Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My PC behaves weird - everything terminates itself


  • This topic is locked This topic is locked
40 replies to this topic

#1 crystal07

crystal07

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:58 AM

Posted 06 November 2010 - 10:27 PM

I have already started this under "Am I infected?" so I'm referring to my first post/starting thread here:

http://www.bleepingcomputer.com/forums/topic358980.html/page__pid__2006626#entry2006626

So, here my DDS log (and the Attach.txt as well as the Gmer log ark.txt in the attachement)

Thanks in advance again
Sabine

DDS log:
----------


DDS (Ver_10-11-05.01) - NTFSx86
Run by sabine at 2:42:46,12 on 07.11.2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3070.2330 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\SQ931STI.EXE
E:\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\SuRun.exe
C:\Programme\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\ctfmon.exe
E:\portable_lavclock2\bin\lavclock2.exe
E:\FileBX\FileBX.exe
E:\Hardcopy\hardcopy.exe
E:\RocketDock\RocketDock.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\taskmgr.exe
E:\Firefox\firefox.exe
E:\AnVir Taskmanager\AnVir Task Manager\AnVir.exe
C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
E:\Stardock\ObjectDock\ObjectDock.exe
E:\Minipad\minipad2.exe
C:\Dokumente und Einstellungen\sabine\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
mWinlogon: UIHost=c:\dokumente und einstellungen\all users\anwendungsdaten\tuneup software\tuneup utilities\winstyler\tu_logonui.exe
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelper.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - e:\keyscrambler\KeyScramblerIE.dll
BHO: Videoraptor_WebRipPlugin Class: {3c0372c2-04c3-4100-bab1-1d42c552bc48} - e:\audialsone\mediaraptor\plugins\ie\MR_WebRipIePlugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\programme\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - e:\ms onenote\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-75d54c110a7d} - e:\audialsone\tunebite\plugins\ie\TB_WebRipIePlugin.dll
BHO: : {bbe59af5-ee22-4a3a-ab26-3f774d1b4216} - e:\folderbox\FolderBox.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\java\bin\jp2ssv.dll
TB: QT TabBar: {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll
TB: QT Tab Standard Buttons: {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\programme\siber systems\ai roboform\roboform.dll
EB: &Folder Box: {3f5a62e2-51f2-11d3-a075-cc7364cae42b} - e:\folderbox\FolderBox.dll
EB: Transparent TaskBar Tool: {7b0ec9d2-835a-44d8-8377-39cdf6a391f5} - mscoree.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Macro Recorder Pro] e:\easy macro recorder\Macro Recorder.exe
uRun: [WizMouse] "e:\wizmouse\WizMouse.exe"
uRun: [LAVClock] e:\portable_lavclock2\bin\lavclock2.exe
uRun: [AntiFreeze] e:\antifreeze\AntiFreeze.exe /splash
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:\programme\ati technologies\ati control panel\atiptaxx.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [SQ931STI] c:\windows\SQ931STI.EXE
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [avgnt] "e:\avira\antivir desktop\avgnt.exe" /min
mRun: [SuRun Systemmenü-Erweiterung] c:\windows\SuRun.exe /SYSMENUHOOK
mRun: [itype] "c:\programme\microsoft intellitype pro\itype.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [KeyScrambler] e:\keyscrambler\getting_started.html
StartupFolder: c:\dokume~1\sabine\startm~1\startm~1\autost~1\hardcopy.lnk - e:\hardcopy\hardcopy.exe
StartupFolder: c:\dokume~1\sabine\startm~1\startm~1\autost~1\minipad2.lnk - e:\minipad\minipad2.exe
StartupFolder: c:\dokume~1\sabine\startm~1\startm~1\autost~1\phrase~1.lnk - e:\phraseexpress\phraseexpress.exe
StartupFolder: c:\dokume~1\sabine\startm~1\startm~1\autost~1\rocket~1.lnk - e:\rocketdock\RocketDock.exe
StartupFolder: c:\dokume~1\sabine\startm~1\startm~1\autost~1\stardo~1.lnk - e:\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\filebo~1.lnk - e:\filebx\FileBX.exe
uPolicies-explorer: NoSMBalloonTip = 0 (0x0)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: Add to Evernote - e:\evernote\enbar.dll/2000
IE: E&xport to Microsoft Excel - e:\msonen~1\office12\EXCEL.EXE/3000
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\programme\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\programme\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\programme\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\msonen~1\office12\ONBttnIE.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - e:\keyscrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\msonen~1\office12\REFIEBAR.DLL
Trusted Zone: maris.com\www.redshift
Trusted Zone: nexusradio.com\www
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://www.printsew.com/smsx.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\programme\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191977160734
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: {23A13F37-098E-4B5C-BA26-83B5CF30FD54} = 195.50.140.180 195.50.140.114
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - e:\ms onenote\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\dokume~1\sabine\lokale~1\anwend~1\skype\shared\SKYPE4~1.DLL
Notify: !SASWinLogon - e:\superantispyware\SASWINLO.dll
Notify: SuRun - SuRunExt.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - e:\superantispyware\SASSEH.DLL
SEH: SuRun Shell Extension: {2c7b6088-5a77-4d48-be43-30337dca9a86} - SuRunExt.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - e:\ms onenote\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 relog_ap
LSA: Notification Packages = :\windows\syste scecli
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\programme\pixiepack codec pack\InstallerHelper.exe

================= FIREFOX ===================

FF - ProfilePath - c:\dokume~1\sabine\anwend~1\mozilla\firefox\profiles\drhz5hax.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - component: c:\dokumente und einstellungen\sabine\anwendungsdaten\lamantine\sticky password\spautofill\components\spAutofill.dll
FF - component: c:\dokumente und einstellungen\sabine\anwendungsdaten\mozilla\firefox\profiles\drhz5hax.default\extensions\{0ed0633c-a54d-47f1-94e7-5bded41ae674}\components\FFExternalAlert.dll
FF - component: c:\dokumente und einstellungen\sabine\anwendungsdaten\mozilla\firefox\profiles\drhz5hax.default\extensions\{0ed0633c-a54d-47f1-94e7-5bded41ae674}\components\RadioWMPCore.dll
FF - component: c:\dokumente und einstellungen\sabine\anwendungsdaten\mozilla\firefox\profiles\drhz5hax.default\extensions\{22119944-ed35-4ab1-910b-e619ea06a115}\components\rfproxy_31.dll
FF - component: c:\dokumente und einstellungen\sabine\anwendungsdaten\mozilla\firefox\profiles\drhz5hax.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\dokumente und einstellungen\sabine\anwendungsdaten\mozilla\firefox\profiles\drhz5hax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\dokumente und einstellungen\sabine\anwendungsdaten\mozilla\firefox\profiles\drhz5hax.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar.dll
FF - component: c:\dokumente und einstellungen\sabine\anwendungsdaten\mozilla\firefox\profiles\drhz5hax.default\extensions\{e173b749-db5b-4fd2-ba0e-94ecea0ca55b}\components\npAFOM.dll
FF - component: c:\dokumente und einstellungen\sabine\anwendungsdaten\mozilla\firefox\profiles\drhz5hax.default\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}\platform\winnt_x86-msvc\components\winprocess.dll
FF - component: c:\dokumente und einstellungen\sabine\anwendungsdaten\mozilla\firefox\profiles\drhz5hax.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: e:\audialsone\mediaraptor\plugins\geckobased\mediaraptor-firefox-surf-and-catch-extension@audials.com\components\MR_WebRipFFPlugin.dll
FF - component: e:\audialsone\tunebite\plugins\geckobased\tunebite-firefox-surf-and-catch-extension@audials.com\components\TB_WebRipFFPlugin.dll
FF - plugin: c:\dokumente und einstellungen\sabine\anwendungsdaten\mozilla\firefox\profiles\drhz5hax.default\extensions\openxmlviewer@codeplex.com\plugins\npDocX.dll
FF - plugin: e:\audialsone\mediaraptor\plugins\geckobased\mediaraptor-firefox-surf-and-catch-extension@audials.com\plugins\np_MR_OgloPlugin.dll
FF - plugin: e:\audialsone\tunebite\plugins\geckobased\tunebite-firefox-surf-and-catch-extension@audials.com\plugins\np_TB_OgloPlugin.dll
FF - plugin: e:\divx\divx content uploader\npUpload.dll
FF - plugin: e:\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: e:\divx\divx web player\npdivx32.dll
FF - plugin: e:\firefox\plugins\NPMGWRAP.DLL
FF - plugin: e:\firefox\plugins\npsharedview.dll
FF - plugin: e:\firefox\plugins\npwachk.dll
FF - plugin: e:\firefox\plugins\npyaxmpb.dll
FF - plugin: e:\java\bin\new_plugin\npdeploytk.dll
FF - plugin: e:\java\bin\new_plugin\npjp2.dll
FF - plugin: e:\programme\realplayer\netscape6\nppl3260.dll
FF - plugin: e:\programme\realplayer\netscape6\nprjplug.dll
FF - plugin: e:\programme\realplayer\netscape6\nprpjplug.dll
FF - plugin: e:\quicktime\plugins\npqtplugin.dll
FF - plugin: e:\quicktime\plugins\npqtplugin2.dll
FF - plugin: e:\quicktime\plugins\npqtplugin3.dll
FF - plugin: e:\quicktime\plugins\npqtplugin4.dll
FF - plugin: e:\quicktime\plugins\npqtplugin5.dll
FF - plugin: e:\quicktime\plugins\npqtplugin6.dll
FF - plugin: e:\quicktime\plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - e:\firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
e:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
e:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
e:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
e:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
e:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
e:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
e:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
e:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
e:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
e:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2009-9-14 26120]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2009-9-14 20616]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2009-10-9 56208]
R0 OODrvled;OODrvled;c:\windows\system32\drivers\OODrvled.sys [2009-9-28 25608]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-8-23 28544]
R1 avgio;avgio;e:\avira\antivir desktop\avgio.sys [2009-7-19 11608]
R1 SASDIFSV;SASDIFSV;e:\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;e:\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 AntiVirSchedulerService;Avira AntiVir Planer;e:\avira\antivir desktop\sched.exe [2009-7-19 135336]
R2 AntiVirService;Avira AntiVir Guard;e:\avira\antivir desktop\avguard.exe [2009-7-19 267944]
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;e:\astra32\astra32.sys [2007-2-22 30864]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-15 60936]
R2 rvsport;RVS Virtual COM Port;c:\windows\system32\drivers\RVSPORT.SYS [2002-7-18 39936]
R2 Super User Run (SuRun) Service;Super User Run (SuRun) Service;c:\windows\SuRun.exe [2009-8-30 442412]
R2 Z-Cron;Z-Cron;e:\z-cron\z-cron.exe [2010-3-14 702856]
R3 AVWEBCAM;AV WebCam, WDM Video Capture;c:\windows\system32\drivers\avwebcam.sys [2010-9-23 13696]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2009-9-14 122504]
R3 ISDN_u;ISDN USB CAPI;c:\windows\system32\drivers\ISDN_u.sys [2003-4-19 732416]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-7-14 114024]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2010-11-2 23608]
R3 SQ931;HiCam USB 2.0 S931P;c:\windows\system32\drivers\Capt931a.sys [2007-9-3 530432]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2010-10-16 206608]
R3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys [2010-9-21 16256]
R3 WDMWANMP;NDIS WAN miniport;c:\windows\system32\drivers\wdmwanmp.sys [2003-1-13 26435]
S3 DfSdkS;Defragmentation-Service;e:\ashampoo winoptimizer 2010 advanced\DfSdkS.exe [2010-5-27 406016]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-9-14 8704]
S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2009-9-14 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-9-14 3072]
S3 FCUSB;Freecom Cable II USB Driver;c:\windows\system32\drivers\FCUSB.sys [2001-11-29 13104]
S3 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;e:\gfibac~1\GFIHSC~1.EXE [2009-10-12 2324848]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\programme\microsoft fix it center\Matsvc.exe [2010-4-10 266544]
S3 Media Jukebox 14 Service;Media Jukebox 14 Service;e:\mediajukebox\JRService.exe [2010-10-14 379400]
S3 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;e:\nitropdfreader\NitroPDFReaderDriverService.exe [2010-5-25 196912]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-13 14336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
S3 O&O DriveLED;O&O DriveLED Service;e:\oodriveled\oodlag.exe [2009-9-28 529664]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]
S3 RGService;RGService;e:\radioget\RGService.exe [2009-10-1 335872]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [2010-11-4 27192]
S3 RUBotted;Trend Micro RUBotted Service;c:\programme\trend micro\rubotted\TMRUBotted.exe [2010-10-16 582992]
S3 RvscomSv;RvscomSv;e:\rvs\wcom\system\RVSCOMSV.EXE [2002-7-19 139313]
S3 SASENUM;SASENUM;e:\superantispyware\SASENUM.SYS [2009-5-26 7408]
S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [2010-11-2 245760]
S3 tag2find$FileTrackingService;tag2find;e:\tag2find\0.10.2.5\T2FService.exe [2007-7-2 12288]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2010-10-16 206608]
S3 WinAutomation Service;WinAutomation Service;e:\winautomation\WinAutomation.ServiceAgent.exe [2009-12-11 147128]
S3 ZentimoService;Zentimo Assistant;e:\zentimo\ZentimoService.exe [2010-11-3 240976]
S4 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;e:\gfibac~1\GFIHINST.EXE [2009-10-12 440616]

=============== Created Last 30 ================

2010-11-04 22:32:22 27192 ----a-w- c:\windows\system32\drivers\rspSanity32.sys
2010-11-04 11:58:52 -------- d-----w- c:\dokume~1\alluse~1\anwend~1\F-Secure
2010-11-03 20:07:58 -------- d-----w- c:\dokume~1\sabine\anwend~1\Zentimo
2010-11-03 20:07:24 -------- d-----w- c:\dokume~1\alluse~1\anwend~1\ZentimoService
2010-11-03 18:17:20 321536 ----a-w- c:\windows\system32\sqlite36_engine.dll
2010-11-03 18:17:20 23552 ----a-w- c:\windows\system32\DirectCOM.dll
2010-11-03 18:17:19 500736 ----a-w- c:\windows\system32\dhRichClient3.dll
2010-11-03 18:13:05 126976 ----a-w- c:\windows\system32\MXSocket.DLL
2010-11-03 16:53:43 -------- d-----w- c:\dokume~1\sabine\lokale~1\anwend~1\PCHealth
2010-11-02 22:18:07 520192 ----a-w- c:\windows\system32\portraitsofautumn_3125138.scr
2010-11-02 22:18:07 -------- d-----w- c:\windows\system32\portraitsofautumn_3125138 dir
2010-11-02 22:17:39 674280 ----a-w- c:\windows\system32\tropicaltango_3151927.scr
2010-11-02 22:16:51 674280 ----a-w- c:\windows\system32\theolivetree_3147906.scr
2010-11-02 22:15:45 674280 ----a-w- c:\windows\system32\thelilypond_3142326.scr
2010-11-02 22:12:09 674280 ----a-w- c:\windows\system32\rosedance_3112166.scr
2010-11-02 22:11:25 674280 ----a-w- c:\windows\system32\playfulportrait_3269261.scr
2010-11-02 22:10:48 674280 ----a-w- c:\windows\system32\magnolias_3124667.scr
2010-11-02 22:10:13 674280 ----a-w- c:\windows\system32\flowerpots_3151926.scr
2010-11-02 22:09:39 674280 ----a-w- c:\windows\system32\feelingblue_3112167.scr
2010-11-02 22:05:38 674280 ----a-w- c:\windows\system32\swanlake_3124668.scr
2010-11-02 22:05:38 -------- d-----w- c:\dokume~1\alluse~1\anwend~1\Screentime
2010-11-02 22:04:45 -------- d-----w- c:\dokume~1\sabine\lokale~1\anwend~1\Screentime
2010-11-02 11:16:47 -------- d-----w- C:\Converted
2010-11-02 11:12:08 245760 ----a-w- c:\windows\system32\snmvtsvc.exe
2010-11-02 11:12:07 5688 ----a-w- c:\windows\system32\SndTVideo.sys
2010-11-02 11:12:07 14392 ----a-w- c:\windows\system32\SndTVideo.dll
2010-11-02 11:12:06 23608 ----a-w- c:\windows\system32\SndTAudio.sys
2010-11-02 11:12:06 23608 ----a-w- c:\windows\system32\drivers\SndTAudio.sys
2010-10-31 22:54:33 -------- d-----w- c:\dokume~1\sabine\anwend~1\Digiarty
2010-10-31 11:51:25 -------- d-----w- c:\dokume~1\sabine\anwend~1\Malwarebytes
2010-10-31 11:51:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-31 11:51:04 -------- d-----w- c:\dokume~1\alluse~1\anwend~1\Malwarebytes
2010-10-31 11:51:03 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-31 11:37:03 -------- d---a-w- c:\windows\rundll16.exe
2010-10-31 11:37:03 -------- d---a-w- c:\windows\logo1_.exe
2010-10-31 11:35:33 -------- d-----w- c:\programme\gemeinsame dateien\MicroWorld
2010-10-31 11:35:10 -------- d-----w- c:\dokume~1\alluse~1\anwend~1\MicroWorld
2010-10-31 01:56:51 -------- d---a-w- c:\windows\VDLL.DLL
2010-10-31 01:56:51 -------- d---a-w- c:\windows\system32\runouce.exe
2010-10-31 01:56:51 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-10-31 01:56:51 -------- d---a-w- c:\windows\logo_1.exe
2010-10-31 01:55:13 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-10-31 01:55:12 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-10-31 01:55:10 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-10-31 01:55:07 153600 ----a-w- c:\windows\REGEDIT.COM
2010-10-31 01:55:07 153600 ----a-w- c:\windows\R.COM
2010-10-31 01:55:07 140800 ----a-w- c:\windows\system32\TASKMGR.COM
2010-10-31 01:55:07 140800 ----a-w- c:\windows\system32\T.COM
2010-10-30 05:17:56 -------- d-----w- c:\dokume~1\sabine\lokale~1\anwend~1\Audible
2010-10-30 05:17:24 255352 ----a-w- c:\windows\system32\awrdscdc.ax
2010-10-30 05:17:10 24576 ------w- c:\windows\system32\msxml3a.dll
2010-10-29 21:12:51 -------- d-----w- c:\dokume~1\sabine\lokale~1\anwend~1\Pictomio
2010-10-29 21:12:51 -------- d-----w- c:\dokume~1\alluse~1\anwend~1\Pictomio
2010-10-29 21:12:30 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2010-10-29 21:12:27 -------- d-----w- c:\windows\Logs
2010-10-29 01:22:29 -------- d-----w- c:\programme\Z-FTPcopy
2010-10-28 10:58:15 -------- d-----w- C:\backup
2010-10-24 17:26:56 -------- d-----w- c:\dokume~1\sabine\anwend~1\DeviceDoctorSoftware
2010-10-24 16:58:45 1686016 ----a-w- c:\windows\system32\clinetsuitex6.ocx
2010-10-24 15:11:09 -------- d-----we C:\i386
2010-10-24 10:10:58 -------- d-----w- c:\dokume~1\sabine\lokale~1\anwend~1\Innovative Solutions
2010-10-22 18:22:18 -------- d-----w- c:\programme\Microsoft IntelliType Pro
2010-10-22 02:14:59 -------- d-----w- c:\dokumente und einstellungen\sabine\Backups
2010-10-21 22:40:11 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-10-21 15:20:53 -------- d-----w- c:\dokume~1\sabine\anwend~1\EurekaLog
2010-10-21 12:24:17 -------- d-----w- c:\dokume~1\sabine\anwend~1\Start Menu 7
2010-10-20 10:04:14 -------- d-----w- c:\dokume~1\sabine\anwend~1\Lamantine
2010-10-19 11:08:48 -------- d-----w- c:\dokume~1\sabine\lokale~1\anwend~1\FreePDF_XP
2010-10-19 10:38:50 45056 ----a-w- c:\windows\system32\unredmon.exe
2010-10-19 10:38:50 116224 ----a-w- c:\windows\system32\redmonnt.dll
2010-10-19 10:38:49 -------- d-----w- c:\programme\FreePDF_XP
2010-10-19 10:38:49 -------- d-----w- c:\dokume~1\alluse~1\anwend~1\FreePDF
2010-10-19 03:07:13 1593344 ----a-w- c:\windows\system32\SE-SOFT.Scr
2010-10-17 02:05:23 -------- d-----w- c:\dokume~1\sabine\anwend~1\Efficient Lady's Organizer Free
2010-10-16 19:42:56 -------- d-----w- c:\dokume~1\alluse~1\anwend~1\Norton
2010-10-16 19:42:50 -------- d-----w- c:\dokume~1\sabine\lokale~1\anwend~1\NPE
2010-10-16 18:20:43 206608 ----a-w- c:\windows\system32\drivers\TMPassthru.sys
2010-10-16 18:20:40 -------- d-----w- c:\programme\Trend Micro
2010-10-16 16:31:05 -------- d-----w- c:\dokume~1\sabine\lokale~1\anwend~1\AeroSnapApp
2010-10-16 16:31:05 -------- d-----w- c:\dokume~1\sabine\anwend~1\AeroSnapApp
2010-10-16 11:49:01 -------- d-----w- c:\dokume~1\alluse~1\anwend~1\Easy Photo Sorter
2010-10-16 11:41:08 -------- d-----w- c:\programme\gemeinsame dateien\Windows Live
2010-10-14 22:15:47 90112 ----a-w- c:\windows\system32\ccrpTmr6.dll
2010-10-14 16:48:57 -------- d-----w- c:\dokume~1\sabine\anwend~1\MusicBee
2010-10-14 14:47:54 -------- d-----w- c:\dokume~1\sabine\lokale~1\anwend~1\SRS Labs
2010-10-14 14:46:05 -------- d-----w- c:\dokume~1\alluse~1\anwend~1\SRS Labs
2010-10-14 14:43:55 268912 ----a-r- c:\windows\system32\drivers\SRS_SSCFilter_i386.sys
2010-10-14 13:52:35 76 ----a-w- c:\windows\system32\dtirc.dll
2010-10-14 13:52:35 621056 ------w- c:\windows\system32\MJ14.exe
2010-10-14 13:52:31 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-10-14 13:51:03 -------- d-----w- c:\dokume~1\sabine\anwend~1\J River
2010-10-14 12:07:57 -------- d-----w- c:\dokume~1\sabine\anwend~1\Songbird2
2010-10-14 03:43:26 -------- d-----w- c:\dokume~1\sabine\anwend~1\JAM Software
2010-10-14 02:21:38 -------- d-----w- c:\dokume~1\sabine\anwend~1\AceBIT
2010-10-14 02:21:20 845312 ----a-w- c:\windows\system32\acebitaw.dll
2010-10-14 02:17:48 733184 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\10\01\intel32\iKernel.dll
2010-10-14 02:17:48 69715 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\10\01\intel32\ctor.dll
2010-10-14 02:17:48 5632 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\10\01\intel32\DotNetInstaller.exe
2010-10-14 02:17:48 266240 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\10\01\intel32\iscript.dll
2010-10-14 02:17:48 172032 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\10\01\intel32\iuser.dll
2010-10-14 02:17:43 303236 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\10\01\intel32\setup.dll
2010-10-14 02:17:43 180356 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\10\01\intel32\iGdi.dll
2010-10-12 01:08:59 -------- d-----w- c:\dokume~1\sabine\anwend~1\.anki
2010-10-10 11:02:40 -------- d-----w- c:\windows\AllMySongs Database

==================== Find3M ====================

2010-10-20 09:35:40 25088 ----a-w- c:\windows\system32\defrag.exe
2010-09-25 01:50:00 107 ----a-w- c:\windows\system32\stech202.dll
2010-09-24 16:38:18 107 ----a-w- c:\windows\system32\bup202.dll
2010-09-24 13:04:04 155 ----a-w- c:\windows\system32\ddstech205.dll
2010-09-24 13:04:04 155 ----a-w- c:\windows\system32\ddbup205.dll
2010-09-18 10:22:58 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:52:56 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:52:56 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:52:56 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-17 09:14:58 892928 ----a-w- c:\windows\system32\iconv.dll
2010-09-17 09:14:54 577536 ----a-w- c:\windows\system32\ac3filter.ax
2010-09-12 09:22:22 249856 ------w- c:\windows\Setup1.exe
2010-09-12 09:22:21 73216 ----a-w- c:\windows\temp.001
2010-09-11 09:33:47 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2010-09-10 05:47:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:47:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:47:49 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 22:10:52 169296 ------w- c:\windows\system32\FAMCOM.dll
2010-09-03 14:26:50 3259392 ----a-w- c:\windows\fanflame.scr
2010-09-01 11:50:43 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:54:46 1852928 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:01:37 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:36 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43:50 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-24 15:24:42 684032 ----a-w- c:\windows\system32\yowindow.scr
2010-08-23 16:11:49 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:44:05 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-12 16:12:14 28672 ----a-w- c:\windows\system32\PCWinSoftPBar.ocx
2010-08-10 19:23:54 905728 ----a-w- c:\windows\system32\perfectclock2007.scr
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-01-12 06:15:52 71096 --sha-r- c:\windows\system32\NMSAccess32.exe

