I have following problem

Fraud.Sysguard: [SBI $1D5B98D0] User settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3855138791-3231676072-2698902849-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes

I only get this malware problem under Spybot 1.62. I have installed Malwarebytes 1.44 and it doesn't find anything. Of course I have updated it before.
Spybot cannot fix this problem. It says it will do it manually when I restart. However noting happens.

Please help. I have Windows 7

****************************
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 04:39:32, on 29.03.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\Explorer.EXE
C:\Program Files\Boot Camp\Bootcamp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jalopnik.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.0.0.127\coIEPlg.dll
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.0.0.127\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.0.0.127\coIEPlg.dll
O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\Windows\system32\AppleOSSMgr.exe
O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\Windows\system32\AppleTimeSrv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\4.0.0.127\ccSvcHst.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7151 bytes
**************************
Results of Spybot
Fraud.Sysguard: [SBI $1D5B98D0] User settings (Registry value, nothing done)
HKEY_USERS\S-1-5-21-3855138791-3231676072-2698902849-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes

User abort!: Scan was not completed successfully. (Status)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-03-28 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-02-17 Includes\Adware.sbi (*)
2010-03-23 Includes\AdwareC.sbi (*)
2010-01-25 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-03-23 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-03-23 Includes\HijackersC.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-03-23 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-03-02 Includes\Malware.sbi (*)
2010-03-23 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2010-03-23 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-03-23 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-03-02 Includes\Spyware.sbi (*)
2010-03-23 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-03-03 Includes\Trojans.sbi (*)
2010-03-16 Includes\TrojansC-02.sbi (*)
2010-03-23 Includes\TrojansC-03.sbi (*)
2010-03-23 Includes\TrojansC-04.sbi (*)
2010-03-23 Includes\TrojansC-05.sbi (*)
2010-03-16 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
===========================
Dear Spybot Team,

pleas help me, It think this virus is eating up my system. My computer cpu is always at 25% CPU and i hear the air vent of my new iMac27 running without having special programm running. AHHHH!!!

Hello and :welcome: to Safer Networking

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:


If you don't know or understand something please don't hesitate to ask
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.

Download and run OTL
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) by Old Timer and save it to your Desktop.

Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened
Extras.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.

Thanks peku006

Hello Peku.

Thank you very much for your kind reply.

The text is too long to post. The character are 79647 and only 64000 is allowed

Hi Geronomof

please split it in 2 or more posts or you can attach your OTL log.

Thanks peku006

OTL logfile created on: 08.04.2010 02:40:15 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\Gerrit\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
6,00 Gb Paging File | 3,00 Gb Available in Paging File | 56,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 831,32 Gb Total Space | 775,12 Gb Free Space | 93,24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 465,51 Gb Total Space | 367,20 Gb Free Space | 78,88% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GERRIT-IMAC27
Current User Name: Gerrit
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Users\Gerrit\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
PRC - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe (Crawler.com)
PRC - C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Norton 360\Engine\4.1.0.32\ccsvchst.exe (Symantec Corporation)
PRC - C:\Windows\System32\AppleOSSMgr.exe ()
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\System32\AppleTimeSrv.exe (Apple Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Boot Camp\Bootcamp.exe (Apple Inc.)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)


