Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Internetseiten öffnen ständig! Verdacht auf Trojaner!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 15.06.2010, 16:35   #1
AladinHalil
 
Internetseiten öffnen ständig! Verdacht auf Trojaner! - Standard

Internetseiten öffnen ständig! Verdacht auf Trojaner!



Liebe User, Moderatoren und Administratoren.

Ich weiß einfach keinen Rat mehr, habe das Forum nach einer möglichen Antwort durchforstet, komme aber dennoch nicht zu einem Ergebnis.
Seit vorgestern (oder gestern) öffnen sich im Internet Explorer (mein Standardbrowser ist Google Chrome) ständig Seiten. Meist sind das irgendwelche Werbungen (Versicherungen, IQ-Tests), manchmal sogar Sex-Seiten. Ich habe bei einem anderen Thread gesehen, dass man sein System mit "HiJackThis" überprüfen lassen kann. Ich habe dies auch gemacht.

Hier die Log :


HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:20:11, on 15.06.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Users\******\AppData\Local\Temp\Qjf.exe
C:\Windows\Qbejea.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\VideoWebCamera\VideoWebCamera.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\PACKARD BELL\SetupMyPC\SmpSys.exe
C:\Users\*******\AppData\Local\Temp\svchost.exe
C:\Users\*******\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0409&m=easynote_lj65
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2206084
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0409&m=easynote_lj65
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0409&m=easynote_lj65
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Softonic Deutsch FF Toolbar - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files\Softonic_Deutsch_FF\tbSoft.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Softonic Deutsch FF Toolbar - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files\Softonic_Deutsch_FF\tbSoft.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Softonic Deutsch FF Toolbar - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Program Files\Softonic_Deutsch_FF\tbSoft.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [VideoWebCamera] "C:\Program Files\VideoWebCamera\VideoWebCamera.exe" -a
O4 - HKLM\..\Run: [PLFSetI] C:\Program Files\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MbWzdFPAP-EXL540] C:\Windows\system32\FPAP-EXL540\PdtGuide.exe
O4 - HKLM\..\Run: [WinSecure] C:\Program Files\Datapol\WinSecure PRO\WinSecure.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LiveZilla] "C:\Program Files\LiveZilla\LiveZilla.exe" -minimize
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetupMyPC\SmpSys.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [M5T8QL3YW3] C:\Users\*******\AppData\Local\Temp\Qjf.exe
O4 - HKCU\..\Run: [{0CE04775-1A71-B08E-D7D7-2B508341718C}] C:\Users\*******\AppData\Roaming\Uwysz\ipha.exe
O4 - HKCU\..\Run: [start 1] C:\Users\********\AppData\Local\Temp\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - hxxp://www.lokalisten.de/iup/ImageUploader4.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca04acd92950d0) (gupdate1ca04acd92950d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MPM MultiPlugMate Service (MpmSvc) - K. Hofacker, Hamburg, Germany, www.gslantern.com - C:\Program Files\MPM\MpmSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14586 bytes
         
--- --- ---


Ich kann damit nicht sehr viel anfangen, würde daher diejenigen bitten, die sich damit auskennen, mir vielleicht den ein oder anderen Ratschlag zu geben.

Ich würde mich über schnelle Antwort sehr freuen, da ich meinen Computer für die Schule (Informatik-Klasse) brauche.

Mit freundlichen Grüßen, erwartungsvoll

AladinHalil

Alt 15.06.2010, 16:39   #2
Larusso
/// Selecta Jahrusso
 
Internetseiten öffnen ständig! Verdacht auf Trojaner! - Standard

Internetseiten öffnen ständig! Verdacht auf Trojaner!





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.


Informatikschule, lernt man da nicht wie man mit Schadsoftware umgeht ?
Scherz beiseite

Schritt 1

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread


Bitte poste in Deiner nächsten Antwort
OTL.txt
Extras.txt
__________________

__________________

Alt 15.06.2010, 17:11   #3
AladinHalil
 
Internetseiten öffnen ständig! Verdacht auf Trojaner! - Standard

Internetseiten öffnen ständig! Verdacht auf Trojaner!



Extras.txt:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 15.06.2010 17:45:09 - Run 1
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Users\*******\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,75 Gb Total Space | 253,65 Gb Free Space | 56,02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
 