============= FINISH: 2:44:23,57 ===============

Attached File  Attach.txt   21.21KB   0 downloads
Attached File  ark.txt   50.31KB   0 downloads
If you do not the expect the unexpected you will not find it, for it is not to be reached by search or trail. (Heraklit)
Miracles are Interactive Events that have a Beginning inside of You. At the Level of Desire You Create the Seeds of Miracles. Whatever you focus on, you will experience. Anything in this world is possible if you have a strong belief

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:58 PM

Posted 14 November 2010 - 07:10 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 crystal07

crystal07
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:58 AM

Posted 14 November 2010 - 06:11 PM

Hello Elise,

Thank you so much for getting back to me. I am very grateful for your help and hope, we can find the cause of my problem and get it fixed.
So, I include the description here again, as I think its easier to have it all together on one place. Since about 10 days or so my PC shows a weird behavior:

I don't know if these are separated problems or a series of one problem. Anyway, it started with that every now and then my PC became very slow, so I couldn't almost move the mouse cursor, lasting a few seconds or minutes and then it went to normal again. I noticed that svchost.exe used a lot of CPU at these times.
Next I noticed that a few of my program folders (all portable programs) were simply vanished without any trace.
Then next suddenly a program I just had started to use - Sticky Passwords - (portable version) crashed, freezing my entire PC.
Next, Windows Media Player suddenly does not play wav files anymore and mp3 only if no other player is open. This may have been since longer, but since mostly I use Mediamonkey or Foobar, I just noticed it now.
The next weird thing was a sudden runtime error on closing MS Word. I am using an addon, Metatexis, which I need as translator, and the error was obviously caused due to a corrupted file - but the weird things is, nothing had happened that could have caused that, no crash, nothing. Anyway, reinstalling Metatexis solved it. But I think, the deeper cause is somewhere else.
Also, 2 or 3 times (for example when copying files) I got an error message saying, there are not enough ressources for this action, too many GDI-objects (??).
Now finally the worst. The periods of slowing down haven't come back, so no mouse cursor freezing anymore. Instead, after a few hours, and completely out of the blue, my Anvir taskmanager (that runs on my PC since almost 2 years without any problem ever) pops up piles of windows notifying me it found new startup items - however, there is not one new, but its all items that I have in autostart since "ages". If I close these windows, it starts to pop them up again (and lists all old items as new ones). It seems every startup item is suddenly removed and right away re-entered - I have no idea, what could cause that. Right after that each and every running application terminates itself - they do not crash, they simply show as terminated, and several display items get screwed up (like my desktop dock menues fall into parts, suddenly all firefox tabs labels, text on websites etc. vanish, everything freezes and things like: if I just worked on something, like a Word file, and I try to save it, I am getting error messages saying, the disc is full or similar (which is not really the case, there is plenty of space on my disc) or an error message in Thunderbird on trying to move sth into the junk folder - also says, the junk folder would be full - which is not the case - or this: my object dock started without any icons and theme on it, on a wrong place and when I looked into the settings folder it appeared, that the setting files were replaced with fresh written files without any of my settings. etc.), I can`t even start taskmanager (getting an error message, it could not be intialized) or anything and all I can do is power off, or, if I'm lucky restart. Short - a bunch of exteremly weird things happen.

After restart everything is fine. This weird behavior happens after hours of running. So, after restart, usually everything is okay for 8 to 12 hours and suddenly the nightmare begins, no matter what I am just doing, if I work with MS Word, or just simply read a website.

I have checked Anvir's logfile but there is absolutely nothing that indicates what it causes. Except that 5-7 minutes before the Avira avwsc.exe was starting and terminating (which is strange too, since normally it shows as avwsc.exe (lower case), but since 3 days sometimes it shows in uppercase as well as AVWESC.EXE - but I can't find any second avwsc on my PC, besides the file in the Avira folder). Also, nothing unusal in the eventviewer.

So far I did run the Dell utilities for checking hardware (memtest, CPU etc.) - no error found. Crystal Disk info - everything fine. Scandisk - no error found.
System file check - nothing replaced (I have even purged the dllcache prior to this just to be sure).
Scanned with Avira, Malwarebyte, Super Antimalware, Rootkit Revealer RUBotted, Norman Malware Cleaner - nothing found.
Hijackthis doesn't show anything unusual.

Thanks again, Sabine

Now the log files:
----------------------
1. OTL.txt
---------------
OTL logfile created on: 14.11.2010 20:30:39 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\sabine\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 31,21 Gb Total Space | 14,65 Gb Free Space | 46,94% Space Free | Partition Type: NTFS
Drive E: | 30,33 Gb Total Space | 6,49 Gb Free Space | 21,41% Space Free | Partition Type: FAT32
Drive F: | 78,70 Gb Total Space | 34,18 Gb Free Space | 43,43% Space Free | Partition Type: NTFS
Drive G: | 10,30 Gb Total Space | 2,36 Gb Free Space | 22,90% Space Free | Partition Type: FAT32
Drive H: | 79,22 Gb Total Space | 45,77 Gb Free Space | 57,78% Space Free | Partition Type: NTFS
Drive O: | 19,52 Gb Total Space | 5,97 Gb Free Space | 30,57% Space Free | Partition Type: FAT32
Drive P: | 19,53 Gb Total Space | 18,39 Gb Free Space | 94,12% Space Free | Partition Type: NTFS
Drive Q: | 19,52 Gb Total Space | 8,36 Gb Free Space | 42,80% Space Free | Partition Type: FAT32
Drive R: | 18,07 Gb Total Space | 15,18 Gb Free Space | 84,00% Space Free | Partition Type: FAT32
Drive S: | 232,88 Gb Total Space | 107,66 Gb Free Space | 46,23% Space Free | Partition Type: NTFS
Drive T: | 244,76 Gb Total Space | 91,96 Gb Free Space | 37,57% Space Free | Partition Type: NTFS
Drive U: | 245,26 Gb Total Space | 101,31 Gb Free Space | 41,31% Space Free | Partition Type: NTFS
Drive V: | 204,98 Gb Total Space | 189,78 Gb Free Space | 92,59% Space Free | Partition Type: NTFS
Drive W: | 236,51 Gb Total Space | 219,15 Gb Free Space | 92,66% Space Free | Partition Type: NTFS

Computer Name: METATRON | User Name: sabine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010.11.14 20:21:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\sabine\Desktop\OTL.exe
PRC - [2010.11.03 01:16:12 | 000,910,296 | ---- | M] (Mozilla Corporation) -- E:\Firefox\firefox.exe
PRC - [2010.11.02 13:17:00 | 000,281,768 | ---- | M] (Avira GmbH) -- E:\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.02 13:17:00 | 000,267,944 | ---- | M] (Avira GmbH) -- E:\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.02 13:17:00 | 000,135,336 | ---- | M] (Avira GmbH) -- E:\Avira\AntiVir Desktop\sched.exe
PRC - [2010.09.17 16:33:40 | 006,511,472 | ---- | M] (Bartels Media GmbH) -- E:\PhraseExpress\phraseexpress.exe
PRC - [2010.08.17 11:00:02 | 001,727,488 | ---- | M] (sw4you, Siegfried Weckmann) -- E:\Hardcopy\hardcopy.exe
PRC - [2010.06.28 10:44:22 | 000,435,712 | ---- | M] (LAVResearch) -- E:\portable_lavclock2\bin\lavclock2.exe
PRC - [2010.05.23 11:16:54 | 000,723,248 | ---- | M] (Antibody Software) -- E:\WizMouse\WizMouse.exe
PRC - [2010.03.23 15:39:26 | 008,319,560 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Thunderbird\thunderbird.exe
PRC - [2010.03.14 20:51:50 | 000,702,856 | ---- | M] (A.Baumann IMU-BerliNet) -- E:\Z-Cron\z-cron.exe
PRC - [2010.01.14 21:10:54 | 000,076,968 | ---- | M] (Avira GmbH) -- E:\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.11.04 23:20:38 | 000,102,312 | ---- | M] (Marek Jasinski & contributors) -- E:\Freecommander_portable\FreeCommanderPortable\FreeCommanderPortable.exe
PRC - [2009.10.31 21:19:30 | 001,393,152 | ---- | M] (Marek Jasinski - www.FreeCommander.com) -- E:\Freecommander_portable\FreeCommanderPortable\App\FreeCommander\FreeCommander.exe
PRC - [2009.10.13 00:16:18 | 003,102,944 | ---- | M] (AnVir Software) -- E:\AnVir Taskmanager\AnVir Task Manager\AnVir.exe
PRC - [2009.09.28 20:20:54 | 000,175,616 | ---- | M] () -- E:\Minipad\minipad2.exe
PRC - [2009.08.30 16:59:35 | 000,442,412 | ---- | M] (http://kay-bruns.de) -- C:\WINDOWS\SuRun.exe
PRC - [2009.05.27 14:46:44 | 000,432,640 | ---- | M] (Hyperionics Technology LLC) -- E:\FileBX\FileBX.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.12.16 16:57:48 | 000,139,776 | ---- | M] (Resplendence Software Projects Sp.) -- E:\AntiFreeze\AntiFreeze.exe
PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- E:\RocketDock\RocketDock.exe
PRC - [2007.04.30 19:43:54 | 003,450,608 | ---- | M] (Stardock) -- E:\Stardock\ObjectDock\ObjectDock.exe
PRC - [2007.01.24 13:24:26 | 000,151,552 | ---- | M] () -- C:\WINDOWS\SQ931STI.exe
PRC - [2005.09.08 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005.03.22 23:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004.11.09 21:18:42 | 000,118,272 | ---- | M] (TuneUp Software GmbH) -- E:\TuneUp\WinStylerThemeSvc.exe
PRC - [2002.07.19 00:00:00 | 000,430,127 | ---- | M] (Living Byte Software GmbH, München) -- E:\RVS\WCOM\SYSTEM\RVSINST.EXE
PRC - [2002.07.19 00:00:00 | 000,213,035 | ---- | M] (Living Byte Software GmbH, München) -- E:\RVS\WCOM\SYSTEM\RVSCC.EXE


========== Modules (SafeList) ==========

MOD - [2010.11.14 20:21:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\sabine\Desktop\OTL.exe
MOD - [2010.08.23 17:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010.04.21 11:00:36 | 000,058,368 | ---- | M] () -- E:\Hardcopy\HcDLL2_30_Win32.dll
MOD - [2010.01.28 12:55:20 | 000,061,952 | ---- | M] (LAVResearch) -- E:\portable_lavclock2\bin\lavclock.dll
MOD - [2009.10.13 00:16:02 | 000,102,112 | ---- | M] (AnVir Software) -- E:\AnVir Taskmanager\AnVir Task Manager\AnvirHook61.dll
MOD - [2009.08.30 16:59:35 | 000,139,320 | ---- | M] (http://kay-bruns.de) -- C:\WINDOWS\SuRunExt.dll
MOD - [2009.05.27 14:46:44 | 000,301,568 | ---- | M] (Hyperionics Technology LLC) -- E:\FileBX\FileBXH.dll
MOD - [2008.04.14 03:22:32 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008.04.14 03:22:32 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll
MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- E:\RocketDock\RocketDock.dll
MOD - [2007.04.30 19:18:50 | 000,112,400 | ---- | M] () -- E:\Stardock\ObjectDock\DockShellHook.dll
MOD - [2004.11.09 21:16:58 | 000,076,288 | ---- | M] () -- E:\TuneUp\WinStylerThemeHelper.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.11.02 13:17:00 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.02 13:17:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.10.28 13:02:14 | 000,240,976 | ---- | M] () [On_Demand | Stopped] -- E:\Zentimo\ZentimoService.exe -- (ZentimoService)
SRV - [2010.10.26 19:42:32 | 002,324,848 | ---- | M] (GFI Software Ltd.) [On_Demand | Stopped] -- E:\GFI Backup 2009 - Home Edition\GFIHSched.exe -- (GFIBckHSched)
SRV - [2010.10.22 04:02:42 | 000,245,760 | ---- | M] (SMServer) [On_Demand | Stopped] -- C:\WINDOWS\System32\snmvtsvc.exe -- (SMServer)
SRV - [2010.08.13 08:13:32 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010.07.15 23:28:46 | 000,379,400 | ---- | M] (J. River, Inc.) [On_Demand | Stopped] -- E:\MediaJukebox\JRService.exe -- (Media Jukebox 14 Service)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010.06.16 14:39:30 | 000,147,128 | ---- | M] (Softomotive) [On_Demand | Stopped] -- E:\WinAutomation\WinAutomation.ServiceAgent.exe -- (WinAutomation Service)
SRV - [2010.05.25 12:00:52 | 000,196,912 | ---- | M] (Nitro PDF Software) [On_Demand | Stopped] -- E:\NitroPDFReader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool)
SRV - [2010.04.10 16:05:58 | 000,266,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010.03.29 00:37:12 | 000,604,488 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2010.03.29 00:37:09 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.03.14 20:51:50 | 000,702,856 | ---- | M] (A.Baumann IMU-BerliNet) [Auto | Running] -- E:\Z-Cron\z-cron.exe -- (Z-Cron)
SRV - [2010.02.19 19:31:44 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009.11.16 11:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.09.28 16:23:28 | 000,529,664 | ---- | M] (O&O Software GmbH) [On_Demand | Stopped] -- E:\OODriveLED\oodlag.exe -- (O&O DriveLED)
SRV - [2009.09.28 16:13:04 | 000,335,872 | ---- | M] () [On_Demand | Stopped] -- E:\RadioGet\RGService.exe -- (RGService)
SRV - [2009.09.15 09:33:20 | 000,440,616 | ---- | M] (GFI Software Ltd.) [Disabled | Stopped] -- E:\GFI Backup 2009 - Home Edition\GFIHInst.exe -- (GFIBckHAtt)
SRV - [2009.08.30 16:59:35 | 000,442,412 | ---- | M] (http://kay-bruns.de) [Auto | Running] -- C:\WINDOWS\SuRun.exe -- (Super User Run (SuRun) Service) Super User Run (SuRun)
SRV - [2009.08.24 21:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- E:\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe -- (DfSdkS)
SRV - [2009.01.12 07:15:52 | 000,071,096 | RHS- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\NMSAccess32.exe -- (NMSAccess)
SRV - [2008.11.06 10:33:54 | 000,582,992 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Programme\Trend Micro\RUBotted\TMRUBotted.exe -- (RUBotted)
SRV - [2008.11.04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.10.25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\MS OneNote\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007.08.30 09:27:42 | 000,165,120 | ---- | M] (Avanquest Software USA, Inc.) [Disabled | Stopped] -- E:\FixIt\mxtask.exe -- (Fix-It Task Manager)
SRV - [2007.07.02 17:05:46 | 000,012,288 | ---- | M] (tag2find) [On_Demand | Stopped] -- E:\tag2find\0.10.2.5\T2FService.exe -- (tag2find$FileTrackingService)
SRV - [2006.11.10 19:18:02 | 000,774,144 | ---- | M] (Nero AG) [On_Demand | Stopped] -- E:\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.19 12:52:24 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006.01.05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- E:\ISOrecorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005.11.16 16:05:42 | 000,172,032 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2005.06.21 21:19:38 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)
SRV - [2005.01.10 11:10:36 | 000,729,088 | ---- | M] (Wacom Technology, Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)
SRV - [2004.11.09 21:18:42 | 000,118,272 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- E:\TuneUp\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc)
SRV - [2004.10.22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2002.07.19 00:00:00 | 000,430,127 | ---- | M] (Living Byte Software GmbH, München) [Auto | Running] -- E:\RVS\WCOM\SYSTEM\RVSINST.EXE -- (RVSINST)
SRV - [2002.07.19 00:00:00 | 000,213,035 | ---- | M] (Living Byte Software GmbH, München) [Auto | Running] -- E:\RVS\WCOM\SYSTEM\RVSCC.EXE -- (RvsCC)
SRV - [2002.07.19 00:00:00 | 000,139,313 | ---- | M] (Living Byte Software GmbH, München) [On_Demand | Stopped] -- E:\RVS\WCOM\SYSTEM\RVSCOMSV.EXE -- (RvscomSv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- H:\Temp\00000e99.nmc\nse\bin\ndiskio.sys -- (NDISKIO)
DRV - [2010.11.02 13:16:59 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.02 13:16:59 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.22 08:43:16 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2010.09.17 10:15:04 | 000,016,256 | ---- | M] (Windows ® DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vad.sys -- (VAD_DEV)
DRV - [2010.08.23 17:07:28 | 000,027,192 | ---- | M] (Resplendence Software Projects Sp.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rspSanity32.sys -- (rspSanity)
DRV - [2010.06.25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2010.06.24 15:08:16 | 000,056,208 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hotcore3.sys -- (hotcore3)
DRV - [2010.05.07 14:11:14 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2009.12.28 14:26:44 | 000,385,544 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2009.12.28 14:26:44 | 000,034,392 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2009.12.15 13:41:30 | 000,268,912 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM)
DRV - [2009.09.28 15:24:10 | 000,025,608 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\OODrvled.sys -- (OODrvled)
DRV - [2009.09.11 13:03:02 | 000,037,664 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2009.09.04 02:43:22 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009.07.28 20:31:52 | 000,020,616 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eufs.sys -- (EUFS)
DRV - [2009.07.28 20:31:50 | 000,014,216 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2009.07.28 20:31:48 | 000,026,120 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2009.07.28 20:31:46 | 000,122,504 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EuDisk.sys -- (EuDisk)
DRV - [2009.05.26 10:05:56 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- E:\SuperAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009.05.26 10:05:54 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\SuperAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.05.26 10:05:52 | 000,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\SuperAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009.05.11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.22 13:28:08 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2009.04.22 13:28:06 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009.03.24 12:03:08 | 000,007,808 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009.03.02 12:41:49 | 000,029,184 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)
DRV - [2009.02.17 18:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009.02.13 11:35:02 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.01.18 22:24:40 | 000,114,024 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2008.06.19 16:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008.04.13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2008.04.13 19:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008.04.13 19:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008.04.13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.03.02 02:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TMPassthru.sys -- (TMPassthruMP)
DRV - [2008.03.02 02:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TMPassthru.sys -- (TMPassthru)
DRV - [2008.01.11 17:23:44 | 000,013,696 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avwebcam.sys -- (AVWEBCAM)
DRV - [2007.02.22 11:28:48 | 000,030,864 | ---- | M] (Licensed for Sysinfo Lab) [Kernel | Auto | Running] -- E:\ASTRA32\astra32.sys -- (ASTRA32)
DRV - [2007.01.25 10:07:06 | 000,530,432 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Capt931a.sys -- (SQ931)
DRV - [2006.06.09 13:49:41 | 000,019,200 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006.04.27 21:33:34 | 000,249,152 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2006.04.27 21:33:34 | 000,030,688 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2005.11.16 21:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005.09.12 03:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005.09.08 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005.09.08 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005.09.08 05:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005.09.08 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005.09.08 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005.09.08 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005.09.08 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005.08.25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005.08.25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005.08.12 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005.08.04 04:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.04.12 09:41:20 | 000,004,608 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2004.08.03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004.03.22 20:52:12 | 000,301,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd.sys -- (snpstd) USB PC Camera (SN9C102)
DRV - [2003.04.19 02:14:48 | 000,732,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ISDN_u.sys -- (ISDN_u)
DRV - [2003.01.13 09:41:58 | 000,026,435 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdmwanmp.sys -- (WDMWANMP)
DRV - [2002.07.18 23:00:00 | 000,039,936 | ---- | M] (Living Byte Software GmbH, München) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rvsport.sys -- (rvsport)
DRV - [2001.11.29 12:05:36 | 000,013,104 | ---- | M] (Freecom Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FCUSB.sys -- (FCUSB)
DRV - [2001.08.18 04:22:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001.08.17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001.08.17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001.08.17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001.08.17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001.08.17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001.08.17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001.08.17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001.08.17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001.08.17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001.08.17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001.08.17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001.08.17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001.08.17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001.08.17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001.04.09 11:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PenClass.sys -- (PenClass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3356698313-248671706-776473524-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3356698313-248671706-776473524-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3356698313-248671706-776473524-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.online-translator.com/Default.aspx?prmtlang=de
IE - HKU\S-1-5-21-3356698313-248671706-776473524-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.searchbox.width: 360
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: tunebite-firefox-surf-and-catch-extension@audials.com:1.4.7600.0
FF - prefs.js..extensions.enabledItems: mediaraptor-firefox-surf-and-catch-extension@audials.com:1.4.7700.0
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.96
FF - prefs.js..extensions.enabledItems: {131AB333-2B69-4825-9791-757C048A9F8B}:1.3.2.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: abhere2@moztw.org:3.5.20091115
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {966762eb-7132-4081-ac70-20d20161ad96}:3.2
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.2.1
FF - prefs.js..extensions.enabledItems: {71C54606-83ED-4ea6-9315-1AAB29466D33}:3.1
FF - prefs.js..extensions.enabledItems: beysim@beysim.net:1.7
FF - prefs.js..extensions.enabledItems: {a0faa0a4-f1a7-4098-9a74-21efc3a92372}:4.0.0
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: dropio@dropio:2.0.1
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.106602
FF - prefs.js..extensions.enabledItems: {a2e6849b-7584-11da-8cd6-0800200c9a66}:1.4.5
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.6.6
FF - prefs.js..extensions.enabledItems: {0ed0633c-a54d-47f1-94e7-5bded41ae674}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {9220f99f-5b7d-4a4d-97ca-209991796400}:1.5
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.5
FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.4.1.1
FF - prefs.js..extensions.enabledItems: launchy@gemal.dk:4.4.0
FF - prefs.js..extensions.enabledItems: mtrans@majstro.com:1.1
FF - prefs.js..extensions.enabledItems: {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}:3.0
FF - prefs.js..extensions.enabledItems: nt@tumbledesign.com:0.3
FF - prefs.js..extensions.enabledItems: {1ced4832-f06e-413f-aa14-9eb63ad40ace}:1.0.2
FF - prefs.js..extensions.enabledItems: OpenXMLViewer@Codeplex.com:1.0.0.0
FF - prefs.js..extensions.enabledItems: {a1f99b9c-30d3-4848-a646-afd282011a72}:0.7.1.4
FF - prefs.js..extensions.enabledItems: {C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}:0.6.0.5
FF - prefs.js..extensions.enabledItems: rsDownloadHelper@yevgenyandrov.net:1.0
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
FF - prefs.js..extensions.enabledItems: regexptester@sebastianzartner.ath.cx:3.1.10
FF - prefs.js..extensions.enabledItems: researchword@scott:1.3.7
FF - prefs.js..extensions.enabledItems: SQLiteManager@mrinalkant.blogspot.com:0.5.17
FF - prefs.js..extensions.enabledItems: {305cdad7-3fd0-c3df-5947-68e5318f5a1c}:1.78
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.6.6
FF - prefs.js..extensions.enabledItems: seoquake-plugin-seolinx@seoquake.com:1.0.2
FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19
FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1
FF - prefs.js..extensions.enabledItems: calculator@cmcculloh:2.1
FF - prefs.js..extensions.enabledItems: {54affe52-8223-453b-be1e-2fe2e250045c}:4.1.1.190
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: tabtowindow@sogame.cat:1.2.9
FF - prefs.js..extensions.enabledItems: spam@trashmail.net:2.0.4
FF - prefs.js..extensions.enabledItems: {eecba28f-b68b-4b3a-b501-6ce12e6b8696}:0.7.3
FF - prefs.js..extensions.enabledItems: wikilook@testpilot:2.5.5
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: {9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA}:0.6.0.2