========== Modules (SafeList) ==========

MOD - C:\Users\Gerrit\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe (Symantec Corporation)
SRV - (AppleOSSMgr) -- C:\Windows\System32\AppleOSSMgr.exe ()
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AppleTimeSrv) -- C:\Windows\System32\AppleTimeSrv.exe (Apple Inc.)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100407.033\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100407.033\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys ()
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0401000.020\Ironx86.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0401000.020\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0401000.020\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\system32\drivers\N360\0401000.020\ccHPx86.sys (Symantec Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (AppleHFS) -- C:\Windows\System32\drivers\AppleHFS.sys (Apple Inc.)
DRV - (MacHALDriver) -- C:\Windows\System32\drivers\MacHALDriver.sys (Apple Inc.)
DRV - (CirrusFilter) -- C:\Windows\System32\drivers\CS420x86.sys (Cirrus Logic)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (applebmt) -- C:\Windows\System32\drivers\applebmt.sys (Apple Inc.)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0401000.020\SYMEFA.SYS (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\N360\0401000.020\SYMTDIV.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100402.001\IDSvix86.sys (Symantec Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (KeyAgent) -- C:\Windows\System32\drivers\KeyAgent.sys (Apple Inc.)
DRV - (AppleMNT) -- C:\Windows\System32\drivers\AppleMNT.sys (Apple Inc.)
DRV - (AppleBtBc) -- C:\Windows\System32\drivers\AppleBtBc.sys (Apple Inc.)
DRV - (IRRemoteFlt) -- C:\Windows\System32\drivers\IRFilter.sys (Apple Inc.)
DRV - (KeyMagic) -- C:\Windows\System32\drivers\KeyMagic.sys (Apple Inc.)
DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0401000.020\SYMDS.SYS (Symantec Corporation)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3855138791-3231676072-2698902849-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-3855138791-3231676072-2698902849-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.netjetseurope.com/wps/portal/njecust/netjets/!ut/p/c5/04_SB8K8xLLM9MSSzPy8xBz9CP0os3gjRzMzTwsLIwsDQxNTA093N4NQVz9vAwN3I30v_aj0nPwkoMpwkF6zeAMcwNFA388jPzdVP1I_yhyniRbG-pE5qemJyZX6BdnBac7piooA7Bn1oQ!!/dl3/d3/L0lJSklna2shL0lCakFBQ3lBQkVSQ0lBISEvWUZOQzFOS18yN3chLzdfMkE2Nkk4ODI4MDE0NTBJR0YwVUVOSzAwODM!/?WCM_PORTLET=PC_7_2A66I882801450IGF0UENK0083_WCM&WCM_GLOBAL_CONTEXT=/wps/wcm/connect/NetJetsEU_en/netjets/aircraft/
IE - HKU\S-1-5-21-3855138791-3231676072-2698902849-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3855138791-3231676072-2698902849-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3855138791-3231676072-2698902849-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E 56 A3 C9 8D CE CA 01 [binary data]
IE - HKU\S-1-5-21-3855138791-3231676072-2698902849-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3855138791-3231676072-2698902849-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010.03.29 02:48:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010.03.29 02:48:07 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010.03.29 20:02:30 | 000,381,809 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 a204-2-160-40.deploy.akamaitechnologies.com
O1 - Hosts: 127.0.0.1 symantec.com.102.112.2o7.net
O1 - Hosts: 127.0.0.1 a96-7-151-238.deploy.akamaitechnologies.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 13145 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.1.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.1.0.32\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.1.0.32\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3855138791-3231676072-2698902849-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3855138791-3231676072-2698902849-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.1.0.32\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe (Apple Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKU\S-1-5-21-3855138791-3231676072-2698902849-1001..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.07 12:25:01 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Gerrit\Desktop\OTL.exe
[2010.04.07 03:04:05 | 000,340,016 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\symtdiv.sys
[2010.04.07 03:04:03 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\symds.sys
[2010.04.07 03:04:03 | 000,172,592 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\symefa.sys
[2010.04.07 03:04:02 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\cchpx86.sys
[2010.04.07 03:04:02 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\srtsp.sys
[2010.04.07 03:04:02 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\ironx86.sys
[2010.04.07 03:04:02 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\N360\0401000.020\srtspx.sys
[2010.04.07 03:03:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360\0401000.020
[2010.04.07 00:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.04.07 00:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.04.07 00:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.04.07 00:39:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010.04.07 00:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.04.06 21:18:50 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\AppData\Roaming\vlc
[2010.04.05 20:09:42 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010.04.05 20:09:42 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2010.04.05 20:09:42 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2010.04.05 20:09:42 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2010.04.05 20:09:42 | 000,018,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_2.dll
[2010.04.05 20:09:41 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2010.04.05 20:09:41 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2010.04.05 20:09:41 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2010.04.05 20:09:41 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2010.04.05 20:09:40 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2010.04.05 20:09:40 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2010.04.05 20:09:40 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2010.04.05 20:09:39 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2010.04.05 20:09:39 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2010.04.05 20:09:39 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2010.04.05 20:09:39 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2010.04.05 20:09:38 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2010.04.05 20:09:38 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2010.04.05 20:09:38 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2010.04.05 20:09:09 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\AppData\Local\Microsoft Game Studios
[2010.04.05 19:45:07 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\Documents\Flight Simulator X Files
[2010.04.05 19:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Games
[2010.04.05 19:42:50 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2010.04.05 19:42:50 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2010.04.05 19:42:43 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010.04.05 19:42:38 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2010.04.05 19:42:38 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2010.04.05 19:42:38 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2010.04.05 19:42:37 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2010.04.05 19:42:37 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2010.04.05 19:42:37 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2010.04.05 19:42:36 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2010.04.05 19:42:35 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2010.04.05 18:37:13 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\AppData\Local\Google
[2010.04.04 22:22:02 | 005,091,328 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys
[2010.04.04 22:22:01 | 000,274,432 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll
[2010.04.04 22:21:59 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll
[2010.04.04 22:21:59 | 000,159,744 | ---- | C] (AMD) -- C:\Windows\System32\atitmmxx.dll
[2010.04.04 22:21:56 | 012,964,352 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\atioglxx.dll
[2010.04.04 22:21:55 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atimpc32.dll
