|
Log-Analyse und Auswertung: Internetseiten öffnen ständig! Verdacht auf Trojaner!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
15.06.2010, 16:35 | #1 |
| Internetseiten öffnen ständig! Verdacht auf Trojaner! Liebe User, Moderatoren und Administratoren. Ich weiß einfach keinen Rat mehr, habe das Forum nach einer möglichen Antwort durchforstet, komme aber dennoch nicht zu einem Ergebnis. Seit vorgestern (oder gestern) öffnen sich im Internet Explorer (mein Standardbrowser ist Google Chrome) ständig Seiten. Meist sind das irgendwelche Werbungen (Versicherungen, IQ-Tests), manchmal sogar Sex-Seiten. Ich habe bei einem anderen Thread gesehen, dass man sein System mit "HiJackThis" überprüfen lassen kann. Ich habe dies auch gemacht. Hier die Log : HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:20:11, on 15.06.2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Users\******\AppData\Local\Temp\Qjf.exe C:\Windows\Qbejea.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTray.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\VideoWebCamera\VideoWebCamera.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\PACKARD BELL\SetupMyPC\SmpSys.exe C:\Users\*******\AppData\Local\Temp\svchost.exe C:\Users\*******\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0409&m=easynote_lj65 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2206084 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0409&m=easynote_lj65 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0409&m=easynote_lj65 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Softonic Deutsch FF Toolbar - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files\Softonic_Deutsch_FF\tbSoft.dll F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Softonic Deutsch FF Toolbar - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files\Softonic_Deutsch_FF\tbSoft.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - (no file) O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Softonic Deutsch FF Toolbar - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files\Softonic_Deutsch_FF\tbSoft.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -k O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [VideoWebCamera] "C:\Program Files\VideoWebCamera\VideoWebCamera.exe" -a O4 - HKLM\..\Run: [PLFSetI] C:\Program Files\PLFSetI.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [MbWzdFPAP-EXL540] C:\Windows\system32\FPAP-EXL540\PdtGuide.exe O4 - HKLM\..\Run: [WinSecure] C:\Program Files\Datapol\WinSecure PRO\WinSecure.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [LiveZilla] "C:\Program Files\LiveZilla\LiveZilla.exe" -minimize O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetupMyPC\SmpSys.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [M5T8QL3YW3] C:\Users\*******\AppData\Local\Temp\Qjf.exe O4 - HKCU\..\Run: [{0CE04775-1A71-B08E-D7D7-2B508341718C}] C:\Users\*******\AppData\Roaming\Uwysz\ipha.exe O4 - HKCU\..\Run: [start 1] C:\Users\********\AppData\Local\Temp\svchost.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - hxxp://www.lokalisten.de/iup/ImageUploader4.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1ca04acd92950d0) (gupdate1ca04acd92950d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MPM MultiPlugMate Service (MpmSvc) - K. Hofacker, Hamburg, Germany, www.gslantern.com - C:\Program Files\MPM\MpmSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 14586 bytes Ich kann damit nicht sehr viel anfangen, würde daher diejenigen bitten, die sich damit auskennen, mir vielleicht den ein oder anderen Ratschlag zu geben. Ich würde mich über schnelle Antwort sehr freuen, da ich meinen Computer für die Schule (Informatik-Klasse) brauche. Mit freundlichen Grüßen, erwartungsvoll AladinHalil |
15.06.2010, 16:39 | #2 |
/// Selecta Jahrusso | Internetseiten öffnen ständig! Verdacht auf Trojaner!Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Informatikschule, lernt man da nicht wie man mit Schadsoftware umgeht ? Scherz beiseite Schritt 1 CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs %SYSTEMDRIVE%\*.* %systemroot%\*. /mp /s CREATERESTOREPOINT %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90 %systemroot%\system32\user32.dll /md5 %systemroot%\system32\ws2_32.dll /md5 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs
Bitte poste in Deiner nächsten Antwort OTL.txt Extras.txt
__________________ |
15.06.2010, 17:11 | #3 |
| Internetseiten öffnen ständig! Verdacht auf Trojaner! Extras.txt:
__________________OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.06.2010 17:45:09 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\*******\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 452,75 Gb Total Space | 253,65 Gb Free Space | 56,02% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Computer Name: ******S-PC Current User Name: AsHoLeS Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02A8F468-0CF9-4A73-B7C5-541220B6A312}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{179623D1-3320-4915-8593-5B5049F3692F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{24ACAE75-C3BE-4E71-A12C-ADCC17D28CAE}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | "{2A7F1D1E-4C24-4B1D-A18E-0CCB6BEFAE25}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | "{2E3E634A-8290-4C13-9B32-E917B56C71C5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{37C92121-97F2-46C7-861D-CBB527BA3E87}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | "{431FDDE6-39C0-4AAC-921B-10657C64F09F}" = rport=10243 | protocol=6 | dir=out | app=system | "{4376EA96-3E5E-48C5-A3A8-42FD0F62EFDE}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | "{5F859709-83D2-4288-9ECD-E768E5ADACE5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{607A1865-1213-4339-84B8-D88176A13958}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | "{67A711EA-FBD3-4A26-AD23-4E1EAA60FF30}" = rport=5358 | protocol=6 | dir=out | app=system | "{6D070582-6939-4B30-87C4-E12702BA2627}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | "{8B77A9DA-4C13-4186-9511-6C29B68B3CE9}" = lport=10243 | protocol=6 | dir=in | app=system | "{8DBFDAE5-EC63-4D79-9191-C2D4323BDBA2}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{905A5AEA-95A0-4114-BF4B-1C44B8152290}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{91DF1FC6-8BB0-4D70-9C17-57A80504CFF8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{96054C1A-BBD4-4789-9B26-E2291B10DDBE}" = rport=5357 | protocol=6 | dir=out | app=system | "{9C7775B2-987D-4FCD-914A-08900593371F}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | "{A2B2FDA5-FCBF-4CD0-AF78-B033BCD630CB}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | "{A75321C4-650E-4D71-B47A-242A2FEFF951}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BEE95644-E0CE-4F9C-BE11-7B85D07DEF7E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C4DD2075-DDE5-4896-8B32-5C413A322210}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{C5EB7199-AF8E-4233-ACF1-8B4184A249AB}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{C6A0BBE0-D8C8-40D8-AC90-0B7A6290BC2F}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | "{C94C9B85-8027-4EE4-8A58-01385B6A32D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CBD1B16F-5D0B-4493-84BC-7FEA619276EA}" = lport=2869 | protocol=6 | dir=in | app=system | "{CBEC7A67-BEAB-47B1-B9EA-055DA8E56CED}" = lport=5358 | protocol=6 | dir=in | app=system | "{D42F82BB-3B99-4ABA-B7C5-C9AB7A4B2EE4}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | "{D4422AF7-2EAD-43E2-AEC2-2DABA69AB570}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | "{DBFB7FD2-7306-4321-BD28-35D7658DD98A}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | "{DCCCACC3-FEDF-4E72-B9EE-471E2BB7F8A0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DCEE9ED4-F9D2-45E6-AFD2-47953002FB1C}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | "{DDEDBB93-DA00-4CC7-ABAE-9B0C06E8E52A}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | "{E72817A1-0580-4AA1-AA3A-759B3499C2B9}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | "{E8F2E63F-0FC4-4F6C-B3E3-5036E471D06E}" = lport=2869 | protocol=6 | dir=in | app=system | "{EC99A08D-EE76-4D45-BFF4-6197445B4DA6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EED497E5-1E21-406E-B87A-67158AB4AC08}" = lport=5357 | protocol=6 | dir=in | app=system | "{EF1168CC-87A2-4200-91F6-9FD1B6E22824}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | "{F4AE8D95-6CB6-4D22-9140-FD42FF25E0C5}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{14094A96-C572-4642-AE42-CCFE0EAB6BF2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1A90C889-A6CF-446D-9F61-55603BF948C4}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | "{1CA8C348-F6DC-409F-9D92-F4F051B6B8A5}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | "{2943AEF2-80BC-495D-838B-E2D031A45FAE}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | "{31C6C424-2275-4E7F-AB94-E86E249153A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{33FAE48C-FFB6-4E3D-97BF-6656C89230C3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{3471B31E-0870-45F4-91F2-6AE1A10C2408}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | "{359DC68C-B012-4ED5-9B6B-834E14FFBF0A}" = protocol=17 | dir=in | app=c:\program files\gamigo\heroes in the sky\his.exe | "{36A3E95B-8CBE-4D57-814F-0A5167E1FF30}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | "{374BDC05-EDA9-4593-9C75-50D4461D7877}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{37D61417-C15C-4945-9219-0CE852E779DE}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | "{38B8498B-1433-4874-95A7-89845F556957}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{39CA358A-EE46-4B09-8DEC-5D871AC26EC2}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | "{3F2657A2-825A-447F-8017-8604872BC762}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4AD40867-10F7-4193-8EE1-5091FBE2E089}" = protocol=6 | dir=in | app=c:\program files\gamigo\heroes in the sky\his.exe | "{4D6AE91E-DFC2-48B2-86D0-90EE6F03A03C}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | "{53F48AF3-CF4C-4F76-8D60-8AA1F128E285}" = protocol=6 | dir=out | app=system | "{56289D72-1052-41FE-A382-9445D1D051A8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{5B48134E-7569-4538-AB72-19C6C0BD9577}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | "{5BC189DC-5E18-4B34-A2B9-1B4474B32B47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{652B3C56-BF08-44BE-8C0B-C79E30A351D7}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | "{66A0E37C-5948-45C9-AE92-0ECA4870EE70}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{6FEB7609-E1F7-4791-952C-6DE36EEE4323}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{74CC67F0-126A-4C9C-AA71-101873B79930}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{766D2F26-9DD4-481E-848A-EF058B4DEFAC}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | "{7736AE8E-3526-4BE5-B25F-B56B4FA713A0}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{79BE87A5-9107-4548-BAF5-43AE4176CAB2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{81EA7433-22E3-4669-9E78-13AC4286445E}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | "{87BE4EFE-CED1-41F8-B31E-2F6F58349557}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | "{897CC6D6-E05B-4DA9-AC7E-DFDA67D1F970}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | "{8AF453AE-5B85-426A-B85B-8F50E19FBA49}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8FD87A06-2FCC-4BAB-B68B-B189CBD825FA}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | "{90B30FFF-8CD4-419D-87AD-0C210B9A7898}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | "{95C29B1D-D39B-4A52-8B8B-58973B3271BD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A628A790-CEBF-4DA7-8854-1D185617DAB2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{A7D5F149-CFB9-4AF3-99D0-55274AF7AC28}" = protocol=6 | dir=in | app=c:\program files\ftp-uploader\ftpuploader.exe | "{A9E382C1-4B42-4E6F-A28A-3733FDF0F1BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B339C409-0A68-43B2-883C-BD326CD3FCD0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | "{B4CC644C-98CF-4B23-A366-23D0ACB646FE}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | "{BC744110-E38C-4152-8D36-D580962001C5}" = protocol=17 | dir=in | app=c:\program files\ftp-uploader\ftpuploader.exe | "{C730C2B4-5CD0-4A94-9BAF-367172468C71}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C74A8DF1-0EDB-4160-A320-F849CC6FA37C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{CDBD6F2F-3CB2-4497-8658-8F2EDA23F4FD}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{D665534C-C2A8-4E7D-9154-2B5FFD940AF8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D81766C5-DD30-4C2F-A10F-2910667B4F9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DC54EE92-DBCE-4CD2-ADE1-0A83943E3CB6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{E4AB46C2-0643-4043-82D4-01EA65D7237C}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | "{F4D22D9A-CE2A-461E-A5D2-83C148ADE510}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | "{F53343BE-F4DE-44B8-9DF9-BE082A909E30}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe | "{F76641D7-CA5A-4FD8-A524-99CA9E50B2E2}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "TCP Query User{0045329F-B57F-4CA1-A0FE-1AE2C5FFFCA7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{0AC05E4E-C746-42DB-B93D-3F5CD33DC75C}C:\users\asholes\desktop\games\gta sanandreas - kopie\gta_sa.exe" = protocol=6 | dir=in | app=c:\users\asholes\desktop\games\gta sanandreas - kopie\gta_sa.exe | "TCP Query User{0EFEB8E2-3CB7-49E7-BA56-6B2CB3942E44}C:\program files\atari\test drive unlimited2\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\program files\atari\test drive unlimited2\testdriveunlimited.exe | "TCP Query User{1B51FDB1-1484-4CF8-B148-21F864A1D933}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{217CB465-EA6D-43F0-98D6-D3EB12237BA8}C:\users\asholes\documents\gta\pawno\samp-server.exe" = protocol=6 | dir=in | app=c:\users\asholes\documents\gta\pawno\samp-server.exe | "TCP Query User{29C84B92-7FF7-4D80-A97D-87F6B5BBDB96}C:\users\asholes\documents\gta\pawno\samp-server.exe" = protocol=6 | dir=in | app=c:\users\asholes\documents\gta\pawno\samp-server.exe | "TCP Query User{2A122709-1587-43A2-AE31-0EBFB20F21CB}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{2EB18890-BD12-4A6A-B577-E9950170E3CD}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "TCP Query User{3350D646-869C-4E3C-8DF1-859F55F4EB54}C:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\program files\atari\test drive unlimited\testdriveunlimited.exe | "TCP Query User{341E881B-CAD7-4989-83FE-7594E4275496}C:\users\asholes\desktop\games\gta sanandreas - mappen\gta_sa.exe" = protocol=6 | dir=in | app=c:\users\asholes\desktop\games\gta sanandreas - mappen\gta_sa.exe | "TCP Query User{38D0ED24-043B-4735-A5F0-8F8E9898CF74}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{3DB983D1-B7F1-4C19-A4B9-09808C6FDE1E}C:\program files\freecall.com\freecall\freecall.exe" = protocol=6 | dir=in | app=c:\program files\freecall.com\freecall\freecall.exe | "TCP Query User{5C08D44F-665C-4DF3-9E64-7DC233991A64}C:\users\asholes\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\asholes\temp\teamviewer\version4\teamviewer.exe | "TCP Query User{61C1B68A-123F-4C40-8563-BE2F3B36060F}C:\program files\atari\test drive unlimited2\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\program files\atari\test drive unlimited2\testdriveunlimited.exe | "TCP Query User{64E7CD9E-9A0A-47AE-A747-3D4885A4ED83}C:\program files\steam\steamapps\stylersucks41\deathmatch classic\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\stylersucks41\deathmatch classic\hl.exe | "TCP Query User{715C87ED-F69A-4159-BAE6-AE05458E6C54}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | "TCP Query User{8C24471C-FE29-4ACF-A649-586B9EAC5640}C:\users\asholes\desktop\games\gta sanandreas - mappen\gta_sa.exe" = protocol=6 | dir=in | app=c:\users\asholes\desktop\games\gta sanandreas - mappen\gta_sa.exe | "TCP Query User{8E262CF1-38A2-4B6A-9E4D-9AB4B7CA76A5}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdm.exe | "TCP Query User{9535BB4A-5294-4216-9A64-D5487D4DE146}C:\program files\atari\boiling point\xenus.exe" = protocol=6 | dir=in | app=c:\program files\atari\boiling point\xenus.exe | "TCP Query User{A632C278-7544-48AE-B67F-2CA84ECD50E2}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{B8120BF4-2CFF-4E5D-93CE-BCDF053403CF}C:\program files\steam\steamapps\stylersucks41\day of defeat\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\stylersucks41\day of defeat\hl.exe | "TCP Query User{CA6A76D8-FB72-4BAC-8985-6DC9FC6D0093}C:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\program files\atari\test drive unlimited\testdriveunlimited.exe | "TCP Query User{CEA69F50-41C5-4320-B61A-F2369B5C4068}C:\program files\teamspeak2_rc2\server_windows.exe" = protocol=6 | dir=in | app=c:\program files\teamspeak2_rc2\server_windows.exe | "TCP Query User{D6E2AC5A-114A-4437-AE4B-F5B0A502F2F9}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{E2358B5B-34E1-47BE-B428-FACE00DA54D5}C:\program files\steam\steamapps\stylersucks41\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\stylersucks41\counter-strike\hl.exe | "TCP Query User{E91E403B-2519-41FE-AAF2-1C57CF3B6AA5}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "TCP Query User{FEFEB9EE-B6A6-4EB4-9ECF-86CE4C37A73F}C:\users\asholes\desktop\mta san andreas\server\mta server.exe" = protocol=6 | dir=in | app=c:\users\asholes\desktop\mta san andreas\server\mta server.exe | "UDP Query User{0E71B295-626C-4435-A732-91B96738C85E}C:\users\asholes\desktop\games\gta sanandreas - mappen\gta_sa.exe" = protocol=17 | dir=in | app=c:\users\asholes\desktop\games\gta sanandreas - mappen\gta_sa.exe | "UDP Query User{1011B392-47C9-44DE-A1A3-D7E8B42DF3AE}C:\program files\steam\steamapps\stylersucks41\day of defeat\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\stylersucks41\day of defeat\hl.exe | "UDP Query User{1BFF226B-724C-4275-B558-EFB3D62B63F1}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{1DA83DB5-CB09-497C-B745-08E61812126E}C:\program files\atari\boiling point\xenus.exe" = protocol=17 | dir=in | app=c:\program files\atari\boiling point\xenus.exe | "UDP Query User{204DC99C-7880-4C4B-8E66-C78A277A8DB2}C:\users\asholes\desktop\games\gta sanandreas - kopie\gta_sa.exe" = protocol=17 | dir=in | app=c:\users\asholes\desktop\games\gta sanandreas - kopie\gta_sa.exe | "UDP Query User{280300F3-5202-4A11-B53C-6CE0D75EE291}C:\program files\steam\steamapps\stylersucks41\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\stylersucks41\counter-strike\hl.exe | "UDP Query User{2EA27991-7200-4D5B-AEB7-AD2F87023949}C:\users\asholes\desktop\mta san andreas\server\mta server.exe" = protocol=17 | dir=in | app=c:\users\asholes\desktop\mta san andreas\server\mta server.exe | "UDP Query User{33E82851-6134-46E9-9A91-DDAEDFE92BBD}C:\program files\steam\steamapps\stylersucks41\deathmatch classic\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\stylersucks41\deathmatch classic\hl.exe | "UDP Query User{3FB13DF6-72E5-4F1F-AC6A-44290A52591E}C:\users\asholes\documents\gta\pawno\samp-server.exe" = protocol=17 | dir=in | app=c:\users\asholes\documents\gta\pawno\samp-server.exe | "UDP Query User{47425FF7-5F07-417B-B13D-089CE8B1832F}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "UDP Query User{4C8432B4-8196-4267-8B87-03C1E21278EA}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{4DCE9ABA-D0E2-4DEF-976A-1B9D067D98C1}C:\program files\atari\test drive unlimited2\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\program files\atari\test drive unlimited2\testdriveunlimited.exe | "UDP Query User{500D3864-9109-49FF-A67B-0D6719A2B733}C:\users\asholes\documents\gta\pawno\samp-server.exe" = protocol=17 | dir=in | app=c:\users\asholes\documents\gta\pawno\samp-server.exe | "UDP Query User{7A181678-153D-4F92-B5BF-1508980F60B7}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdm.exe | "UDP Query User{7B8C6FC9-BEB3-47F7-9025-88944264D4EA}C:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\program files\atari\test drive unlimited\testdriveunlimited.exe | "UDP Query User{8DD87020-E0ED-425B-BFD1-A4CFD5463038}C:\program files\freecall.com\freecall\freecall.exe" = protocol=17 | dir=in | app=c:\program files\freecall.com\freecall\freecall.exe | "UDP Query User{91F0947B-7648-47B7-B046-FF28BE7D3B36}C:\users\asholes\desktop\games\gta sanandreas - mappen\gta_sa.exe" = protocol=17 | dir=in | app=c:\users\asholes\desktop\games\gta sanandreas - mappen\gta_sa.exe | "UDP Query User{982107C2-86BC-4251-AE0A-A7F86E0387AE}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{9FD848B4-CCF8-44BC-90E9-76E9FBC6820D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{C5A49FC5-5933-4BA0-8CAA-FE84D5A8893E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{C654AD1A-66DD-4727-A3F3-BB16737CEB02}C:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\program files\atari\test drive unlimited\testdriveunlimited.exe | "UDP Query User{D11B4CD5-2DE7-4829-933D-05A689648369}C:\program files\teamspeak2_rc2\server_windows.exe" = protocol=17 | dir=in | app=c:\program files\teamspeak2_rc2\server_windows.exe | "UDP Query User{DEB15D7B-7EBA-4F4E-9789-A5ABAE796320}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{DF4A8F90-5280-4FD7-BB6B-B5228F29D31E}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | "UDP Query User{EC86C39F-0BFC-45C3-ADEA-DEF61065CD82}C:\program files\atari\test drive unlimited2\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\program files\atari\test drive unlimited2\testdriveunlimited.exe | "UDP Query User{F88403FE-DB74-46B2-B8A2-B5DF88F49AAB}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{FF0A8D97-8AF3-4C6D-819D-9F9565127553}C:\users\asholes\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\asholes\temp\teamviewer\version4\teamviewer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club "{0B96C1A6-73A1-8648-BB59-9AA8E0EC3BBD}" = ATI Catalyst Install Manager "{0EA5CCBB-EAE1-863F-42C7-2200ECB5C215}" = ccc-utility "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{196CF234-5A24-2F2F-82D9-03E8794A8DB2}" = CCC Help Danish "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2 "{221E3442-5E36-4444-45C3-69022B3A818B}" = Catalyst Control Center Graphics Full Existing "{22392D35-2541-5D02-7159-A1C6F93D08DB}" = CCC Help Chinese Standard "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26966185-1610-386E-A249-2D05A5C6861C}" = Catalyst Control Center Graphics Previews Vista "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 20 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{2CCEEB92-631F-FC35-0757-122A8EA82573}" = CCC Help Portuguese "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3BBBF916-D04B-7388-46FB-21EA257B6756}" = CCC Help Italian "{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell PowerSave Solution "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{3FE2C6E2-8A57-D9EF-5005-FDFF43A4BA99}" = CCC Help English "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4297D072-09F0-F2E7-4B0F-009098303CB9}" = CCC Help Czech "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{48D60246-3600-CF3A-9B9C-BD8C0145BABA}" = CCC