FF - HKLM\software\mozilla\eMusic Remote\Extensions\\Components: E:\eMusic Remote\xulrunner\components [2007.09.30 01:33:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Remote\Extensions\\Plugins: E:\eMusic Remote\xulrunner\plugins [2007.09.30 01:33:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\remoteExt@emusic.com: E:\eMusic Remote\remoteExt [2007.09.30 01:33:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Programme\Siber Systems\AI RoboForm\Firefox [2008.06.06 18:59:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\tunebite-firefox-surf-and-catch-extension@audials.com: E:\AudialsOne\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\ [2009.09.25 23:48:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\mediaraptor-firefox-surf-and-catch-extension@audials.com: E:\AudialsOne\Mediaraptor\plugins\GeckoBased\mediaraptor-firefox-surf-and-catch-extension@audials.com\ [2009.09.25 23:50:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: E:\Firefox\components [2006.04.28 00:45:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: E:\Firefox\plugins [2006.04.28 00:45:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Components: E:\Firefox\components [2006.04.28 00:45:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Plugins: E:\Firefox\plugins [2006.04.28 00:45:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.03.23 15:39:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.05.02 22:04:34 | 000,000,000 | ---D | M]

[2010.10.14 14:17:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Extensions
[2009.09.21 22:28:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Extensions_BackupLiberkey
[2009.06.04 20:20:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Extensions_BackupLiberkey\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.11.14 11:01:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions
[2006.04.27 23:59:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{00D4154F-96D3-41ff-8E8E-113596D8670B}
[2010.03.03 14:24:52 | 000,000,000 | ---D | M] (Free Traffic Bar Toolbar) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{0ed0633c-a54d-47f1-94e7-5bded41ae674}
[2009.06.04 20:24:33 | 000,000,000 | ---D | M] (About Menu) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{131AB333-2B69-4825-9791-757C048A9F8B}
[2009.09.16 11:34:37 | 000,000,000 | ---D | M] (Nuke Anything Enhanced) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}
[2010.04.30 22:45:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.08.27 01:44:56 | 000,000,000 | ---D | M] (AI Roboform Toolbar for Firefox) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}
[2010.05.04 11:48:27 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2010.03.03 14:24:50 | 000,000,000 | ---D | M] (SearchBox Companion) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{305cdad7-3fd0-c3df-5947-68e5318f5a1c}
[2010.09.18 22:46:43 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010.02.09 11:15:35 | 000,000,000 | ---D | M] (ShowIP) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2010.02.10 07:45:52 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2010.10.13 23:39:53 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2009.07.07 22:53:50 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{71C54606-83ED-4ea6-9315-1AAB29466D33}
[2009.10.13 15:31:55 | 000,000,000 | ---D | M] (IE Tab) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010.08.16 13:08:53 | 000,000,000 | ---D | M] (deskCut) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{9125C9CB-BE2B-4389-A0C7-46A4BDD46AEA}
[2010.03.19 03:47:23 | 000,000,000 | ---D | M] (Gutscheinaffe) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{9220f99f-5b7d-4a4d-97ca-209991796400}
[2010.11.03 01:17:21 | 000,000,000 | ---D | M] (Clip to OneNote) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{966762eb-7132-4081-ac70-20d20161ad96}
[2010.09.25 05:51:26 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010.07.24 14:20:23 | 000,000,000 | ---D | M] (DictionarySearch) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372}
[2009.06.04 20:24:43 | 000,000,000 | ---D | M] (Print Preview) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{a1f99b9c-30d3-4848-a646-afd282011a72}
[2009.07.01 19:29:15 | 000,000,000 | ---D | M] (Exch) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{a2e6849b-7584-11da-8cd6-0800200c9a66}
[2010.06.03 15:28:07 | 000,000,000 | ---D | M] (FireFTP) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010.10.16 18:16:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.02.10 07:45:50 | 000,000,000 | ---D | M] (QuickNote) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}
[2010.11.04 12:19:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.30 11:37:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2006.04.27 23:59:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}
[2010.06.23 09:42:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.05.30 20:06:43 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.10.27 12:32:16 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2010.05.22 02:38:13 | 000,000,000 | ---D | M] (Memory Fox) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}
[2010.10.19 10:30:26 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.05.18 15:35:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.10.22 03:00:01 | 000,000,000 | ---D | M] (ViewSourceWith) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}
[2010.09.18 22:46:37 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2009.12.06 16:45:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\abhere2@moztw.org
[2009.06.28 18:59:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\beysim@beysim.net
[2009.06.04 20:24:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\calculator@cmcculloh
[2010.03.11 17:59:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\dropio@dropio
[2010.10.02 11:50:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\foxmarks@kei.com
[2010.04.08 14:43:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\isreaditlater@ideashower.com
[2009.07.25 17:01:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\keyscrambler@qfx.software.corporation
[2010.02.10 07:45:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\launchy@gemal.dk
[2009.07.07 22:53:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\mtrans@majstro.com
[2009.09.28 03:44:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\nt@tumbledesign.com
[2009.06.01 11:46:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\OpenXMLViewer@Codeplex.com
[2010.07.24 14:20:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\regexptester@sebastianzartner.ath.cx
[2010.09.25 05:51:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\researchword@scott
[2010.05.18 15:35:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\rsDownloadHelper@yevgenyandrov.net
[2009.06.28 18:59:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\seoquake-plugin-seolinx@seoquake.com
[2010.04.13 18:52:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\spam@trashmail.net
[2010.06.12 20:58:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\SQLiteManager@mrinalkant.blogspot.com
[2009.06.13 01:31:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\tabtowindow@sogame.cat
[2009.12.06 16:45:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\wikilook@testpilot
[2010.11.09 14:44:15 | 000,002,311 | ---- | M] () -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\searchplugins\alexa.xml
[2010.11.13 21:50:38 | 000,001,835 | ---- | M] () -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\searchplugins\btjunkie.xml
[2009.07.07 14:14:58 | 000,000,173 | ---- | M] () -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\searchplugins\conduit.gif
[2009.07.07 14:14:58 | 000,000,304 | ---- | M] () -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\searchplugins\conduit.src
[2009.01.02 13:26:22 | 000,000,768 | ---- | M] () -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\searchplugins\conduit.xml
[2010.11.13 15:40:38 | 000,001,609 | ---- | M] () -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\searchplugins\ixquick---deutsch.xml
[2010.11.13 15:40:38 | 000,001,589 | ---- | M] () -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\searchplugins\ixquick.xml
[2008.06.21 16:53:08 | 000,000,681 | ---- | M] () -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\searchplugins\merriam-webster.xml
[2009.09.22 17:19:08 | 000,001,863 | ---- | M] () -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\searchplugins\searchalot.xml
[2008.04.19 11:30:13 | 000,002,386 | ---- | M] () -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\searchplugins\siteadvisor.xml
[2008.04.19 11:30:13 | 000,000,876 | ---- | M] () -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\searchplugins\webster.xml
[2008.06.22 17:31:09 | 000,001,108 | ---- | M] () -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\searchplugins\wikipedia.xml