Computer Name: ******S-PC
Current User Name: AsHoLeS
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A8F468-0CF9-4A73-B7C5-541220B6A312}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{179623D1-3320-4915-8593-5B5049F3692F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{24ACAE75-C3BE-4E71-A12C-ADCC17D28CAE}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{2A7F1D1E-4C24-4B1D-A18E-0CCB6BEFAE25}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{2E3E634A-8290-4C13-9B32-E917B56C71C5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{37C92121-97F2-46C7-861D-CBB527BA3E87}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{431FDDE6-39C0-4AAC-921B-10657C64F09F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4376EA96-3E5E-48C5-A3A8-42FD0F62EFDE}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{5F859709-83D2-4288-9ECD-E768E5ADACE5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{607A1865-1213-4339-84B8-D88176A13958}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{67A711EA-FBD3-4A26-AD23-4E1EAA60FF30}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{6D070582-6939-4B30-87C4-E12702BA2627}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{8B77A9DA-4C13-4186-9511-6C29B68B3CE9}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8DBFDAE5-EC63-4D79-9191-C2D4323BDBA2}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{905A5AEA-95A0-4114-BF4B-1C44B8152290}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{91DF1FC6-8BB0-4D70-9C17-57A80504CFF8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{96054C1A-BBD4-4789-9B26-E2291B10DDBE}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{9C7775B2-987D-4FCD-914A-08900593371F}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{A2B2FDA5-FCBF-4CD0-AF78-B033BCD630CB}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{A75321C4-650E-4D71-B47A-242A2FEFF951}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BEE95644-E0CE-4F9C-BE11-7B85D07DEF7E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C4DD2075-DDE5-4896-8B32-5C413A322210}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{C5EB7199-AF8E-4233-ACF1-8B4184A249AB}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{C6A0BBE0-D8C8-40D8-AC90-0B7A6290BC2F}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{C94C9B85-8027-4EE4-8A58-01385B6A32D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CBD1B16F-5D0B-4493-84BC-7FEA619276EA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CBEC7A67-BEAB-47B1-B9EA-055DA8E56CED}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{D42F82BB-3B99-4ABA-B7C5-C9AB7A4B2EE4}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{D4422AF7-2EAD-43E2-AEC2-2DABA69AB570}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{DBFB7FD2-7306-4321-BD28-35D7658DD98A}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{DCCCACC3-FEDF-4E72-B9EE-471E2BB7F8A0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DCEE9ED4-F9D2-45E6-AFD2-47953002FB1C}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{DDEDBB93-DA00-4CC7-ABAE-9B0C06E8E52A}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{E72817A1-0580-4AA1-AA3A-759B3499C2B9}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{E8F2E63F-0FC4-4F6C-B3E3-5036E471D06E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EC99A08D-EE76-4D45-BFF4-6197445B4DA6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EED497E5-1E21-406E-B87A-67158AB4AC08}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{EF1168CC-87A2-4200-91F6-9FD1B6E22824}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{F4AE8D95-6CB6-4D22-9140-FD42FF25E0C5}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14094A96-C572-4642-AE42-CCFE0EAB6BF2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1A90C889-A6CF-446D-9F61-55603BF948C4}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{1CA8C348-F6DC-409F-9D92-F4F051B6B8A5}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{2943AEF2-80BC-495D-838B-E2D031A45FAE}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"{31C6C424-2275-4E7F-AB94-E86E249153A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{33FAE48C-FFB6-4E3D-97BF-6656C89230C3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3471B31E-0870-45F4-91F2-6AE1A10C2408}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{359DC68C-B012-4ED5-9B6B-834E14FFBF0A}" = protocol=17 | dir=in | app=c:\program files\gamigo\heroes in the sky\his.exe | 
"{36A3E95B-8CBE-4D57-814F-0A5167E1FF30}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{374BDC05-EDA9-4593-9C75-50D4461D7877}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{37D61417-C15C-4945-9219-0CE852E779DE}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{38B8498B-1433-4874-95A7-89845F556957}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{39CA358A-EE46-4B09-8DEC-5D871AC26EC2}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"{3F2657A2-825A-447F-8017-8604872BC762}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4AD40867-10F7-4193-8EE1-5091FBE2E089}" = protocol=6 | dir=in | app=c:\program files\gamigo\heroes in the sky\his.exe | 
"{4D6AE91E-DFC2-48B2-86D0-90EE6F03A03C}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{53F48AF3-CF4C-4F76-8D60-8AA1F128E285}" = protocol=6 | dir=out | app=system | 
"{56289D72-1052-41FE-A382-9445D1D051A8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5B48134E-7569-4538-AB72-19C6C0BD9577}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{5BC189DC-5E18-4B34-A2B9-1B4474B32B47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{652B3C56-BF08-44BE-8C0B-C79E30A351D7}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{66A0E37C-5948-45C9-AE92-0ECA4870EE70}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{6FEB7609-E1F7-4791-952C-6DE36EEE4323}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{74CC67F0-126A-4C9C-AA71-101873B79930}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{766D2F26-9DD4-481E-848A-EF058B4DEFAC}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{7736AE8E-3526-4BE5-B25F-B56B4FA713A0}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{79BE87A5-9107-4548-BAF5-43AE4176CAB2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{81EA7433-22E3-4669-9E78-13AC4286445E}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{87BE4EFE-CED1-41F8-B31E-2F6F58349557}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{897CC6D6-E05B-4DA9-AC7E-DFDA67D1F970}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{8AF453AE-5B85-426A-B85B-8F50E19FBA49}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8FD87A06-2FCC-4BAB-B68B-B189CBD825FA}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{90B30FFF-8CD4-419D-87AD-0C210B9A7898}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{95C29B1D-D39B-4A52-8B8B-58973B3271BD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A628A790-CEBF-4DA7-8854-1D185617DAB2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A7D5F149-CFB9-4AF3-99D0-55274AF7AC28}" = protocol=6 | dir=in | app=c:\program files\ftp-uploader\ftpuploader.exe | 
"{A9E382C1-4B42-4E6F-A28A-3733FDF0F1BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B339C409-0A68-43B2-883C-BD326CD3FCD0}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{B4CC644C-98CF-4B23-A366-23D0ACB646FE}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{BC744110-E38C-4152-8D36-D580962001C5}" = protocol=17 | dir=in | app=c:\program files\ftp-uploader\ftpuploader.exe | 
"{C730C2B4-5CD0-4A94-9BAF-367172468C71}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C74A8DF1-0EDB-4160-A320-F849CC6FA37C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CDBD6F2F-3CB2-4497-8658-8F2EDA23F4FD}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{D665534C-C2A8-4E7D-9154-2B5FFD940AF8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D81766C5-DD30-4C2F-A10F-2910667B4F9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DC54EE92-DBCE-4CD2-ADE1-0A83943E3CB6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{E4AB46C2-0643-4043-82D4-01EA65D7237C}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{F4D22D9A-CE2A-461E-A5D2-83C148ADE510}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{F53343BE-F4DE-44B8-9DF9-BE082A909E30}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe | 
"{F76641D7-CA5A-4FD8-A524-99CA9E50B2E2}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{0045329F-B57F-4CA1-A0FE-1AE2C5FFFCA7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{0AC05E4E-C746-42DB-B93D-3F5CD33DC75C}C:\users\asholes\desktop\games\gta sanandreas - kopie\gta_sa.exe" = protocol=6 | dir=in | app=c:\users\asholes\desktop\games\gta sanandreas - kopie\gta_sa.exe | 
"TCP Query User{0EFEB8E2-3CB7-49E7-BA56-6B2CB3942E44}C:\program files\atari\test drive unlimited2\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\program files\atari\test drive unlimited2\testdriveunlimited.exe | 
"TCP Query User{1B51FDB1-1484-4CF8-B148-21F864A1D933}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{217CB465-EA6D-43F0-98D6-D3EB12237BA8}C:\users\asholes\documents\gta\pawno\samp-server.exe" = protocol=6 | dir=in | app=c:\users\asholes\documents\gta\pawno\samp-server.exe | 
"TCP Query User{29C84B92-7FF7-4D80-A97D-87F6B5BBDB96}C:\users\asholes\documents\gta\pawno\samp-server.exe" = protocol=6 | dir=in | app=c:\users\asholes\documents\gta\pawno\samp-server.exe | 
"TCP Query User{2A122709-1587-43A2-AE31-0EBFB20F21CB}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{2EB18890-BD12-4A6A-B577-E9950170E3CD}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{3350D646-869C-4E3C-8DF1-859F55F4EB54}C:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\program files\atari\test drive unlimited\testdriveunlimited.exe | 
"TCP Query User{341E881B-CAD7-4989-83FE-7594E4275496}C:\users\asholes\desktop\games\gta sanandreas - mappen\gta_sa.exe" = protocol=6 | dir=in | app=c:\users\asholes\desktop\games\gta sanandreas - mappen\gta_sa.exe | 
"TCP Query User{38D0ED24-043B-4735-A5F0-8F8E9898CF74}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{3DB983D1-B7F1-4C19-A4B9-09808C6FDE1E}C:\program files\freecall.com\freecall\freecall.exe" = protocol=6 | dir=in | app=c:\program files\freecall.com\freecall\freecall.exe | 
"TCP Query User{5C08D44F-665C-4DF3-9E64-7DC233991A64}C:\users\asholes\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\asholes\temp\teamviewer\version4\teamviewer.exe | 
"TCP Query User{61C1B68A-123F-4C40-8563-BE2F3B36060F}C:\program files\atari\test drive unlimited2\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\program files\atari\test drive unlimited2\testdriveunlimited.exe | 
"TCP Query User{64E7CD9E-9A0A-47AE-A747-3D4885A4ED83}C:\program files\steam\steamapps\stylersucks41\deathmatch classic\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\stylersucks41\deathmatch classic\hl.exe | 
"TCP Query User{715C87ED-F69A-4159-BAE6-AE05458E6C54}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | 
"TCP Query User{8C24471C-FE29-4ACF-A649-586B9EAC5640}C:\users\asholes\desktop\games\gta sanandreas - mappen\gta_sa.exe" = protocol=6 | dir=in | app=c:\users\asholes\desktop\games\gta sanandreas - mappen\gta_sa.exe | 
"TCP Query User{8E262CF1-38A2-4B6A-9E4D-9AB4B7CA76A5}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdm.exe | 
"TCP Query User{9535BB4A-5294-4216-9A64-D5487D4DE146}C:\program files\atari\boiling point\xenus.exe" = protocol=6 | dir=in | app=c:\program files\atari\boiling point\xenus.exe | 
"TCP Query User{A632C278-7544-48AE-B67F-2CA84ECD50E2}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{B8120BF4-2CFF-4E5D-93CE-BCDF053403CF}C:\program files\steam\steamapps\stylersucks41\day of defeat\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\stylersucks41\day of defeat\hl.exe | 
"TCP Query User{CA6A76D8-FB72-4BAC-8985-6DC9FC6D0093}C:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\program files\atari\test drive unlimited\testdriveunlimited.exe | 
"TCP Query User{CEA69F50-41C5-4320-B61A-F2369B5C4068}C:\program files\teamspeak2_rc2\server_windows.exe" = protocol=6 | dir=in | app=c:\program files\teamspeak2_rc2\server_windows.exe | 