[2010.04.04 22:21:55 | 000,052,224 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\amdpcom32.dll
[2010.04.04 22:21:55 | 000,011,776 | ---- | C] (AMD) -- C:\Windows\System32\atimuixx.dll
[2010.04.04 22:21:54 | 000,479,232 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\ATIDEMGX.dll
[2010.04.04 22:21:54 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalrt.dll
[2010.04.04 22:21:53 | 003,547,136 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticaldd.dll
[2010.04.04 22:21:53 | 000,053,248 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\System32\aticalcl.dll
[2010.04.04 22:21:52 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\ati2erec.dll
[2010.04.04 22:21:52 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll
[2010.04.04 19:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2010.04.04 19:57:26 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010.04.04 19:56:31 | 000,000,000 | ---D | C] -- C:\ATI
[2010.04.04 19:13:00 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\AppData\Roaming\dvdcss
[2010.04.04 19:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010.04.03 22:29:22 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\Documents\Square Enix
[2010.04.03 22:19:45 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010.04.03 22:19:44 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2010.04.03 22:17:44 | 000,000,000 | ---D | C] -- C:\New folder
[2010.04.01 14:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2010.04.01 14:09:42 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\AppData\Local\HP
[2010.04.01 14:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010.03.31 19:43:33 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.03.31 19:43:33 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.03.31 19:43:32 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.03.31 17:05:23 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\Documents\Meine empfangenen Dateien
[2010.03.31 02:08:50 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\Desktop\IQLOGOPSD
[2010.03.31 01:25:55 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\Tracing
[2010.03.31 01:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010.03.31 01:25:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010.03.31 01:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010.03.31 01:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010.03.31 01:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010.03.31 00:33:39 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\Desktop\New folder
[2010.03.31 00:20:01 | 000,000,000 | R--D | C] -- C:\Users\Gerrit\Documents\Scanned Documents
[2010.03.31 00:20:01 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\Documents\Fax
[2010.03.30 17:56:45 | 000,046,928 | R--- | C] (Adobe Systems Inc) -- C:\Windows\System32\AdobePDF.dll
[2010.03.30 17:56:45 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2010.03.30 17:42:54 | 000,111,992 | ---- | C] (Adobe Systems, Inc.) -- C:\Windows\System32\acaptuser32.dll
[2010.03.30 17:14:21 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2010.03.30 14:42:34 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\AppData\Local\Diagnostics
[2010.03.30 04:39:50 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\AppData\Local\CrashDumps
[2010.03.29 23:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010.03.29 21:45:02 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010.03.29 21:44:26 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010.03.29 21:34:59 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\AppData\Local\WindowsUpdate
[2010.03.29 21:02:25 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\Documents\PrintScreen Files
[2010.03.29 21:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\Gadwin Systems
[2010.03.29 19:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010.03.29 19:29:15 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010.03.29 17:56:08 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\AppData\Roaming\HP
[2010.03.29 17:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010.03.29 17:52:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010.03.29 17:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010.03.29 17:52:04 | 000,000,000 | ---D | C] -- C:\Windows\hpojj4600
[2010.03.29 17:51:29 | 000,118,272 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpz3l5mu.dll
[2010.03.29 17:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010.03.29 17:51:05 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010.03.29 17:48:30 | 000,729,088 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpwwiax4.dll
[2010.03.29 17:48:30 | 000,271,704 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2010.03.29 17:48:29 | 000,593,920 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpwtscl3.dll
[2010.03.29 17:48:27 | 000,364,544 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hppldcoi.dll
[2010.03.29 17:48:27 | 000,294,912 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpovst11.dll
[2010.03.29 17:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2010.03.29 12:49:52 | 000,000,000 | ---D | C] -- C:\Music
[2010.03.29 04:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\HJT
[2010.03.29 03:21:32 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
[2010.03.29 02:59:16 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\Documents\OneNote Notebooks
[2010.03.29 02:57:37 | 000,000,000 | ---D | C] -- C:\NAV10.17.0.0.136_[RH]
[2010.03.29 02:47:57 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010.03.29 02:47:56 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010.03.29 02:47:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010.03.29 02:47:56 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010.03.29 02:47:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\N360
[2010.03.29 02:47:12 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2010.03.29 02:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010.03.29 02:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.03.29 01:18:36 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\Documents\Vuze Downloads
[2010.03.29 01:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Azureus
[2010.03.29 01:02:02 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\AppData\Roaming\Azureus
[2010.03.29 00:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2010.03.29 00:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\i4j_jres
[2010.03.29 00:49:54 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\Documents\Symantec
[2010.03.29 00:47:36 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\AppData\Roaming\Malwarebytes
[2010.03.29 00:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.03.29 00:38:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010.03.29 00:09:18 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010.03.29 00:09:04 | 000,000,000 | -HSD | C] -- C:\Boot
[2010.03.28 23:16:53 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\AppData\Roaming\Apple Computer
[2010.03.28 23:16:53 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\AppData\Local\Apple Computer
[2010.03.28 23:13:10 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010.03.28 23:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.03.28 23:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010.03.28 22:55:27 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.03.28 21:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.03.28 21:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010.03.28 21:28:34 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\AppData\Roaming\AdobeUM
[2010.03.28 21:04:24 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\Desktop\Jetslogo
[2010.03.28 21:04:23 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\Desktop\Jetswebsite
[2010.03.28 21:04:20 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\Desktop\Bewerbung 2009
[2010.03.28 21:04:18 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\Desktop\Existensgründung
[2010.03.28 20:58:57 | 000,032,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2010.03.28 20:57:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010.03.28 20:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010.03.28 20:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010.03.28 20:57:18 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.03.28 20:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.03.28 20:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010.03.28 20:55:35 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\AppData\Local\Microsoft Help