O1 HOSTS File: ([2009.06.09 18:03:55 | 000,000,799 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - E:\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Videoraptor_WebRipPlugin Class) - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - E:\AudialsOne\Mediaraptor\plugins\IE\MR_WebRipIePlugin.dll (RapidSolution Software)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\MS OneNote\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Tunebite_WebRipPlugin Class) - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - E:\AudialsOne\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software)
O2 - BHO: () - {BBE59AF5-EE22-4A3A-AB26-3F774D1B4216} - E:\FolderBox\FolderBox.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKU\S-1-5-21-3356698313-248671706-776473524-1005\..\Toolbar\ShellBrowser: (no name) - {2977A961-7304-49C3-9BA5-C957E5277A76} - No CLSID value found.
O3 - HKU\S-1-5-21-3356698313-248671706-776473524-1005\..\Toolbar\ShellBrowser: (no name) - {4ADFE869-0C09-4F41-AD79-A8F1CFA201E8} - No CLSID value found.
O3 - HKU\S-1-5-21-3356698313-248671706-776473524-1005\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-3356698313-248671706-776473524-1005\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-3356698313-248671706-776473524-1007\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-3356698313-248671706-776473524-1007\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [avgnt] E:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe ()
O4 - HKLM..\Run: [SQ931STI] C:\WINDOWS\SQ931STI.exe ()
O4 - HKLM..\Run: [SuRun Systemmenü-Erweiterung] C:\WINDOWS\SuRun.exe (http://kay-bruns.de)
O4 - HKU\S-1-5-21-3356698313-248671706-776473524-1005..\Run: [AntiFreeze] E:\AntiFreeze\AntiFreeze.exe (Resplendence Software Projects Sp.)
O4 - HKU\S-1-5-21-3356698313-248671706-776473524-1005..\Run: [LAVClock] E:\portable_lavclock2\bin\lavclock2.exe (LAVResearch)
O4 - HKU\S-1-5-21-3356698313-248671706-776473524-1005..\Run: [Macro Recorder Pro] E:\Easy Macro Recorder\Macro Recorder.exe (GoldSolution Software, Inc.)
O4 - HKU\S-1-5-21-3356698313-248671706-776473524-1005..\Run: [WizMouse] E:\WizMouse\WizMouse.exe (Antibody Software)
O4 - HKU\.DEFAULT..\RunOnce: [KeyScrambler] E:\KeyScrambler\getting_started.html ()
O4 - HKU\S-1-5-18..\RunOnce: [KeyScrambler] E:\KeyScrambler\getting_started.html ()
O4 - Startup: C:\Dokumente und Einstellungen\sabine\Startmenü\Startmenü\Autostart\hardcopy.lnk = E:\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Dokumente und Einstellungen\sabine\Startmenü\Startmenü\Autostart\Minipad2.lnk = E:\Minipad\minipad2.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\sabine\Startmenü\Startmenü\Autostart\phraseexpress.lnk = E:\PhraseExpress\phraseexpress.exe (Bartels Media GmbH)
O4 - Startup: C:\Dokumente und Einstellungen\sabine\Startmenü\Startmenü\Autostart\RocketDock.lnk = E:\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\sabine\Startmenü\Startmenü\Autostart\Stardock ObjectDock.lnk = E:\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67104759
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 475
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3356698313-248671706-776473524-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O7 - HKU\S-1-5-21-3356698313-248671706-776473524-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\S-1-5-21-3356698313-248671706-776473524-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-3356698313-248671706-776473524-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91
O7 - HKU\S-1-5-21-3356698313-248671706-776473524-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\S-1-5-21-3356698313-248671706-776473524-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-3356698313-248671706-776473524-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108855
O7 - HKU\S-1-5-21-3356698313-248671706-776473524-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3356698313-248671706-776473524-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Add to Evernote - E:\Evernote\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - E:\MS OneNote\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MS OneNote\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\MS OneNote\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - E:\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MS OneNote\Office12\REFIEBAR.DLL (Microsoft Corporation)
O12 - Plugin for: .UVR - C:\Programme\Internet Explorer\PLUGINS\NPUPano.dll (Ulead Systems, Inc.)
O15 - HKU\S-1-5-21-3356698313-248671706-776473524-1005\..Trusted Domains: maris.com ([www.redshift] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3356698313-248671706-776473524-1005\..Trusted Domains: nexusradio.com ([www] http in Lokales Intranet)
O15 - HKU\S-1-5-21-3356698313-248671706-776473524-1005\..Trusted Domains: nexusradio.com ([www] https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3356698313-248671706-776473524-1007\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3356698313-248671706-776473524-1007\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://www.printsew.com/smsx.cab (MeadCo ScriptX)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Programme\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191977160734 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\MS OneNote\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - E:\SuperAntiSpyware\SASWINLO.dll - E:\SuperAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\SuRun: DllName - SuRunExt.dll - C:\WINDOWS\SuRunExt.dll (http://kay-bruns.de)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\sabine\Lokale Einstellungen\Anwendungsdaten\AltDesk\WallCache\desktop0.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\sabine\Lokale Einstellungen\Anwendungsdaten\AltDesk\WallCache\desktop0.bmp
O28 - HKLM ShellExecuteHooks: {2C7B6088-5A77-4d48-BE43-30337DCA9A86} - C:\WINDOWS\SuRunExt.dll (http://kay-bruns.de)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\SuperAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\MS OneNote\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.08.13 12:54:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.08.20 04:14:34 | 000,000,000 | ---D | M] - E:\Autoplay Repair -- [ FAT32 ]
O32 - AutoRun File - [2009.08.24 20:22:50 | 000,000,000 | ---D | M] - E:\Autofix -- [ FAT32 ]
O32 - AutoRun File - [2009.10.04 13:11:58 | 000,000,000 | ---D | M] - E:\Autoplay Menu Designer -- [ FAT32 ]
O32 - AutoRun File - [2009.08.29 00:00:06 | 000,000,000 | ---D | M] - F:\AutoHotkey Scripte -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\N:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.11.14 20:28:43 | 000,719,574 | ---- | C] (UG North ) -- C:\Dokumente und Einstellungen\sabine\Desktop\RkU3.8.388.590.exe
[2010.11.14 20:28:29 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\sabine\Desktop\OTL.exe
[2010.11.14 10:52:46 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\sabine\Recent
[2010.11.12 21:04:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\explauncher
[2010.11.11 17:45:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sabine\Lokale Einstellungen\Anwendungsdaten\ManyCam
[2010.11.11 17:11:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windows media
[2010.11.07 12:50:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Playrix Entertainment
[2010.11.04 23:32:22 | 000,027,192 | ---- | C] (Resplendence Software Projects Sp.) -- C:\WINDOWS\System32\drivers\rspSanity32.sys
[2010.11.04 14:55:21 | 000,116,736 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2010.11.04 14:55:15 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2010.11.04 14:54:54 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2010.11.04 14:54:47 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2010.11.04 14:54:26 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2010.11.04 14:54:20 | 000,035,402 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2010.11.04 14:54:10 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2010.11.04 14:53:46 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2010.11.04 14:53:26 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2010.11.04 14:53:20 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2010.11.04 14:53:15 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2010.11.04 14:53:06 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2010.11.04 14:52:58 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2010.11.04 14:52:50 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2010.11.04 14:52:45 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2010.11.04 14:52:24 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2010.11.04 14:51:58 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2010.11.04 14:51:50 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2010.11.04 14:51:44 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2010.11.04 14:51:36 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2010.11.04 14:51:02 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2010.11.04 14:50:30 | 000,212,480 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2010.11.04 14:50:23 | 000,216,576 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2010.11.04 14:50:06 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2010.11.04 14:50:01 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2010.11.04 14:49:56 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2010.11.04 14:49:47 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2010.11.04 14:49:40 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2010.11.04 14:49:35 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2010.11.04 14:48:46 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2010.11.04 14:48:39 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2010.11.04 14:48:33 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2010.11.04 14:48:30 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2010.11.04 14:48:22 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2010.11.04 14:48:17 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2010.11.04 14:47:54 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2010.11.04 14:47:47 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2010.11.04 14:46:59 | 000,159,744 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2010.11.04 14:46:51 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2010.11.04 14:46:46 | 000,287,232 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2010.11.04 14:46:37 | 000,017,152 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2010.11.04 14:46:28 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2010.11.04 14:45:00 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2010.11.04 14:44:53 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2010.11.04 14:44:44 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2010.11.04 14:44:39 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2010.11.04 14:44:34 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2010.11.04 14:43:53 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2010.11.04 14:43:47 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2010.11.04 14:43:41 | 000,095,178 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2010.11.04 14:43:27 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2010.11.04 14:42:32 | 000,161,888 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2010.11.04 14:42:28 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2010.11.04 14:42:21 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2010.11.04 14:42:15 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2010.11.04 14:41:19 | 000,017,792 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2010.11.04 14:41:08 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2010.11.04 14:41:01 | 000,024,192 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2010.11.04 14:40:30 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2010.11.04 14:40:24 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2010.11.04 14:40:15 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2010.11.04 14:40:07 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2010.11.04 14:40:00 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2010.11.04 14:39:52 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2010.11.04 14:39:44 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2010.11.04 14:39:38 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2010.11.04 14:39:31 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2010.11.04 14:39:17 | 000,083,968 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2010.11.04 14:39:12 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2010.11.04 14:39:12 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010.11.04 14:39:12 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010.11.04 14:39:10 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2010.11.04 14:39:07 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2010.11.04 14:38:47 | 000,010,752 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2010.11.04 14:38:38 | 000,079,360 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2010.11.04 14:38:31 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2010.11.04 14:38:05 | 000,715,242 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2010.11.04 14:37:59 | 000,899,658 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2010.11.04 14:37:37 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2010.11.04 14:37:31 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2010.11.04 14:37:26 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2010.11.04 14:37:00 | 000,016,384 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2010.11.04 14:35:33 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2010.11.04 14:35:02 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2010.11.04 14:35:00 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2010.11.04 14:34:54 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2010.11.04 14:33:30 | 000,054,730 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2010.11.04 14:33:15 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2010.11.04 14:33:08 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2010.11.04 14:32:43 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2010.11.04 14:32:13 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2010.11.04 14:32:08 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2010.11.04 14:31:56 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2010.11.04 14:31:39 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2010.11.04 14:31:34 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2010.11.04 14:31:21 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2010.11.04 14:31:16 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2010.11.04 14:31:10 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2010.11.04 14:31:03 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2010.11.04 14:30:56 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2010.11.04 14:30:48 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2010.11.04 14:30:29 | 000,076,288 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2010.11.04 14:30:22 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2010.11.04 14:30:15 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2010.11.04 14:30:08 | 000,020,480 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2010.11.04 14:30:02 | 000,022,144 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2010.11.04 14:28:10 | 000,164,970 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2010.11.04 14:27:17 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2010.11.04 14:27:12 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2010.11.04 14:27:10 | 000,422,016 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2010.11.04 14:27:06 | 000,577,226 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2010.11.04 14:27:04 | 000,607,196 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2010.11.04 14:27:01 | 000,728,298 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2010.11.04 14:26:48 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2010.11.04 14:26:44 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2010.11.04 14:26:39 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2010.11.04 14:26:34 | 000,016,256 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2010.11.04 14:26:28 | 000,026,506 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2010.11.04 14:26:23 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2010.11.04 14:25:20 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2010.11.04 14:24:32 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2010.11.04 14:21:54 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2010.11.04 14:21:39 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2010.11.04 14:21:01 | 000,028,672 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2010.11.04 14:20:57 | 000,082,560 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2010.11.04 14:20:53 | 000,017,792 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2010.11.04 14:20:36 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2010.11.04 14:20:30 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2010.11.04 14:20:27 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2010.11.04 14:20:23 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2010.11.04 14:20:20 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2010.11.04 14:20:17 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2010.11.04 14:20:16 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2010.11.04 14:19:52 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2010.11.04 14:19:46 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2010.11.04 14:19:43 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2010.11.04 12:58:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure
[2010.11.03 21:07:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Zentimo
[2010.11.03 21:07:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ZentimoService
[2010.11.03 19:17:19 | 000,500,736 | ---- | C] ( datenhaus GmbH) -- C:\WINDOWS\System32\dhRichClient3.dll
[2010.11.03 19:13:05 | 000,126,976 | ---- | C] (MetaTexis Software and Services) -- C:\WINDOWS\System32\MXSocket.DLL
[2010.11.03 17:53:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sabine\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2010.11.02 23:18:07 | 000,520,192 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\System32\portraitsofautumn_3125138.scr
[2010.11.02 23:18:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\portraitsofautumn_3125138 dir
[2010.11.02 23:17:39 | 000,674,280 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\System32\tropicaltango_3151927.scr
[2010.11.02 23:16:51 | 000,674,280 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\System32\theolivetree_3147906.scr
[2010.11.02 23:15:45 | 000,674,280 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\System32\thelilypond_3142326.scr
[2010.11.02 23:12:09 | 000,674,280 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\System32\rosedance_3112166.scr
[2010.11.02 23:11:25 | 000,674,280 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\System32\playfulportrait_3269261.scr
[2010.11.02 23:10:48 | 000,674,280 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\System32\magnolias_3124667.scr
[2010.11.02 23:10:13 | 000,674,280 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\System32\flowerpots_3151926.scr
[2010.11.02 23:09:39 | 000,674,280 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\System32\feelingblue_3112167.scr
[2010.11.02 23:05:38 | 000,674,280 | ---- | C] (ScreenTime Media) -- C:\WINDOWS\System32\swanlake_3124668.scr
[2010.11.02 23:05:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Screentime
[2010.11.02 23:04:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sabine\Lokale Einstellungen\Anwendungsdaten\Screentime
[2010.11.02 12:16:47 | 000,000,000 | ---D | C] -- C:\Converted
[2010.11.02 12:12:08 | 000,245,760 | ---- | C] (SMServer) -- C:\WINDOWS\System32\snmvtsvc.exe
[2010.11.02 12:12:07 | 000,014,392 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\SndTVideo.dll
[2010.11.02 12:12:07 | 000,005,688 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\SndTVideo.sys
[2010.11.02 12:12:06 | 000,023,608 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\SndTAudio.sys
[2010.11.02 12:12:06 | 000,023,608 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\SndTAudio.sys
[2010.10.31 23:54:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Digiarty
[2010.10.31 12:51:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Malwarebytes
[2010.10.31 12:51:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.10.31 12:51:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.10.31 12:51:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.10.31 12:37:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\rundll16.exe
[2010.10.31 12:37:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo1_.exe
[2010.10.31 12:35:33 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\MicroWorld
[2010.10.31 12:35:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MicroWorld
[2010.10.31 02:56:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL
[2010.10.31 02:56:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\runouce.exe
[2010.10.31 02:56:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\RUNDL132.EXE
[2010.10.31 02:56:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo_1.exe
[2010.10.31 02:55:10 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010.10.30 06:17:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sabine\Lokale Einstellungen\Anwendungsdaten\Audible
[2010.10.30 06:17:24 | 000,255,352 | ---- | C] (Audible, Inc.) -- C:\WINDOWS\System32\awrdscdc.ax
[2010.10.30 06:16:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sabine\Eigene Dateien\Audible
[2010.10.29 22:12:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sabine\Lokale Einstellungen\Anwendungsdaten\Pictomio
[2010.10.29 22:12:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pictomio
[2010.10.29 22:12:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010.10.29 02:22:29 | 000,000,000 | ---D | C] -- C:\Programme\Z-FTPcopy
[2010.10.28 21:22:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Flash Gallery Factory 5
[2010.10.28 11:58:15 | 000,000,000 | ---D | C] -- C:\backup
[2010.10.24 18:26:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\DeviceDoctorSoftware
[2010.10.24 17:58:45 | 001,686,016 | ---- | C] (Clever Components) -- C:\WINDOWS\System32\clinetsuitex6.ocx
[2010.10.24 16:11:09 | 000,000,000 | ---D | C] -- C:\i386
[2010.10.24 11:10:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sabine\Eigene Dateien\My Drivers
[2010.10.24 11:10:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sabine\Lokale Einstellungen\Anwendungsdaten\Innovative Solutions
[2010.10.22 19:22:18 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft IntelliType Pro
[2010.10.22 03:14:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sabine\Backups
[2010.10.21 16:20:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\EurekaLog
[2010.10.21 13:24:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Start Menu 7
[2010.10.20 11:04:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Lamantine
[2010.10.20 10:59:12 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\sabine\Eigene Dateien\Sticky Passwords
[2010.10.19 12:08:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sabine\Lokale Einstellungen\Anwendungsdaten\FreePDF_XP
[2010.10.19 11:38:49 | 000,000,000 | ---D | C] -- C:\Programme\FreePDF_XP
[2010.10.19 11:38:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF
[2010.10.19 04:07:13 | 001,593,344 | ---- | C] (SE-SOFT.COM) -- C:\WINDOWS\System32\SE-SOFT.Scr
[2010.10.17 03:08:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sabine\Eigene Dateien\Efficient Organizer AutoBackup
[2010.10.17 03:05:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Efficient Lady's Organizer Free
[2010.10.16 20:42:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton
[2010.10.16 20:42:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sabine\Lokale Einstellungen\Anwendungsdaten\NPE
[2010.10.16 19:20:43 | 000,206,608 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TMPassthru.sys
[2010.10.16 19:20:40 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.10.16 17:31:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sabine\Lokale Einstellungen\Anwendungsdaten\AeroSnapApp
[2010.10.16 17:31:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\AeroSnapApp
[2010.10.16 12:49:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easy Photo Sorter
[2010.10.16 12:41:08 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Windows Live
[2006.05.02 13:15:13 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd.dll
[2006.05.02 13:15:13 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd.dll
[2006.05.02 13:15:13 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd.dll
[2006.05.02 12:39:05 | 000,009,216 | R--- | C] ( ) -- C:\WINDOWS\System32\capi2032.dll
[2004.11.24 19:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.11.14 20:21:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\sabine\Desktop\OTL.exe
[2010.11.14 10:54:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.11.13 14:03:46 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\Differentielles Backup Wöchentlich.job
[2010.11.09 12:12:42 | 000,000,329 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2010.11.07 21:03:01 | 000,000,282 | ---- | M] () -- C:\boot.ini
[2010.11.07 12:25:03 | 000,000,022 | ---- | M] () -- C:\WINDOWS\System32\msxml.p2i
[2010.11.07 02:40:31 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\sabine\defogger_reenable
[2010.11.05 06:55:48 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_rundll32_exe.job
[2010.11.04 09:13:58 | 000,457,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.11.03 01:16:47 | 000,463,238 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.11.03 01:16:47 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.11.03 01:16:47 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.11.03 01:16:46 | 000,086,042 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.11.02 23:18:07 | 000,520,192 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\portraitsofautumn_3125138.scr
[2010.11.02 23:17:39 | 000,674,280 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\tropicaltango_3151927.scr
[2010.11.02 23:16:51 | 000,674,280 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\theolivetree_3147906.scr
[2010.11.02 23:15:45 | 000,674,280 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\thelilypond_3142326.scr
[2010.11.02 23:12:09 | 000,674,280 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\rosedance_3112166.scr
[2010.11.02 23:11:26 | 000,674,280 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\playfulportrait_3269261.scr
[2010.11.02 23:10:48 | 000,674,280 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\magnolias_3124667.scr
[2010.11.02 23:10:14 | 000,674,280 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\flowerpots_3151926.scr
[2010.11.02 23:09:39 | 000,674,280 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\feelingblue_3112167.scr
[2010.11.02 23:05:38 | 000,674,280 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\System32\swanlake_3124668.scr
[2010.11.02 13:16:59 | 000,126,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.11.02 13:16:59 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.11.02 02:31:18 | 000,000,598 | ---- | M] () -- C:\WINDOWS\tasks\Paragon arc_increment.job
[2010.11.02 00:28:08 | 000,000,654 | ---- | M] () -- C:\WINDOWS\tasks\Paragon Archive name diff_backupC.job
[2010.11.01 17:03:56 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\Hauptbackup Monatlich.job
[2010.11.01 01:37:42 | 000,000,660 | ---- | M] () -- C:\WINDOWS\tasks\Paragon Archive name diff_differential.job
[2010.10.31 12:37:54 | 000,338,960 | ---- | M] () -- C:\Dokumente und Einstellungen\sabine\Eigene Dateien\pinfect.zip
[2010.10.31 12:37:01 | 000,000,054 | ---- | M] () -- C:\WINDOWS\Lic.xxx
[2010.10.31 02:55:09 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010.10.30 06:17:24 | 000,255,352 | ---- | M] (Audible, Inc.) -- C:\WINDOWS\System32\awrdscdc.ax
[2010.10.27 02:41:36 | 000,000,266 | ---- | M] () -- C:\Dokumente und Einstellungen\sabine\.gtk-bookmarks
[2010.10.22 08:43:20 | 000,014,392 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\SndTVideo.dll
[2010.10.22 08:43:20 | 000,005,688 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\SndTVideo.sys
[2010.10.22 08:43:20 | 000,002,539 | ---- | M] () -- C:\WINDOWS\System32\SndTVideo.cat
[2010.10.22 08:43:16 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\SndTAudio.sys
[2010.10.22 08:43:16 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\SndTAudio.sys
[2010.10.22 08:43:16 | 000,002,100 | ---- | M] () -- C:\WINDOWS\System32\SndTAudio.cat
[2010.10.22 08:43:14 | 000,019,099 | ---- | M] () -- C:\WINDOWS\System32\SndTAudio.inf
[2010.10.22 08:43:14 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\SndTVideo.inf
[2010.10.22 04:02:42 | 000,245,760 | ---- | M] (SMServer) -- C:\WINDOWS\System32\snmvtsvc.exe
[2010.10.21 23:40:24 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_vdbus_01009.Wdf
[2010.10.21 23:40:22 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.10.20 13:10:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.17 03:51:42 | 000,688,128 | ---- | M] () -- C:\Dokumente und Einstellungen\sabine\Eigene Dateien\My Information.eff
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.11.07 12:25:03 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\msxml.p2i
[2010.11.07 02:40:31 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\sabine\defogger_reenable
[2010.11.04 14:55:13 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2010.11.04 14:55:06 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2010.11.04 14:38:24 | 000,086,097 | ---- | C] () -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2010.11.04 14:37:15 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010.11.04 14:37:06 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010.11.04 14:33:23 | 000,044,105 | ---- | C] () -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2010.11.04 14:29:15 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010.11.04 14:26:16 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010.11.04 14:24:47 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010.11.04 14:21:51 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2010.11.04 14:21:43 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2010.11.04 14:21:36 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2010.11.04 14:21:28 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2010.11.04 14:21:21 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2010.11.04 14:21:02 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010.11.03 19:17:20 | 000,321,536 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2010.11.03 19:17:20 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\DirectCOM.dll
[2010.11.02 12:12:07 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\SndTVideo.inf
[2010.11.02 12:12:07 | 000,002,539 | ---- | C] () -- C:\WINDOWS\System32\SndTVideo.cat
[2010.11.02 12:12:06 | 000,019,099 | ---- | C] () -- C:\WINDOWS\System32\SndTAudio.inf
[2010.11.02 12:12:06 | 000,002,100 | ---- | C] () -- C:\WINDOWS\System32\SndTAudio.cat
[2010.10.31 12:17:29 | 000,338,960 | ---- | C] () -- C:\Dokumente und Einstellungen\sabine\Eigene Dateien\pinfect.zip
[2010.10.31 02:55:54 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Lic.xxx
[2010.10.28 22:48:05 | 000,000,598 | ---- | C] () -- C:\WINDOWS\tasks\Paragon arc_increment.job
[2010.10.27 02:41:36 | 000,000,266 | ---- | C] () -- C:\Dokumente und Einstellungen\sabine\.gtk-bookmarks
[2010.10.26 16:25:07 | 000,000,660 | ---- | C] () -- C:\WINDOWS\tasks\Paragon Archive name diff_differential.job
[2010.10.25 16:29:05 | 000,000,654 | ---- | C] () -- C:\WINDOWS\tasks\Paragon Archive name diff_backupC.job
[2010.10.22 19:23:37 | 000,000,298 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft_Hardware_Launch_rundll32_exe.job
[2010.10.22 03:10:23 | 000,005,516 | ---- | C] () -- C:\Dokumente und Einstellungen\sabine\CB diagnostics report.txt
[2010.10.21 23:40:24 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_vdbus_01009.Wdf
[2010.10.21 23:40:22 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.10.19 11:38:50 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2010.10.19 11:38:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2010.10.17 03:05:32 | 000,688,128 | ---- | C] () -- C:\Dokumente und Einstellungen\sabine\Eigene Dateien\My Information.eff
[2010.10.14 15:43:55 | 000,268,912 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_SSCFilter_i386.sys
[2010.10.14 14:52:35 | 000,000,076 | ---- | C] () -- C:\WINDOWS\System32\dtirc.dll
[2010.09.24 17:38:18 | 000,000,107 | ---- | C] () -- C:\WINDOWS\System32\bup202.dll
[2010.09.24 17:31:08 | 000,000,107 | ---- | C] () -- C:\WINDOWS\System32\stech202.dll
[2010.09.24 14:01:43 | 000,000,155 | ---- | C] () -- C:\WINDOWS\System32\ddbup205.dll
[2010.09.24 14:00:21 | 000,000,155 | ---- | C] () -- C:\WINDOWS\System32\ddstech205.dll
[2010.09.21 03:02:33 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Progs_.ini
[2010.09.01 12:52:43 | 000,120,376 | ---- | C] () -- C:\WINDOWS\System32\rrsec.dll
[2010.08.29 16:47:22 | 000,000,178 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2010.08.20 18:44:00 | 000,001,070 | ---- | C] () -- C:\WINDOWS\asglobe.ini
[2010.08.06 16:59:48 | 000,344,064 | R--- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2010.08.06 16:59:48 | 000,122,880 | R--- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2010.08.06 16:59:48 | 000,088,576 | R--- | C] () -- C:\WINDOWS\System32\LFFPX90N.DLL
[2010.07.26 04:46:09 | 000,000,040 | ---- | C] () -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\cdr.ini
[2010.07.01 21:38:03 | 000,001,456 | ---- | C] () -- C:\Dokumente und Einstellungen\sabine\Lokale Einstellungen\Anwendungsdaten\Adobe Für Web speichern 11.0 Prefs
[2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010.06.22 23:34:36 | 000,000,084 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2010.05.27 01:02:50 | 000,000,118 | ---- | C] () -- C:\WINDOWS\Podcasts.INI
[2010.05.02 13:57:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Cover.INI
[2010.05.02 13:57:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\avvcnvrt.INI
[2010.05.02 13:57:45 | 000,000,083 | ---- | C] () -- C:\WINDOWS\VMorpher.INI
[2010.05.02 13:57:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VDVD.INI
[2010.05.02 12:58:05 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AVFTP.INI
[2010.05.01 17:36:07 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\sabine\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2010.05.01 17:05:19 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swf2avi.INI
[2010.05.01 17:00:02 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.05.01 17:00:02 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.04.25 03:15:20 | 000,013,824 | ---- | C] () -- C:\WINDOWS\mp3ex.dll
[2010.04.19 17:26:10 | 000,000,128 | ---- | C] () -- C:\WINDOWS\lgcenter.ini
[2010.04.08 01:58:46 | 000,000,251 | ---- | C] () -- C:\WINDOWS\Caligari.ini
[2010.04.08 01:30:37 | 000,020,520 | ---- | C] () -- C:\Programme\init.dat
[2010.04.08 01:04:36 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2010.04.08 01:01:59 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2010.03.31 17:50:55 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\ddfnsp32.dll
[2009.11.25 12:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.10.05 06:16:42 | 000,851,752 | ---- | C] () -- C:\WINDOWS\System32\wodCertificate.dll
[2009.09.14 14:17:52 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2009.09.14 14:17:51 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2009.09.14 14:17:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2009.09.11 13:02:46 | 000,000,022 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\8f01a90e-7eb3-48d3-93b1-50d88fd146fb
[2009.08.30 23:24:42 | 000,003,173 | ---- | C] () -- C:\Dokumente und Einstellungen\sabine\Lokale Einstellungen\Anwendungsdaten\xecutor._xp
[2009.08.30 23:24:42 | 000,001,595 | ---- | C] () -- C:\Dokumente und Einstellungen\sabine\Lokale Einstellungen\Anwendungsdaten\xecutor.xpr
[2009.08.15 23:26:42 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\Settings.ini
[2009.08.13 02:23:55 | 000,000,148 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2009.08.05 17:58:14 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\sticky_chklist.str_priorsave
[2009.08.05 17:58:14 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\sticky_chklist.str
[2009.08.05 17:58:14 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\sticky.str_priorsave
[2009.08.05 17:58:14 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\sticky.str
[2009.07.23 09:31:30 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009.07.13 03:38:59 | 000,002,102 | ---- | C] () -- C:\WINDOWS\DirPrintOK.ini
[2009.06.23 18:15:58 | 000,655,360 | ---- | C] () -- C:\WINDOWS\System32\pcwDirSize.DLL
[2009.06.21 20:18:27 | 000,000,193 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009.06.17 03:38:47 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.06.05 11:13:00 | 000,013,824 | ---- | C] () -- C:\WINDOWS\System32\trayclock.dll
[2009.05.16 22:48:14 | 000,659,456 | ---- | C] () -- C:\WINDOWS\System32\pdftool.dll
[2009.05.16 22:48:14 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\ICSharpCode.SharpZipLib.dll
[2009.05.02 22:39:38 | 000,000,039 | ---- | C] () -- C:\WINDOWS\KeplerAstrology.INI
[2009.04.21 23:28:14 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009.03.31 09:42:04 | 000,091,648 | ---- | C] () -- C:\WINDOWS\System32\vGgn.dll
[2008.12.22 23:28:53 | 000,004,963 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008.06.15 20:03:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CSDiff.INI
[2008.05.20 21:49:34 | 002,076,672 | ---- | C] () -- C:\WINDOWS\System32\libmysql.dll
[2008.05.20 21:49:34 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2008.05.20 21:49:32 | 000,499,712 | ---- | C] () -- C:\WINDOWS\System32\edbvba.dll
[2008.05.20 21:49:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2008.04.12 15:49:11 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\swfinfo.dll
[2008.01.15 03:31:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2008.01.14 19:50:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ZSubTimer.dll
[2008.01.10 12:40:29 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\evntmsg.dll
[2007.10.14 18:12:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2007.10.12 12:48:30 | 000,000,808 | ---- | C] () -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\sticky.rec_priorsave
[2007.10.12 12:48:30 | 000,000,808 | ---- | C] () -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\sticky.rec
[2007.10.12 12:48:30 | 000,000,066 | ---- | C] () -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\sticky.ok
[2007.10.01 05:57:07 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\vsmon1.dll
[2007.09.03 20:26:07 | 000,530,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\Capt931a.sys
[2007.09.03 20:26:07 | 000,024,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\Camd931a.sys
[2007.08.16 03:43:58 | 000,001,684 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2007.08.15 23:33:14 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007.08.15 23:30:26 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007.08.03 13:32:12 | 000,000,000 | RH-- | C] () -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Instcreate.dir
[2007.04.13 21:40:03 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\USBaccess.dll
[2007.03.12 20:31:28 | 001,732,608 | ---- | C] () -- C:\WINDOWS\System32\BCGPStyle2007Luna.dll
[2006.11.17 23:04:17 | 000,235,520 | ---- | C] () -- C:\WINDOWS\System32\jangraphics.dll
[2006.09.19 14:34:32 | 000,000,032 | ---- | C] () -- C:\WINDOWS\pattern.ini
[2006.07.11 23:54:50 | 000,000,125 | -HS- | C] () -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\.zreglib
[2006.05.26 15:15:40 | 000,029,184 | ---- | C] () -- C:\Dokumente und Einstellungen\sabine\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.05.07 04:40:29 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2006.05.05 04:22:52 | 000,569,344 | ---- | C] () -- C:\WINDOWS\System32\tx11.dll
[2006.05.05 04:22:52 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx11_ic.ini
[2006.05.05 02:21:44 | 000,006,656 | ---- | C] () -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\dvd.bmk
[2006.05.02 13:36:57 | 000,000,102 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2006.05.02 13:15:19 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd.dll
[2006.05.02 13:15:19 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd.ini
[2006.05.02 13:15:16 | 000,301,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd.sys
[2006.05.02 12:39:05 | 000,041,243 | R--- | C] () -- C:\WINDOWS\System32\isdncoin.dll
[2006.05.02 12:39:05 | 000,008,976 | R--- | C] () -- C:\WINDOWS\System32\capi20.dll
[2006.05.01 02:04:57 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\232CEE28C6.sys
[2006.05.01 00:59:58 | 000,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006.04.28 06:09:15 | 000,000,199 | ---- | C] () -- C:\WINDOWS\swacnfg.ini
[2006.04.28 04:51:41 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.04.28 04:51:41 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2006.04.28 04:51:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2006.04.27 21:39:43 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll
[2006.04.27 17:20:13 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll
[2006.04.27 17:20:13 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2006.04.27 17:20:13 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2006.04.27 17:20:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2006.04.27 17:20:11 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll
[2006.04.27 17:20:11 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll
[2006.04.27 17:20:10 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll
[2006.04.27 17:20:10 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll
[2006.04.27 17:20:10 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll
[2006.04.27 17:20:09 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll
[2006.04.27 17:20:09 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll
[2006.04.27 17:20:09 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll
[2006.04.27 17:20:07 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2006.04.27 17:20:07 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2006.04.27 17:20:06 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2006.04.27 17:20:04 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2006.04.27 17:20:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2006.04.27 17:20:03 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2006.04.27 17:19:59 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2006.04.27 16:24:10 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\sabine\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.04.24 14:40:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.04.24 14:34:52 | 000,000,286 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006.04.24 14:10:58 | 000,000,486 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.11.10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005.02.05 20:46:00 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\fgexec.dll
[2005.02.05 20:46:00 | 000,004,608 | ---- | C] () -- C:\WINDOWS\fgexec.dll
[2004.10.12 06:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004.10.12 06:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004.10.12 06:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004.10.09 06:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004.10.05 08:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004.10.03 17:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004.08.13 13:04:30 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.08.13 12:51:43 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.08.13 12:47:33 | 000,004,335 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.08.13 12:40:28 | 000,016,655 | ---- | C] () -- C:\WINDOWS\System32\ndrxhdme.dll
[2004.01.22 17:06:32 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\UNRAR.DLL
[2003.04.19 02:14:48 | 000,732,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\ISDN_u.sys
[2003.01.13 09:41:58 | 000,026,435 | ---- | C] () -- C:\WINDOWS\System32\drivers\wdmwanmp.sys
[2002.05.31 01:30:22 | 000,121,344 | ---- | C] () -- C:\WINDOWS\System32\OpenExpert.dll
[2002.04.10 07:52:00 | 000,495,616 | ---- | C] () -- C:\WINDOWS\D3DX8ab.dll
[2002.03.19 16:30:00 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll
[2002.03.06 00:00:00 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2000.10.16 12:01:38 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\Scint100.dll
[2000.10.16 12:01:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ScCRes100.dll
[2000.06.28 03:00:00 | 000,124,416 | ---- | C] () -- C:\WINDOWS\System32\dXCtrls.dll
[1999.01.26 22:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL
[1999.01.22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009.08.02 22:09:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\4system
[2010.05.15 21:54:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\ArcticLine
[2009.07.23 09:34:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Audio Extractor
[2009.08.03 14:34:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Blumentals
[2007.10.01 02:33:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\CDZilla
[2009.08.31 11:33:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\CrashDoctor
[2009.07.01 12:37:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Dateicommander
[2009.07.30 22:53:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Green Parrots Software
[2009.07.22 00:03:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Hyperionics
[2010.05.27 15:50:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\IcoFX
[2009.06.22 19:37:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\IrfanView
[2009.07.11 20:17:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\KeePass
[2010.05.27 22:59:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\KillProcess
[2008.08.16 18:16:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\MindWorkStation
[2009.08.16 14:27:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\mirkes.de
[2009.07.23 09:34:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\My Audio Studio
[2009.10.10 22:04:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\ProcessLasso
[2007.10.06 16:40:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\REAPER
[2009.07.12 14:39:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\RevoluTV
[2006.05.02 12:57:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\RVS
[2009.08.09 22:39:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\SideSlide
[2006.07.11 23:52:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\SlySoft
[2006.04.29 02:19:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\SpeedProject
[2009.06.20 17:45:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Template
[2006.04.28 03:20:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Thunderbird
[2006.04.28 04:06:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\TuneUp Software
[2006.04.29 00:56:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Ulead Systems
[2009.07.10 19:55:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\WhiteSmoke
[2009.09.27 19:16:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Hyperionics
[2006.04.28 02:57:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Thunderbird
[2010.08.24 12:43:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\A-PDF
[2006.04.27 22:49:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2009.08.31 11:44:23 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ActiveSMART
[2010.09.17 13:51:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Aiseesoft Studio
[2010.06.08 15:27:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2010.05.24 23:55:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2010.09.19 14:05:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cool Educational Software
[2009.06.30 19:48:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Dateicommander
[2010.03.31 17:51:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Dream Desktop Agent
[2010.06.13 11:23:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easy Flyer Creator
[2010.10.16 12:49:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easy Photo Sorter
[2007.10.01 05:57:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eXPert PDF
[2009.03.13 17:12:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eXPert PDF 4
[2007.10.01 05:57:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eXPert PDF Jobs
[2010.11.12 21:04:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\explauncher
[2010.11.04 12:58:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure
[2010.08.24 13:50:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fpp
[2010.10.19 11:38:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF
[2009.10.18 10:57:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gold Casual Games
[2010.04.26 14:04:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IconTweaker
[2009.07.26 18:46:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Innovative Solutions
[2010.09.22 09:52:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallMate
[2010.09.19 13:52:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Laconic Software
[2010.04.08 01:10:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2010.10.31 12:35:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MicroWorld
[2009.10.23 23:25:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NeoSoftTools
[2010.05.25 15:42:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nitro PDF
[2010.08.06 17:07:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\onOne Software
[2010.10.27 01:00:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Paragon
[2010.06.04 18:22:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PearlMountainSoft
[2010.08.28 14:25:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PerfectClock2007
[2010.10.29 22:12:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pictomio
[2009.07.04 13:45:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PRMT
[2010.05.29 00:35:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Radian
[2010.05.26 23:39:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Rapidsolution
[2010.04.18 16:32:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RegCure
[2010.06.19 15:39:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2006.04.28 03:51:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RoboForm
[2006.05.02 12:51:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RVS
[2010.11.02 23:17:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Screentime
[2010.09.22 01:21:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Softomotive
[2010.10.14 15:46:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SRS Labs
[2009.10.10 12:12:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tag2find
[2010.05.05 13:46:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer
[2010.10.22 18:58:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010.09.26 10:01:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TERMINAL Studio
[2006.04.29 07:57:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2006.04.29 00:49:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2010.06.25 02:18:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Web Page Maker
[2010.09.10 10:26:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Wondershare
[2010.08.30 07:45:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YoWindow
[2010.11.03 21:07:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ZentimoService
[2010.09.22 01:22:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{16580F39-3050-4214-9184-CFB2D9FA6D40}
[2010.03.29 00:35:16 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357}
[2009.07.22 00:03:00 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{823F5FB1-7B5C-45EF-A3B4-03877D16FB3A}
[2010.10.14 14:55:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\J River
[2009.01.07 13:46:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\SACore
[2010.10.12 02:24:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\.anki
[2010.10.14 03:21:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\AceBIT
[2010.03.17 15:50:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Acreon
[2010.10.16 17:31:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\AeroSnapApp
[2009.06.21 01:30:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\aicon
[2010.05.27 15:51:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\AltDesk
[2009.10.18 14:57:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Amazon
[2010.04.26 15:00:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\ArcticLine
[2010.09.19 10:12:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Artogon
[2010.06.08 15:27:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Ashampoo
[2010.05.26 20:06:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Aston2
[2009.10.04 12:11:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Autoplay Menu Designer
[2010.05.09 16:55:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\AveDesk
[2009.10.07 18:30:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\avidemux
[2010.05.01 11:48:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Bendigo Design
[2010.08.31 14:48:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Benubird
[2010.07.31 16:47:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\BlackRiverSoft
[2009.08.03 15:54:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Blumentals
[2010.07.31 15:50:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\calibre
[2009.09.29 04:56:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Capture
[2007.09.05 21:51:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\CDZilla
[2010.05.06 16:19:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\ColorCop
[2010.05.11 02:30:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\CrashDoctor
[2009.07.14 16:05:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\DateiCommander
[2010.10.26 13:25:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\DeepBurner
[2010.05.27 15:51:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Desktop Sidebar
[2010.10.24 18:26:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\DeviceDoctorSoftware
[2010.10.31 23:54:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Digiarty
[2010.05.25 15:53:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Downloaded Installations
[2010.11.12 20:26:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Dropbox
[2010.03.20 12:53:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Easy Macro Recorder
[2008.03.27 23:44:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\EBookSys
[2010.10.17 03:53:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Efficient Lady's Organizer Free
[2006.07.12 00:07:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Elaborate Bytes
[2010.04.28 22:02:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\ElevatedDiagnostics
[2007.09.30 00:33:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\eMusic
[2009.07.11 18:04:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\enchant
[2010.10.21 16:21:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\EurekaLog
[2010.04.20 02:21:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Executor
[2007.10.02 07:04:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\eXPert PDF Editor
[2010.05.26 23:35:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\FILEminimizerPictures
[2010.08.29 03:57:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\flashnote
[2009.06.24 21:09:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\fosoft
[2010.05.08 17:50:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\FreeMoviesToDVD
[2009.01.19 18:53:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\GCI Demo
[2010.10.14 04:07:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\GetRightToGo
[2009.10.24 09:31:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Gold Casual Games
[2009.06.27 15:52:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\GPass
[2009.07.31 11:00:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Green Parrots Software
[2010.11.06 03:20:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\gtk-2.0
[2010.09.25 00:32:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Hunspell
[2009.07.22 00:19:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Hyperionics
[2010.05.27 15:51:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\IcoFX
[2010.09.24 16:49:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\idiomaNavigator
[2009.07.23 16:13:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\ImgBurn
[2007.05.09 05:46:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Intention Activator
[2010.08.12 19:39:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Inventivio
[2006.05.26 01:26:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\IrfanView
[2010.10.16 23:09:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\J River
[2010.10.14 04:43:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\JAM Software
[2010.04.26 04:25:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\K-Meleon
[2010.04.25 02:54:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\KC Softwares
[2009.07.11 20:24:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\KeePass
[2010.05.09 17:32:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\KillProcess
[2010.04.20 17:43:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\KompoZer
[2010.10.20 11:04:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Lamantine
[2010.05.14 14:32:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Leadertech
[2010.09.22 09:51:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Likno Software
[2009.07.06 00:54:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Lingo4u
[2009.10.23 16:52:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\LogoMaker
[2010.09.23 23:22:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\ManyCam
[2008.08.17 00:20:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\MindWorkStation
[2009.09.27 02:51:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\mirkes.de
[2010.09.08 01:26:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Movienizer
[2009.08.16 12:08:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\MrJobs
[2006.04.27 22:04:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\MSNInstaller
[2009.10.16 20:21:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\MuldeR
[2010.08.27 17:19:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Musereo
[2010.10.14 18:02:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\MusicBee
[2009.09.27 04:15:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\My Audio Studio
[2009.10.23 23:25:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\NeoSoftTools
[2010.09.03 18:07:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Nitro PDF
[2010.08.10 20:50:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\noteMaNIA
[2006.05.07 04:25:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Nvu
[2010.06.09 09:19:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Obsidium
[2010.08.06 17:07:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\onOne Software
[2010.09.03 04:15:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Outertech
[2009.07.26 18:08:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Participatory Culture Foundation
[2009.07.27 12:17:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\PCF-VLC
[2010.06.04 18:22:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\PearlMountainSoft
[2010.08.28 13:25:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\PerfectClock2007
[2009.10.01 17:46:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\phonostar-Player
[2010.09.17 19:30:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\PhraseExpress
[2010.11.07 12:50:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Playrix Entertainment
[2010.10.26 13:25:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\ProcessLasso
[2009.09.25 23:53:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\RapidSolution
[2007.10.09 18:54:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\REAPER
[2009.07.25 15:12:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\RevoluTV
[2006.05.02 14:44:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\RVS
[2009.08.22 23:55:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Safer Networking
[2010.05.01 17:44:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Screenbrush
[2006.07.11 23:59:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\SlySoft
[2010.03.31 20:33:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\SocuSoft Video Converter
[2010.07.31 14:26:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Softland
[2010.10.14 13:07:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Songbird2
[2010.09.16 22:22:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\SoundMaven
[2010.03.16 19:07:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\SoundSpectrum
[2010.08.12 19:38:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Speak-A-Message
[2006.07.06 18:25:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\SpeedProject
[2010.10.26 13:25:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Start Menu 7
[2010.05.27 15:51:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\stickies
[2010.10.02 11:48:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\SuperUtils.com
[2006.05.01 14:43:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Template
[2010.11.14 20:20:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\TeraCopy
[2006.04.27 18:51:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Thunderbird
[2010.03.23 16:38:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\TreeDBNotes Pro 3
[2006.04.28 19:41:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\TuneUp Software
[2006.05.02 00:43:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Ulead Systems
[2010.11.02 12:37:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\uTorrent
[2010.05.24 23:48:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\VCOM
[2010.10.26 13:25:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Video Converter for Any Flv Player
[2010.06.18 17:02:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\VitySoft
[2010.08.28 14:58:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\VOS
[2010.06.25 02:19:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Web Page Maker
[2010.09.27 09:25:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\WebSearch
[2010.03.30 15:44:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\WhiteSmoke
[2009.07.04 14:08:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\WordWeb
[2009.07.03 12:56:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\YCanPDF
[2010.08.30 07:53:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\YoWindow
[2010.11.03 21:07:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Zentimo
[2010.04.21 15:01:10 | 000,000,604 | -H-- | M] () -- C:\WINDOWS\Tasks\ConfigExec.job
[2010.04.21 15:01:10 | 000,000,572 | -H-- | M] () -- C:\WINDOWS\Tasks\DataUpload.job
[2010.11.13 14:03:46 | 000,000,880 | ---- | M] () -- C:\WINDOWS\Tasks\Differentielles Backup Wöchentlich.job
[2010.11.01 17:03:56 | 000,000,936 | ---- | M] () -- C:\WINDOWS\Tasks\Hauptbackup Monatlich.job
[2010.11.02 00:28:08 | 000,000,654 | ---- | M] () -- C:\WINDOWS\Tasks\Paragon Archive name diff_backupC.job
[2010.11.01 01:37:42 | 000,000,660 | ---- | M] () -- C:\WINDOWS\Tasks\Paragon Archive name diff_differential.job
[2010.11.02 02:31:18 | 000,000,598 | ---- | M] () -- C:\WINDOWS\Tasks\Paragon arc_increment.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\defrag.exe:SummaryInformation
@Alternate Data Stream - 247 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CDF51F17
@Alternate Data Stream - 241 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5FC93B4C
@Alternate Data Stream - 223 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:F87C192A
@Alternate Data Stream - 190 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B879A65B
@Alternate Data Stream - 185 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:F68098AE
@Alternate Data Stream - 185 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:85551434
@Alternate Data Stream - 172 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:FB6AC38B
@Alternate Data Stream - 116 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:84098FD3