Help Hungarian "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable "{5C1BF3AC-B19D-4C26-B0A0-90833A521031}" = Nero 8 Essentials "{5EAEE5D7-F4D6-0D20-3EAE-D971E35A1F48}" = CCC Help Russian "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works "{662AF9F7-2728-B97D-D806-CB529B5B6572}" = CCC Help Greek "{673ACCCA-79B5-EFD0-C08F-C6160188F837}" = CCC Help Japanese "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6DA250F4-CC00-CD57-3081-97C5AEEB6517}" = CCC Help Polish "{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli "{70D0D8A6-4A55-5D59-D9F0-0BD2E63BE4CB}" = Skins "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{7687F1D7-BA02-E78A-38B8-CC2E80441F02}" = CCC Help Spanish "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7C20E89E-4C3D-468E-97A0-9ECF6B1C93DD}" = Catalyst Control Center - Branding "{7E69211F-9327-68CC-B854-CCE0A73951FD}" = CCC Help Thai "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management "{80E59E27-B816-A3F1-69FB-DAF5623A5320}" = Catalyst Control Center InstallProxy "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8D580EFB-6B85-2680-77F9-F6B05335995D}" = CCC Help German "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A32563F0-671A-B71C-6D5D-F1BCC5D9820A}" = PX Profile Update "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Video Web Camera "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AF74E427-69CD-71EF-34A1-AAD7BBF98571}" = Catalyst Control Center Core Implementation "{B423FEBB-A980-3F0C-019D-39570AB69F52}" = CCC Help Chinese Traditional "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B7B8F5CF-A83E-0485-A5D6-A04F437BE9E3}" = CCC Help French "{C4C91E02-D4E2-481E-BCBA-7D90CC8D43E1}" = LiveZilla "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1" = aTube Catcher 1.0 "{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 0.83 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF1A3128-AE8D-6CDD-97E2-EB21AE072578}" = Catalyst Control Center Localization All "{CFAE5CA5-3757-B38A-3CEF-26C275098EF3}" = CCC Help Turkish "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1F45DA3-0747-FE7F-BD90-AA030DE37B47}" = CCC Help Korean "{D8547BA0-E3B7-DEE8-FE37-660F8C69EF83}" = CCC Help Dutch "{DB64492B-AE9C-1C8F-5158-0B204B42410A}" = ccc-core-static "{DBAD3D0A-7A98-95F5-ACFB-C6B5CCB47A95}" = CCC Help Finnish "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DE41E729-2E45-D6C5-F06F-F686D6C9E472}" = CCC Help Swedish "{DF61C694-F6D1-37C6-35B7-1320F836FE57}" = Catalyst Control Center Graphics Light "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E0D839A8-C888-C560-9332-43D73D7BDE21}" = Catalyst Control Center Graphics Full New "{E128FE24-9C62-6642-1D18-BEAC991C5E62}" = CCC Help Norwegian "{E25046CF-2BCE-4BEE-A12B-F9C181F4E206}" = FIFA 10 "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{EC847A65-2A8C-3255-B4C7-E6D2A9B84618}" = Cooliris for Internet Explorer "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes "{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 4.65 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0 "Alarm fur Cobra 11 - vol 4 Nitro_tdm_is1" = Download-manager für Alarm fur Cobra 11 - vol 4 Nitro de "Ask Toolbar_is1" = Ask Toolbar "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Cross Fire_is1" = Cross Fire En "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "Derive 6" = Derive 6 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Euro Truck Simulator" = Euro Truck Simulator 1.00 "FileZilla Client" = FileZilla Client 3.2.7.1 "FormatFactory" = FormatFactory 2.20 "Free Download Manager_is1" = Free Download Manager 3.0 "GameSpy Arcade" = GameSpy Arcade "GeoGebra" = GeoGebra "Google Chrome" = Google Chrome "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Identity Card" = Identity Card "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup "InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X "Likno Web Button Maker - Free version" = Likno Web Button Maker - Free version "LiveZilla" = LiveZilla "LManager" = Launch Manager "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9) "MPM MultiPlugMate_is1" = MPM MultiPlugMate 1.5.12 "MTA: Race for San Andreas" = MTA: Race for San Andreas 1.1.1 "MTA:SA" = MTA:SA v1.0.3 "MTA:SA Race" = MTA:SA Race 1.1.2 "Packard Bell Customer Registration" = Packard Bell Customer Registration "PackardBell Screensaver" = PackardBell ScreenSaver "Picasa 3" = Picasa 3 "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "SA-MP Colorpicker" = SA-MP Colorpicker 1.1.0 "San Andreas Mod Installer1.1" = San Andreas Mod Installer "SetupMyPC" = SetupMyPC "Softonic_Deutsch_FF Toolbar" = Softonic_Deutsch_FF Toolbar "Software Informer_is1" = Software Informer 1.0 BETA "ST6UNST #1" = NfS CarTuner "Steam App 10" = Counter-Strike "Steam App 30" = Day of Defeat "Steam App 40" = Deathmatch Classic "SynTPDeinstKey" = Synaptics Pointing Device Driver "T r o j a n R e m o v e r_is1" = Trojan Remover 6.6.3 "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamSpeak 2 Server_is1" = TeamSpeak 2 Server RC2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "TeamViewer 5" = TeamViewer 5 "Test Drive Unlimited_is1" = Test Drive Unlimited "tintii" = indii.org/tintii "TS Admin-Client 2_is1" = TS Admin-Client 2.2.3-alpha [Build: 1485] "Uninstall_is1" = Uninstall 1.0.0.1 "Updator" = Updator "VLC media player" = VLC media player 1.0.5 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 02.06.2010 09:24:13 | Computer Name = ******s-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 02.06.2010 09:24:13 | Computer Name = ******s-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 02.06.2010 09:24:13 | Computer Name = ******s-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 02.06.2010 09:24:13 | Computer Name = ******s-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe". Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 02.06.2010 09:30:26 | Computer Name = ******s-PC | Source = MsiInstaller | ID = 11606 Description = Error - 02.06.2010 09:30:26 | Computer Name = ******s-PC | Source = MsiInstaller | ID = 11606 Description = Error - 02.06.2010 09:30:26 | Computer Name = ******s-PC | Source = MsiInstaller | ID = 1024 Description = Error - 02.06.2010 12:38:29 | Computer Name = ******s-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung gta_sa.exe, Version 0.0.0.0, Zeitstempel 0x427101ca, fehlerhaftes Modul d3d9.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a65d, Ausnahmecode 0xc0000005, Fehleroffset 0x0000b120, Prozess-ID 0x1470, Anwendungsstartzeit 01cb026b33922e5a. Error - 02.06.2010 16:16:08 | Computer Name = ******s-PC | Source = VSS | ID = 8194 Description = Error - 02.06.2010 17:27:28 | Computer Name = ******s-PC | Source = EventSystem | ID = 4621 Description = [ System Events ] Error - 15.06.2010 09:04:19 | Computer Name = ******s-PC | Source = Service Control Manager | ID = 7009 Description = Error - 15.06.2010 09:04:19 | Computer Name = ******s-PC | Source = Service Control Manager | ID = 7000 Description = Error - 15.06.2010 09:04:50 | Computer Name = ******s-PC | Source = DCOM | ID = 10016 Description = Error - 15.06.2010 09:15:54 | Computer Name = ******s-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 15.06.2010 09:15:54 | Computer Name = ******s-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 15.06.2010 09:16:25 | Computer Name = ******s-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20 Description = Error - 15.06.2010 09:38:02 | Computer Name = ******s-PC | Source = HTTP | ID = 15016 Description = Error - 15.06.2010 09:38:45 | Computer Name = ******s-PC | Source = Service Control Manager | ID = 7009 Description = Error - 15.06.2010 09:38:45 | Computer Name = ******s-PC | Source = Service Control Manager | ID = 7000 Description = Error - 15.06.2010 09:39:32 | Computer Name = ******s-PC | Source = DCOM | ID = 10016 Description = < End of report > |
15.06.2010, 17:12 | #4 |