[2010.03.28 20:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010.03.28 20:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010.03.28 20:54:42 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010.03.28 20:46:51 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.03.28 20:46:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010.03.28 20:46:48 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.03.28 20:44:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.03.28 20:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.03.28 20:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010.03.28 20:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.03.28 20:39:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.03.28 20:38:29 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\AppData\Roaming\skypePM
[2010.03.28 20:36:38 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\AppData\Roaming\Skype
[2010.03.28 20:35:40 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010.03.28 20:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.03.28 20:35:39 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\AppData\Roaming\Spyware Terminator
[2010.03.28 20:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2010.03.28 20:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2010.03.28 20:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.03.28 20:27:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2010.03.28 20:26:03 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\drivers\cdralw2k.sys
[2010.03.28 20:26:03 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\Windows\System32\drivers\cdr4_xp.sys
[2010.03.28 20:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010.03.28 20:13:36 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\AppData\Roaming\WinRAR
[2010.03.28 19:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010.03.28 19:58:06 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\AppData\Roaming\Yahoo!
[2010.03.28 19:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010.03.28 19:56:37 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\AppData\Roaming\Macromedia
[2010.03.28 19:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO
[2010.03.28 19:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010.03.28 19:11:20 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\AppData\Local\Adobe
[2010.03.28 19:11:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010.03.28 19:10:41 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\AppData\Roaming\Adobe
[2010.03.28 19:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.03.28 19:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010.03.28 19:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010.03.28 17:58:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.03.28 17:40:18 | 000,066,848 | ---- | C] (Cirrus Logic Inc.) -- C:\Windows\System32\CirrusAPO_x86.dll
[2010.03.28 17:40:18 | 000,013,824 | ---- | C] (Cirrus Logic) -- C:\Windows\System32\drivers\CS420x86.sys
[2010.03.28 17:39:32 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\AppData\Local\Programs
[2010.03.28 17:38:33 | 000,034,304 | ---- | C] (Apple Inc.) -- C:\Windows\System32\drivers\applebmt.sys
[2010.03.28 17:09:28 | 000,016,512 | ---- | C] (Apple Inc.) -- C:\Windows\System32\drivers\AppleBtBc.sys
[2010.03.28 17:06:54 | 000,058,656 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll
[2010.03.28 17:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010.03.28 17:06:23 | 000,000,000 | ---D | C] -- C:\Program Files\Boot Camp
[2010.03.28 17:06:15 | 001,419,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01005.dll
[2010.03.28 17:06:15 | 000,016,512 | ---- | C] (Apple Inc.) -- C:\Windows\System32\drivers\IRFilter.sys
[2010.03.28 17:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2010.03.28 17:05:41 | 000,836,896 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010.03.28 17:05:41 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2010.03.28 17:05:41 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010.03.28 17:05:41 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010.03.28 17:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010.03.28 17:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010.03.28 17:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2010.03.28 17:04:39 | 002,904,576 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\System32\atiumdva.dll
[2010.03.28 17:04:39 | 000,360,448 | ---- | C] (AMD) -- C:\Windows\System32\atieclxx.exe
[2010.03.28 17:04:39 | 000,172,032 | ---- | C] (AMD) -- C:\Windows\System32\atiesrxx.exe
[2010.03.28 17:04:38 | 003,602,432 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atiumdag.dll
[2010.03.28 17:04:28 | 003,034,624 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\System32\atidxx32.dll
[2010.03.28 17:04:27 | 000,208,896 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\System32\atiadlxx.dll
[2010.03.28 17:04:21 | 000,000,000 | ---D | C] -- C:\Intel
[2010.03.28 17:04:05 | 000,260,648 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\b57nd60x.sys
[2010.03.28 17:03:18 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010.03.28 17:03:11 | 000,023,552 | ---- | C] (Apple Inc.) -- C:\Windows\System32\drivers\KeyMagic.sys
[2010.03.28 17:02:24 | 000,485,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVUNINST.EXE
[2010.03.28 17:02:10 | 000,000,000 | ---D | C] -- C:\Users\Gerrit\AppData\Local\Apple
[2010.03.28 17:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010.03.28 17:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.03.28 17:01:44 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010.03.28 17:01:06 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.03.28 16:59:45 | 000,000,000 | ---D | C] -- C:\Windows\de-DE
[2010.03.28 16:59:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\XPSViewer
[2010.03.28 16:59:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\0407
[2010.03.28 16:59:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\de-DE
[2010.03.28 16:59:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\de
[2010.03.28 16:57:31 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\volsnap.sys.mui
[2010.03.28 16:57:31 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\usbport.sys.mui
[2010.03.28 16:57:31 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\usbhub.sys.mui
[2010.03.28 16:57:31 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\de-DE\pscr.sys.mui
[2010.03.28 16:57:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\vhdmp.sys.mui
[2010.03.28 16:57:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\tpm.sys.mui
[2010.03.28 16:57:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\portcls.sys.mui
[2010.03.28 16:57:31 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\umbus.sys.mui
[2010.03.28 16:57:31 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\serscan.sys.mui
[2010.03.28 16:57:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\wd.sys.mui
[2010.03.28 16:57:29 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mpio.sys.mui
[2010.03.28 16:57:29 | 000,033,280 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\de-DE\yk62x86.sys.mui
[2010.03.28 16:57:29 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bfe.dll.mui
[2010.03.28 16:57:29 | 000,025,088 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1y6032.sys.mui
[2010.03.28 16:57:29 | 000,025,088 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1e6032.sys.mui
[2010.03.28 16:57:29 | 000,022,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\E1G60I32.sys.mui
[2010.03.28 16:57:29 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\afd.sys.mui
[2010.03.28 16:57:29 | 000,013,312 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1q6032.sys.mui
[2010.03.28 16:57:29 | 000,013,312 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e1k6032.sys.mui
[2010.03.28 16:57:29 | 000,013,312 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\de-DE\k57nd60x.sys.mui
[2010.03.28 16:57:29 | 000,013,312 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\de-DE\b57nd60x.sys.mui
[2010.03.28 16:57:29 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\serial.sys.mui
[2010.03.28 16:57:29 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\i8042prt.sys.mui
[2010.03.28 16:57:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\msdsm.sys.mui
[2010.03.28 16:57:29 | 000,006,144 | ---- | C] (Broadcom Corporation) -- C:\Windows\System32\drivers\de-DE\bcm4sbxp.sys.mui
[2010.03.28 16:57:29 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\sermouse.sys.mui