< End of report >
------------------------------------------------------------------------------------------
If you do not the expect the unexpected you will not find it, for it is not to be reached by search or trail. (Heraklit)
Miracles are Interactive Events that have a Beginning inside of You. At the Level of Desire You Create the Seeds of Miracles. Whatever you focus on, you will experience. Anything in this world is possible if you have a strong belief

#4 crystal07

crystal07
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:58 AM

Posted 14 November 2010 - 06:13 PM

2. OTL Extra
--------------------------
OTL Extras logfile created on: 14.11.2010 20:30:39 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\sabine\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 31,21 Gb Total Space | 14,65 Gb Free Space | 46,94% Space Free | Partition Type: NTFS
Drive E: | 30,33 Gb Total Space | 6,49 Gb Free Space | 21,41% Space Free | Partition Type: FAT32
Drive F: | 78,70 Gb Total Space | 34,18 Gb Free Space | 43,43% Space Free | Partition Type: NTFS
Drive G: | 10,30 Gb Total Space | 2,36 Gb Free Space | 22,90% Space Free | Partition Type: FAT32
Drive H: | 79,22 Gb Total Space | 45,77 Gb Free Space | 57,78% Space Free | Partition Type: NTFS
Drive O: | 19,52 Gb Total Space | 5,97 Gb Free Space | 30,57% Space Free | Partition Type: FAT32
Drive P: | 19,53 Gb Total Space | 18,39 Gb Free Space | 94,12% Space Free | Partition Type: NTFS
Drive Q: | 19,52 Gb Total Space | 8,36 Gb Free Space | 42,80% Space Free | Partition Type: FAT32
Drive R: | 18,07 Gb Total Space | 15,18 Gb Free Space | 84,00% Space Free | Partition Type: FAT32
Drive S: | 232,88 Gb Total Space | 107,66 Gb Free Space | 46,23% Space Free | Partition Type: NTFS
Drive T: | 244,76 Gb Total Space | 91,96 Gb Free Space | 37,57% Space Free | Partition Type: NTFS
Drive U: | 245,26 Gb Total Space | 101,31 Gb Free Space | 41,31% Space Free | Partition Type: NTFS
Drive V: | 204,98 Gb Total Space | 189,78 Gb Free Space | 92,59% Space Free | Partition Type: NTFS
Drive W: | 236,51 Gb Total Space | 219,15 Gb Free Space | 92,66% Space Free | Partition Type: NTFS

Computer Name: METATRON | User Name: sabine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- E:\Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- E:\Dreamweaver\Dreamweaver MX\Dreamweaver.exe (Macromedia, Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- E:\Firefox\firefox.exe "%1" (Mozilla Corporation)
http [open] -- "E:\Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "E:\Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [open] -- "E:\Dreamweaver\Dreamweaver MX\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [Irfan Miniaturen] -- E:\Irfan\i_view32_.exe "%1" /thumbs /one (Irfan Skiljan)
Directory [MediaMonkey.1Play] -- "E:\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- E:\MSONEN~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- Reg Error: Key error.
Drive [find] -- Reg Error: Key error.