| Internetseiten öffnen ständig! Verdacht auf Trojaner! OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.06.2010 17:45:09 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\*******\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 452,75 Gb Total Space | 253,65 Gb Free Space | 56,02% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *******S-PC Current User Name: ******* Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.06.15 17:44:16 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\*******\Downloads\OTL.exe PRC - [2010.06.14 21:20:50 | 000,046,602 | ---- | M] () -- C:\Users\*******\AppData\Local\Temp\svchost.exe PRC - [2010.06.14 20:20:01 | 000,171,520 | ---- | M] () -- C:\Users\*******\AppData\Local\Temp\Qjf.exe PRC - [2010.06.14 20:19:32 | 000,184,320 | ---- | M] () -- C:\Windows\Qbejea.exe PRC - [2010.04.20 15:14:48 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.02 10:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.12.17 18:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2009.05.30 02:28:59 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\*******\AppData\Local\Temp\RtkBtMnt.exe PRC - [2009.03.18 10:46:30 | 001,160,736 | ---- | M] (Acer Incorporated) -- C:\Programme\PACKARD BELL\SetupMyPC\SmpSys.exe PRC - [2009.03.12 18:15:58 | 001,552,497 | ---- | M] (Suyin) -- C:\Programme\VideoWebCamera\VideoWebCamera.exe PRC - [2009.03.11 03:09:28 | 000,715,296 | ---- | M] (Acer Incorporated) -- C:\Programme\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTray.exe PRC - [2009.03.11 03:09:26 | 000,666,144 | ---- | M] (Acer Incorporated) -- C:\Programme\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe PRC - [2009.03.10 01:53:08 | 000,250,624 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe PRC - [2009.03.10 01:53:02 | 000,044,800 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe PRC - [2009.02.24 12:09:30 | 006,789,664 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2009.02.12 06:21:12 | 000,862,728 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.17 10:44:58 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe PRC - [2006.10.23 12:55:46 | 000,039,936 | ---- | M] (K. Hofacker, Hamburg, Germany, www.gslantern.com) -- C:\Programme\MPM\MpmSvc.exe ========== Modules (SafeList) ========== MOD - [2010.06.15 17:44:16 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\*******\Downloads\OTL.exe MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2008.01.21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.04.20 15:14:48 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.13 19:32:21 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.12.17 18:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2009.11.04 17:15:00 | 000,069,120 | ---- | M] (BOONTY) [On_Demand | Stopped] -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games) SRV - [2009.05.06 23:15:00 | 002,785,582 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2009.03.20 03:07:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.03.11 03:09:26 | 000,666,144 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.03.10 01:53:02 | 000,044,800 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008.11.03 13:37:58 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService) SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) SRV - [2006.10.23 12:55:46 | 000,039,936 | ---- | M] (K. Hofacker, Hamburg, Germany, www.gslantern.com) [Auto | Running] -- C:\Programme\MPM\MpmSvc.exe -- (MpmSvc) ========== Driver Services (SafeList) ========== DRV - [2010.03.01 09:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.02.16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.11.07 15:58:19 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.10.08 15:53:05 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.24 10:48:26 | 002,327,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009.02.23 17:20:12 | 000,062,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR) DRV - [2009.02.13 17:50:34 | 004,385,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag) DRV - [2009.02.13 15:35:30 | 000,093,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.02.06 04:33:04 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.12.24 19:30:00 | 000,155,808 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008.12.01 07:58:44 | 000,445,440 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28.sys -- (netr28) DRV - [2008.11.19 20:22:36 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2008.11.03 13:32:20 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio) DRV - [2008.09.25 01:37:40 | 003,666,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.09.03 14:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM) DRV - [2008.01.30 12:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2008.01.30 12:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper) DRV - [2008.01.25 11:12:34 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn) DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR) DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2008.01.21 04:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL) DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2008.01.21 04:23:21 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2008.01.21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2007.04.03 10:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32) DRV - [2006.11.02 15:29:36 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr) DRV - [2006.11.02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0409&m=easynote_lj65 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0409&m=easynote_lj65 IE - HKLM\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0409&m=easynote_lj65 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2206084 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch FF Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2206084&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Softonic Deutsch FF Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2206084&SearchSource=13" FF - prefs.js..extensions.enabledItems: {9d81af43-de53-48d0-a199-42c2a226b24c}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.22 12:09:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.14 22:16:29 | 000,000,000 | ---D | M] [2010.06.13 21:56:05 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\mozilla\Extensions [2010.06.13 21:56:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*******\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2009.06.19 23:29:44 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\extensions [2009.06.19 23:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2010.05.13 13:55:06 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\9xjtuaa7.default\extensions [2009.12.21 13:52:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\9xjtuaa7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.13 23:24:44 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\9xjtuaa7.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2010.04.15 18:35:54 | 000,000,000 | ---D | M] (Softonic Deutsch FF Toolbar) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\9xjtuaa7.