"TCP Query User{D6E2AC5A-114A-4437-AE4B-F5B0A502F2F9}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{E2358B5B-34E1-47BE-B428-FACE00DA54D5}C:\program files\steam\steamapps\stylersucks41\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\stylersucks41\counter-strike\hl.exe | 
"TCP Query User{E91E403B-2519-41FE-AAF2-1C57CF3B6AA5}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{FEFEB9EE-B6A6-4EB4-9ECF-86CE4C37A73F}C:\users\asholes\desktop\mta san andreas\server\mta server.exe" = protocol=6 | dir=in | app=c:\users\asholes\desktop\mta san andreas\server\mta server.exe | 
"UDP Query User{0E71B295-626C-4435-A732-91B96738C85E}C:\users\asholes\desktop\games\gta sanandreas - mappen\gta_sa.exe" = protocol=17 | dir=in | app=c:\users\asholes\desktop\games\gta sanandreas - mappen\gta_sa.exe | 
"UDP Query User{1011B392-47C9-44DE-A1A3-D7E8B42DF3AE}C:\program files\steam\steamapps\stylersucks41\day of defeat\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\stylersucks41\day of defeat\hl.exe | 
"UDP Query User{1BFF226B-724C-4275-B558-EFB3D62B63F1}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{1DA83DB5-CB09-497C-B745-08E61812126E}C:\program files\atari\boiling point\xenus.exe" = protocol=17 | dir=in | app=c:\program files\atari\boiling point\xenus.exe | 
"UDP Query User{204DC99C-7880-4C4B-8E66-C78A277A8DB2}C:\users\asholes\desktop\games\gta sanandreas - kopie\gta_sa.exe" = protocol=17 | dir=in | app=c:\users\asholes\desktop\games\gta sanandreas - kopie\gta_sa.exe | 
"UDP Query User{280300F3-5202-4A11-B53C-6CE0D75EE291}C:\program files\steam\steamapps\stylersucks41\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\stylersucks41\counter-strike\hl.exe | 
"UDP Query User{2EA27991-7200-4D5B-AEB7-AD2F87023949}C:\users\asholes\desktop\mta san andreas\server\mta server.exe" = protocol=17 | dir=in | app=c:\users\asholes\desktop\mta san andreas\server\mta server.exe | 
"UDP Query User{33E82851-6134-46E9-9A91-DDAEDFE92BBD}C:\program files\steam\steamapps\stylersucks41\deathmatch classic\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\stylersucks41\deathmatch classic\hl.exe | 
"UDP Query User{3FB13DF6-72E5-4F1F-AC6A-44290A52591E}C:\users\asholes\documents\gta\pawno\samp-server.exe" = protocol=17 | dir=in | app=c:\users\asholes\documents\gta\pawno\samp-server.exe | 
"UDP Query User{47425FF7-5F07-417B-B13D-089CE8B1832F}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{4C8432B4-8196-4267-8B87-03C1E21278EA}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{4DCE9ABA-D0E2-4DEF-976A-1B9D067D98C1}C:\program files\atari\test drive unlimited2\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\program files\atari\test drive unlimited2\testdriveunlimited.exe | 
"UDP Query User{500D3864-9109-49FF-A67B-0D6719A2B733}C:\users\asholes\documents\gta\pawno\samp-server.exe" = protocol=17 | dir=in | app=c:\users\asholes\documents\gta\pawno\samp-server.exe | 
"UDP Query User{7A181678-153D-4F92-B5BF-1508980F60B7}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdm.exe | 
"UDP Query User{7B8C6FC9-BEB3-47F7-9025-88944264D4EA}C:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\program files\atari\test drive unlimited\testdriveunlimited.exe | 
"UDP Query User{8DD87020-E0ED-425B-BFD1-A4CFD5463038}C:\program files\freecall.com\freecall\freecall.exe" = protocol=17 | dir=in | app=c:\program files\freecall.com\freecall\freecall.exe | 
"UDP Query User{91F0947B-7648-47B7-B046-FF28BE7D3B36}C:\users\asholes\desktop\games\gta sanandreas - mappen\gta_sa.exe" = protocol=17 | dir=in | app=c:\users\asholes\desktop\games\gta sanandreas - mappen\gta_sa.exe | 
"UDP Query User{982107C2-86BC-4251-AE0A-A7F86E0387AE}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{9FD848B4-CCF8-44BC-90E9-76E9FBC6820D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{C5A49FC5-5933-4BA0-8CAA-FE84D5A8893E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{C654AD1A-66DD-4727-A3F3-BB16737CEB02}C:\program files\atari\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\program files\atari\test drive unlimited\testdriveunlimited.exe | 
"UDP Query User{D11B4CD5-2DE7-4829-933D-05A689648369}C:\program files\teamspeak2_rc2\server_windows.exe" = protocol=17 | dir=in | app=c:\program files\teamspeak2_rc2\server_windows.exe | 
"UDP Query User{DEB15D7B-7EBA-4F4E-9789-A5ABAE796320}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"UDP Query User{DF4A8F90-5280-4FD7-BB6B-B5228F29D31E}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | 
"UDP Query User{EC86C39F-0BFC-45C3-ADEA-DEF61065CD82}C:\program files\atari\test drive unlimited2\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\program files\atari\test drive unlimited2\testdriveunlimited.exe | 
"UDP Query User{F88403FE-DB74-46B2-B8A2-B5DF88F49AAB}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{FF0A8D97-8AF3-4C6D-819D-9F9565127553}C:\users\asholes\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\asholes\temp\teamviewer\version4\teamviewer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0B96C1A6-73A1-8648-BB59-9AA8E0EC3BBD}" = ATI Catalyst Install Manager
"{0EA5CCBB-EAE1-863F-42C7-2200ECB5C215}" = ccc-utility
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196CF234-5A24-2F2F-82D9-03E8794A8DB2}" = CCC Help Danish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{221E3442-5E36-4444-45C3-69022B3A818B}" = Catalyst Control Center Graphics Full Existing
"{22392D35-2541-5D02-7159-A1C6F93D08DB}" = CCC Help Chinese Standard
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26966185-1610-386E-A249-2D05A5C6861C}" = Catalyst Control Center Graphics Previews Vista
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 20
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2CCEEB92-631F-FC35-0757-122A8EA82573}" = CCC Help Portuguese
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BBBF916-D04B-7388-46FB-21EA257B6756}" = CCC Help Italian
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell PowerSave Solution
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{3FE2C6E2-8A57-D9EF-5005-FDFF43A4BA99}" = CCC Help English
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4297D072-09F0-F2E7-4B0F-009098303CB9}" = CCC Help Czech
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48D60246-3600-CF3A-9B9C-BD8C0145BABA}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5C1BF3AC-B19D-4C26-B0A0-90833A521031}" = Nero 8 Essentials
"{5EAEE5D7-F4D6-0D20-3EAE-D971E35A1F48}" = CCC Help Russian
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{662AF9F7-2728-B97D-D806-CB529B5B6572}" = CCC Help Greek
"{673ACCCA-79B5-EFD0-C08F-C6160188F837}" = CCC Help Japanese
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DA250F4-CC00-CD57-3081-97C5AEEB6517}" = CCC Help Polish
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{70D0D8A6-4A55-5D59-D9F0-0BD2E63BE4CB}" = Skins
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7687F1D7-BA02-E78A-38B8-CC2E80441F02}" = CCC Help Spanish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C20E89E-4C3D-468E-97A0-9ECF6B1C93DD}" = Catalyst Control Center - Branding
"{7E69211F-9327-68CC-B854-CCE0A73951FD}" = CCC Help Thai
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{80E59E27-B816-A3F1-69FB-DAF5623A5320}" = Catalyst Control Center InstallProxy
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D580EFB-6B85-2680-77F9-F6B05335995D}" = CCC Help German
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A32563F0-671A-B71C-6D5D-F1BCC5D9820A}" = PX Profile Update
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Video Web Camera
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF74E427-69CD-71EF-34A1-AAD7BBF98571}" = Catalyst Control Center Core Implementation
"{B423FEBB-A980-3F0C-019D-39570AB69F52}" = CCC Help Chinese Traditional
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7B8F5CF-A83E-0485-A5D6-A04F437BE9E3}" = CCC Help French
"{C4C91E02-D4E2-481E-BCBA-7D90CC8D43E1}" = LiveZilla
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1" = aTube Catcher 1.0
"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader  0.83
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF1A3128-AE8D-6CDD-97E2-EB21AE072578}" = Catalyst Control Center Localization All
"{CFAE5CA5-3757-B38A-3CEF-26C275098EF3}" = CCC Help Turkish
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1F45DA3-0747-FE7F-BD90-AA030DE37B47}" = CCC Help Korean
"{D8547BA0-E3B7-DEE8-FE37-660F8C69EF83}" = CCC Help Dutch
"{DB64492B-AE9C-1C8F-5158-0B204B42410A}" = ccc-core-static
"{DBAD3D0A-7A98-95F5-ACFB-C6B5CCB47A95}" = CCC Help Finnish
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DE41E729-2E45-D6C5-F06F-F686D6C9E472}" = CCC Help Swedish
"{DF61C694-F6D1-37C6-35B7-1320F836FE57}" = Catalyst Control Center Graphics Light
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0D839A8-C888-C560-9332-43D73D7BDE21}" = Catalyst Control Center Graphics Full New
"{E128FE24-9C62-6642-1D18-BEAC991C5E62}" = CCC Help Norwegian
"{E25046CF-2BCE-4BEE-A12B-F9C181F4E206}" = FIFA 10
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EC847A65-2A8C-3255-B4C7-E6D2A9B84618}" = Cooliris for Internet Explorer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Alarm fur Cobra 11 - vol 4 Nitro_tdm_is1" = Download-manager für Alarm fur Cobra 11 - vol 4 Nitro de
"Ask Toolbar_is1" = Ask Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Cross Fire_is1" = Cross Fire En
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Derive 6" = Derive 6
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Euro Truck Simulator" = Euro Truck Simulator 1.00
"FileZilla Client" = FileZilla Client 3.2.7.1
"FormatFactory" = FormatFactory 2.20
"Free Download Manager_is1" = Free Download Manager 3.0
"GameSpy Arcade" = GameSpy Arcade
"GeoGebra" = GeoGebra
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"Likno Web Button Maker - Free version" = Likno Web Button Maker - Free version
"LiveZilla" = LiveZilla
"LManager" = Launch Manager
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MPM MultiPlugMate_is1" = MPM MultiPlugMate 1.5.12
"MTA: Race for San Andreas" = MTA: Race for San Andreas 1.1.1
"MTA:SA" = MTA:SA v1.0.3
"MTA:SA Race" = MTA:SA Race 1.1.2
"Packard Bell Customer Registration" = Packard Bell Customer Registration
"PackardBell Screensaver" = PackardBell ScreenSaver
"Picasa 3" = Picasa 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SA-MP Colorpicker" = SA-MP Colorpicker 1.1.0
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"SetupMyPC" = SetupMyPC
"Softonic_Deutsch_FF Toolbar" = Softonic_Deutsch_FF Toolbar
"Software Informer_is1" = Software Informer 1.0 BETA
"ST6UNST #1" = NfS CarTuner
"Steam App 10" = Counter-Strike
"Steam App 30" = Day of Defeat
"Steam App 40" = Deathmatch Classic
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"T r o j a n  R e m o v e r_is1" = Trojan Remover 6.6.3
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 2 Server_is1" = TeamSpeak 2 Server RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"Test Drive Unlimited_is1" = Test Drive Unlimited
"tintii" = indii.org/tintii
"TS Admin-Client 2_is1" = TS Admin-Client 2.2.3-alpha [Build: 1485]
"Uninstall_is1" = Uninstall 1.0.0.1
"Updator" = Updator
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 02.06.2010 09:24:13 | Computer Name = ******s-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.06.2010 09:24:13 | Computer Name = ******s-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.06.2010 09:24:13 | Computer Name = ******s-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.06.2010 09:24:13 | Computer Name = ******s-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.06.2010 09:30:26 | Computer Name = ******s-PC | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 02.06.2010 09:30:26 | Computer Name = ******s-PC | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 02.06.2010 09:30:26 | Computer Name = ******s-PC | Source = MsiInstaller | ID = 1024
Description = 
 