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"E:\uTorrent\uTorrent.exe" = E:\uTorrent\uTorrent.exe:*:Enabled:uTorrent.exe -- (BitTorrent, Inc.)
"E:\commander\verzeichnis.exe" = E:\commander\verzeichnis.exe:*:Disabled:FileCommander -- (Godlike Software)
"E:\Programme\CuteFTP\CUTFTP32.EXE" = E:\Programme\CuteFTP\CUTFTP32.EXE:*:Enabled:Winsock FTP Client -- (Alex Kunadze)
"E:\Fireworks\Fireworks MX\Fireworks.exe" = E:\Fireworks\Fireworks MX\Fireworks.exe:*:Disabled:Fireworks MX -- (Macromedia Inc.)
"E:\MS OneNote\Office12\ONENOTE.EXE" = E:\MS OneNote\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"E:\AnyplaceControl\apc_host.exe" = E:\AnyplaceControl\apc_host.exe:*:Enabled:Anyplace Control - Host Module -- (Anyplace Control Software)
"E:\MS OneNote\Office12\OUTLOOK.EXE" = E:\MS OneNote\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"E:\MS OneNote\Office12\GROOVE.EXE" = E:\MS OneNote\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"E:\Teamviewer\TeamViewer.exe" = E:\Teamviewer\TeamViewer.exe:*:Enabled:TeamViewer -- (TeamViewer GmbH)
"E:\SpeakAMessage\bin\SpeakAMessage.exe" = E:\SpeakAMessage\bin\SpeakAMessage.exe:*:Enabled:Speak-A-Message -- (Inventivio GmbH)
"E:\SpeakAMessage\updater.exe" = E:\SpeakAMessage\updater.exe:*:Enabled:Speak-A-Message Updater -- (Caphyon LTD)
"C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\sabine\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"G:\Downloads\Apps\PhraseExpress\USBVersion\phraseexpress.exe" = G:\Downloads\Apps\PhraseExpress\USBVersion\phraseexpress.exe:*:Enabled:PhraseExpress -- File not found
"E:\Hardcopy\hardcopy.exe" = E:\Hardcopy\hardcopy.exe:*:Enabled:Hardcopy - Drucken Fenster/Bildschirminhalt, Print Window/Screen -- (sw4you, Siegfried Weckmann)
"E:\SoundMaven\SoundMaven.exe" = E:\SoundMaven\SoundMaven.exe:*:Enabled:SoundMaven -- ()
"E:\PhraseExpress\phraseexpress.exe" = E:\PhraseExpress\phraseexpress.exe:*:Disabled:PhraseExpress -- (Bartels Media GmbH)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00963E50-F782-4EEA-9508-17F9171B04CD}_is1" = Dream Desktop Agent 1.01.0084
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{0379CF3E-BED6-474C-AE96-D07E8D7763AC}_is1" = Simple CSS 2.1
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{080C0BEF-7533-4322-9B4E-B1ED4634914E}" = CarpoSMS
"{0A6FE998-A146-4D34-93DF-DC47D00F0830}" = Anyplace Control 4.14_Full
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung
"{10513D2E-0F52-4A45-9671-D73FDE4CCDB6}" = P.M. Logik-Trainer
"{107C666F-63C5-4263-8D40-8B9CFB5FED08}" = Microsoft Robocopy GUI
"{108A39BF-4ED1-4293-B11A-06BD521FB8F7}" = FreeOCR 3.0
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12650598-D7B9-4FB5-91B2-2CAA641AC589}" = Trend Micro RUBotted
"{128AF653-6E81-4525-BE84-43C297A35F28}_is1" = Object Fix Zip
"{142DB726-3FC3-4631-95FE-3524C8A71CC1}" = Mediaraptor
"{16FEA4D0-15D6-4BFF-ACA1-7CA81FD4CD64}" = OpenFX
"{1965C9BB-9114-4A50-AEC7-E62414BB117B}" = EASEUS Data Recovery Wizard Professional 4.3.6
"{1A0B8239-664B-434A-99D8-C50793513249}" = Audials TV
"{1DCCB2B0-A482-464F-94F6-1219693E34F0}_is1" = AeroSnap 0.61
"{1E3CA1C4-1E90-401B-8CC0-911DF018D8D8}" = AllWebMenus PRO 5.3.840
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}" = Free NaturalReader
"{1FD25FCD-6F39-4686-AFBB-7056EBAE5E68}" = Avira RootKit Detection
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{21AFF51C-9353-49A9-BA58-5BEA5630BA15}" = Radiotracker
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis Disk Director Suite
"{23236FC2-648D-4ACF-AD16-68492D0F0AC9}" = FileBox eXtender
"{236E24F2-D767-406B-B2F0-892D3A0DEA4A}" = HiCam USB 2.0 S931P
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{280ED870-1DF3-4574-A679-E2C4A8163249}_is1" = Registry System Wizard
"{296001B3-BB4B-40A7-8F42-69C5057140D9}_is1" = WBTExpress v7.0
"{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1" = RegAlyzer
"{29D3773E-54F4-23C2-D523-236A4453B844}_is1" = FileAlyzer
"{2BB90164-91B9-4567-9A3C-88652BA1DA49}" = Tunebite
"{2C3738C9-56FA-410A-BCB5-79C5DFD238F0}" = TuneUp Utilities 2004
"{2FBF04DC-404C-4FA4-BA28-99903080D2B9}" = Magnifier Powertoy for Windows XP
"{30283233-3BE6-473D-A47C-ED964A2F78B4}_is1" = Inpaint 2.4
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}" = Ulead Photo Express 5 SE
"{31851B85-C98E-44DE-8750-9843BCD63963}" = Adobe After Effects 5.5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37566D8F-0EA4-46EF-8858-973FF21853B6}" = Nitro PDF Reader
"{3A9FE5C3-799E-4E41-AF4E-943F9BC4C4BD}_is1" = All My Books 1.9 FULL for GOTD
"{3BA19BC9-A5C8-492B-9221-D6A020011193}" = Idioma Navigator 2.1.0
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3F7097C2-6D49-4C0D-93BF-9C39E5154DA0}" = Extension Manager
"{3F8EB641-6AD2-45DE-A8DD-91D7BDD39CDE}" = Microsoft USB Flash Drive Manager
"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{437C19B3-7E20-4E39-B868-CA6BAA820E1C}" = Microsoft Rechner-Plus
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4544CA3D-601F-4B90-8941-9B93256F27BF}" = RVS-COM Lite
"{45A3AB0D-BAE9-45B7-A582-F48AA9F06368}" = CDInterface Studio 2
"{46552BC3-52B6-404c-9B42-CE536AB719FD}_is1" = Ashampoo Home Designer1.0.0
"{47A1D771-1E15-4A4B-B9EC-47F62365028F}" = Z-TaskHelp
"{485DF5E7-8379-4BFA-BAE1-9B8DBFE0D6B4}" = Paragon Drive Backup™ 9.5 Professional Edition
"{48F95CE7-69D9-4967-81F7-D763CABFBD53}" = Debugging Tools for Windows (x86)
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{4D826618-59C6-11D4-976E-00C04F8EEB39}" = Macromedia FreeHand 10
"{4E0B21EE-F414-412A-B916-19CBDEA5EF64}_is1" = Smart Diary Suite 4
"{4E475FD4-4513-4B1D-8DDA-43912B068C99}" = HTML Slideshow Powertoy for Windows XP
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{5158974E-2D28-4018-9335-7694C2974746}" = Fix-It Utilities 7
"{519DCB99-5F4E-4C86-9F17-EE92BF6EDCF0}" = Cameyo
"{52291FC0-33D3-4A18-9587-5115225545D8}_is1" = ThunderFix 1.0.0.2
"{53480150-81CB-4A86-B378-86B6F08AF80B}" = O&O DriveLED
"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery
"{542C6F13-6861-4010-9EBC-6F068D397AD8}" = SRS Audio Sandbox
"{54B4FDFB-9345-4EC9-AA2B-B1476A8B20EF}_is1" = iCare Format Recovery Software1.1
"{54dcbccb-c905-46dc-b6e6-48563d0e9e55}" = LameXP
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{57383270-6F61-4DC8-A9B8-C1745FC29F38}" = USB PC Camera (SN9C102)
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{590A394D-5223-4C90-A82D-1B715FC1C31C}" = SuperLauncher
"{5A937F04-F71A-47A3-A98A-F576BA9A39DF}_is1" = Easy Photo Sorter version 2.6
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5C72876F-5682-4A05-B70F-DB5678BBF48B}" = Manifestation
"{629B8602-DCDC-40F7-A5CE-E3A13E25691F}" = Melloware PlacesBar Editor
"{62A5F5BC-CDAC-4F44-A2A9-C30A1BCBCA6B}" = CIB pdf Plug-in 1.3.24
"{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3
"{63E70830-D058-4DB4-BE39-78C533049FA6}_is1" = MetaTexis for Word 3.0
"{6624A46E-1215-4525-A7BB-237B6C877EA9}" = Voice and Speech Recognition Software
"{67F5E390-8E09-4AE4-B7F2-705AFD23D86D}" = WinAutomation
"{684E1940-37DC-4C1D-A3E1-B38C0EA06B1B}" = Z-DataDVD
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{68EC89D9-B4F2-43F3-907A-5DC56D3A4B12}" = PROMT Translation Agent
"{6A8535B5-E3BF-484F-A9AC-BC0FEDF5BB3A}" = StickySorter
"{6AF5CAB9-FD0A-494F-8AA6-784D4B5D06C5}" = Microsoft Baseline Security Analyzer 2.1
"{6C32ACBF-B9CA-4d53-BB71-C4FA97582286}_is1" = Sothink DHTML Menu 9
"{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1" = Picture Collage Maker Pro 2.2.8
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76E2A1A0-CE72-48A0-8D8E-767A1B0C2191}" = PhotoFrame 4.5.1 Free
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7926B7E2-57EC-4ADC-9C9D-3627DB24C235}" = Redshift 7 Launcher
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{86F4F32B-77C7-4951-B33C-05D41A8190C1}" = Microsoft RichCopy 4.0
"{872ADF4E-8F51-41B7-8553-ACD5771BCC90}_is1" = AnyBizSoft PDF to Word (Build 2.5.3)
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8C9A9271-8B15-431C-A363-75B2B95E98F5}_is1" = RSS Feed Creator
"{8DB4B3C5-9308-401B-97E6-ECF0A378703A}" = MusicBee
"{8DC32C34-72D1-4646-B532-9604479209A3}_is1" = USB Threat Defnder 1.0
"{8E5C6B26-AF12-49F5-BF49-E5F80A6DCF38}" = Microsoft SharedView
"{900CF2F4-1910-47A4-B8CB-A296FFEAB153}" = Expresso
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_ONENOTER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_ONENOTER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-00A1-0000-0000-0000000FF1CE}" = Microsoft Office OneNote 2007
"{91120000-00A1-0000-0000-0000000FF1CE}_ONENOTER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-00A1-0000-0000-0000000FF1CE}_ONENOTER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{93FCF03A-A2F0-423F-9143-C4629D6C18CF}" = Z-FTPcopy
"{94A065E8-455D-41C1-AF1F-F0C1AF8F50F3}" = Microsoft IntelliType Pro 7.0
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527450C-64B3-11D5-9B31-000021116B62}" = SmartCamera Ver 2.1
"{956AB2F3-CE39-4078-82DC-B2B7F1BEEEC5}" = Tagrunner
"{97097F2D-CFBF-4DC9-A8AF-1C8EAC322275}" = Vocal Remover
"{971704F3-D10D-4E4D-90E5-C6163D96F987}_is1" = RevoluTV 2.3
"{97784CF3-B39C-47A5-BD53-7F18533EFF87}" = Z-Cron
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D61F838-4506-4257-AE6F-466D1F9329FB}" = Tabbles
"{9D89EE43-B471-40EC-9550-6BD77C7BE3F4}" = WhiteSmoke
"{9E9CAC61-DB2E-11DE-BE15-005056C00008}" = Paragon Backup and Recovery™ 10 Compact Edition
"{A0383B7D-81A2-49D3-BE06-C0FD9EFB9DFC}" = Corel Painter IX
"{A06F5ACB-AF59-4DC0-B22E-1F6F47FC7004}" = Microsoft Reader Text-to-Speech deutsch
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}" = Microsoft Speech SDK 5.1
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A5FF2837-59C6-425B-8652-8CD385899F3F}" = uMark Professional 1.3
"{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}" = eXPert PDF 4
"{A7B64E0F-FA10-444A-8EFA-FD70C34C79CA}" = 1AVStreamer
"{A7BF5297-3E74-11D5-B00F-00104B398D77}" = QuarkXPress Passport 5.01
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A9212616-FCA2-4173-BD99-5C741EB3A068}" = Ulead DVD PictureShow 2 SE Basic
"{A92D7264-1A13-45BE-B769-88445DD04FD6}" = Desktop Sidebar
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AD2168D5-1E80-42E6-B8BC-C3977907307D}" = calibre
"{AE8556FB-4A95-47FA-8E88-A1A18B52105C}" = EZMedia Box 2.0
"{AF58CE7A-B48F-4DDF-8FB7-838DDC22D63C}" = Paragon Go Virtual™
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B19C841C-D60A-462F-AB86-4FDD51A77FA3}" = NILE THEME
"{B1A395E3-2011-401D-B784-11026B9D107E}" = Mondphasen-Berechnung
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BADE88E4-28A2-42B0-96AC-694D0652D8F7}_is1" = AnyBizSoft PDF to Excel (Build 2.0.1)
"{BE4FE60C-A636-4017-B3FF-0EE7C39EAAF2}" = Speak-A-Message
"{BF50CF00-7CE6-11DE-A06C-005056C00008}" = Paragon Virtualization Manager ™ 2009
"{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}" = RealSpeak Solo fur Deutsch - Steffi
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E544E5-EF3C-4103-A57B-3A499FD91031}" = Nero 7 Essentials
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}" = Slideshow Generator Powertoy for Windows XP
"{C3C23D52-4FE6-484D-9A8C-B0A6E2803655}}_is1" = Aneesoft Flash Gallery Classic GOTD Edition
"{C41F4616-44B6-4E8D-BFC7-4267862A2CE1}" = DMX Update
"{C8F4904F-51F4-4312-BE64-FF1D23606E86}_is1" = Sothink Logo Maker
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}" = DE
"{CA41DEF1-4666-46BD-8B37-41631DF5A0EC}" = Free-Jahreskalender 2010
"{CA4548D0-4E0B-4C67-BA5E-C35ECD1F88B8}" = Radiotracker
"{CA83357B-931E-44DC-AD43-9996FEEB8116}" = Acronis True Image
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEC8F2E3-AC9A-357C-BFCB-BFAC37C4AC50}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{CED39C81-BA18-4544-A4A4-20B5C8CF488F}_is1" = InstantMask 1.1
"{CF6E7481-4487-46D3-810A-F73EEA232CE0}" = Microsoft IntelliPoint 5.0
"{CF884377-4A51-40E4-B355-64E88272C38B}" = Easy Poster Printer
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D258B5E6-11F5-43C2-8E73-F8078F9BCCB2}" = Password Depot 4 Softwareload-Edition
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D9E67746-9028-45C4-8924-8FDDFEA7F368}" = MD5 Fingerabdruck
"{DBCF0030-9149-11DE-B8B6-005056C00008}" = Paragon Drive Copy™ 9.5 Personal
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E0E4D444-6898-42D0-9A9C-F2B3790B2820}" = GOLDPATT V1.30
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E38E1721-7FE7-11D4-A898-0000E83DCDA6}" = Ulead Photo Explorer 7.0 SE
"{E550F15F-1024-4FB6-8A76-5E9F77368B53}" = Nexus Radio
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E7A9DCC5-8D19-4B95-BED8-2DB41F920F11}" = Microsoft WorldWide Telescope
"{E9956BBA-1092-4C65-B708-1EBFCA050678}" = Clone Audio Recorder
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"{EFA597E4-73D3-4142-90DB-BE28E5589F99}_is1" = Device Remover
"{F251B999-08A9-4704-999C-9962F0DFD88E}" = Virtual Desktop Manager Powertoy for Windows XP
"{F2DA54F3-F7FB-4AE8-9B33-BEA5391E4A03}" = Z-DBackup
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F6591A9D-A7EF-4FDF-8440-F42C725E37F4}" = Easy Flyer Creator 2.0
"{F6C84ED7-9CAC-423b-9E00-C9BFAFBD0593}_is1" = RadioGet 1.3.8
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F9C3B51C-DCCC-4916-B08D-A6820D914AC0}" = CSDiff
"{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}" = XML Notepad 2007
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3D Text Commander" = 3D Text Commander 3.0.1 by Insofta Development
"44953928-E730-4e8c-A2B2-3A85BC96A3D0_is1" = FileSeek 2.0.0
"AAC/MP4 Plugin (Free/GPL), install for Mind Stereo_is1" = AAC/MP4 Plugin (Free/GPL), install for Mind Stereo
"ActionOutline_is1" = ActionOutline Lite 3.0
"Add to Benubird PDF as PDF_is1" = Add to Benubird PDF as PDF (novaPDF OEM 7.1 printer)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe InDesign 2.0" = Adobe InDesign 2.0
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Agent Ransack_is1" = Agent Ransack 2010
"AI RoboForm" = AI RoboForm (All Users)
"Aiseesoft Streaming Video Recorder_is1" = Aiseesoft Streaming Video Recorder
"Aiseesoft Total Video Converter_is1" = Aiseesoft Total Video Converter
"Album Art Downloader XUI" = Album Art Downloader XUI 0.36
"Album View 2.0_is1" = Album View 2.0.7.1
"Alchera_Suite_3_is1" = Alchera 3.72
"AlfaClock Free_is1" = AlfaClock Free version 1.9.0.752
"AllMedia Grabber5.0" = AllMedia Grabber
"AllMyNotes Organizer" = AllMyNotes Organizer
"AllMySongs Database1.4" = AllMySongs Database
"Allure" = Allure 1.1.1
"Almeza MultiSet Professional_is1" = Almeza MultiSet Professional 7.8.1
"AltDesk" = AltDesk.1.9.1
"Amazon Kindle For PC" = Amazon Kindle For PC v1.1
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"Anki" = Anki
"AntiFreeze_is1" = AntiFreeze 1.01
"AnVir Task Manager" = AnVir Task Manager
"AnyDVD" = AnyDVD
"Archos MPG4 Translator V3.0.12" = Archos MPG4 Translator V3.0.12
"Article Submitter 1.4" = Article Submitter 1.4
"Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.40
"Ashampoo Snap 3_is1" = Ashampoo Snap 3.50
"Ashampoo WinOptimizer 2010 Advanced_is1" = Ashampoo WinOptimizer 2010 Advanced
"Aston2" = Aston 2.0.0
"ASTRA32_is1" = ASTRA32 - Advanced System Information Tool 2.03
"ATI Display Driver" = ATI Display Driver
"Atmosphere Lite Plus_is1" = Atmosphere Lite Plus v6.0
"Audacity_is1" = Audacity 1.2.6
"AudialsOne_is1" = AudialsOne 3.0.5006.600
"AudibleManager" = AudibleManager
"Audio Sliders_is1" = Audio Sliders
"Audio Speed Changer Pro" = Audio Speed Changer Pro 1.2
"AudioShell_is1" = AudioShell 1.3.5
"Aura" = Aura
"Autoplay Menu Designer_is1" = Autoplay Menu Designer 3.4
"Autoplay Repair" = Autoplay Repair 2.2.2
"AV Music Morpher" = AV Music Morpher
"AV Video Morpher" = AV Video Morpher
"Avi2Dvd" = Avi2Dvd 0.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Bee Icons_is1" = Bee Icons v 4.0.3 (GAOTD Edition)
"Benubird PDF" = Benubird PDF 1.4.0.6
"Bryce 4.0" = Bryce 4.0
"Caligari trueSpace7.6_is1" = Uninstall trueSpace7.6
"Carpomail" = Carpomail
"Carposoftphone!UninstallKey" = Carposoftphone
"CD Data Rescue_is1" = CD Data Rescue 2.3
"Chameleon Startup Manager 3" = Chameleon Startup Manager 3.1.0.636
"CHIP Powertool_is1" = CHIP Powertool 1.3.3
"Cleanse Uninstaller Pro 6.5" = Cleanse Uninstaller Pro 6.5
"ClockOnDesktop" = Clock-on-Desktop 2010.3 Giveaway -- Desktop clocks with skins, alarms and sounds
"CloneDVD2" = CloneDVD2
"Collectorz.com Music Collector" = Collectorz.com Music Collector
"Cool Educational Screensaver" = Cool Educational Screensaver
"Cool Timer_is1" = Cool Timer 3.6
"CuteFTP" = CuteFTP
"Daniusoft DVD Creator_is1" = Daniusoft DVD Creator(Build 1.2.0.4)
"DateiCommander 10.3_is1" = DateiCommander
"DateiCommander 8 LE by C. Lütgens_is1" = DateiCommander 8 LE
"DebugMode Wax 2.0" = DebugMode Wax 2.0
"Defraggler" = Defraggler (remove only)
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"DEPro3" = Disk Explorer Professional 3
"Digital Diary_is1" = Digital Diary 4.6
"Director 8.5G Shockwave Studio Trial" = Director 8.5G Shockwave Studio Trial
"DMX5_is1" = DriverMax 5
"Driver Genius Backup Express_is1" = Driver Genius Backup Express
"Driver Manager_is1" = Driver Manager v1.02
"DSV PHP Editor_is1" = DSV PHP Editor 3.1.0
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD43_is1" = DVD43 v4.6.0
"EASEUS Partition Master Professional Edition_is1" = EASEUS Partition Master 4.0 Professional
"EASEUS Todo Backup 1.0_is1" = EASEUS Todo Backup 1.0
"East-Tec Backup 2009_is1" = East-Tec Backup 2009 2.3
"Easy Macro Recorder_is1" = Easy Macro Recorder 3.81
"easyQuizzy_is1" = easyQuizzy 1.8
"eCover Engineer Full Version_is1" = eCover Engineer 6.0 - Full Version
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EULAlyzer_is1" = EULAlyzer 2.0
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Fantastic Flame Screensaver" = Fantastic Flame Screensaver
"feelingblue_3112167" = feelingblue_3112167 Screen Saver
"ffdshow_is1" = ffdshow [rev 3096] [2009-10-06]
"FileBox eXtender" = FileBox eXtender
"FileMenu Tools_is1" = FileMenu Tools
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"Fire Heart Desktop Gadget" = Fire Heart Desktop Gadget
"Fishdom_is1" = Fishdom
"Flip PowerPoint_is1" = Flip PowerPoint 1.2
"flowerpots_3151926" = flowerpots_3151926 Screen Saver
"Folder Marker_is1" = Folder Marker Home v 3.0
"FolderBox" = FolderBox 1.2
"Free DVD Decrypter_is1" = Free DVD Decrypter version 1.5
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.1
"Free DVD Video Converter_is1" = Free DVD Video Converter version 1.1
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.1
"FREE Templates for eCoverEngineer_is1" = FREE Templates for eCoverEngineer
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.4
"Free Videos To DVD_is1" = Free Videos To DVD V 3.2.0
"FreePDF_XP" = FreePDF (Remove only)
"Garbage Finder" = Garbage Finder 2.3
"GetDiz 4.5" = GetDiz 4.5
"GFI Backup 2009 - Home Edition" = GFI Backup 2009 - Home Edition
"G-Force" = G-Force
"Golden Autumn 3D Screensaver_is1" = Golden Autumn 3D Screensaver 1.0
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"Hardcopy(E__Hardcopy)" = Hardcopy (E:\Hardcopy)
"HardlinkShellExt" = Link Shell Extension
"Heart On Fire Screensaver" = Heart On Fire Screensaver
"HijackThis" = HijackThis 2.0.2
"iCare Data Recovery_is1" = iCare Data Recovery 4.0
"IcoFX_is1" = IcoFX 1.6.4
"IconTweaker" = IconTweaker
"Incomedia WebSite X5 v8 - Smart" = Incomedia WebSite X5 v8 - Smart
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"Instant Analysis" = Instant Analysis
"Instant-Hypnosis MP3 Player_is1" = Instant-Hypnosis MP3 Player
"IP-Secrets_is1" = IP-Secrets 2.1
"IrfanView" = IrfanView (remove only)
"iWisoft Flash SWF to Video Converter_is1" = iWisoft Flash SWF to Video Converter 3.4
"iWisoft Free Video Converter_is1" = iWisoft Free Video Converter 1.2
"iWisoft Free Video Downloader_is1" = iWisoft Free Video Downloader 2.1
"Jahshaka" = Jahshaka
"JDownloader" = JDownloader
"Jet Screenshot_is1" = Jet Screenshot v 2.3
"Jokosher_is1" = Jokosher version 0.11.3
"JPEG Imager_is1" = JPEG Imager 2.4.5.222
"JPEG Optimizer" = JPEG Optimizer
"Julian Day converter" = Julian Day converter
"KC Softwares AudioGrail_is1" = KC Softwares AudioGrail
"KeeFormFF2KP2_is1" = KeeFormFF 2.01
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.08
"Kepler 7.0" = Kepler 7.0
"KeyBind" = Antares KeyBind 1.04
"KeyScrambler" = KeyScrambler
"KRISTAL Audio Engine" = KRISTAL Audio Engine
"LeaderTask (GAOTD)_is1" = LeaderTask (GAOTD) 6.6.2
"LeaderTask_is1" = LeaderTask 6.9.6
"LHTTSENG" = L&H TTS3000 British English
"LHTTSGED" = L&H TTS3000 Deutsch
"LogoMaker_is1" = LogoMaker 2.0
"Macro Angel" = Macro Angel
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"MagicScore_is1" = MagicScore
"MAGIX FunPix Maker D" = MAGIX FunPix Maker 1.0.0.0 (D)
"Magnifying Glass Pro_is1" = Magnifying Glass Pro 1.8
"magnolias_3124667" = magnolias_3124667 Screen Saver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.5.74 (remove only)
"MASH_is1" = MASH
"MBRtool_is1" = DIY DataRecovery MBRtool
"Media Jukebox 14" = Media Jukebox 14
"MediaCoder" = MediaCoder 0.5.1
"MediaMonkey Script: MiniLyrics Embedder v1.4b_is1" = MediaMonkey Script: MiniLyrics Embedder v1.4b
"MediaMonkey_is1" = MediaMonkey 3.2
"Mediwatch" = Mediwatch
"MetaStream" = MetaStream
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mind Stereo Visualizations Pack_is1" = Mind Stereo Visualizations Pack 1.1.1
"Mind Stereo_is1" = Mind Stereo 1.1.3
"Mind WorkStation Visualizations Pack_is1" = Mind WorkStation Visualizations Pack 1.0
"Mind WorkStation_is1" = Mind WorkStation 1.0.5
"MiniLyrics" = Minilyrics(remove only)
"Miro" = Miro
"Mkshot2" = Mkshot2
"Motivator_is1" = Motivator
"MOV to AVI MPEG WMV Converter_is1" = MOV to AVI MPEG WMV Converter 4.2.0909
"Movienizer_is1" = Movienizer 3.2
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"mp3-2-wav" = mp3-2-wav converter 1.14
"Mp3ListShellEx" = Mp3ListShellEx
"MP4/M4A Plugin (Free/GPL), install for Mind WorkStation_is1" = MP4/M4A Plugin (Free/GPL), install for Mind WorkStation 1.1
"MSCSR" = Microsoft Speech Recognition Engine 4.0 (English)
"MSNINST" = MSN
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Musereo Mono to Stereo Converter_is1" = Musereo Mono to Stereo Converter 2.4
"My Audio Studio_is1" = My Audio Studio v2.0.0.1
"Nature Illusion Studio" = Nature Illusion Studio
"Ncesoft Flip Book Maker_is1" = Ncesoft Flip Book Maker 2.3.1
"Neuro-Programmer 2 Professional_is1" = Neuro-Programmer Professional 2.4.2
"nLite_is1" = nLite 1.4.9.1
"ObjectDock" = ObjectDock
"ONENOTER" = Microsoft Office OneNote 2007 Trial
"OpenExpert" = OpenExpert 1.40
"OpenLibraries" = OpenLibraries
"Patience_is1" = Patience 2.03
"pcwPDF2HTML_is1" = pcwPDF2HTML 0.2
"PDF Editor 2" = PDF Editor 2
"PDFZilla_is1" = PDFZilla V1.2
"Perfect Loop" = Perfect Loop
"PerfectClock" = PerfectClock
"Photon" = Instant Photo Effects 2.0
"PicPick" = PicPick
"Pictomio" = Pictomio
"playfulportrait_3269261" = playfulportrait_3269261 Screen Saver
"portraitsofautumn_3125138" = portraitsofautumn_3125138 Screen Saver
"ProcessLasso" = Process Lasso
"Professional TAGEditor" = Professional TAGEditor
"PROSet" = Intel® PRO Network Connections Drivers
"Quick PDF Tools" = Quick PDF Tools 1.4.0.0
"QuickPar" = QuickPar 0.9
"Radian_is1" = Radian v1.0b
"Rainlendar2" = Rainlendar2 (remove only)
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva (remove only)
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RegCure" = RegCure
"Registrar_is1" = Registrar Registry Manager 6.52
"Revo Uninstaller" = Revo Uninstaller 1.90
"Rhymesaurus FREE Edition_is1" = Rhymesaurus FREE Edition (2.0.0.0)
"RoboMatic X1_is1" = RoboMatic X1 Version 2.0
"RocketDock_is1" = RocketDock 1.3.5
"Rohos_Rohos22_is1" = Rohos Mini Drive 1.6
"rosedance_3112166" = rosedance_3112166 Screen Saver
"Sagelight 48-bit Image Editor" = Sagelight 48-bit Image Editor
"SanityCheck_is1" = SanityCheck 2.01
"Scanned Text Editor 1" = Scanned Text Editor 1
"Screensaver Factory 4 Standard_is1" = Screensaver Factory 4 Standard
"Scribus 1.3.3.13" = Scribus 1.3.3.13
"Scribus 1.3.3.14" = Scribus 1.3.3.14
"SDEPRO20_is1" = SDExplorer 2.1
"Secunia PSI" = Secunia PSI
"Send To Toys_is1" = Send To Toys v2.5
"Sharp Writer0.01 beta" = Sharp Writer
"ShellLess_is1" = BookRoom Viewer 1.01
"SideSlide_is1" = SideSlide 3.0.00b3
"Simpo PDF to Word_is1" = Simpo PDF to Word 2.1.1.0
"SocuSoft Web Video Player_is1" = SocuSoft Web Video Player 1.10
"SoftCATPlus_is1" = SoftCAT
"Some PDF to HTML Converter_is1" = Some PDF to HTML Converter 1.5
"soundbase_is1" = soundbase
"Soundmasker Deluxe_is1" = 5.0
"SoundMaven_is1" = SoundMaven 0.8 beta
"SoundTaxi_is1" = SoundTaxi 4.1.1
"Spirit Of Wandering_is1" = Spirit Of Wandering
"Sqirlz Water Reflections" = Sqirlz Water Reflections
"SQTV" = SQT View (uninstall)
"ST5UNST #1" = PlusText
"ST6UNST #1" = TextExtract
"ST6UNST #2" = Karen's Power Toy
"Start Menu 7_is1" = Start Menu 7 3.84
"StartupStar_is1" = StartupStar
"Stellarium_is1" = Stellarium 0.10.5
"Sticky Password_is1" = Sticky Password 4.1.1.190
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"SuRun" = Super User Run (SuRun)
"swanlake_3124668" = swanlake_3124668 Screen Saver
"t@b ZS4 Video Editor_is1" = t@b ZS4 Video Editor v0.958-686
"Tablet Driver" = Tablett
"tag2find-{B19A4E94-A579-4813-A601-78B4D01E6F52}" = tag2find
"TeraCopy_is1" = TeraCopy 2.12
"Text Tally_is1" = Text Tally 1.3
"The Rise of Atlantis_is1" = The Rise of Atlantis
"thelilypond_3142326" = thelilypond_3142326 Screen Saver
"theolivetree_3147906" = theolivetree_3147906 Screen Saver
"Totalcmd" = Total Commander (Remove or Repair)
"Transit 3.0 Satellite PE_is1" = Transit 3.0 Satellite PE
"Transparent Taskbar Tool_is1" = Transparent Taskbar Tool 1.0
"TreeDBNotes Pro 3" = TreeDBNotes Pro 3
"tropicaltango_3151927" = tropicaltango_3151927 Screen Saver
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Tweak UI 2.10" = Tweak UI
"UBCD4Win_is1" = UBCD4Win 3.50
"Ulead COOL 360 1.0" = Ulead COOL 360 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.7
"Upload Express" = Upload Express 1.0.2.41
"Vectorian Giotto_is1" = Vectorian Giotto 2.3.1
"Vim 7.1" = Vim 7.1 (self-installing)
"VirtualCloneDrive" = VirtualCloneDrive
"Vocal Remover" = Vocal Remover
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Web Page Maker_is1" = Web Page Maker V3.21
"Wendi.com" = Wendi.com
"Wild Things! by Wild Ginger Software, Inc." = Wild Things! by Wild Ginger Software, Inc.
"Winamp" = Winamp
"Winamp Essentials Pack" = Winamp Essentials Pack
"WinAutomation" = WinAutomation
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinFuture xp-Iso-Builder 3_is1" = WinFuture xp-Iso-Builder 3.0.7
"WinMakro II_is1" = WinMakro II (1.25_d)
"WinMakro_is1" = WinMakro 3.43
"WinMerge_is1" = WinMerge 2.12.4
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR
"Winstep Xtreme_is1" = Nexus Ultimate 10.7
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 6.0.0
"WizMouse_is1" = WizMouse v1.0.0.9
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wondershare DVD Slideshow Builder Standard_is1" = Wondershare DVD Slideshow Builder Standard(Build 6.0.1.23)
"Wondershare Flash Gallery Factory Standard_is1" = Wondershare Flash Gallery Factory Standard 4.8.0.1
"Wondershare MP4 Video Converter_is1" = Wondershare MP4 Video Converter(Build 4.2.1.0)
"Wondershare Photo Collage Studio GOTD Edition_is1" = Wondershare Photo Collage Studio 4.2.13.3
"Wondershare PPT2Video Pro_is1" = Wondershare PPT2Video Pro 6.1.8
"XP Codec Pack" = XP Codec Pack
"xplorer2l" = xplorer² lite
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager
"yowindow" = YoWindow
"Zentimo_is1" = Zentimo 1.0
"ZhornStickies" = Stickies 7.0a
"ZipStar 5" = ZipStar 5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3356698313-248671706-776473524-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D025345-1033-4F35-A5CE-68CDCDE6CC03}" = Evernote
"{1C35ABA7-6507-4CB9-91E7-6311B105A526}" = Dr. Robert Anthony's Intention Activator
"{1FD25FCD-6F39-4686-AFBB-7056EBAE5E68}" = Avira RootKit Detection
"{48FEB597-0410-4A17-B134-0DEF3083B944}" = eMusic Download Manager
"{89699A99-8D90-469A-9BD8-72C42FF45317}_is1" = Xecutor Version 1.54.4.98
"ActionOutline_is1" = ActionOutline Viewer 2.1
"Amazon Kindle For PC" = Amazon Kindle For PC v1.0
"DiffDaff_is1" = DiffDaff Version 1.0
"Dropbox" = Dropbox
"ExeIcon3DBox" = ExeIcon.com 3D Box Maker (remove only)
"GoToMeeting" = GoToMeeting 4.5.0.452
"HumanizedEnso" = Humanized Enso
"Kalenderchen_is1" = Kalenderchen 4
"Keysound" = keysound (remove only)
"LingoPad_is1" = LingoPad 2.6 (Build 360)
"Lion_is1" = Lion 3.0.3
"Lucille_2_is1" = Lucille 2
"MDNotes-2_is1" = MD-Notes 2
"MemoriesOnWeb_is1" = MemoriesOnWeb 3.1.7
"Mozilla Firefox (3.5.14)" = Mozilla Firefox (3.5.14)
"noteMaNIA" = Note Mania
"Nvu_is1" = Nvu 1.0
"phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.0
"Pic2Ico" = Picture To Icon (remove only)
"TwistedBrush Open Studio" = TwistedBrush Open Studio
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Erkennungs-Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03.11.2010 12:53:43 | Computer Name = METATRON | Source = Microsoft Office 12 | ID = 5000
Description = EventType offdiag12, P1 02f81169-a725-4ddf-9475-55c8d45ec7fb7de08939-5a27-4198-866c-0ebbaacf4974,
P2 NIL, P3 NIL, P4 NIL, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 05.11.2010 21:58:20 | Computer Name = METATRON | Source = Microsoft IntelliType Pro | ID = 1000
Description =

[ OSession Events ]
Error - 30.08.2009 21:49:47 | Computer Name = METATRON | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 25.04.2010 17:44:32 | Computer Name = METATRON | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 182858
seconds with 41760 seconds of active time. This session ended with a crash.

Error - 27.04.2010 18:13:15 | Computer Name = METATRON | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30324
seconds with 20460 seconds of active time. This session ended with a crash.

Error - 15.06.2010 16:16:13 | Computer Name = METATRON | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 164294
seconds with 23700 seconds of active time. This session ended with a crash.

Error - 17.07.2010 14:28:53 | Computer Name = METATRON | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 528642
seconds with 176160 seconds of active time. This session ended with a crash.

Error - 19.07.2010 04:32:30 | Computer Name = METATRON | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 123524
seconds with 51000 seconds of active time. This session ended with a crash.

Error - 06.08.2010 16:07:01 | Computer Name = METATRON | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 70
seconds with 60 seconds of active time. This session ended with a crash.

Error - 04.09.2010 12:36:02 | Computer Name = METATRON | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17077
seconds with 1680 seconds of active time. This session ended with a crash.

Error - 04.09.2010 12:37:18 | Computer Name = METATRON | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 46
seconds with 0 seconds of active time. This session ended with a crash.

Error - 04.09.2010 18:04:42 | Computer Name = METATRON | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9546
seconds with 7560 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 05.11.2010 00:39:03 | Computer Name = METATRON | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Z-Cron" wurde nicht ordnungsgemäß gestartet.

Error - 06.11.2010 22:31:33 | Computer Name = METATRON | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort1 hat innerhalb der Fehlerwartezeit nicht
geantwortet.