[2010.03.28 16:57:29 | 000,005,120 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\de-DE\e100b325.sys.mui
[2010.03.28 16:57:29 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pcmcia.sys.mui
[2010.03.28 16:57:29 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mouclass.sys.mui
[2010.03.28 16:57:29 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\parport.sys.mui
[2010.03.28 16:57:29 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ataport.sys.mui
[2010.03.28 16:57:29 | 000,003,072 | ---- | C] (VIA Technologies, Inc. ) -- C:\Windows\System32\drivers\de-DE\getn62.sys.mui
[2010.03.28 16:57:29 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\scsiport.sys.mui
[2010.03.28 16:57:29 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\rndismpx.sys.mui
[2010.03.28 16:57:29 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\rndismp6.sys.mui
[2010.03.28 16:57:29 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\parvdm.sys.mui
[2010.03.28 16:57:29 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mouhid.sys.mui
[2010.03.28 16:57:29 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\wdf01000.sys.mui
[2010.03.28 16:57:29 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\vwifibus.sys.mui
[2010.03.28 16:57:29 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\MTConfig.sys.mui
[2010.03.28 16:57:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ws2ifsl.sys.mui
[2010.03.28 16:57:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\amdide.sys.mui
[2010.03.28 16:57:28 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\tcpip.sys.mui
[2010.03.28 16:57:28 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\tunnel.sys.mui
[2010.03.28 16:57:28 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\modem.sys.mui
[2010.03.28 16:57:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\usbrpm.sys.mui
[2010.03.28 16:57:27 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\fvevol.sys.mui
[2010.03.28 16:57:27 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\srv.sys.mui
[2010.03.28 16:57:27 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\scfilter.sys.mui
[2010.03.28 16:57:24 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\rdbss.sys.mui
[2010.03.28 16:57:23 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pacer.sys.mui
[2010.03.28 16:57:23 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\RNDISMP.sys.mui
[2010.03.28 16:57:23 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\qwavedrv.sys.mui
[2010.03.28 16:57:23 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\partmgr.sys.mui
[2010.03.28 16:57:22 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ntfs.sys.mui
[2010.03.28 16:57:22 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ndis.sys.mui
[2010.03.28 16:57:22 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\nwifi.sys.mui
[2010.03.28 16:57:22 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\luafv.sys.mui
[2010.03.28 16:57:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ndiscap.sys.mui
[2010.03.28 16:57:22 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ipnat.sys.mui
[2010.03.28 16:57:22 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ndisuio.sys.mui
[2010.03.28 16:57:22 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mountmgr.sys.mui
[2010.03.28 16:57:21 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\http.sys.mui
[2010.03.28 16:57:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\fltmgr.sys.mui
[2010.03.28 16:57:20 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\volmgrx.sys.mui
[2010.03.28 16:57:18 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\viac7.sys.mui
[2010.03.28 16:57:18 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\processr.sys.mui
[2010.03.28 16:57:18 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\intelppm.sys.mui
[2010.03.28 16:57:18 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\amdppm.sys.mui
[2010.03.28 16:57:18 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\amdk8.sys.mui
[2010.03.28 16:57:18 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ohci1394.sys.mui
[2010.03.28 16:57:18 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\1394ohci.sys.mui
[2010.03.28 16:57:18 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrSerId.sys.mui
[2010.03.28 16:57:18 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrSerIb.sys.mui
[2010.03.28 16:57:18 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\acpi.sys.mui
[2010.03.28 16:57:18 | 000,010,752 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\de-DE\ltmdmnt.sys.mui
[2010.03.28 16:57:18 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\battc.sys.mui
[2010.03.28 16:57:18 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pci.sys.mui
[2010.03.28 16:57:18 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bthport.sys.mui
[2010.03.28 16:57:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\IPMIDrv.sys.mui
[2010.03.28 16:57:18 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\kbdclass.sys.mui
[2010.03.28 16:57:18 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bthpan.sys.mui
[2010.03.28 16:57:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\wacompen.sys.mui
[2010.03.28 16:57:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\vdrvroot.sys.mui
[2010.03.28 16:57:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\isapnp.sys.mui
[2010.03.28 16:57:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\hdaudbus.sys.mui
[2010.03.28 16:57:18 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\HdAudio.sys.mui
[2010.03.28 16:57:18 | 000,003,584 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\de-DE\atikmdag.sys.mui
[2010.03.28 16:57:18 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\mssmbios.sys.mui
[2010.03.28 16:57:18 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\hidbth.sys.mui
[2010.03.28 16:57:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\VIAAGP.SYS.mui
[2010.03.28 16:57:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\ULIAGPKX.SYS.mui
[2010.03.28 16:57:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\UAGP35.SYS.mui
[2010.03.28 16:57:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\SISAGP.SYS.mui
[2010.03.28 16:57:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\pnpmem.sys.mui
[2010.03.28 16:57:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\NV_AGP.SYS.mui
[2010.03.28 16:57:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\kbdhid.sys.mui
[2010.03.28 16:57:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\GAGP30KX.SYS.mui
[2010.03.28 16:57:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\Dot4usb.sys.mui
[2010.03.28 16:57:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\BTHUSB.SYS.mui
[2010.03.28 16:57:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\AMDAGP.SYS.mui
[2010.03.28 16:57:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\AGP440.sys.mui
[2010.03.28 16:57:18 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\de-DE\BrParwdm.sys.mui
[2010.03.28 16:57:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\disk.sys.mui
[2010.03.28 16:57:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\cdrom.sys.mui
[2010.03.28 16:57:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bthenum.sys.mui
[2010.03.28 16:56:30 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.03.28 16:56:25 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.03.28 16:56:25 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010.03.28 16:56:25 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010.03.28 16:56:25 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010.03.28 16:56:20 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.03.28 16:56:19 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.03.28 16:56:19 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.03.28 16:56:19 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.03.28 16:56:18 | 003,955,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.03.28 16:56:18 | 003,899,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.03.28 16:56:17 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.03.28 16:56:17 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.03.28 16:56:17 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.03.28 16:56:11 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010.03.28 16:56:11 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.03.28 16:56:11 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010.03.28 16:56:11 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.03.28 16:56:09 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.03.28 16:56:09 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll

OTL Extras logfile created on: 08.04.2010 02:40:15 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Users\Gerrit\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
6,00 Gb Paging File | 3,00 Gb Available in Paging File | 56,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 831,32 Gb Total Space | 775,12 Gb Free Space | 93,24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 465,51 Gb Total Space | 367,20 Gb Free Space | 78,88% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GERRIT-IMAC27
Current User Name: Gerrit
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0E549A13-2B3D-4633-BA41-DC88C2D6F9A3}" = ProductContext
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1147FF9A-D576-4cb5-B5E7-FCA21D1E7D26}" = J4680
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28996689-E20A-E63B-2BDA-B662AB807C87}" = ATI Catalyst Install Manager
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3825B383-7880-48C8-AADD-49B0D764B151}" = 4660_4680_Help
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4FFB0B3B-BF82-4248-A275-630AC5F7EFC5}" = Adobe Photoshop Lightroom 2.4
"{50802F8E-03B4-479D-A643-16DE5A3586CB}" = BPDSoftware_Ini
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.20
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_920" = Adobe Acrobat 9.2.0 - CPSID_50026
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B56ACF7B-D7B5-442B-8E1D-6B41347D88B2}" = Boot Camp-Dienste
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDE4895-E348-4230-99E7-F2FA91131D2C}" = HP OfficeJet J4600 All-In-One Series
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DC1DDAC3-510E-44b1-A969-529FFED5A619}" = J4600
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4EAEBEA-3E46-43b8-A63C-AD180AE86918}" = BPDSoftware
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All