Error - 02.06.2010 12:38:29 | Computer Name = ******s-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung gta_sa.exe, Version 0.0.0.0, Zeitstempel 0x427101ca,
 fehlerhaftes Modul d3d9.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a65d, Ausnahmecode
 0xc0000005, Fehleroffset 0x0000b120,  Prozess-ID 0x1470, Anwendungsstartzeit 01cb026b33922e5a.
 
Error - 02.06.2010 16:16:08 | Computer Name = ******s-PC | Source = VSS | ID = 8194
Description = 
 
Error - 02.06.2010 17:27:28 | Computer Name = ******s-PC | Source = EventSystem | ID = 4621
Description = 
 
[ System Events ]
Error - 15.06.2010 09:04:19 | Computer Name = ******s-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 15.06.2010 09:04:19 | Computer Name = ******s-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.06.2010 09:04:50 | Computer Name = ******s-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 15.06.2010 09:15:54 | Computer Name = ******s-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 15.06.2010 09:15:54 | Computer Name = ******s-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 15.06.2010 09:16:25 | Computer Name = ******s-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
Error - 15.06.2010 09:38:02 | Computer Name = ******s-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 15.06.2010 09:38:45 | Computer Name = ******s-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 15.06.2010 09:38:45 | Computer Name = ******s-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.06.2010 09:39:32 | Computer Name = ******s-PC | Source = DCOM | ID = 10016
Description = 

< End of report >
         
--- --- ---
__________________

Alt 15.06.2010, 17:12   #4
AladinHalil
 
Internetseiten öffnen ständig! Verdacht auf Trojaner! - Standard

Internetseiten öffnen ständig! Verdacht auf Trojaner!



