08 10:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Programme\Mozilla Firefox\plugins\NPLV82Win32.dll
[2007.07.24 18:03:42 | 000,023,040 | ---- | M] (National Instruments) -- C:\Programme\Mozilla Firefox\plugins\nplv85win32.dll
[2008.12.10 14:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Programme\Mozilla Firefox\plugins\nplv86win32.dll
[2009.12.17 15:11:08 | 000,025,088 | ---- | M] (National Instruments) -- C:\Programme\Mozilla Firefox\plugins\nplv90win32.dll
[2010.03.14 21:27:57 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.14 21:27:57 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.14 21:27:57 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.14 21:27:57 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.14 21:27:57 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.10.09 16:15:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZyEmachine.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\eMachines\WR_PopUp\WarReg_PopUp.exe (eMachines)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\eM3_Wide.bmp
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\eM3_Wide.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]
 
[2010.10.09 18:45:21 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2010.10.09 18:45:18 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2010.10.09 18:44:53 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security
[2010.10.09 16:17:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.10.09 16:07:57 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.10.09 16:07:57 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.10.09 16:07:57 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.10.09 16:07:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.10.09 16:07:53 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.10.09 16:06:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.10.09 16:06:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.10.09 10:39:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.10.08 18:21:20 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\Dani\Desktop\OTL.exe
[2010.10.08 18:19:07 | 000,000,000 | ---D | C] -- C:\Users\Dani\Desktop\Protecus
[2010.10.08 15:38:47 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.10.07 22:49:24 | 000,000,000 | ---D | C] -- C:\Users\Dani\AppData\Roaming\Malwarebytes
[2010.10.07 22:49:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.07 22:48:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.07 22:48:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.07 22:48:52 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.07 20:32:48 | 000,000,000 | ---D | C] -- C:\Users\Dani\AppData\Roaming\SUPERAntiSpyware.com
[2010.10.07 20:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.10.07 20:32:01 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.10.07 20:30:43 | 000,000,000 | ---D | C] -- C:\Users\Dani\Desktop\Dani_Vir
[2010.09.25 16:46:50 | 000,000,000 | ---D | C] -- C:\Users\Dani\Desktop\vi
[2010.09.25 12:32:54 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.09.11 08:55:12 | 000,000,000 | ---D | C] -- C:\Users\Dani\dwhelper
 
[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]
 
[2010.10.09 19:27:39 | 002,621,440 | -HS- | M] () -- C:\Users\Dani\NTUSER.DAT
[2010.10.09 19:19:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.09 18:43:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.09 18:43:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.09 16:15:40 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.10.09 16:15:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.10.09 16:03:58 | 001,432,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.10.09 16:03:58 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.09 16:03:58 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.09 16:03:58 | 000,125,378 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.09 16:03:58 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.09 16:00:44 | 003,876,009 | R--- | M] () -- C:\Users\Dani\Desktop\ComboFix.exe
[2010.10.09 10:46:15 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.10.09 10:43:47 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.09 10:43:45 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010.10.09 10:43:38 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.09 10:43:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.09 10:43:28 | 3146,641,408 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.09 10:42:30 | 000,524,288 | -HS- | M] () -- C:\Users\Dani\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010.10.09 10:42:30 | 000,065,536 | -HS- | M] () -- C:\Users\Dani\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010.10.09 00:14:01 | 003,049,776 | -H-- | M] () -- C:\Users\Dani\AppData\Local\IconCache.db
[2010.10.08 20:24:06 | 448,899,369 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.10.08 19:31:42 | 000,293,376 | ---- | M] () -- C:\Users\Dani\Desktop\vegwiskr.exe
[2010.10.08 19:25:51 | 000,000,000 | ---- | M] () -- C:\Users\Dani\defogger_reenable
[2010.10.08 18:25:00 | 000,002,631 | ---- | M] () -- C:\Users\Dani\Desktop\Microsoft Office Word 2007.lnk
[2010.10.08 18:21:24 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Dani\Desktop\OTL.exe
[2010.10.07 22:49:10 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.07 20:32:06 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.10.07 18:22:48 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.09.25 16:19:37 | 000,000,254 | ---- | M] () -- C:\Windows\win.ini
[2010.09.25 12:35:09 | 000,000,552 | ---- | M] () -- C:\Users\Dani\AppData\Local\d3d8caps.dat
[2010.08.24 22:35:46 | 000,004,455 | ---- | M] () -- C:\Users\Dani\.recently-used.xbel
[2010.08.13 16:03:28 | 000,383,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.10.09 16:07:57 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.10.09 16:07:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.10.09 16:07:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.10.09 16:07:57 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.10.09 16:07:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.10.09 16:02:43 | 003,876,009 | R--- | C] () -- C:\Users\Dani\Desktop\ComboFix.exe
[2010.10.08 19:33:25 | 000,293,376 | ---- | C] () -- C:\Users\Dani\Desktop\vegwiskr.exe
[2010.10.08 19:25:51 | 000,000,000 | ---- | C] () -- C:\Users\Dani\defogger_reenable
[2010.10.08 16:01:49 | 3146,641,408 | -HS- | C] () -- C:\hiberfil.sys
[2010.10.08 15:38:33 | 448,899,369 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.10.07 22:49:10 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.07 20:32:06 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.10.07 18:22:48 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.09.25 12:35:09 | 000,000,552 | ---- | C] () -- C:\Users\Dani\AppData\Local\d3d8caps.dat
[2010.08.24 22:35:46 | 000,004,455 | ---- | C] () -- C:\Users\Dani\.recently-used.xbel
[2010.05.19 23:14:09 | 000,000,157 | ---- | C] () -- C:\Windows\System32\Vision Builder.ini
[2010.02.01 13:05:09 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll
[2010.02.01 13:05:07 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl66cl3.dll
[2010.01.11 20:38:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.12.21 22:26:56 | 000,000,000 | ---- | C] () -- C:\Windows\JCMKR32.INI
[2009.11.25 23:29:22 | 000,000,259 | ---- | C] () -- C:\Windows\WININIT.INI
[2009.09.19 15:31:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.06.14 14:15:52 | 000,000,244 | ---- | C] () -- C:\Windows\System32\nirpc.ini
[2009.06.11 16:23:34 | 000,039,968 | ---- | C] () -- C:\Windows\System32\LVWUtil32.dll
[2009.06.09 22:41:21 | 000,000,089 | ---- | C] () -- C:\Windows\System32\MSBII.dll
[2009.06.09 22:36:17 | 000,032,768 | ---- | C] () -- C:\Windows\System32\WKAuxil.dll
[2009.06.09 22:36:16 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[2009.06.09 22:36:16 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll
[2009.06.09 22:36:12 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2009.06.09 22:36:11 | 003,782,416 | ---- | C] () -- C:\Windows\System32\mso97.dll
[2009.05.26 20:34:58 | 000,003,520 | ---- | C] () -- C:\Windows\System32\nipalpg.dll
[2009.05.22 10:00:00 | 000,004,096 | ---- | C] () -- C:\Windows\System32\drivers\cvintdrv.sys
[2009.03.20 18:39:52 | 000,000,793 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.02.04 19:43:45 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009.02.03 21:25:09 | 000,011,776 | ---- | C] () -- C:\Users\Dani\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.03 20:43:16 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.09.10 15:46:46 | 000,037,376 | ---- | C] () -- C:\Windows\System32\tbbmalloc.dll
[2008.06.02 10:37:57 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.06.02 10:37:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2008.06.02 01:45:41 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.06.02 01:45:41 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.06.02 01:23:24 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.08.24 22:35:46 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\gtk-2.0
[2009.11.12 22:25:42 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\ibf
[2010.04.21 10:50:13 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\Image Zone Express
[2009.11.11 15:53:50 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\InterVideo
[2009.03.29 20:06:01 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\PICC
[2009.03.20 18:51:20 | 000,000,000 | ---D | M] -- C:\Users\Dani\AppData\Roaming\Printer Info Cache
[2010.10.09 10:42:31 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
< End of report >