"065B919FD23D12E588F6E2BFB21F7836E2F0E704" = Windows Driver Package - Intel (e1yexpress) Net (07/16/2008 9.52.10.0)
"0CC42CFF2BC73279929A2B93153CAAF4EF393F48" = Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (10/11/2009 3.0.0.9)
"10529F861194CC7F0E61E0C0638A17F4C2A68832" = Windows Driver Package - Apple Inc. Bluetooth (10/12/2009 3.0.0.3)
"111E266FDD1556398EFC13BE47678F96E8497682" = Windows Driver Package - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)
"1D68F7A8B8397256B162B831457A6775BD17F3F4" = Windows Driver Package - Marvell (yukonwlh) Net (03/23/2007 10.12.7.3)
"1E934494E1FDB938ED1D9B958D5D5D465A07F06A" = Windows Driver Package - Intel (e1qexpress) Net (08/05/2008 10.3.49.0)
"2AC97D2605162B73D046D68013D1030CB7CFB87E" = Windows Driver Package - Intel (E1G60) Net (01/08/2008 8.3.9.0)
"3F930CC3EE841B82D6D463716B5F67BD240BBD46" = Windows Driver Package - Apple Inc. Apple Wireless Mouse (09/17/2009 3.0.0.5)
"4D00971668041EDAD7097C5827D1739F03B9E5D7" = Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
"5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB" = Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"627745F8E8BB901B043047C3E308B4A76C1194FE" = Windows Driver Package - Intel Net (11/07/2007 8.10.1.0)
"675AAC36E980D647C94EAFFB2F929F247E711708" = Windows Driver Package - Intel Net (07/22/2008 10.3.45.0)
"6B401A4481C0B1B07B5D7425378A5C00FF7D75DE" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0)
"78C67451B87511098A9A0EC86E75B99B12298F5C" = Windows Driver Package - Intel Net (02/06/2008 9.12.18.0)
"7BD968405DE73C7E0F8E489DB5A5853A6CCB8D1D" = Windows Driver Package - Intel Net (08/05/2008 10.3.49.0)
"7C4C70065E755397913A9698B9D9DF16D7345D18" = Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (01/02/2010 6.6001.1.21)
"82BE89CA9B7493FA05D2D4D32B415CF07EA08B47" = Windows Driver Package - Intel System (07/20/2007 1.2.76.0)
"8461-7759-5462-8226" = Vuze
"91D123765B7AF643C070B2961660F2048CE3CA97" = Windows Driver Package - Atheros Communications Inc. (athr) Net (09/21/2009 8.0.0.225)
"9324ED54E32F5399037F87E076CA01C6CEB92830" = Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"9747248FCA6A074E791AABC17F527823A8225756" = Windows Driver Package - Intel (e1kexpress) Net (07/22/2008 10.3.45.0)
"9AA5295F27284963423D072C7FC59D57CDE15ACA" = Windows Driver Package - Broadcom (b57nd60x) Net (05/28/2009 12.2.0.3)
"A06888013552B918232820F81FDBA706F5CAAD39" = Windows Driver Package - Intel Net (06/13/2008 9.52.9.0)
"A0DAD483951AB3046050D68A2A1D8CEB4A7C61EE" = Windows Driver Package - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)
"AB257161C34E545828DAA5A32DF97646B7E45F34" = Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (10/13/2009 6.6001.1.16)
"AD3493E108434977125BBF78F47699626F8AF64B" = Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"B345101E6CC8B2FD9765620B9C7BCD3D7002BE6D" = Windows Driver Package - Intel (e1express) Net (02/06/2008 9.12.17.0)
"B4AC4F962DDC0DD6B71FCF20B8F2F694214FAE69" = Windows Driver Package - Apple Inc. Apple ODD (01/17/2008 2.0.2.2)
"C5CE3BA75A23622D2140C5D5D0998C07DDC4CF1C" = Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
"CCleaner" = CCleaner
"CD6212024668E03491C257CA53617893F2E8E924" = Windows Driver Package - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0)
"CS432_is1" = Tone Mapping Plug-In 2.0
"DE32692B1421420518B0CA8EEDD6DF2A494F279F" = Windows Driver Package - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6)
"E9575EA5D430B59D0CFF29323C74D0FBA1898F3B" = Windows Driver Package - Broadcom (BCM43XX) Net (08/21/2009 5.60.18.8)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"F24CB85E5983448F6319803791DEACED91E6565B" = Windows Driver Package - Apple Inc. System (08/22/2008 2.1.1.1)
"F2AE684ADF164A03D9FFABF28F04DDE05ED67BC5" = Windows Driver Package - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0)
"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"Gadwin PrintScreen" = Gadwin PrintScreen
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"N360" = Norton 360
"NVIDIA Drivers" = NVIDIA Drivers
"PowerISO" = PowerISO
"RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X
"SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X Service Pack 1
"Spyware Terminator_is1" = Spyware Terminator
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3855138791-3231676072-2698902849-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30.03.2010 17:02:43 | Computer Name = Gerrit-iMac27 | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1648 Start
Time: 01cad04c1863a3eb Termination Time: 7 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 936473c9-3c3f-11df-9eba-7c6d6290b104