OTL.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.06.2010 17:45:09 - Run 1
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Users\*******\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,75 Gb Total Space | 253,65 Gb Free Space | 56,02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: *******S-PC
Current User Name: *******
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.06.15 17:44:16 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\*******\Downloads\OTL.exe
PRC - [2010.06.14 21:20:50 | 000,046,602 | ---- | M] () -- C:\Users\*******\AppData\Local\Temp\svchost.exe
PRC - [2010.06.14 20:20:01 | 000,171,520 | ---- | M] () -- C:\Users\*******\AppData\Local\Temp\Qjf.exe
PRC - [2010.06.14 20:19:32 | 000,184,320 | ---- | M] () -- C:\Windows\Qbejea.exe
PRC - [2010.04.20 15:14:48 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 10:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.12.17 18:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009.05.30 02:28:59 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\*******\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2009.03.18 10:46:30 | 001,160,736 | ---- | M] (Acer Incorporated) -- C:\Programme\PACKARD BELL\SetupMyPC\SmpSys.exe
PRC - [2009.03.12 18:15:58 | 001,552,497 | ---- | M] (Suyin) -- C:\Programme\VideoWebCamera\VideoWebCamera.exe
PRC - [2009.03.11 03:09:28 | 000,715,296 | ---- | M] (Acer Incorporated) -- C:\Programme\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTray.exe
PRC - [2009.03.11 03:09:26 | 000,666,144 | ---- | M] (Acer Incorporated) -- C:\Programme\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe
PRC - [2009.03.10 01:53:08 | 000,250,624 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2009.03.10 01:53:02 | 000,044,800 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2009.02.24 12:09:30 | 006,789,664 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009.02.12 06:21:12 | 000,862,728 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.17 10:44:58 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2006.10.23 12:55:46 | 000,039,936 | ---- | M] (K. Hofacker, Hamburg, Germany, www.gslantern.com) -- C:\Programme\MPM\MpmSvc.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.06.15 17:44:16 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\*******\Downloads\OTL.exe
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008.01.21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.04.20 15:14:48 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.13 19:32:21 | 000,332,720 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.12.17 18:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.11.04 17:15:00 | 000,069,120 | ---- | M] (BOONTY) [On_Demand | Stopped] -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
SRV - [2009.05.06 23:15:00 | 002,785,582 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.03.20 03:07:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.03.11 03:09:26 | 000,666,144 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.03.10 01:53:02 | 000,044,800 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008.11.03 13:37:58 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2006.10.23 12:55:46 | 000,039,936 | ---- | M] (K. Hofacker, Hamburg, Germany, www.gslantern.com) [Auto | Running] -- C:\Programme\MPM\MpmSvc.exe -- (MpmSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.03.01 09:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.11.07 15:58:19 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.10.08 15:53:05 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.24 10:48:26 | 002,327,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.02.23 17:20:12 | 000,062,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2009.02.13 17:50:34 | 004,385,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2009.02.13 15:35:30 | 000,093,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.02.06 04:33:04 | 000,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.12.24 19:30:00 | 000,155,808 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008.12.01 07:58:44 | 000,445,440 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28.sys -- (netr28)
DRV - [2008.11.19 20:22:36 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008.11.03 13:32:20 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008.09.25 01:37:40 | 003,666,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.09.03 14:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008.01.30 12:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008.01.30 12:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008.01.25 11:12:34 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.04.03 10:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006.11.02 15:29:36 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006.11.02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0409&m=easynote_lj65
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0409&m=easynote_lj65
IE - HKLM\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0409&m=easynote_lj65
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2206084
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch FF Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2206084&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Softonic Deutsch FF Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2206084&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {9d81af43-de53-48d0-a199-42c2a226b24c}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.22 12:09:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.14 22:16:29 | 000,000,000 | ---D | M]
 
[2010.06.13 21:56:05 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\mozilla\Extensions
[2010.06.13 21:56:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*******\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009.06.19 23:29:44 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\extensions
[2009.06.19 23:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010.05.13 13:55:06 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\9xjtuaa7.default\extensions
[2009.12.21 13:52:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\9xjtuaa7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.13 23:24:44 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\9xjtuaa7.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010.04.15 18:35:54 | 000,000,000 | ---D | M] (Softonic Deutsch FF Toolbar) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\9xjtuaa7.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}
[2010.01.20 12:18:32 | 000,000,941 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\FireFox\Profiles\9xjtuaa7.default\searchplugins\conduit.xml
[2010.06.14 22:16:35 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.14 22:16:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.04.13 23:24:21 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.13 23:24:21 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.13 23:24:21 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.13 23:24:21 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.13 23:24:21 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Programme\PicLensIE\cooliris.dll (Cooliris Inc.)
O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch FF Toolbar) - {9D81AF43-DE53-48D0-A199-42C2A226B24C} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe File not found
O4 - HKLM..\Run: [LiveZilla] C:\Program Files\LiveZilla\LiveZilla.exe (LiveZilla GmbH)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MbWzdFPAP-EXL540] C:\Windows\System32\FPAP-EXL540\PdtGuide.exe ()
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [PLFSetI] C:\Program Files\PLFSetI.exe File not found
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinSecure] C:\Program Files\Datapol\WinSecure PRO\WinSecure.exe File not found
O4 - HKCU..\Run: [{0CE04775-1A71-B08E-D7D7-2B508341718C}] C:\Users\*******\AppData\Roaming\Uwysz\ipha.exe ()
O4 - HKCU..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe File not found
O4 - HKCU..\Run: [FreeCall] C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe File not found
O4 - HKCU..\Run: [fsm]  File not found
O4 - HKCU..\Run: [M5T8QL3YW3] C:\Users\*******\AppData\Local\Temp\Qjf.exe ()
O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetupMyPC\SmpSys.exe (Acer Incorporated)
O4 - HKCU..\Run: [start 1] C:\Users\*******\AppData\Local\Temp\svchost.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Programme\PicLensIE\cooliris.dll (Cooliris Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} hxxp://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{216c076c-b412-11de-a515-00235a89b561}\Shell - "" = AutoRun
O33 - MountPoints2\{216c076c-b412-11de-a515-00235a89b561}\Shell\AutoRun\command - "" = E:\setup.exe.exe -- File not found
O33 - MountPoints2\{e604b1f2-b63e-11de-b19f-00235a89b561}\Shell - "" = AutoRun
O33 - MountPoints2\{e604b1f2-b63e-11de-b19f-00235a89b561}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008.01.21 04:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.06.15 17:05:59 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.06.14 22:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.06.14 22:32:42 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.06.14 21:52:33 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Local\Windows Server
[2010.06.13 21:56:03 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Thunderbird
[2010.06.13 21:56:03 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Local\Thunderbird
[2010.06.13 19:32:59 | 000,000,000 | ---D | C] -- C:\Programme\SA-MP Colorpicker
[2010.06.12 12:05:37 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.06.06 20:23:29 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\OneNote-Notizbücher
[2010.06.02 22:22:57 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER
[2010.06.02 22:22:15 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2010.06.02 22:16:28 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010.06.01 22:21:41 | 000,000,000 | ---D | C] -- C:\Users\*******\Desktop\HOMEPAGE
[2010.06.01 20:13:09 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\FileZilla
[2010.06.01 20:10:02 | 000,000,000 | ---D | C] -- C:\Programme\FileZilla FTP Client
[2010.05.22 12:54:43 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover
[2010.05.22 12:54:43 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\Simply Super Software
[2010.05.22 12:54:43 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Simply Super Software
[2010.05.22 12:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010.05.21 17:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\{7269BE79-5722-4259-B764-61F0045B02FF}
[2010.05.21 17:01:27 | 000,000,000 | ---D | C] -- C:\Programme\LiveZilla
[2010.05.10 16:46:38 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\OpenOffice.org
[2010.05.10 16:32:16 | 000,000,000 | ---D | C] -- C:\Programme\OpenOffice.org 3
[2010.05.10 16:23:46 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\Meine Projekte
[2010.04.30 15:22:13 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\vlc
[2010.04.30 15:21:14 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN
[2010.04.30 15:08:30 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\Bio PPT
[2010.04.15 18:35:57 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.04.15 18:35:55 | 000,000,000 | ---D | C] -- C:\Programme\Softonic_Deutsch_FF
[2010.04.15 18:35:51 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\FFOutput
[2010.04.15 18:34:58 | 000,000,000 | ---D | C] -- C:\Programme\FreeTime
[2010.04.10 10:36:58 | 000,000,000 | ---D | C] -- C:\Programme\Ubisoft
[2010.03.28 13:34:23 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\Avira
[2010.03.28 11:56:08 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.03.28 11:56:08 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.03.24 23:12:45 | 000,000,000 | ---D | C] -- C:\Users\*******\Desktop\MTA San Andreas
[2010.03.21 18:41:38 | 000,000,000 | ---D | C] -- C:\Users\*******\Documents\DonationCoder
[2010.03.21 18:41:38 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\DonationCoder
 