Der PC scheint wieder einwandfrei zu funktionieren.
Besten Dank für deinen schnellen und kompetenten Support!!

Ich hätte da noch zwei Fragen an dich:
Mit DeFogger hatte ich die CD-Emulation-Treiber deaktiviert. Kann ich die Treiber nun wieder reaktivieren?
Auf dem www bin ich grundsätzlich vorsichtig. Trotzdem habe ich was eingefangen. Wie kann ich mich zukünftig besser vor solchen Angriffen schützen? Wäre mir dies mit AntiVir Premium auch passiert? Damit hat man ja auch einen Surf- und Email Schutz?

Nochmals vielen Dank für deine Unterstützung!!
Gruss
Dani

#8

Zitat

Mit DeFogger hatte ich die CD-Emulation-Treiber deaktiviert. Kann ich die Treiber nun wieder reaktivieren?

Jepp.

Zitat

Auf dem www bin ich grundsätzlich vorsichtig. Trotzdem habe ich was eingefangen. Wie kann ich mich zukünftig besser vor solchen Angriffen schützen? Wäre mir dies mit AntiVir Premium auch passiert? Damit hat man ja auch einen Surf- und Email Schutz?

Grundsätzlich gilt: vertraue keinem Antivirus-Programm. Bei neuen Infektionen sind diese oft hilflos. Siehe auch den letzten Punkt unten. Für Surf- und Emailschutz könntest Du auf avast! umsteigen (http://www2.avast.de/download.html unten bei Freeware). Es hat, glaube ich, diese Funktionen in der Free-Version.

1. Starte bitte OTL, kopiere unten in das Script-Feld rein:

Zitat

:OTL

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

:Commands
[purity]
[emptytemp]
[emptyflash]

und klicke auf Fix. Unter Umständen ist ein Neustart notwendig.

2. Deinstalliere:
Java(TM) 6 Update 12

Installiere die aktuelle Java-Version:
http://www.java.com/de/download/manual.jsp


3. Könntest Du bitte den Ordner C:\_OTL\MovedFiles zippen, die zip-Datei auf http://www.file-upload.net/ hochladen und mir den Downloadlink per PM schicken? Das ist der Quarantäne-Ordner. Ich würde mir die Sachen ansehen und ggf. an verschiedene AV-Hersteller schicken, um die Erkennung zu verbessern.

Danach (sonst ist der Ordner weg):
4. Starte OTL und klicke bitte auf Bereinigung

5. Hol Dir http://secunia.com/vulnerability_scanning/personal/ und halte damit Dein System auf dem neuesten Stand.

6. Lies Dir das hier durch: http://malte-wetz.de/wiki/pmwiki.php/De/KompromittierungUnvermeidbar

Wir sind fertig

Gruß,
gangren