Error - 11.11.2010 19:03:35 | Computer Name = METATRON | Source = DCOM | ID = 10010
Description = Der Server "{204810B9-73B2-11D4-BF42-00B0D0118B56}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 11.11.2010 19:07:52 | Computer Name = METATRON | Source = DCOM | ID = 10010
Description = Der Server "{204810B9-73B2-11D4-BF42-00B0D0118B56}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 11.11.2010 19:09:52 | Computer Name = METATRON | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
"Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers
nicht gestartet wurde: %%0

Error - 11.11.2010 19:10:22 | Computer Name = METATRON | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
"Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers
nicht gestartet wurde: %%0

Error - 11.11.2010 19:11:04 | Computer Name = METATRON | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
"Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers
nicht gestartet wurde: %%0

Error - 11.11.2010 19:11:34 | Computer Name = METATRON | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
"Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers
nicht gestartet wurde: %%0

Error - 11.11.2010 19:12:57 | Computer Name = METATRON | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
"Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers
nicht gestartet wurde: %%0

Error - 11.11.2010 19:13:27 | Computer Name = METATRON | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
"Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers
nicht gestartet wurde: %%0


< End of report >
---------------------------------------
3. Rootkit Unhooker:
--------------------------RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xBF0B2000 C:\WINDOWS\System32\ati3duag.dll 2367488 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT-Kernel und -System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Mehrbenutzer-Win32-Treiber)
0xB9B06000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1331200 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xB7617000 C:\WINDOWS\system32\drivers\sthda.sys 1015808 bytes (SigmaTel, Inc., NDRC)
0xB72C1000 C:\WINDOWS\system32\DRIVERS\ISDN_u.sys 733184 bytes
0xBF2F4000 C:\WINDOWS\System32\ativvaxx.dll 643072 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xB9E0B000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB71C7000 C:\WINDOWS\System32\Drivers\Capt931a.sys 532480 bytes (-, Video Streaming and Capture Device Driver)
0xB740F000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9862000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB7563000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB97BB000 C:\WINDOWS\System32\Drivers\Uim_IM.sys 364544 bytes (Paragon, Image Mounter)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB4230000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB99F8000 C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys 266240 bytes (-, SRS WOW HD, TSXT, CSII, Mobile HD Standalone driver)
0xB9DA1000 timntr.sys 249856 bytes (Acronis, TrueImage Backup Archive Explorer)
0xB977F000 C:\WINDOWS\System32\Drivers\UimFIO.SYS 245760 bytes (Paragon, Image Mounter File I/O)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 225280 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBF07D000 C:\WINDOWS\System32\atikvmag.dll 217088 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xBF049000 C:\WINDOWS\System32\ati2cqag.dll 212992 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xB9814000 C:\WINDOWS\system32\DRIVERS\TMPassthru.sys 200704 bytes (Trend Micro Inc., -)
0xB99A0000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F78000 ACPI.sys 192512 bytes (Microsoft Corporation, ACPI-Treiber für NT)
0xB9DDE000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB747F000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB9ACA000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB753B000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F22000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, E/A-Treiber für NT Datenträgerverwaltung)
0xB9A80000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 155648 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xB7515000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB74AA000 E:\SuperAntiSpyware\SASKUTIL.sys 151552 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0xB74CF000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB9A39000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9AA6000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB739C000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 143360 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xB9A5D000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB74F3000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9EEA000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F48000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT-Datenträgertreiber)
0xB9845000 C:\WINDOWS\system32\DRIVERS\EuDisk.sys 118784 bytes (CHENGDU YIWO Tech Development Co., Ltd, EuDisk Bus Enumerator)
0xB9D86000 snapman.sys 110592 bytes (Acronis, Acronis Snapshot API)
0xB7045000 C:\WINDOWS\System32\drivers\keyscrambler.sys 106496 bytes (QFX Software Corporation, KeyScrambler Keyboard Encryption Driver)
0xB9D6C000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F0A000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB4E5A000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xB702D000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB98C0000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9EAB000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB99E1000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB4E72000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB4E44000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9EC2000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0xB4ED8000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xB4B5F000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9AF2000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB75BC000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB9E98000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9ED8000 sr.sys 73728 bytes (Microsoft Corporation, Dateisystemfilter-Treiber der Systemwiederherstellung)
0xB9F67000 pci.sys 69632 bytes (Microsoft Corporation, NT-Plug & Play PCI-Enumerator)
0xB99D0000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB4DD4000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA148000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA168000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA158000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook-Audiofiltertreiber)
0xB4749000 C:\WINDOWS\System32\drivers\rvsport.sys 61440 bytes (Living Byte Software GmbH, München, RVS Virtual COM Port)
0xB4CCC000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA2C8000 C:\WINDOWS\system32\drivers\usbaudio.sys 61440 bytes (Microsoft Corporation, USB Audio Class Driver)
0xBA228000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0C8000 VolSnap.sys 57344 bytes (Microsoft Corporation, Volumeschattenkopie-Treiber)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA198000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA178000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA288000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS-Verschlüsselungstreiber)
0xBA138000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA0F8000 OODrvled.sys 45056 bytes (O&O Software GmbH, O&O DriveLED Filter Driver (Win32))
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA1E8000 C:\WINDOWS\system32\DRIVERS\VClone.sys 45056 bytes (Elaborate Bytes AG, VirtualCloneCD Driver)
0xBA278000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xBA128000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Prozessorgerätetreiber)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP-ISA-Bustreiber)
0xBA1F8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA108000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA188000 C:\WINDOWS\system32\drivers\SndTAudio.sys 40960 bytes (Windows ® Codename Longhorn DDK provider, Support Device)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA258000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB4CBC000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA248000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA440000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modemgerätetreiber)
0xBA3D8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA3B8000 C:\WINDOWS\system32\drivers\tbhsd.sys 32768 bytes (RapidSolution Software AG, Tunebite High-Speed Dubbing)
0xB73BF000 C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 32768 bytes (Acronis, TrueImage File System Filter)
0xBA470000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA388000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA490000 C:\WINDOWS\System32\Drivers\Camd931a.SYS 28672 bytes (-, Universal Serial Bus Camera Driver)
0xBA448000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA3A0000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA428000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Tastaturklassentreiber)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA460000 C:\WINDOWS\system32\DRIVERS\UimBus.sys 28672 bytes (Windows ® 2000 DDK provider, Image Mounter SCSI Port Driver)
0xBA4A8000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xBA458000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA358000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xBA348000 eubakup.sys 24576 bytes (CHENGDU YIWO Tech Development Co., Ltd, Disk Backup Driver)
0xBA430000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mausklassentreiber)
0xBA338000 pavboot.sys 24576 bytes (Panda Security, S.L., Panda Boot Driver)
0xBA408000 E:\SuperAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA3F8000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xBA380000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA3B0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA480000 C:\WINDOWS\system32\DRIVERS\wdmwanmp.sys 24576 bytes
0xBA3A8000 C:\WINDOWS\System32\Drivers\AnyDVD.sys 20480 bytes (SlySoft, Inc., AnyDVD Filter Driver)
0xBA498000 E:\ASTRA32\ASTRA32.sys 20480 bytes (Licensed for Sysinfo Lab, Astra Generic Device Driver)
0xBA398000 C:\WINDOWS\System32\DRIVERS\dvd43llh.sys 20480 bytes (RIF, dvd43llh.sys)
0xBA420000 C:\WINDOWS\System32\Drivers\ElbyCDIO.sys 20480 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0xBA340000 hotcore3.sys 20480 bytes (Paragon Software Group, A part of Paragon System Utilities)
0xBA3C8000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA400000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA410000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA3F0000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA390000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB9CC3000 C:\WINDOWS\system32\DRIVERS\avwebcam.sys 16384 bytes (Windows ® Codename Longhorn DDK provider, WDM Video Capture Driver)
0xB70DF000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA4BC000 eufs.sys 16384 bytes (CHENGDU YIWO Tech Development Co., Ltd, File System Filter Driver)
0xB70E3000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID-Mausfiltertreiber)
0xB9C97000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB710F000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xB9CCB000 C:\WINDOWS\system32\drivers\vad.sys 16384 bytes (Windows ® DDK provider, Virtual Audio Device Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB70BB000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB9733000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB9994000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB737C000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID-Mausfiltertreiber)
0xB9CBB000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB9980000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5E4000 E:\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xBA5D2000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5B4000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xBA644000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA602000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5B0000 C:\WINDOWS\System32\Drivers\ElbyDelay.sys 8192 bytes (Elaborate Bytes AG, Elby Delay Lower Filter Driver)
0xBA5CE000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5D6000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5AE000 PenClass.sys 8192 bytes (Wacom Technology Corporation, Pen Class Driver)
0xBA5DA000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5BE000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xBA5C2000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5CA000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA742000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA728000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA6C9000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA71A000 C:\WINDOWS\TEMP\mc21.tmp 4096 bytes
0xBA79B000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Allgemeiner PCI IDE Bustreiber)
==============================================
>Stealth
==============================================
0x08270000 Hidden Image-->Interop.SHDocVw.dll [ EPROCESS 0x89135DA0 ] PID: 1028, 135168 bytes
0x0C4C0000 Hidden Image-->mscorlib.resources.dll [ EPROCESS 0x89135DA0 ] PID: 1028, 323584 bytes
0x07EE0000 Hidden Image-->QTTabBar.dll [ EPROCESS 0x89135DA0 ] PID: 1028, 348160 bytes
0x093C0000 Hidden Image-->Interop.Shell32.dll [ EPROCESS 0x89135DA0 ] PID: 1028, 61440 bytes
If you do not the expect the unexpected you will not find it, for it is not to be reached by search or trail. (Heraklit)
Miracles are Interactive Events that have a Beginning inside of You. At the Level of Desire You Create the Seeds of Miracles. Whatever you focus on, you will experience. Anything in this world is possible if you have a strong belief

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:58 PM

Posted 15 November 2010 - 04:39 AM

Hi, lets see what we can find out about this problem.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 crystal07

crystal07
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:58 AM

Posted 15 November 2010 - 08:48 AM

Hi Elise,

Below is the Combofix.txt
Some additional notes: ComboFix did actually behave very strange itself after it rebooted my PC, it open and closed the box windows again and again, chaging positions on desktop. I couldn't do anything and not even get taskmanager loaded to kill it. The only solution - and thanks heaven I have tools like that! - was using Antifreeze from Resplendence which was able to suspend everything, so I could kill Nirsoft command tool and the ther one PV..from Combofix which appeared 2 to 3 times each, in fast change of opening/terminating themselves.
Only after killing them with Antifreeze I could then manually run the Combofix bat file to have it finish and create the log file.

Also, besides deleting some files that really look fishy, taskmanager.com etc., it did also quarantine some files that are definitely legit, such as the dlls of my compiled macros in Win Automation, files from GoToMeeting (webinar software) that I have since years, dlls from J River Mediacenter :( How do I know which one is real malware and which one is legit (as I don't know all dlls that are deleted)?

Here is the log file:
------------------------
ComboFix 10-11-14.02 - sabine 15.11.2010 12:54:11.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3070.2097 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\sabine\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\All Users\Anwendungsdaten\Softomotive\WinAutomation\Compiled Jobs\0457f399-642a-4363-9352-c5591d3dcf3f.dll
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Softomotive\WinAutomation\Compiled Jobs\3059b678-58fd-4b92-a237-c9a6699975e8.dll
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Softomotive\WinAutomation\Compiled Jobs\380fdb08-a891-4bdb-a212-810bd64543f7.dll
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Softomotive\WinAutomation\Compiled Jobs\a9753099-15af-4a25-bbff-44af3d341102.dll
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Softomotive\WinAutomation\Compiled Jobs\f4778a20-fa84-44ba-ab1c-5893b76d5184.dll
c:\dokumente und einstellungen\All Users\Anwendungsdaten\Softomotive\WinAutomation\Compiled Jobs\f6219c46-ff86-4bc6-ad4a-fe34d77d1638.dll
c:\dokumente und einstellungen\sabine\Anwendungsdaten\EurekaLog
c:\dokumente und einstellungen\sabine\Anwendungsdaten\EurekaLog\EurekaLog.ini
c:\dokumente und einstellungen\sabine\g2mdlhlpx.exe
c:\dokumente und einstellungen\sabine\GoToAssistDownloadHelper.exe
c:\windows\regedit.com
c:\windows\start.exe
c:\windows\system32\bup202.dll
c:\windows\system32\ccrpTmr6.dll
c:\windows\system32\ddbup205.dll
c:\windows\system32\ddstech205.dll
c:\windows\system32\dtirc.dll
c:\windows\system32\settings.ini
c:\windows\system32\stech202.dll
c:\windows\system32\taskmgr.com
c:\windows\XSxS

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_USNJSVC
-------\Service_usnjsvc


((((((((((((((((((((((( Dateien erstellt von 2010-10-15 bis 2010-11-15 ))))))))))))))))))))))))))))))
.

2010-11-12 20:04 . 2010-11-12 20:04 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\explauncher
2010-11-11 16:45 . 2010-11-11 18:53 -------- d-----w- c:\dokumente und einstellungen\sabine\Lokale Einstellungen\Anwendungsdaten\ManyCam
2010-11-11 16:11 . 2010-11-11 16:11 -------- d-----w- c:\windows\system32\windows media
2010-11-07 11:50 . 2010-11-07 11:50 -------- d-----w- c:\dokumente und einstellungen\sabine\Anwendungsdaten\Playrix Entertainment
2010-11-04 22:32 . 2010-08-23 16:07 27192 ----a-w- c:\windows\system32\drivers\rspSanity32.sys
2010-11-04 13:55 . 2008-04-14 03:22 116736 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-11-04 13:55 . 2001-08-18 03:54 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-11-04 13:55 . 2008-04-14 03:22 19456 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-11-04 13:55 . 2001-08-18 03:55 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-11-04 13:55 . 2001-08-18 03:55 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-11-04 13:54 . 2001-08-18 03:55 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2010-11-04 13:54 . 2001-08-17 11:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-11-04 13:54 . 2004-08-03 21:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-11-04 13:54 . 2004-08-03 21:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-11-04 13:54 . 2008-04-14 03:22 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll
2010-11-04 13:54 . 2008-04-13 19:36 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-11-04 13:54 . 2004-08-03 21:31 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-11-04 13:54 . 2001-08-18 03:24 35402 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-11-04 13:54 . 2001-08-17 12:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2010-11-04 13:54 . 2001-08-18 03:54 54272 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2010-11-04 13:54 . 2004-08-04 12:00 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-11-04 13:54 . 2004-08-04 12:00 31360 ----a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-11-04 13:52 . 2001-08-17 12:28 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys
2010-11-04 13:52 . 2001-08-17 12:28 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys
2010-11-04 13:52 . 2001-08-17 11:14 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys
2010-11-04 13:52 . 2001-08-17 12:49 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2010-11-04 13:52 . 2001-08-17 12:28 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2010-11-04 13:52 . 2001-08-17 12:28 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2010-11-04 13:52 . 2001-08-17 12:28 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2010-11-04 13:52 . 2001-08-17 12:28 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2010-11-04 13:52 . 2001-08-17 12:28 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2010-11-04 13:51 . 2001-08-17 12:28 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2010-11-04 13:51 . 2001-08-17 12:28 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2010-11-04 13:51 . 2001-08-17 12:28 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2010-11-04 13:51 . 2008-04-13 19:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2010-11-04 13:51 . 2008-04-13 19:45 17152 ----a-w- c:\windows\system32\dllcache\usbohci.sys
2010-11-04 13:51 . 2004-08-03 23:43 32384 ----a-w- c:\windows\system32\dllcache\usb101et.sys
2010-11-04 13:51 . 2001-08-18 03:54 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll
2010-11-04 13:51 . 2001-08-18 03:54 28672 ----a-w- c:\windows\system32\dllcache\umaxu40.dll
2010-11-04 13:51 . 2001-08-18 03:54 27136 ----a-w- c:\windows\system32\dllcache\umaxu22.dll
2010-11-04 13:51 . 2001-08-18 03:54 69632 ----a-w- c:\windows\system32\dllcache\umaxu12.dll
2010-11-04 13:51 . 2001-08-18 03:54 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2010-11-04 13:50 . 2001-08-17 12:58 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
2010-11-04 13:50 . 2001-08-18 03:54 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll
2010-11-04 13:50 . 2001-08-18 03:54 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll
2010-11-04 13:50 . 2001-08-18 03:54 212480 ----a-w- c:\windows\system32\dllcache\um54scan.dll
2010-11-04 13:50 . 2001-08-18 03:54 216576 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2010-11-04 13:50 . 2004-08-04 12:00 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2010-11-04 13:50 . 2001-08-17 12:48 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2010-11-04 13:50 . 2001-08-17 11:51 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-11-04 13:50 . 2001-08-18 03:54 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2010-11-04 13:49 . 2001-08-17 11:51 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys
2010-11-04 13:49 . 2001-08-18 03:52 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll
2010-11-04 13:49 . 2001-08-17 11:51 222336 ----a-w- c:\windows\system32\dllcache\trid3dm.sys
2010-11-04 13:49 . 2001-08-18 03:52 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll
2010-11-04 13:49 . 2001-08-17 11:12 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
2010-11-04 13:49 . 2001-08-18 03:52 43520 ----a-w- c:\windows\system32\dllcache\tp4res.dll
2010-11-04 13:49 . 2008-04-14 03:23 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe
2010-11-04 13:49 . 2001-08-18 03:54 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll
2010-11-04 13:49 . 2001-08-17 13:02 230912 ----a-w- c:\windows\system32\dllcache\tosdvd03.sys
2010-11-04 13:49 . 2001-08-17 13:01 241664 ----a-w- c:\windows\system32\dllcache\tosdvd02.sys
2010-11-04 13:48 . 2001-08-17 11:10 28232 ----a-w- c:\windows\system32\dllcache\tos4mo.sys
2010-11-04 13:48 . 2001-08-17 11:14 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys
2010-11-04 13:48 . 2004-08-04 12:00 185344 ----a-w- c:\windows\system32\dllcache\thawbrkr.dll
2010-11-04 13:48 . 2001-08-17 11:51 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2010-11-04 13:48 . 2001-08-18 03:52 81408 ----a-w- c:\windows\system32\dllcache\tgiul50.dll
2010-11-04 13:48 . 2008-04-13 19:40 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys
2010-11-04 13:48 . 2004-08-04 12:00 19464 ----a-w- c:\windows\system32\dllcache\tdspx.sys
2010-11-04 13:48 . 2001-08-17 11:13 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-11-04 13:48 . 2001-08-17 11:13 37961 ----a-w- c:\windows\system32\dllcache\tdk100b.sys
2010-11-04 13:48 . 2004-08-04 12:00 21896 ----a-w- c:\windows\system32\dllcache\tdipx.sys
2010-11-04 13:48 . 2004-08-04 12:00 13192 ----a-w- c:\windows\system32\dllcache\tdasync.sys
2010-11-04 13:48 . 2001-08-17 12:49 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys
2010-11-04 13:47 . 2001-08-17 12:52 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2010-11-04 13:47 . 2001-08-17 11:50 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2010-11-04 13:47 . 2001-08-18 03:52 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll
2010-11-04 13:47 . 2001-08-18 03:54 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll
2010-11-04 13:47 . 2001-08-17 12:50 103936 ----a-w- c:\windows\system32\dllcache\sx.sys
2010-11-04 13:47 . 2001-08-17 13:02 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys
2010-11-04 13:47 . 2001-08-18 03:54 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2010-11-04 13:47 . 2001-08-18 03:54 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2010-11-04 13:47 . 2001-08-18 03:54 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2010-11-04 13:47 . 2001-08-18 03:54 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2010-11-04 13:46 . 2001-08-18 03:54 159744 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2010-11-04 13:46 . 2001-08-18 03:54 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2010-11-04 13:46 . 2001-08-18 03:18 287232 ----a-w- c:\windows\system32\dllcache\stlnata.sys
2010-11-04 13:46 . 2001-08-18 03:18 17152 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2010-11-04 13:46 . 2004-08-04 12:00 16896 ----a-w- c:\windows\system32\dllcache\status.dll
2010-11-04 13:46 . 2001-08-17 11:11 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
2010-11-04 13:46 . 2001-08-18 03:54 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2010-11-04 13:46 . 2004-08-04 12:00 101376 ----a-w- c:\windows\system32\dllcache\srusbusd.dll
2010-11-04 13:46 . 2001-08-18 03:54 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-11-04 13:46 . 2001-08-17 12:51 61824 ----a-w- c:\windows\system32\dllcache\speed.sys
2010-11-04 13:44 . 2001-08-18 03:52 147200 ----a-w- c:\windows\system32\dllcache\smidispb.dll
2010-11-04 13:43 . 2001-08-18 03:54 28160 ----a-w- c:\windows\system32\dllcache\sm91w.dll
2010-11-04 13:42 . 2001-08-17 11:50 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2010-11-04 13:42 . 2001-08-18 03:52 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2010-11-04 13:42 . 2001-08-17 11:50 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2010-11-04 13:42 . 2004-08-04 12:00 19456 ----a-w- c:\windows\system32\dllcache\simptcp.dll
2010-11-04 13:42 . 2001-08-18 03:35 161888 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2010-11-04 13:42 . 2001-07-21 13:29 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2010-11-04 13:42 . 2001-08-17 11:51 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2010-11-04 13:42 . 2001-08-18 03:52 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2010-11-04 13:42 . 2001-08-17 11:19 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2010-11-04 13:42 . 2001-08-18 03:34 7040 ----a-w- c:\windows\system32\dllcache\serscan.sys
2010-11-04 13:41 . 2001-08-18 03:34 18176 ----a-w- c:\windows\system32\dllcache\sermouse.sys
2010-11-04 13:41 . 2001-08-18 03:54 26112 ----a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2010-11-04 13:41 . 2001-08-17 12:53 6912 ----a-w- c:\windows\system32\dllcache\seaddsmc.sys
2010-11-04 13:41 . 2008-04-13 19:45 11520 ----a-w- c:\windows\system32\dllcache\scsiscan.sys
2010-11-04 13:41 . 2001-08-17 12:52 11648 ----a-w- c:\windows\system32\dllcache\scsiprnt.sys
2010-11-04 13:41 . 2001-08-18 03:54 57856 ----a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2010-11-04 13:41 . 2001-08-18 03:34 17792 ----a-w- c:\windows\system32\dllcache\scr111.sys
2010-11-04 13:41 . 2001-08-18 03:34 16896 ----a-w- c:\windows\system32\dllcache\scmstcs.sys
2010-11-04 13:41 . 2001-08-17 12:51 23936 ----a-w- c:\windows\system32\dllcache\sccmusbm.sys
2010-11-04 13:41 . 2001-08-18 03:34 24192 ----a-w- c:\windows\system32\dllcache\sccmn50m.sys
2010-11-04 13:40 . 2008-04-13 19:40 43904 ----a-w- c:\windows\system32\dllcache\sbp2port.sys
2010-11-04 13:40 . 2001-08-18 03:54 495616 ----a-w- c:\windows\system32\dllcache\sblfx.dll
2010-11-04 13:40 . 2001-08-17 11:50 75392 ----a-w- c:\windows\system32\dllcache\s3savmxm.sys
2010-11-04 13:40 . 2001-08-18 03:52 245632 ----a-w- c:\windows\system32\dllcache\s3savmx.dll
2010-11-04 13:40 . 2001-08-17 11:50 77824 ----a-w- c:\windows\system32\dllcache\s3sav4m.sys
2010-11-04 13:40 . 2001-08-18 03:52 198400 ----a-w- c:\windows\system32\dllcache\s3sav4.dll
2010-11-04 13:40 . 2001-08-17 11:50 61504 ----a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2010-11-04 13:40 . 2001-08-18 03:52 179264 ----a-w- c:\windows\system32\dllcache\s3sav3d.dll
2010-11-04 13:40 . 2001-08-18 03:52 210496 ----a-w- c:\windows\system32\dllcache\s3mvirge.dll
2010-11-04 13:39 . 2001-08-18 03:52 62496 ----a-w- c:\windows\system32\dllcache\s3mtrio.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-02 12:16 . 2009-07-18 23:18 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-02 12:16 . 2009-06-15 19:33 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-20 09:35 . 2004-08-13 11:40 25088 ----a-w- c:\windows\system32\defrag.exe
2010-09-18 10:22 . 2004-08-13 11:40 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:52 . 2004-08-13 11:40 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:52 . 2004-08-13 11:40 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:52 . 2004-08-13 11:40 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-17 09:15 . 2010-09-21 11:51 16256 ----a-w- c:\windows\system32\drivers\vad.sys
2010-09-17 09:14 . 2010-09-21 11:51 892928 ----a-w- c:\windows\system32\iconv.dll
2010-09-17 09:14 . 2007-03-27 01:39 577536 ----a-w- c:\windows\system32\ac3filter.ax
2010-09-12 09:22 . 2007-06-26 02:10 249856 ------w- c:\windows\Setup1.exe
2010-09-12 09:22 . 2010-09-12 09:22 73216 ----a-w- c:\windows\temp.001
2010-09-11 09:33 . 2010-09-11 09:33 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2010-09-10 05:47 . 2004-08-13 11:40 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:47 . 2004-08-13 11:40 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:47 . 2004-08-13 11:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 22:10 . 2006-12-21 00:21 169296 ------w- c:\windows\system32\FAMCOM.dll
2010-09-03 14:26 . 2010-09-03 14:26 3259392 ----a-w- c:\windows\fanflame.scr
2010-09-01 11:50 . 2004-08-13 11:40 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:54 . 2004-08-13 11:40 1852928 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:01 . 2004-08-13 11:40 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-13 11:40 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2006-04-24 13:10 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-24 15:24 . 2010-08-24 15:24 684032 ----a-w- c:\windows\system32\yowindow.scr
2010-08-23 16:11 . 2004-08-13 11:40 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-13 11:40 58880 ----a-w- c:\windows\system32\spoolsv.exe
2002-04-24 23:52 . 2006-05-02 12:39 262144 ----a-w- c:\programme\internet explorer\plugins\PanoViewer.dll
1999-04-30 14:00 . 2006-05-02 12:39 98304 ----a-w- c:\programme\internet explorer\plugins\UPjpeg.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-01-12 06:15 71096 --sha-r- c:\windows\system32\NMSAccess32.exe
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\dokumente und einstellungen\sabine\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\dokumente und einstellungen\sabine\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\dokumente und einstellungen\sabine\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu]
@="{0A479751-02BC-11d3-A855-0004AC2568AA}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}]
2009-08-03 05:33 192512 ----a-w- e:\linkshellextension\HardlinkShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink]
@="{0A479751-02BC-11d3-A855-0004AC2568DD}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}]
2009-08-03 05:33 192512 ----a-w- e:\linkshellextension\HardlinkShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Macro Recorder Pro"="e:\easy macro recorder\Macro Recorder.exe" [2010-02-16 393488]
"WizMouse"="e:\wizmouse\WizMouse.exe" [2010-05-23 723248]
"LAVClock"="e:\portable_lavclock2\bin\lavclock2.exe" [2010-06-28 435712]
"AntiFreeze"="e:\antifreeze\AntiFreeze.exe" [2007-12-16 139776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
"SQ931STI"="c:\windows\SQ931STI.EXE" [2007-01-24 151552]
"avgnt"="e:\avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"SuRun Systemmenü-Erweiterung"="c:\windows\SuRun.exe" [2009-08-30 442412]
"itype"="c:\programme\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KeyScrambler"="e:\keyscrambler\getting_started.html" [X]