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c} [2010.01.20 12:18:32 | 000,000,941 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\FireFox\Profiles\9xjtuaa7.default\searchplugins\conduit.xml [2010.06.14 22:16:35 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.06.14 22:16:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.04.13 23:24:21 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.13 23:24:21 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.13 23:24:21 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.13 23:24:21 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.13 23:24:21 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll () O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Programme\PicLensIE\cooliris.dll (Cooliris Inc.) O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch FF Toolbar) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe File not found O4 - HKLM..\Run: [LiveZilla] C:\Program Files\LiveZilla\LiveZilla.exe (LiveZilla GmbH) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [MbWzdFPAP-EXL540] C:\Windows\System32\FPAP-EXL540\PdtGuide.exe () O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [PLFSetI] C:\Program Files\PLFSetI.exe File not found O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files\VideoWebCamera\VideoWebCamera.exe (Suyin) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [WinSecure] C:\Program Files\Datapol\WinSecure PRO\WinSecure.exe File not found O4 - HKCU..\Run: [{0CE04775-1A71-B08E-D7D7-2B508341718C}] C:\Users\*******\AppData\Roaming\Uwysz\ipha.exe () O4 - HKCU..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe File not found O4 - HKCU..\Run: [FreeCall] C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe File not found O4 - HKCU..\Run: [fsm] File not found O4 - HKCU..\Run: [M5T8QL3YW3] C:\Users\*******\AppData\Local\Temp\Qjf.exe () O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetupMyPC\SmpSys.exe (Acer Incorporated) O4 - HKCU..\Run: [start 1] C:\Users\*******\AppData\Local\Temp\svchost.exe () O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Programme\PicLensIE\cooliris.dll (Cooliris Inc.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} hxxp://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab (IWinAmpActiveX Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{216c076c-b412-11de-a515-00235a89b561}\Shell - "" = AutoRun O33 - MountPoints2\{216c076c-b412-11de-a515-00235a89b561}\Shell\AutoRun\command - "" = E:\setup.exe.exe -- File not found O33 - MountPoints2\{e604b1f2-b63e-11de-b19f-00235a89b561}\Shell - "" = AutoRun O33 - MountPoints2\{e604b1f2-b63e-11de-b19f-00235a89b561}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2008.01.21 04:34:27 | 000,000,000 | ---D | M] NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 90 Days ========== [2010.06.15 17:05:59 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.06.14 22:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.06.14 22:32:42 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2010.06.14 21:52:33 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Local\Windows Server [2010.06.13 21:56:03 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Thunderbird [2010.06.13 21:56:03 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Local\Thunderbird [2010.06.13 19:32:59 | 000,000,000 | ---D | C] -- C:\Programme\SA-MP Colorpicker [2010.06.12 12:05:37 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2010.06.06 20:23:29 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\OneNote-Notizbücher [2010.06.02 22:22:57 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER [2010.06.02 22:22:15 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET [2010.06.02 22:16:28 | 000,000,000 | RH-D | C] -- C:\MSOCache [2010.06.01 22:21:41 | 000,000,000 | ---D | C] -- C:\Users\*******\Desktop\HOMEPAGE [2010.06.01 20:13:09 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\FileZilla [2010.06.01 20:10:02 | 000,000,000 | ---D | C] -- C:\Programme\FileZilla FTP Client [2010.05.22 12:54:43 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover [2010.05.22 12:54:43 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\Simply Super Software [2010.05.22 12:54:43 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Simply Super Software [2010.05.22 12:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2010.05.21 17:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\{7269BE79-5722-4259-B764-61F0045B02FF} [2010.05.21 17:01:27 | 000,000,000 | ---D | C] -- C:\Programme\LiveZilla [2010.05.10 16:46:38 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\OpenOffice.org [2010.05.10 16:32:16 | 000,000,000 | ---D | C] -- C:\Programme\OpenOffice.org 3 [2010.05.10 16:23:46 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\Meine Projekte [2010.04.30 15:22:13 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\vlc [2010.04.30 15:21:14 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN [2010.04.30 15:08:30 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\Bio PPT [2010.04.15 18:35:57 | 000,000,000 | ---D | C] -- C:\Programme\Conduit [2010.04.15 18:35:55 | 000,000,000 | ---D | C] -- C:\Programme\Softonic_Deutsch_FF [2010.04.15 18:35:51 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\FFOutput [2010.04.15 18:34:58 | 000,000,000 | ---D | C] -- C:\Programme\FreeTime [2010.04.10 10:36:58 | 000,000,000 | ---D | C] -- C:\Programme\Ubisoft [2010.03.28 13:34:23 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Avira [2010.03.28 11:56:08 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.03.28 11:56:08 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.03.24 23:12:45 | 000,000,000 | ---D | C] -- C:\Users\*******\Desktop\MTA San Andreas [2010.03.21 18:41:38 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\DonationCoder [2010.03.21 18:41:38 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\DonationCoder ========== Files - Modified Within 90 Days ========== [2010.06.15 17:49:37 | 003,932,160 | -HS- | M] () -- C:\Users\*******\NTUSER.DAT [2010.06.15 17:46:26 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.06.15 17:38:01 | 000,004,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.15 17:38:01 | 000,004,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.15 17:34:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.06.15 17:19:49 | 000,002,527 | ---- | M] () -- C:\Users\*******\Desktop\HiJackThis.lnk [2010.06.15 17:12:19 | 000,000,250 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.06.15 17:12:08 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.06.15 17:11:35 | 001,848,921 | -H-- | M] () -- C:\Users\*******\AppData\Local\IconCache.db [2010.06.15 15:38:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.15 15:37:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.15 15:37:55 | 3219,107,840 | -HS- | M] () -- C:\hiberfil.sys [2010.06.15 15:36:53 | 000,524,288 | -HS- | M] () -- C:\Users\*******\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.06.15 15:36:53 | 000,065,536 | -HS- | M] () -- C:\Users\*******\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.06.15 15:07:03 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{871A3C2C-C0A9-4862-882B-D1D90A6AD656}.job [2010.06.14 22:32:56 | 000,057,344 | ---- | M] () -- C:\Users\*******\Documents\Stellungnahme zur Sterbehilfe.doc [2010.06.14 22:16:38 | 000,000,680 | ---- | M] () -- C:\Users\*******\AppData\Local\d3d9caps.dat [2010.06.14 21:21:58 | 000,611,328 | ---- | M] () -- C:\Windows\System32\qtplugin.exe [2010.06.14 20:19:32 | 000,184,320 | ---- | M] () -- C:\Windows\Qbejea.exe [2010.06.14 16:25:29 | 000,001,260 | ---- | M] () -- C:\Users\*******\Desktop\JiloHausaufgabe!!!!.dfw [2010.06.13 20:06:13 | 000,001,655 | ---- | M] () -- C:\new.amx [2010.06.13 19:32:59 | 000,000,914 | ---- | M] () -- C:\Users\*******\Desktop\SA-MP Colorpicker.lnk [2010.06.13 17:30:36 | 000,015,125 | ---- | M] () -- C:\Users\*******\Desktop\Das LSPD.docx [2010.06.13 17:11:31 | 000,002,631 | ---- | M] () -- C:\Users\*******\Desktop\Microsoft