Error - 01.04.2010 08:08:03 | Computer Name = Gerrit-iMac27 | Source = MsiInstaller | ID = 11904
Description =

Error - 03.04.2010 20:36:17 | Computer Name = Gerrit-iMac27 | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1d68 Start
Time: 01cad36e012dad99 Termination Time: 8 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 125849ca-3f82-11df-8cdf-7c6d6290b104

Error - 03.04.2010 20:38:50 | Computer Name = Gerrit-iMac27 | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 414 Start
Time: 01cad38ed79bfc64 Termination Time: 7 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 6da11647-3f82-11df-8cdf-7c6d6290b104

Error - 04.04.2010 14:06:44 | Computer Name = Gerrit-iMac27 | Source = Steam Client Service | ID = 1
Description =

Error - 05.04.2010 13:29:45 | Computer Name = Gerrit-iMac27 | Source = MsiInstaller | ID = 11305
Description =

Error - 05.04.2010 13:37:14 | Computer Name = Gerrit-iMac27 | Source = MsiInstaller | ID = 11305
Description =

Error - 05.04.2010 13:55:32 | Computer Name = Gerrit-iMac27 | Source = Application Error | ID = 1000
Description = Faulting application name: OUTLOOK.EXE, version: 12.0.6514.5000, time
stamp: 0x4a89dc70 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0xeeffee01 Faulting process id: 0x14dc Faulting application
start time: 0x01cad4ddeafc35d6 Faulting application path: C:\Program Files\Microsoft
Office\Office12\OUTLOOK.EXE Faulting module path: unknown Report Id: 6d751691-40dc-11df-8c9f-7c6d6290b104

Error - 05.04.2010 15:57:31 | Computer Name = Gerrit-iMac27 | Source = Application Error | ID = 1000
Description = Faulting application name: Photoshop.exe, version: 11.0.1.0, time
stamp: 0x499bf9b5 Faulting module name: Photoshop.exe, version: 11.0.1.0, time stamp:
0x499bf9b5 Exception code: 0xc0000005 Fault offset: 0x00c9a573 Faulting process id:
0x1e54 Faulting application start time: 0x01cad4f4aa1d00d3 Faulting application path:
C:\Program Files\Adobe\Adobe Photoshop CS4\Photoshop.exe Faulting module path: C:\Program
Files\Adobe\Adobe Photoshop CS4\Photoshop.exe Report Id: 77bc0a12-40ed-11df-8c9f-7c6d6290b104

Error - 07.04.2010 12:30:29 | Computer Name = Gerrit-iMac27 | Source = Application Error | ID = 1000
Description = Faulting application name: OUTLOOK.EXE, version: 12.0.6514.5000, time
stamp: 0x4a89dc70 Faulting module name: OUTLOOK.EXE, version: 12.0.6514.5000, time
stamp: 0x4a89dc70 Exception code: 0xc0000005 Fault offset: 0x009e1b1c Faulting process
id: 0x1f40 Faulting application start time: 0x01cad65a613c03a6 Faulting application
path: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE Faulting module path:
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE Report Id: e0639836-4262-11df-9ec8-7c6d6290b104

[ OSession Events ]
Error - 07.04.2010 12:30:28 | Computer Name = Gerrit-iMac27 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9128
seconds with 780 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 06.04.2010 18:38:05 | Computer Name = Gerrit-iMac27 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 06.04.2010 18:39:05 | Computer Name = Gerrit-iMac27 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Apple Mobile Device service,
but this action failed with the following error: %%1056

Error - 06.04.2010 18:49:50 | Computer Name = Gerrit-iMac27 | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 06.04.2010 22:12:46 | Computer Name = Gerrit-iMac27 | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 07.04.2010 06:20:11 | Computer Name = Gerrit-iMac27 | Source = DCOM | ID = 10016
Description =

Error - 07.04.2010 06:40:27 | Computer Name = Gerrit-iMac27 | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 07.04.2010 10:44:27 | Computer Name = Gerrit-iMac27 | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 07.04.2010 12:02:33 | Computer Name = Gerrit-iMac27 | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 07.04.2010 18:43:58 | Computer Name = Gerrit-iMac27 | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.

Error - 07.04.2010 19:24:56 | Computer Name = Gerrit-iMac27 | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 10.


< End of report >

Thank you so much in advance peku

Hi Geronomof

Thanks for the info. I dont see whats wrong with the that registry entry that was flagged.Run spybot once more and see what happens with it.

Thanks peku006

Hello Peku,

I sitll get the same warning. See attached

Hi Geronomof

1 - Run Malwarebytes' Anti-Malware


Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
On the Scanner tab:
Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
We will take care of the System Volume Information items later.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - Status Check
Please reply with

the Malwarebytes' Anti-Malware Log

Thanks peku006

Hi Peku,

If you look at my first post I also ran Malwarebytes and it didn't come up with anything. I have installed 1.44 and checked the updates. I will run it again now. Thanks for your help

Hi Geronomof
I would like to check because I'm not sure if you did full scan or quick scan

peku006

Hello Peku,

I did a full scan and the software didn't find antyhing.
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3975

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10.04.2010 23:06:19
mbam-log-2010-04-10 (23-06-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 273398
Laufzeit: 1 Stunde(n), 0 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Hi Geronomof

1 - Clean temp files


Please download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click Yes to reboot.


NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

2 - Eset online scannner

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.


Please go here (http://www.eset.com/onlinescan/) then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS1.gif
Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with

1. the Eset online scannner report
2. a fresh HijackThis log

Thanks peku006

Hello Peku,

the ESET scan came out negative
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

Where can I find the second scanner? Hijackthis?
Thanks,
Geronomo

Hi Geronomo

I dont see much to worry about, there is a way in spy bot to add a exception to the result so it will ignore it on future scans,some registry entries are harmless. I dont see it listing any files in the entry. If you need help adding a exception post back.

Thanks peku006

Hello Peku,
okay i hope you are right. Its really stange that only Spyboot comes up with this problem. Again thank you very much for your kind help.

As this issue appears to be resolved, this topic is now closed

We are pleased to have been some help in getting you clean.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)