c:\dokumente und einstellungen\sabine\Startmen\Startmen\Autostart\
hardcopy.lnk - e:\hardcopy\hardcopy.exe [2010-9-14 1727488]
Minipad2.lnk - e:\minipad\minipad2.exe [2009-10-16 175616]
phraseexpress.lnk - e:\phraseexpress\phraseexpress.exe [2010-9-17 6511472]
RocketDock.lnk - e:\rocketdock\RocketDock.exe [2009-6-22 495616]
Stardock ObjectDock.lnk - e:\stardock\ObjectDock\ObjectDock.exe [2010-4-30 3450608]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
FileBox eXtender.lnk - e:\filebx\FileBX.exe [2009-5-27 432640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "e:\superantispyware\SASSEH.DLL" [2008-05-13 77824]
"{2C7B6088-5A77-4d48-BE43-30337DCA9A86}"= "SuRunExt.dll" [2009-08-30 139320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\dokumente und einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- e:\superantispyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SuRun]
2009-08-30 15:59 139320 ----a-w- c:\windows\SuRunExt.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\N:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^sabine^Startmenü^Startmenü^Autostart^Dropbox.lnk]
path=c:\dokumente und einstellungen\sabine\Startmenü\Startmenü\Autostart\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2005-11-16 15:05 118784 ----a-w- c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntMMKbD]
2010-09-03 23:02 114176 ----a-w- e:\keybind\KeyBind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Benubird PDF]
2010-08-05 13:23 3730944 ----a-w- e:\benubird pdf\BenubirdAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:22 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
2005-07-22 19:03 425984 ----a-w- c:\programme\Dell Photo AIO Printer 924\dlccmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-11-01 02:12 94208 ----a-w- c:\programme\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax]
2009-07-22 09:34 7914328 ----a-w- e:\drivermax\devices.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:22 1695232 ----a-w- c:\programme\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
2007-03-09 14:29 2224104 ----a-w- c:\programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-04-28 23:52 155648 ----a-w- e:\quicktime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2008-06-06 17:59 160592 ----a-w- c:\programme\Siber Systems\AI RoboForm\robotaskbaricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-03-26 23:58 185896 ----a-w- c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMRUBottedTray]
2008-11-06 09:33 288088 ----a-w- c:\programme\Trend Micro\RUBotted\TMRUBottedTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2005-11-16 16:05 1009806 ----a-w- e:\acronis\Trueimage\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express 5 SE Calendar Checker]
2004-01-12 19:40 69632 ----a-w- e:\ulead photo express 5 se\CalCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall Adobe Download Manager]
2010-02-19 18:31 67360 ----a-w- c:\programme\NOS\bin\getPlus_Helper.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"TabletService"=3 (0x3)
"svcWRSSSDK"=3 (0x3)
"Schedule"=2 (0x2)
"RemoteRegistry"=3 (0x3)
"ERSvc"=2 (0x2)
"AcrSch2Svc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\programme\Messenger\msmsgs.exe" /background
"PhonostarAgent"=e:\phonostar\ps_agent.exe
"PhonostarTimer"=e:\phonostar\ps_timer.exe
"QuickTime Task"="e:\quicktime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
"NeroFilterCheck"=c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
"vspdfprsrv.exe"=e:\expert pdf\vspdfprsrv.exe --background
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"IntelliPoint"="c:\programme\Microsoft IntelliPoint\point32.exe"
"OSSelectorReinstall"=c:\programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"e:\\uTorrent\\uTorrent.exe"=
"e:\\commander\\verzeichnis.exe"=
"e:\\Programme\\CuteFTP\\CUTFTP32.EXE"=
"e:\\Fireworks\\Fireworks MX\\Fireworks.exe"=
"e:\\MS OneNote\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\Windows Media Player\\wmplayer.exe"=
"e:\\AnyplaceControl\\apc_host.exe"=
"e:\\MS OneNote\\Office12\\OUTLOOK.EXE"=
"e:\\MS OneNote\\Office12\\GROOVE.EXE"=
"e:\\Teamviewer\\TeamViewer.exe"=
"e:\\SpeakAMessage\\bin\\SpeakAMessage.exe"=
"e:\\SpeakAMessage\\updater.exe"=
"c:\\Dokumente und Einstellungen\\sabine\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=
"e:\\Hardcopy\\hardcopy.exe"=
"e:\\SoundMaven\\SoundMaven.exe"=
"e:\\PhraseExpress\\phraseexpress.exe"=

R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [14.09.2009 15:26 26120]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [14.09.2009 15:26 20616]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [09.10.2009 20:27 56208]
R0 OODrvled;OODrvled;c:\windows\system32\drivers\OODrvled.sys [28.09.2009 15:24 25608]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [23.08.2009 13:15 28544]
R1 SASDIFSV;SASDIFSV;e:\superantispyware\sasdifsv.sys [26.05.2009 10:05 9968]
R1 SASKUTIL;SASKUTIL;e:\superantispyware\SASKUTIL.SYS [26.05.2009 10:05 72944]
R2 AntiVirSchedulerService;Avira AntiVir Planer;e:\avira\AntiVir Desktop\sched.exe [19.07.2009 01:18 135336]
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;e:\astra32\astra32.sys [22.02.2007 11:28 30864]
R2 rvsport;RVS Virtual COM Port;c:\windows\system32\drivers\RVSPORT.SYS [18.07.2002 23:00 39936]
R2 Super User Run (SuRun) Service;Super User Run (SuRun) Service;c:\windows\SuRun.exe [30.08.2009 17:06 442412]
R2 Z-Cron;Z-Cron;e:\z-cron\z-cron.exe [14.03.2010 20:44 702856]
R3 AVWEBCAM;AV WebCam, WDM Video Capture;c:\windows\system32\drivers\avwebcam.sys [23.09.2010 09:11 13696]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [14.09.2009 15:26 122504]
R3 ISDN_u;ISDN USB CAPI;c:\windows\system32\drivers\ISDN_u.sys [19.04.2003 02:14 732416]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [14.07.2009 15:36 114024]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [02.11.2010 12:12 23608]
R3 SQ931;HiCam USB 2.0 S931P;c:\windows\system32\drivers\Capt931a.sys [03.09.2007 20:26 530432]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [16.10.2010 19:20 206608]
R3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys [21.09.2010 12:51 16256]
R3 WDMWANMP;NDIS WAN miniport;c:\windows\system32\drivers\wdmwanmp.sys [13.01.2003 09:41 26435]
S3 DfSdkS;Defragmentation-Service;e:\ashampoo winoptimizer 2010 advanced\DfSdkS.exe [27.05.2010 15:44 406016]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [14.09.2009 14:17 8704]
S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [14.09.2009 15:26 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [14.09.2009 14:17 3072]
S3 FCUSB;Freecom Cable II USB Driver;c:\windows\system32\drivers\FCUSB.sys [29.11.2001 12:05 13104]
S3 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;e:\gfibac~1\GFIHSC~1.EXE [12.10.2009 16:18 2324848]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\programme\Microsoft Fix it Center\Matsvc.exe [10.04.2010 16:05 266544]
S3 Media Jukebox 14 Service;Media Jukebox 14 Service;e:\mediajukebox\JRService.exe [14.10.2010 15:52 379400]
S3 NDISKIO;NDISKIO;\??\h:\temp\00000e99.nmc\nse\bin\ndiskio.sys --> h:\temp\00000e99.nmc\nse\bin\ndiskio.sys [?]
S3 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;e:\nitropdfreader\NitroPDFReaderDriverService.exe [25.05.2010 12:00 196912]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [13.08.2004 12:40 14336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.06.2010 18:07 35088]
S3 O&O DriveLED;O&O DriveLED Service;e:\oodriveled\oodlag.exe [28.09.2009 16:23 529664]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [24.03.2009 12:03 7808]
S3 RGService;RGService;e:\radioget\RGService.exe [01.10.2009 11:08 335872]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [04.11.2010 23:32 27192]
S3 RUBotted;Trend Micro RUBotted Service;c:\programme\Trend Micro\RUBotted\TMRUBotted.exe [16.10.2010 20:20 582992]
S3 RvscomSv;RvscomSv;e:\rvs\WCOM\SYSTEM\RVSCOMSV.EXE [19.07.2002 139313]
S3 SASENUM;SASENUM;e:\superantispyware\SASENUM.SYS [26.05.2009 10:05 7408]
S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [02.11.2010 12:12 245760]
S3 tag2find$FileTrackingService;tag2find;e:\tag2find\0.10.2.5\T2FService.exe [02.07.2007 17:05 12288]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [16.10.2010 19:20 206608]
S3 WinAutomation Service;WinAutomation Service;e:\winautomation\WinAutomation.ServiceAgent.exe [11.12.2009 15:31 147128]
S3 ZentimoService;Zentimo Assistant;e:\zentimo\ZentimoService.exe [03.11.2010 21:07 240976]
S4 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;e:\gfibac~1\GFIHINST.EXE [12.10.2009 16:18 440616]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
tapisrv REG_MULTI_SZ Tapisrv
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02 114688 ----a-w- c:\programme\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners

2010-04-21 c:\windows\Tasks\ConfigExec.job
- c:\programme\Microsoft Fix it Center\MatsApi.dll [2010-04-10 15:05]

2010-04-21 c:\windows\Tasks\DataUpload.job
- c:\programme\Microsoft Fix it Center\MatsApi.dll [2010-04-10 15:05]

2010-11-13 c:\windows\Tasks\Differentielles Backup Wöchentlich.job
- c:\windows\system32\ntbackup.exe [2004-08-13 02:22]

2010-11-01 c:\windows\Tasks\Hauptbackup Monatlich.job
- c:\windows\system32\ntbackup.exe [2004-08-13 02:22]

2010-11-01 c:\windows\Tasks\Paragon Archive name diff_backupC.job
- e:\paragonbackuprestore\program\scripts.exe [2009-12-28 14:26]

2010-11-01 c:\windows\Tasks\Paragon Archive name diff_differential.job
- e:\paragonbackuprestore\program\scripts.exe [2009-12-28 14:26]

2010-11-02 c:\windows\Tasks\Paragon arc_increment.job
- e:\paragonbackuprestore\program\scripts.exe [2009-12-28 14:26]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: Add to Evernote - e:\evernote\enbar.dll/2000
IE: E&xport to Microsoft Excel - e:\msonen~1\Office12\EXCEL.EXE/3000
Trusted Zone: maris.com\www.redshift
Trusted Zone: nexusradio.com\www
TCP: {23A13F37-098E-4B5C-BA26-83B5CF30FD54} = 195.50.140.180 195.50.140.114
FF - ProfilePath - c:\dokumente und einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - component: c:\dokumente und einstellungen\sabine\Anwendungsdaten\Lamantine\Sticky Password\spAutofill\components\spAutofill.dll
FF - component: c:\dokumente und einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{0ed0633c-a54d-47f1-94e7-5bded41ae674}\components\FFExternalAlert.dll
FF - component: c:\dokumente und einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{0ed0633c-a54d-47f1-94e7-5bded41ae674}\components\RadioWMPCore.dll
FF - component: c:\dokumente und einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}\components\rfproxy_31.dll
FF - component: c:\dokumente und einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\dokumente und einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\dokumente und einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar.dll
FF - component: c:\dokumente und einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\npAFOM.dll
FF - component: c:\dokumente und einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}\platform\WINNT_x86-msvc\components\winprocess.dll
FF - component: c:\dokumente und einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: e:\audialsone\Mediaraptor\plugins\GeckoBased\mediaraptor-firefox-surf-and-catch-extension@audials.com\components\MR_WebRipFFPlugin.dll
FF - component: e:\audialsone\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\components\TB_WebRipFFPlugin.dll
FF - plugin: c:\dokumente und einstellungen\sabine\Anwendungsdaten\Mozilla\Firefox\Profiles\drhz5hax.default\extensions\OpenXMLViewer@Codeplex.com\plugins\npDocX.dll
FF - plugin: e:\audialsone\Mediaraptor\plugins\GeckoBased\mediaraptor-firefox-surf-and-catch-extension@audials.com\plugins\np_MR_OgloPlugin.dll
FF - plugin: e:\audialsone\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\plugins\np_TB_OgloPlugin.dll
FF - plugin: e:\divx\DivX Content Uploader\npUpload.dll
FF - plugin: e:\divx\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: e:\divx\DivX Web Player\npdivx32.dll
FF - plugin: e:\firefox\plugins\NPMGWRAP.DLL
FF - plugin: e:\firefox\plugins\npsharedview.dll
FF - plugin: e:\firefox\plugins\npwachk.dll
FF - plugin: e:\firefox\plugins\npyaxmpb.dll
FF - plugin: e:\java\bin\new_plugin\npdeploytk.dll
FF - plugin: e:\java\bin\new_plugin\npjp2.dll
FF - plugin: e:\programme\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: e:\programme\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: e:\programme\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: e:\quicktime\Plugins\npqtplugin.dll
FF - plugin: e:\quicktime\Plugins\npqtplugin2.dll
FF - plugin: e:\quicktime\Plugins\npqtplugin3.dll
FF - plugin: e:\quicktime\Plugins\npqtplugin4.dll
FF - plugin: e:\quicktime\Plugins\npqtplugin5.dll
FF - plugin: e:\quicktime\Plugins\npqtplugin6.dll
FF - plugin: e:\quicktime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
e:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
e:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
e:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
e:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
e:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
e:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
e:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
e:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
e:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
e:\firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-CorelCorelDRAW10 Reminder - e:\corel\Register\NAVBrowser.exe
MSConfigStartUp-Google Update - c:\dokumente und einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
MSConfigStartUp-MSKAGENTEXE - c:\progra~1\mcafee\SPAMKI~1\mskagent.exe
MSConfigStartUp-MsnMsgr - c:\programme\MSN Messenger\msnmsgr.exe
MSConfigStartUp-SunJavaUpdateSched - c:\programme\Java\jre6\bin\jusched.exe
AddRemove-HijackThis - g:\downloads\cleanupserie\HijackThis\HijackThis.exe
AddRemove-Scribus 1.3.3.13 - e:\scribus 1.3.3.13\uninst.exe
AddRemove-{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1 - c:\dokumente und einstellungen\sabine\Desktop\MustBeRandomlyNamed\unins000.exe
AddRemove-GoToMeeting - c:\dokumente und einstellungen\sabine\Lokale Einstellungen\Anwendungsdaten\Citrix\GoToMeeting\452\G2MUninstall.exe
AddRemove-LingoPad_is1 - h:\portableapps_usbstick\PortableApps\LingoPad\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-15 13:33
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
AntiFreeze = e:\antifreeze\AntiFreeze.exe /splash?????????????????????????????????????????????????????????????????????????????????????????????

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc21.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-3356698313-248671706-776473524-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5677E6C7-FB44-9ED2-7CE5-34724A6F388C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hapbgdjmpncomhga"=hex:66,61,61,6f,67,61,6c,65,6c,67,69,6f,00,00
"iaoobcmhlofgknomao"=hex:6a,61,6b,6d,65,61,67,69,65,68,62,68,63,70,63,64,67,6c,
6c,6d,00,90
"haiobnpkhohphnmp"=hex:6a,61,6b,6d,65,61,67,69,65,68,62,68,63,70,63,64,67,6c,
6c,6d,00,fa

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1476)
e:\tuneup\WinStylerThemeHelper.dll
e:\superantispyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(1544)
e:\tuneup\WinStylerThemeHelper.dll

- - - - - - - > 'explorer.exe'(3768)
e:\tuneup\WinStylerThemeHelper.dll
e:\rocketdock\RocketDock.dll
e:\stardock\ObjectDock\DockShellHook.dll
e:\hardcopy\HcDLL2_30_Win32.dll
c:\windows\SuRunExt.dll
e:\anvir taskmanager\AnVir Task Manager\AnvirHook61.dll
e:\filebx\FileBXH.dll
c:\dokumente und einstellungen\sabine\Anwendungsdaten\Dropbox\bin\DropboxExt.13.dll
e:\linkshellextension\HardlinkShellExt.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
e:\tuneup\WinStylerThemeSvc.exe
c:\windows\stsystra.exe
e:\avira\AntiVir Desktop\avguard.exe
e:\rvs\WCOM\SYSTEM\RVSINST.EXE
e:\avira\AntiVir Desktop\avshadow.exe
e:\rvs\WCOM\SYSTEM\RVSCC.EXE
e:\anvir taskmanager\AnVir Task Manager\AnVir.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-11-15 13:41:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-11-15 12:41

Vor Suchlauf: 27 Verzeichnis(se), 15.587.827.712 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 15.856.529.408 Bytes frei

- - End Of File - - 0AADFB125B69C49C23A97DA88E7CEB7F
If you do not the expect the unexpected you will not find it, for it is not to be reached by search or trail. (Heraklit)
Miracles are Interactive Events that have a Beginning inside of You. At the Level of Desire You Create the Seeds of Miracles. Whatever you focus on, you will experience. Anything in this world is possible if you have a strong belief

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:58 PM

Posted 15 November 2010 - 10:06 AM

Hi again, how are things running now?

UPDATE JAVA
------------------
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 22 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 crystal07

crystal07
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:58 AM

Posted 15 November 2010 - 06:38 PM

Hi Elise,

I cannot say how its running now, since, as I said in above problem description, everything is okay for hours and the problem suddenly starts after 10 to 12 hours run time. So I will need to wait and see if it occurs again.
Latest Java is installed now.

You might have missed my question above between the long log files, so I repeat it and I would be grateful for assistance here, as I am at loss since Combofix obviously also screwed some legit programs :(
How do I retrieve the files that Combofix falsly deleted and which are defintely NOT malware? Besides deleting some files that really look fishy, taskmanager.com etc., it did also quarantine some files that are definitely legit, such as the dlls of my compiled macros in Win Automation, files from GoToMeeting (webinar software) that I have since years, dlls from J River Mediacenter :( How do I know which one is real malware and which one is legit (as I don't know all dlls that are deleted)? GoToMeeting isn't that important. But the WinAutomation dlls are, as they are dlls containing the macro scripts I created. And J River Mediacenter I don't want to lose as well.

Also, Malwarebyte detected ALL false positives only! Even the backup file of Windows explorer it detects as malware...
-----------------
Malwarebyte log:
------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5121

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16.11.2010 00:09:20
mbam-log-2010-11-16 (00-09-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|G:\|H:\|)
Durchsuchte Objekte: 503854
Laufzeit: 2 Stunde(n), 29 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bbe59af5-ee22-4a3a-ab26-3f774d1b4216} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bbe59af5-ee22-4a3a-ab26-3f774d1b4216} (Trojan.BHO.H) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
E:\FolderBox\FolderBox.dll (Trojan.BHO.H) -> No action taken.
C:\WINDOWS\Explorer.sav (Heuristics.Reserved.Word.Exploit) -> No action taken.
--------------------

I have not let it remove any of them:
E:\FolderBox\FolderBox.dll (Trojan.BHO.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bbe59af5-ee22-4a3a-ab26-3f774d1b4216} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bbe59af5-ee22-4a3a-ab26-3f774d1b4216} (Trojan.BHO.H) -> No action taken.
- Is a legit software, Folderbox, an Explorer addon. Several people have already reported that as false positive in MBAM forum.

C:\WINDOWS\Explorer.sav (Heuristics.Reserved.Word.Exploit) -> No action taken.
Exploit? Huh? Thats a backup file from Windows Explorer, every bit is identical, I even checked the check sum of both and they are identical.

Thanks for further help
Sabine
If you do not the expect the unexpected you will not find it, for it is not to be reached by search or trail. (Heraklit)
Miracles are Interactive Events that have a Beginning inside of You. At the Level of Desire You Create the Seeds of Miracles. Whatever you focus on, you will experience. Anything in this world is possible if you have a strong belief

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:58 PM

Posted 16 November 2010 - 04:51 AM

You can find all quarantined files in c:\qoobox\quarantine\c\<filepath>

You will only have to rename the .vir extension to whatever the original extension was and put them back in the right place.

Can you please verify if this problem always occurs after approx. the same amount of time?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 crystal07

crystal07
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:58 AM

Posted 16 November 2010 - 08:22 AM

Hi Elise,

I can't say exactly, but from what I can see in the Anvir log file, its always after
14 hours, or 12, or 16. So it differs slightly, but not under 12 hours.
The only thing that changed before the first occurrence (which was on Nov 3), was that I installed Soundtaxi one day before (on Nov 2), which added a pile of autostart entries and a new service "SMService.exe" (snmvtsvc.exe). I did however deactivate all these autostart entries and set this service to "on demand". Don't know though if there is any connection.
Though, before this started to happen, there was always - maybe for 2 weeks - a periodical sudden slow down, for a few minutes, so I couldn't almost move the mouse cursor, seemed to have to do with a heavy activity of svchost.exe.
If you do not the expect the unexpected you will not find it, for it is not to be reached by search or trail. (Heraklit)
Miracles are Interactive Events that have a Beginning inside of You. At the Level of Desire You Create the Seeds of Miracles. Whatever you focus on, you will experience. Anything in this world is possible if you have a strong belief

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:58 PM

Posted 16 November 2010 - 08:25 AM

I wonder if this isn't hardware related. You can try to uninstall Soundtaxi completely and see if that fixes the issue.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 crystal07

crystal07
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:58 AM

Posted 16 November 2010 - 09:17 AM

I had this thought too, but was hoping its "only" some bad malware, as that
can be cleaned. Do you have any idea what part of hardware it could be that can cause
such a problem?
If you do not the expect the unexpected you will not find it, for it is not to be reached by search or trail. (Heraklit)
Miracles are Interactive Events that have a Beginning inside of You. At the Level of Desire You Create the Seeds of Miracles. Whatever you focus on, you will experience. Anything in this world is possible if you have a strong belief

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:58 PM

Posted 16 November 2010 - 10:02 AM

It is hard to say, but possible overheating. Please run speccy as instructed here, but do so after your computer is turned on for an hour or so.

Please post me the screenshot.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 crystal07

crystal07
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:58 AM

Posted 16 November 2010 - 10:26 AM

Hi Elise,

This is the snapshot from Speccy:

http://speccy.piriform.com/results/dpKdapnDt89LUSdG2xNsKfY
If you do not the expect the unexpected you will not find it, for it is not to be reached by search or trail. (Heraklit)
Miracles are Interactive Events that have a Beginning inside of You. At the Level of Desire You Create the Seeds of Miracles. Whatever you focus on, you will experience. Anything in this world is possible if you have a strong belief

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:58 PM

Posted 16 November 2010 - 10:37 AM

That looks okay. Did you uninstall Soundtaxi to see if the problem returns after that?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users