Office Word 2007.lnk [2010.06.13 11:33:07 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2010.06.12 13:31:06 | 000,019,125 | ---- | M] () -- C:\Users\*******\Desktop\Bewerbungsvorlage.docx [2010.06.12 13:24:19 | 001,447,804 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.12 13:24:19 | 000,628,910 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.12 13:24:19 | 000,595,946 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.12 13:24:19 | 000,127,606 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.12 13:24:19 | 000,105,276 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.11 20:02:40 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.06.11 18:46:43 | 000,331,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.06.10 16:38:32 | 000,052,736 | ---- | M] () -- C:\Users\*******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.07 15:49:37 | 000,013,777 | ---- | M] () -- C:\Users\*******\Desktop\Der Einbürgerungstest.docx [2010.06.06 20:23:28 | 000,001,159 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2010.06.06 08:39:49 | 000,082,464 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT [2010.06.03 19:58:32 | 002,353,241 | ---- | M] () -- C:\Users\*******\Desktop\Unbenannt (2).wma [2010.06.03 15:52:00 | 000,082,464 | ---- | M] () -- C:\Users\*******\AppData\Local\GDIPFONTCACHEV1.DAT [2010.06.01 20:10:07 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2010.05.22 12:54:46 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2010.05.21 23:33:57 | 000,001,744 | ---- | M] () -- C:\Users\*******\Desktop\Mozilla Firefox.lnk [2010.05.21 17:01:29 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\LiveZilla Server Admin.lnk [2010.05.21 17:01:29 | 000,000,882 | ---- | M] () -- C:\Users\Public\Desktop\LiveZilla Client.lnk [2010.05.10 17:15:22 | 000,006,864 | ---- | M] () -- C:\Users\*******\Documents\Transformator.odf [2010.05.10 16:36:49 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk [2010.05.10 16:24:02 | 000,000,542 | ---- | M] () -- C:\Users\*******\AppData\Roaming\wklnhst.dat [2010.04.21 15:20:46 | 000,952,361 | ---- | M] () -- C:\Users\*******\Documents\Unbenannt.wma [2010.04.15 18:35:09 | 000,000,993 | ---- | M] () -- C:\Users\*******\Desktop\Format Factory.lnk [2010.04.12 17:25:17 | 000,001,973 | ---- | M] () -- C:\Users\*******\Desktop\Test Drive Unlimited (2).lnk [2010.03.26 15:41:26 | 000,008,827 | ---- | M] () -- C:\Users\*******\Documents\adminnachweis.jpg [2010.03.25 18:17:14 | 000,001,680 | ---- | M] () -- C:\Users\*******\Desktop\Play MTA San Andreas.lnk [2010.03.25 18:13:45 | 000,000,290 | ---- | M] () -- C:\Windows\wininit.ini [2010.03.21 18:41:38 | 000,000,058 | ---- | M] () -- C:\Windows\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2010.03.21 18:41:38 | 000,000,058 | ---- | M] () -- C:\Users\*******\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat ========== Files Created - No Company Name ========== [2010.06.15 17:06:00 | 000,002,527 | ---- | C] () -- C:\Users\*******\Desktop\HiJackThis.lnk [2010.06.15 15:04:54 | 000,000,294 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.06.14 21:22:05 | 000,611,328 | ---- | C] () -- C:\Windows\System32\qtplugin.exe [2010.06.14 20:19:37 | 000,184,320 | ---- | C] () -- C:\Windows\Qbejea.exe [2010.06.14 20:19:33 | 000,000,250 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.06.14 16:25:28 | 000,001,260 | ---- | C] () -- C:\Users\*******\Desktop\JiloHausaufgabe!!!!.dfw [2010.06.13 19:39:37 | 000,001,655 | ---- | C] () -- C:\new.amx [2010.06.13 19:32:59 | 000,000,914 | ---- | C] () -- C:\Users\*******\Desktop\SA-MP Colorpicker.lnk [2010.06.13 17:30:35 | 000,015,125 | ---- | C] () -- C:\Users\*******\Desktop\Das LSPD.docx [2010.06.12 13:16:43 | 000,019,125 | ---- | C] () -- C:\Users\*******\Desktop\Bewerbungsvorlage.docx [2010.06.12 12:43:12 | 000,002,631 | ---- | C] () -- C:\Users\*******\Desktop\Microsoft Office Word 2007.lnk [2010.06.07 15:49:36 | 000,013,777 | ---- | C] () -- C:\Users\*******\Desktop\Der Einbürgerungstest.docx [2010.06.06 20:23:28 | 000,001,159 | ---- | C] () -- C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2010.06.03 19:58:31 | 002,353,241 | ---- | C] () -- C:\Users\*******\Desktop\Unbenannt (2).wma [2010.06.01 20:10:07 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2010.05.22 12:54:46 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk [2010.05.22 12:54:45 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2010.05.22 12:54:45 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2010.05.22 12:54:45 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2010.05.22 12:54:45 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2010.05.21 23:33:57 | 000,001,744 | ---- | C] () -- C:\Users\*******\Desktop\Mozilla Firefox.lnk [2010.05.21 17:01:29 | 000,000,891 | ---- | C] () -- C:\Users\Public\Desktop\LiveZilla Server Admin.lnk [2010.05.21 17:01:29 | 000,000,882 | ---- | C] () -- C:\Users\Public\Desktop\LiveZilla Client.lnk [2010.05.10 17:15:20 | 000,006,864 | ---- | C] () -- C:\Users\*******\Documents\Transformator.odf [2010.05.10 16:36:49 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk [2010.04.15 18:35:09 | 000,000,993 | ---- | C] () -- C:\Users\*******\Desktop\Format Factory.lnk [2010.04.12 17:25:17 | 000,001,973 | ---- | C] () -- C:\Users\*******\Desktop\Test Drive Unlimited (2).lnk [2010.04.09 13:08:35 | 000,057,344 | ---- | C] () -- C:\Users\*******\Documents\Stellungnahme zur Sterbehilfe.doc [2010.03.26 15:45:51 | 000,008,827 | ---- | C] () -- C:\Users\*******\Documents\adminnachweis.jpg [2010.03.25 18:17:14 | 000,001,680 | ---- | C] () -- C:\Users\*******\Desktop\Play MTA San Andreas.lnk [2010.03.21 18:41:38 | 000,000,058 | ---- | C] () -- C:\Windows\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2010.03.21 18:41:38 | 000,000,058 | ---- | C] () -- C:\Users\*******\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat [2010.03.17 13:59:09 | 000,000,126 | ---- | C] () -- C:\Windows\System32\MEd.ini [2009.12.23 00:49:05 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll [2009.11.05 23:22:21 | 000,000,632 | ---- | C] () -- C:\Windows\CoD.INI [2009.10.08 15:53:05 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.08.24 00:12:49 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll [2009.06.23 14:18:22 | 000,000,290 | ---- | C] () -- C:\Windows\wininit.ini [2009.06.21 12:51:39 | 000,000,539 | ---- | C] () -- C:\Windows\ODBC.INI [2009.06.18 19:29:08 | 000,000,008 | ---- | C] () -- C:\Windows\System32\Mlkf.dll [2009.05.30 08:13:40 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.03.20 09:52:21 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.10.22 06:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2003.06.23 13:31:08 | 000,109,056 | ---- | C] () -- C:\Windows\System32\Lang.dll [2002.01.31 14:51:22 | 000,032,768 | ---- | C] () -- C:\Windows\System32\WSGina.dll [1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll ========== LOP Check ========== [2009.06.19 15:07:35 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\aborange [2009.10.08 16:06:10 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DAEMON Tools Lite [2010.03.21 18:41:38 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DonationCoder [2010.06.02 18:41:37 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\FileZilla [2009.11.05 23:12:12 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\flightgear.org [2009.11.05 23:14:25 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\fltk.org [2010.06.13 19:53:01 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Free Download Manager [2009.12.30 11:28:07 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\FreeCall [2010.01.04 20:52:58 