========== Files - Modified Within 90 Days ==========
 
[2010.06.15 17:49:37 | 003,932,160 | -HS- | M] () -- C:\Users\*******\NTUSER.DAT
[2010.06.15 17:46:26 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.06.15 17:38:01 | 000,004,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.15 17:38:01 | 000,004,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.15 17:34:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.15 17:19:49 | 000,002,527 | ---- | M] () -- C:\Users\*******\Desktop\HiJackThis.lnk
[2010.06.15 17:12:19 | 000,000,250 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.06.15 17:12:08 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.15 17:11:35 | 001,848,921 | -H-- | M] () -- C:\Users\*******\AppData\Local\IconCache.db
[2010.06.15 15:38:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.15 15:37:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.15 15:37:55 | 3219,107,840 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.15 15:36:53 | 000,524,288 | -HS- | M] () -- C:\Users\*******\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.06.15 15:36:53 | 000,065,536 | -HS- | M] () -- C:\Users\*******\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.06.15 15:07:03 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{871A3C2C-C0A9-4862-882B-D1D90A6AD656}.job
[2010.06.14 22:32:56 | 000,057,344 | ---- | M] () -- C:\Users\*******\Documents\Stellungnahme zur Sterbehilfe.doc
[2010.06.14 22:16:38 | 000,000,680 | ---- | M] () -- C:\Users\*******\AppData\Local\d3d9caps.dat
[2010.06.14 21:21:58 | 000,611,328 | ---- | M] () -- C:\Windows\System32\qtplugin.exe
[2010.06.14 20:19:32 | 000,184,320 | ---- | M] () -- C:\Windows\Qbejea.exe
[2010.06.14 16:25:29 | 000,001,260 | ---- | M] () -- C:\Users\*******\Desktop\JiloHausaufgabe!!!!.dfw
[2010.06.13 20:06:13 | 000,001,655 | ---- | M] () -- C:\new.amx
[2010.06.13 19:32:59 | 000,000,914 | ---- | M] () -- C:\Users\*******\Desktop\SA-MP Colorpicker.lnk
[2010.06.13 17:30:36 | 000,015,125 | ---- | M] () -- C:\Users\*******\Desktop\Das LSPD.docx
[2010.06.13 17:11:31 | 000,002,631 | ---- | M] () -- C:\Users\*******\Desktop\Microsoft Office Word 2007.lnk
[2010.06.13 11:33:07 | 000,000,961 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.06.12 13:31:06 | 000,019,125 | ---- | M] () -- C:\Users\*******\Desktop\Bewerbungsvorlage.docx
[2010.06.12 13:24:19 | 001,447,804 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.12 13:24:19 | 000,628,910 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.12 13:24:19 | 000,595,946 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.12 13:24:19 | 000,127,606 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.12 13:24:19 | 000,105,276 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.11 20:02:40 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.06.11 18:46:43 | 000,331,168 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.10 16:38:32 | 000,052,736 | ---- | M] () -- C:\Users\*******\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.07 15:49:37 | 000,013,777 | ---- | M] () -- C:\Users\*******\Desktop\Der Einbürgerungstest.docx
[2010.06.06 20:23:28 | 000,001,159 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2010.06.06 08:39:49 | 000,082,464 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2010.06.03 19:58:32 | 002,353,241 | ---- | M] () -- C:\Users\*******\Desktop\Unbenannt (2).wma
[2010.06.03 15:52:00 | 000,082,464 | ---- | M] () -- C:\Users\*******\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.01 20:10:07 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2010.05.22 12:54:46 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2010.05.21 23:33:57 | 000,001,744 | ---- | M] () -- C:\Users\*******\Desktop\Mozilla Firefox.lnk
[2010.05.21 17:01:29 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\LiveZilla Server Admin.lnk
[2010.05.21 17:01:29 | 000,000,882 | ---- | M] () -- C:\Users\Public\Desktop\LiveZilla Client.lnk
[2010.05.10 17:15:22 | 000,006,864 | ---- | M] () -- C:\Users\*******\Documents\Transformator.odf
[2010.05.10 16:36:49 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.05.10 16:24:02 | 000,000,542 | ---- | M] () -- C:\Users\*******\AppData\Roaming\wklnhst.dat
[2010.04.21 15:20:46 | 000,952,361 | ---- | M] () -- C:\Users\*******\Documents\Unbenannt.wma
[2010.04.15 18:35:09 | 000,000,993 | ---- | M] () -- C:\Users\*******\Desktop\Format Factory.lnk
[2010.04.12 17:25:17 | 000,001,973 | ---- | M] () -- C:\Users\*******\Desktop\Test Drive Unlimited (2).lnk
[2010.03.26 15:41:26 | 000,008,827 | ---- | M] () -- C:\Users\*******\Documents\adminnachweis.jpg
[2010.03.25 18:17:14 | 000,001,680 | ---- | M] () -- C:\Users\*******\Desktop\Play MTA San Andreas.lnk
[2010.03.25 18:13:45 | 000,000,290 | ---- | M] () -- C:\Windows\wininit.ini
[2010.03.21 18:41:38 | 000,000,058 | ---- | M] () -- C:\Windows\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2010.03.21 18:41:38 | 000,000,058 | ---- | M] () -- C:\Users\*******\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
 
========== Files Created - No Company Name ==========
 
[2010.06.15 17:06:00 | 000,002,527 | ---- | C] () -- C:\Users\*******\Desktop\HiJackThis.lnk
[2010.06.15 15:04:54 | 000,000,294 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.06.14 21:22:05 | 000,611,328 | ---- | C] () -- C:\Windows\System32\qtplugin.exe
[2010.06.14 20:19:37 | 000,184,320 | ---- | C] () -- C:\Windows\Qbejea.exe
[2010.06.14 20:19:33 | 000,000,250 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.06.14 16:25:28 | 000,001,260 | ---- | C] () -- C:\Users\*******\Desktop\JiloHausaufgabe!!!!.dfw
[2010.06.13 19:39:37 | 000,001,655 | ---- | C] () -- C:\new.amx
[2010.06.13 19:32:59 | 000,000,914 | ---- | C] () -- C:\Users\*******\Desktop\SA-MP Colorpicker.lnk
[2010.06.13 17:30:35 | 000,015,125 | ---- | C] () -- C:\Users\*******\Desktop\Das LSPD.docx
[2010.06.12 13:16:43 | 000,019,125 | ---- | C] () -- C:\Users\*******\Desktop\Bewerbungsvorlage.docx
[2010.06.12 12:43:12 | 000,002,631 | ---- | C] () -- C:\Users\*******\Desktop\Microsoft Office Word 2007.lnk
[2010.06.07 15:49:36 | 000,013,777 | ---- | C] () -- C:\Users\*******\Desktop\Der Einbürgerungstest.docx
[2010.06.06 20:23:28 | 000,001,159 | ---- | C] () -- C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2010.06.03 19:58:31 | 002,353,241 | ---- | C] () -- C:\Users\*******\Desktop\Unbenannt (2).wma
[2010.06.01 20:10:07 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2010.05.22 12:54:46 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2010.05.22 12:54:45 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010.05.22 12:54:45 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010.05.22 12:54:45 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010.05.22 12:54:45 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010.05.21 23:33:57 | 000,001,744 | ---- | C] () -- C:\Users\*******\Desktop\Mozilla Firefox.lnk
[2010.05.21 17:01:29 | 000,000,891 | ---- | C] () -- C:\Users\Public\Desktop\LiveZilla Server Admin.lnk
[2010.05.21 17:01:29 | 000,000,882 | ---- | C] () -- C:\Users\Public\Desktop\LiveZilla Client.lnk
[2010.05.10 17:15:20 | 000,006,864 | ---- | C] () -- C:\Users\*******\Documents\Transformator.odf
[2010.05.10 16:36:49 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.04.15 18:35:09 | 000,000,993 | ---- | C] () -- C:\Users\*******\Desktop\Format Factory.lnk
[2010.04.12 17:25:17 | 000,001,973 | ---- | C] () -- C:\Users\*******\Desktop\Test Drive Unlimited (2).lnk
[2010.04.09 13:08:35 | 000,057,344 | ---- | C] () -- C:\Users\*******\Documents\Stellungnahme zur Sterbehilfe.doc
[2010.03.26 15:45:51 | 000,008,827 | ---- | C] () -- C:\Users\*******\Documents\adminnachweis.jpg
[2010.03.25 18:17:14 | 000,001,680 | ---- | C] () -- C:\Users\*******\Desktop\Play MTA San Andreas.lnk
[2010.03.21 18:41:38 | 000,000,058 | ---- | C] () -- C:\Windows\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2010.03.21 18:41:38 | 000,000,058 | ---- | C] () -- C:\Users\*******\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2010.03.17 13:59:09 | 000,000,126 | ---- | C] () -- C:\Windows\System32\MEd.ini
[2009.12.23 00:49:05 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll
[2009.11.05 23:22:21 | 000,000,632 | ---- | C] () -- C:\Windows\CoD.INI
[2009.10.08 15:53:05 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.08.24 00:12:49 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2009.06.23 14:18:22 | 000,000,290 | ---- | C] () -- C:\Windows\wininit.ini
[2009.06.21 12:51:39 | 000,000,539 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.06.18 19:29:08 | 000,000,008 | ---- | C] () -- C:\Windows\System32\Mlkf.dll
[2009.05.30 08:13:40 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.03.20 09:52:21 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.10.22 06:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003.06.23 13:31:08 | 000,109,056 | ---- | C] () -- C:\Windows\System32\Lang.dll
[2002.01.31 14:51:22 | 000,032,768 | ---- | C] () -- C:\Windows\System32\WSGina.dll
[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2009.06.19 15:07:35 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\aborange
[2009.10.08 16:06:10 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DAEMON Tools Lite
[2010.03.21 18:41:38 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\DonationCoder
[2010.06.02 18:41:37 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\FileZilla
[2009.11.05 23:12:12 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\flightgear.org
[2009.11.05 23:14:25 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\fltk.org
[2010.06.13 19:53:01 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Free Download Manager
[2009.12.30 11:28:07 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\FreeCall
[2010.01.04 20:52:58 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\GlobalSCAPE
[2010.02.28 16:45:02 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\gtk-2.0
[2010.06.14 21:27:39 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Hyloil
[2010.04.03 15:06:10 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\ICQ
[2009.08.23 18:09:59 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Leadertech
[2009.11.14 13:08:10 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Mpm
[2010.02.20 11:53:48 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Notepad++
[2010.05.10 16:46:38 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\OpenOffice.org
[2009.05.30 02:32:28 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Packard Bell
[2009.05.30 23:49:57 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\PeerNetworking
[2009.11.04 15:23:53 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\ProtectDisc
[2009.09.26 20:21:04 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Research In Motion
[2010.05.22 12:54:43 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Simply Super Software
[2009.11.27 12:55:16 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Software Informer
[2009.05.31 19:57:03 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\TeamViewer
[2010.02.14 21:13:27 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Template
[2010.06.13 21:56:04 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Thunderbird
[2010.05.18 21:42:18 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\TS3Client
[2010.01.14 05:14:25 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Uwysz
[2010.02.01 23:27:51 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Windows Live Writer
[2010.02.07 12:59:34 | 000,000,000 | ---D | M] -- C:\Users\*******\AppData\Roaming\Zylom
[2010.06.15 15:37:03 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.06.15 15:07:03 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{871A3C2C-C0A9-4862-882B-D1D90A6AD656}.job
[2010.06.15 17:12:19 | 000,000,250 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.06.15 17:46:26 | 000,000,294 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2010.02.06 18:07:25 | 000,000,000 | ---- | M] () -- C:\AILog.txt
[2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008.01.21 04:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2009.03.20 09:54:54 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010.06.15 15:37:55 | 3219,107,840 | -HS- | M] () -- C:\hiberfil.sys
[2009.11.27 11:10:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009.11.27 11:10:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.06.13 20:06:13 | 000,001,655 | ---- | M] () -- C:\new.amx
[2010.06.15 15:37:54 | 3532,693,504 | -HS- | M] () -- C:\pagefile.sys
[2009.04.11 22:13:42 | 000,002,865 | ---- | M] () -- C:\RHDSetup.log
[2009.09.23 17:00:20 | 002,558,464 | ---- | M] (Adobe Systems Incorporated) -- C:\tintii.8bf
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.02.13 16:34:32 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2008.01.21 04:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008.01.21 04:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2008.08.12 05:39:08 | 000,443,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\drivers\*.sys /90 >
 
< %systemroot%\system32\user32.dll /md5 >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:CB0AACC9
< End of report >
         
--- --- ---

Alt 15.06.2010, 19:03   #5
AladinHalil
 
Internetseiten öffnen ständig! Verdacht auf Trojaner! - Standard

Internetseiten öffnen ständig! Verdacht auf Trojaner!



brauche bitte dringend hilfe!


Alt 15.06.2010, 20:37   #6
Larusso
/// Selecta Jahrusso
 
Internetseiten öffnen ständig! Verdacht auf Trojaner! - Standard

Internetseiten öffnen ständig! Verdacht auf Trojaner!



Und du glaubst Du bist hier alleine ?

Schritt 1

Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Schritt 2

Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
    Vista User: Bitte mit Rechtsklick "als Administrator starten".
  • Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
  • Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
  • Defogger fordert nun zum Neustart auf. Bestätige dies mit OK.
  • DeFogger erstellt nun ein Logfile auf dem Desktop (defogger_disable).
Poste bitte den Inhalt der Logfile in Deiner nächsten Antwort.