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\GlobalSCAPE [2010.02.28 16:45:02 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\gtk-2.0 [2010.06.14 21:27:39 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Hyloil [2010.04.03 15:06:10 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\ICQ [2009.08.23 18:09:59 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Leadertech [2009.11.14 13:08:10 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Mpm [2010.02.20 11:53:48 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Notepad++ [2010.05.10 16:46:38 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\OpenOffice.org [2009.05.30 02:32:28 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Packard Bell [2009.05.30 23:49:57 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\PeerNetworking [2009.11.04 15:23:53 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\ProtectDisc [2009.09.26 20:21:04 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Research In Motion [2010.05.22 12:54:43 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Simply Super Software [2009.11.27 12:55:16 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Software Informer [2009.05.31 19:57:03 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\TeamViewer [2010.02.14 21:13:27 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Template [2010.06.13 21:56:04 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Thunderbird [2010.05.18 21:42:18 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\TS3Client [2010.01.14 05:14:25 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Uwysz [2010.02.01 23:27:51 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Windows Live Writer [2010.02.07 12:59:34 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Zylom [2010.06.15 15:37:03 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.06.15 15:07:03 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{871A3C2C-C0A9-4862-882B-D1D90A6AD656}.job [2010.06.15 17:12:19 | 000,000,250 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.06.15 17:46:26 | 000,000,294 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2010.02.06 18:07:25 | 000,000,000 | ---- | M] () -- C:\AILog.txt [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2008.01.21 04:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr [2009.03.20 09:54:54 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2010.06.15 15:37:55 | 3219,107,840 | -HS- | M] () -- C:\hiberfil.sys [2009.11.27 11:10:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2009.11.27 11:10:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010.06.13 20:06:13 | 000,001,655 | ---- | M] () -- C:\new.amx [2010.06.15 15:37:54 | 3532,693,504 | -HS- | M] () -- C:\pagefile.sys [2009.04.11 22:13:42 | 000,002,865 | ---- | M] () -- C:\RHDSetup.log [2009.09.23 17:00:20 | 002,558,464 | ---- | M] (Adobe Systems Incorporated) -- C:\tintii.8bf < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.02.13 16:34:32 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll [2008.01.21 04:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2008.01.21 04:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll [2008.08.12 05:39:08 | 000,443,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\drivers\*.sys /90 > < %systemroot%\system32\user32.dll /md5 > [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:CB0AACC9 < End of report > |
15.06.2010, 19:03 | #5 |
| Internetseiten öffnen ständig! Verdacht auf Trojaner! brauche bitte dringend hilfe! |
15.06.2010, 20:37 | #6 |
/// Selecta Jahrusso | Internetseiten öffnen ständig! Verdacht auf Trojaner! Und du glaubst Du bist hier alleine ? Schritt 1 Temp File Cleaner Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Schritt 2 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Schritt 3 Die **** im Skript musst Du erneut editieren!!!!
Code:
ATTFilter :OTL PRC - [2010.06.14 21:20:50 | 000,046,602 | ---- | M] () -- C:\Users\*******\AppData\Local\Temp\svchost.exe PRC - [2010.06.14 20:20:01 | 000,171,520 | ---- | M] () -- C:\Users\*******\AppData\Local\Temp\Qjf.exe PRC - [2010.06.14 20:19:32 | 000,184,320 | ---- | M] () -- C:\Windows\Qbejea.exe SRV - [2009.11.04 17:15:00 | 000,069,120 | ---- | M] (BOONTY) [On_Demand | Stopped] -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games) IE - HKLM\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.) FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch FF Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2206084&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Softonic Deutsch FF Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2206084&SearchSource=13" FF - prefs.js..extensions.enabledItems: {9d81af43-de53-48d0-a199-42c2a226b24c}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6 [2010.04.13 23:24:44 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\9xjtuaa7.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2010.04.15 18:35:54 | 000,000,000 | ---D | M] (Softonic Deutsch FF Toolbar) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\9xjtuaa7.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c} [2010.01.20 12:18:32 | 000,000,941 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\FireFox\Profiles\9xjtuaa7.default\searchplugins\conduit.xml O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Programme\PicLensIE\cooliris.dll (Cooliris Inc.) O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found. O2 - BHO: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.) O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [PLFSetI] C:\Program Files\PLFSetI.exe File not found O4 - HKLM..\Run: [WinSecure] C:\Program Files\Datapol\WinSecure PRO\WinSecure.exe File not found O4 - HKCU..\Run: [{0CE04775-1A71-B08E-D7D7-2B508341718C}] C:\Users\*******\AppData\Roaming\Uwysz\ipha.exe () O4 - HKCU..\Run: [fsm] File not found O4 - HKCU..\Run: [M5T8QL3YW3] C:\Users\*******\AppData\Local\Temp\Qjf.exe () O4 - HKCU..\Run: [start 1] C:\Users\*******\AppData\Local\Temp\svchost.exe () O33 - MountPoints2\{216c076c-b412-11de-a515-00235a89b561}\Shell - "" = AutoRun O33 - MountPoints2\{216c076c-b412-11de-a515-00235a89b561}\Shell\AutoRun\command - "" = E:\setup.exe.exe -- File not found O33 - MountPoints2\{e604b1f2-b63e-11de-b19f-00235a89b561}\Shell - "" = AutoRun O33 - MountPoints2\{e604b1f2-b63e-11de-b19f-00235a89b561}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found [2010.04.15 18:35:57 | 000,000,000 | ---D | C] -- C:\Programme\Conduit [2010.04.15 18:35:55 | 000,000,000 | ---D | C] -- C:\Programme\Softonic_Deutsch_FF [2010.06.15 17:46:26 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.06.15 17:12:19 | 000,000,250 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job [2010.06.14 20:19:32 | 000,184,320 | ---- | M] () -- C:\Windows\Qbejea.exe @Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:CB0AACC9 :services :files :reg :Commands [purity] [emptytemp] [emptyFlash] [reboot]
Schritt 4 Deinstalliere Ask Toolbar Softonic_Deutsch_FF Toolbar Schritt 5 Bitte
Schritt 6 Starte bitte OTL.exe und klicke auf den Quick Scan Button. Bitte poste in Deiner nächsten Antwort defogger_disable.txt Log von OTLfix Gmer.txt OTL.txt
__________________ --> Internetseiten öffnen ständig! Verdacht auf Trojaner! |
Themen zu Internetseiten öffnen ständig! Verdacht auf Trojaner! |
adobe, antivir, antivir guard, ask toolbar, askbar, avg, avira, bho, computer, defender, desktop, excel, free download, google, google chrome, gupdate, hijack, hijackthis, internet, internet explorer, launch, local\temp, monitor, packard bell, photoshop, plug-in, realtek, rundll, seiten, senden, softonic, softonic deutsch ff toolbar, software, system, trojaner, verdacht auf trojaner, vista, von selber, windows, öffnen |