Schritt 3

Die **** im Skript musst Du erneut editieren!!!!
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL
PRC - [2010.06.14 21:20:50 | 000,046,602 | ---- | M] () -- C:\Users\*******\AppData\Local\Temp\svchost.exe
PRC - [2010.06.14 20:20:01 | 000,171,520 | ---- | M] () -- C:\Users\*******\AppData\Local\Temp\Qjf.exe
PRC - [2010.06.14 20:19:32 | 000,184,320 | ---- | M] () -- C:\Windows\Qbejea.exe
SRV - [2009.11.04 17:15:00 | 000,069,120 | ---- | M] (BOONTY) [On_Demand | Stopped] -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
IE - HKLM\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch FF Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2206084&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Softonic Deutsch FF Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2206084&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {9d81af43-de53-48d0-a199-42c2a226b24c}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6
[2010.04.13 23:24:44 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\9xjtuaa7.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010.04.15 18:35:54 | 000,000,000 | ---D | M] (Softonic Deutsch FF Toolbar) -- C:\Users\*******\AppData\Roaming\mozilla\Firefox\Profiles\9xjtuaa7.default\extensions\{9d81af43-de53-48d0-a199-42c2a226b24c}
[2010.01.20 12:18:32 | 000,000,941 | ---- | M] () -- C:\Users\*******\AppData\Roaming\Mozilla\FireFox\Profiles\9xjtuaa7.default\searchplugins\conduit.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Programme\PicLensIE\cooliris.dll (Cooliris Inc.)
O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found.
O2 - BHO: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Softonic Deutsch FF Toolbar) - {9d81af43-de53-48d0-a199-42c2a226b24c} - C:\Programme\Softonic_Deutsch_FF\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [PLFSetI] C:\Program Files\PLFSetI.exe File not found
O4 - HKLM..\Run: [WinSecure] C:\Program Files\Datapol\WinSecure PRO\WinSecure.exe File not found
O4 - HKCU..\Run: [{0CE04775-1A71-B08E-D7D7-2B508341718C}] C:\Users\*******\AppData\Roaming\Uwysz\ipha.exe ()
O4 - HKCU..\Run: [fsm]  File not found
O4 - HKCU..\Run: [M5T8QL3YW3] C:\Users\*******\AppData\Local\Temp\Qjf.exe ()
O4 - HKCU..\Run: [start 1] C:\Users\*******\AppData\Local\Temp\svchost.exe ()
O33 - MountPoints2\{216c076c-b412-11de-a515-00235a89b561}\Shell - "" = AutoRun
O33 - MountPoints2\{216c076c-b412-11de-a515-00235a89b561}\Shell\AutoRun\command - "" = E:\setup.exe.exe -- File not found
O33 - MountPoints2\{e604b1f2-b63e-11de-b19f-00235a89b561}\Shell - "" = AutoRun
O33 - MountPoints2\{e604b1f2-b63e-11de-b19f-00235a89b561}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
[2010.04.15 18:35:57 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.04.15 18:35:55 | 000,000,000 | ---D | C] -- C:\Programme\Softonic_Deutsch_FF
[2010.06.15 17:46:26 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.06.15 17:12:19 | 000,000,250 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.06.14 20:19:32 | 000,184,320 | ---- | M] () -- C:\Windows\Qbejea.exe
@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:CB0AACC9
:services
:files
:reg
:Commands
[purity]
[emptytemp]
[emptyFlash]
[reboot]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf .
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 4

Deinstalliere
Ask Toolbar
Softonic_Deutsch_FF Toolbar



Schritt 5

Bitte
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
Gmer scannen lassen
  • Lade Dir Gmer von dieser Seite herunter
    (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Gmer ist geeignet für => NT/W2K/XP/VISTA.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf "Save" und speichere das Log als "Gmer.txt" auf dem Desktop, Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Schritt 6

Starte bitte OTL.exe und klicke auf den Quick Scan Button.


Bitte poste in Deiner nächsten Antwort
defogger_disable.txt
Log von OTLfix
Gmer.txt
OTL.txt
__________________
--> Internetseiten öffnen ständig! Verdacht auf Trojaner!

Antwort

Themen zu Internetseiten öffnen ständig! Verdacht auf Trojaner!
adobe, antivir, antivir guard, ask toolbar, askbar, avg, avira, bho, computer, defender, desktop, excel, free download, google, google chrome, gupdate, hijack, hijackthis, internet, internet explorer, launch, local\temp, monitor, packard bell, photoshop, plug-in, realtek, rundll, seiten, senden, softonic, softonic deutsch ff toolbar, software, system, trojaner, verdacht auf trojaner, vista, von selber, windows, öffnen




Ähnliche Themen: Internetseiten öffnen ständig! Verdacht auf Trojaner!


  1. Öffnen nichtgewollter Internetseiten beim Öffnen neuen Tabs
    Plagegeister aller Art und deren Bekämpfung - 21.01.2015 (13)
  2. Falsche Internetseiten werden ständig aufgerufen
    Log-Analyse und Auswertung - 08.08.2014 (9)
  3. Popupseiten und Werbung öffnen sich ständig- vermute click compare trojaner
    Plagegeister aller Art und deren Bekämpfung - 31.07.2014 (13)
  4. Win 8.1 /Internetseiten öffnen automatisch
    Log-Analyse und Auswertung - 11.07.2014 (8)
  5. Sparkassen-Trojaner, öffnen wahlloser Internetseiten und vermutlich noch was anderes
    Log-Analyse und Auswertung - 02.01.2012 (32)
  6. Trojaner öffnen ständig Seiten/Werbung über den Internet Explorer
    Plagegeister aller Art und deren Bekämpfung - 06.11.2010 (34)
  7. Würmer, Trojaner und Internetseiten die sich automatisch öffnen!
    Plagegeister aller Art und deren Bekämpfung - 22.08.2010 (1)
  8. internetseiten öffnen nicht
    Plagegeister aller Art und deren Bekämpfung - 16.05.2010 (21)
  9. Werbefenster öffnen ständig! Trojaner !
    Mülltonne - 01.12.2008 (0)
  10. Internetseiten öffnen sich
    Log-Analyse und Auswertung - 24.11.2008 (0)
  11. Trojaner eingefangen Internetseiten lassen sich nicht mehr öffnen!
    Log-Analyse und Auswertung - 15.04.2008 (3)
  12. Es öffnen sih von alleine Internetseiten
    Überwachung, Datenschutz und Spam - 26.03.2008 (9)
  13. festplattencleaner.de,adultfnder.de & andere öffnen sich ständig--> TROJANER?!?!
    Log-Analyse und Auswertung - 09.01.2008 (5)
  14. automatisches öffnen von Internetseiten
    Log-Analyse und Auswertung - 01.06.2007 (7)
  15. automatisches öffnen von Internetseiten
    Log-Analyse und Auswertung - 28.03.2006 (6)
  16. 4 trojaner/internetseiten öffnen sich allein/Log-Datei anbei
    Log-Analyse und Auswertung - 10.08.2005 (1)
  17. Automatisches öffnen von Internetseiten
    Log-Analyse und Auswertung - 22.11.2004 (1)

Zum Thema Internetseiten öffnen ständig! Verdacht auf Trojaner! - Liebe User, Moderatoren und Administratoren. Ich weiß einfach keinen Rat mehr, habe das Forum nach einer möglichen Antwort durchforstet, komme aber dennoch nicht zu einem Ergebnis. Seit vorgestern (oder gestern) - Internetseiten öffnen ständig! Verdacht auf Trojaner!...
Archiv
Du betrachtest: Internetseiten öffnen ständig! Verdacht auf Trojaner! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.