![]() |
Plagegeister aller Art und deren Bekämpfung: winsvc.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() |
![]() | #1 |
![]() ![]() | ![]() winsvc.exe Hallo mein computer sagt dass ich einen Malware Virus habe es steht: Objekt:winsvc.exe Fund:TR/Crypt.XPACK.Gen Bitte helfen sie mir weiter! Mit freundlichen Grüßen Marcel |
![]() | #2 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() winsvc.exe hi poste die gesammte meldung mit datei pfad.
__________________Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
__________________ |
![]() | #3 |
![]() ![]() | ![]() winsvc.exe Hier die Extra.txt:OTL EXTRAS Logfile:
ATTFilter OTL Extras logfile created on: 18.10.2011 12:23:00 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Marcel\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19154) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 57,56% Memory free 8,20 Gb Paging File | 6,35 Gb Available in Paging File | 77,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 582,63 Gb Total Space | 303,86 Gb Free Space | 52,15% Space Free | Partition Type: NTFS Drive D: | 13,54 Gb Total Space | 1,86 Gb Free Space | 13,75% Space Free | Partition Type: NTFS Drive E: | 925,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 90 05 40 80 78 90 CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{4518FFBB-6865-4C32-9623-6845CDA05990}" = rport=139 | protocol=6 | dir=out | app=system | "{45BD829E-0E98-4D00-9A43-D46866FE8B61}" = lport=139 | protocol=6 | dir=in | app=system | "{4FC1A17F-823E-45F6-9E4E-953A8A9643F1}" = rport=137 | protocol=17 | dir=out | app=system | "{7D09C253-06AC-4279-AE89-1D610D5E3032}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{8B72CB3D-4A62-4F74-92A7-92D63A7478E2}" = rport=445 | protocol=6 | dir=out | app=system | "{9F74368E-29FC-4693-BE40-C5762B6CC2E9}" = rport=138 | protocol=17 | dir=out | app=system | "{A13893E2-178E-4B65-A48C-5BFE6252A8A2}" = lport=445 | protocol=6 | dir=in | app=system | "{A2C7A3E3-1CE3-44F8-94D6-BD7A70E38F35}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E588C3A1-C5A8-4EDC-8452-DD53A73A9CDD}" = lport=137 | protocol=17 | dir=in | app=system | "{E6EF34C0-6A32-44EC-9F88-9977B6CA335C}" = lport=138 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{019648AF-DCC2-40A8-9F85-D5A14741A19D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | "{039827DC-7D7D-4240-ADAB-670A2136DEB7}" = protocol=17 | dir=in | app=c:\programdata\sweetim\messenger\update\sweetimsetup.exe | "{0401D4CD-C3B1-4FC6-BE3D-96E85BD21BC8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{058BA76D-D38B-49D5-81E7-480F81813309}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | "{0849B371-4B27-4E41-9632-16D72E80EA69}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | "{12A826D2-0184-43E7-9203-1D2B64C37F2B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{142CF540-DB64-465E-A8C1-9F78FA381836}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{1487D617-91DB-4E3D-B612-51E5C0F29604}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | "{20506BDA-24D5-4C19-BDB4-E52698E974E0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xxmarcixx96\age of chivalry dedicated server\srcds.exe | "{21554A6A-094F-46A4-A21C-7A75D6CDBADD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{23738E23-9A80-4A90-9833-2FEC6ABCD3AF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{25BAA5A7-F773-457C-82CA-AD7E70595BA6}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | "{271D3AA4-0330-4261-9A9A-BAB980F4ECE8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | "{27EB6CB9-ACF0-440F-B118-B6629CE85965}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | "{28734F18-546E-441E-A108-AFFB99130D94}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{2BD18D2B-7496-48BB-B48B-EA2C4271194E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xxmarcixx96\age of chivalry\hl2.exe | "{317DC5D1-D186-4CC6-83EE-3B1C240C2523}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | "{3EE9366A-7977-444E-BFC8-BAF27004C756}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe | "{40723397-DC8A-4990-96D9-DBE3F34B2FC1}" = protocol=6 | dir=in | app=c:\programdata\sweetim\messenger\update\sweetimsetup.exe | "{422B03C0-3990-4510-BE76-64C40253E68E}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | "{436FDFD0-B932-40F6-91C8-0623AECF031B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{446637F4-146E-4585-A0E7-6CEDD9D179B2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe | "{4CA801BA-7559-42D8-AE1E-A9AFC4E71BFF}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe | "{5756EEC8-1690-4E6E-AE7B-45A08E09818D}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | "{5774DB51-5B2F-4A20-B33B-65853AE944E7}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | "{5F438DB2-AEF3-41AA-96B0-576B8927FED3}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe | "{660F0B2C-4C89-4615-BD13-0E9115EC43BA}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | "{682FDC81-1C7F-4450-83CB-9070B8DA73D2}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{68ED4FD4-FF99-47CA-813D-3726EB1DEF5A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | "{692E5D75-7B9B-4CD0-B61D-FABAC8782B96}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{74FE5519-11A9-420A-8CCC-4259072F0EF5}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\dead rising 2\deadrising2.exe | "{7C71BA6F-8EC3-4B20-92FA-B0C6F40F9820}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{7D24ECB9-E57D-40F3-8EE0-527FC0C9C82B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | "{7E49A71C-8A4A-4E07-B3C1-E41483808039}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | "{82157C68-F9B5-4669-A3F7-B8A16B0C547F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xxmarcixx96\age of chivalry\hl2.exe | "{834F6B4A-853F-44C9-AB2C-69C208D1BABD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x- | "{8B02F308-1BB9-47D9-B100-2F96B2C18F42}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{8E5C8675-330E-4A6C-8D4D-9082EFAAB4F6}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | "{92EBA246-8957-44E9-96DA-2D10B3FDCE84}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{982210A8-8C87-4AAE-87DF-DD44E9286626}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xxmarcixx96\age of chivalry dedicated server\srcds.exe | "{9DF83B4A-1CF6-46B1-92F5-62E3A4D1735C}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe | "{9FF758EE-C81B-4FCE-8A60-D2CCF0AB5E56}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{A173CCEF-F1BD-429D-A6B9-BCFF29E85C5F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{A2E7F8AB-59C4-4636-A926-A561385420D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xxmarcixx96\pirates, vikings, and knights ii\hl2.exe | "{A7E5AD5C-6DB4-4C1C-B43E-0A58AAAE64F2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | "{B1CB62C3-322E-46B6-A04A-0D03E23E66D8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{B81A97FD-6D30-4DC3-84B5-A216DBEEF91F}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe | "{BAC1C0D4-F5AD-4F81-9D40-CB11A86C5983}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | "{BB18F5BA-91DD-4D01-8E6A-1FE6C90F7847}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | "{BB73DD23-29CA-4705-95AF-978025FA5552}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{BB7CB006-FC5A-4110-B79C-8894DDD6B13E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{BBEECF8D-E835-4A85-A955-24C7C872CDAE}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{BEAEF824-70CE-4B74-99A4-A8E42202C766}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xxmarcixx96\pirates, vikings, and knights ii\hl2.exe | "{C22BED7D-8557-494F-BEC8-62ED2994B64D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C616491B-472E-46FE-BBF6-12AE36EFF6CE}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{C6B99E66-3530-4A42-BB16-89B1D30484C9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe | "{C8881911-BCFB-41FE-AEA8-3BC658E75B13}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\dead rising 2\deadrising2.exe | "{CAE1A061-F37B-4385-8ED3-9EAF583CA8AA}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe | "{CB1D1AE6-012D-4CED-95BD-29F662F9D2E6}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | "{CDD680F7-F262-4899-81C9-C66C060D2A1D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xxmarcixx96\pirates, vikings, and knights ii\srcds.exe | "{CE2C4E72-C59A-4868-827A-BFBEED6A6C46}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D1E5B58C-8A17-4D56-AD6F-A9851B46BC73}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xxmarcixx96\pirates, vikings, and knights ii\srcds.exe | "{D801D64F-AE04-4A17-A0E7-E0D2FE034CD1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{E5FCF3B4-F0B5-4F69-8D7A-D86BD4A1FDFA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E693F32E-DB68-46CF-997D-985D3803EB9D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{E82A5C23-7BCA-450D-9A97-46FAC90E224C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{E96E393B-1C44-4F46-BFBF-0043E26E10F5}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | "{ECE1C2A3-D8CE-402B-A7A9-78A323FE94C3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | "{EDD7A457-2C1C-44E8-9C2C-5BE16BED3FA0}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x- | "{F0556225-BB04-451A-A2E2-9A143CB356CA}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{F37F3614-C34A-4281-A7C2-266C276822B0}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | "{F39BDAE6-AACA-4501-BDD6-3926D0285CA9}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe | "{F80FAC8D-EEB6-4DAC-B85B-2EF2B884A2DF}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe | "{FAB69813-4C60-4782-A9F3-A232F2F46B56}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "TCP Query User{0B13FF2B-C003-4C42-A72A-078D3BA13CEF}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "TCP Query User{3073820A-ED41-4A03-87E8-B522B46FF317}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | "TCP Query User{373CEDAE-1A38-41E0-92DE-ECCBC13B8FA6}C:\program files (x86)\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin | "TCP Query User{3D8479FC-34C9-4777-88B8-BEE3B7A936AE}C:\program files (x86)\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files (x86)\metin2\metin2.bin | "TCP Query User{65C6B101-2082-428F-8EA2-D3EA183F7A84}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{68362633-5DAB-454E-B173-D8FB00DC065A}C:\users\marcel\appdata\local\temp\rar$ex01.488\teeworlds\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\marcel\appdata\local\temp\rar$ex01.488\teeworlds\teeworlds_srv.exe | "TCP Query User{737C97DC-54FB-468B-AD8E-F0ADAA9F49EF}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "TCP Query User{82ADEBB0-9164-4D2A-B1FC-0922CDC0D6FD}C:\games\ngd studios\regnum online\testserver\roclientgameex.exe" = protocol=6 | dir=in | app=c:\games\ngd studios\regnum online\testserver\roclientgameex.exe | "TCP Query User{BC85B79E-F492-4686-A4BF-A062BCC743DD}C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe | "TCP Query User{C4EC40A1-DD81-499A-AC08-ED01CF35DB3B}C:\games\ngd studios\regnum online\liveserver\roclientgameex.exe" = protocol=6 | dir=in | app=c:\games\ngd studios\regnum online\liveserver\roclientgameex.exe | "TCP Query User{F9F285E6-D8A8-4A31-A5F1-EC1C3A513B3A}C:\program files (x86)\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | "TCP Query User{FEC0EC52-B246-4846-B601-33FB4E3F8281}C:\users\marcel\desktop\garrys mod\hl2.exe" = protocol=6 | dir=in | app=c:\users\marcel\desktop\garrys mod\hl2.exe | "UDP Query User{30413286-4EAA-413F-9448-B86931C3EBD2}C:\program files (x86)\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files (x86)\metin2\metin2.bin | "UDP Query User{35047D65-A379-49FC-AED9-3F991C8DAABF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{4729A9C7-A666-4175-B125-48ECB94AB937}C:\users\marcel\appdata\local\temp\rar$ex01.488\teeworlds\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\marcel\appdata\local\temp\rar$ex01.488\teeworlds\teeworlds_srv.exe | "UDP Query User{56555358-42C8-4175-9575-493FB96C51AE}C:\games\ngd studios\regnum online\liveserver\roclientgameex.exe" = protocol=17 | dir=in | app=c:\games\ngd studios\regnum online\liveserver\roclientgameex.exe | "UDP Query User{5B2CECD1-1122-4824-8D78-6184909502F9}C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe | "UDP Query User{8B401D7F-1775-4363-AB06-86ED58E26940}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "UDP Query User{90458397-C4F7-41AA-8A34-DFD6E70E8079}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | "UDP Query User{9075C557-A4DA-4BA8-8003-430EC3841036}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | "UDP Query User{9510F3F9-D032-4B2E-A092-E6E6273A8036}C:\program files (x86)\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin | "UDP Query User{AA8AD445-313F-47B7-A053-EA2E6EF5D61E}C:\users\marcel\desktop\garrys mod\hl2.exe" = protocol=17 | dir=in | app=c:\users\marcel\desktop\garrys mod\hl2.exe | "UDP Query User{C4C49ED3-7C82-4C00-825C-999D5080C1D9}C:\program files (x86)\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | "UDP Query User{DF7E891F-9C41-49CE-9CAC-855CF4C038A3}C:\games\ngd studios\regnum online\testserver\roclientgameex.exe" = protocol=17 | dir=in | app=c:\games\ngd studios\regnum online\testserver\roclientgameex.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour "{1D95A4AF-B4FE-45E5-1518-2A842BA83081}" = ccc-utility64 "{28D73032-5DAA-4F83-B154-85105DBCCB92}" = iTunes "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{9EA8213A-9080-C41F-2F85-8FF98374AB9F}" = ATI Catalyst Install Manager "{A9513BBC-73B4-4856-BF83-0166523ABF09}" = 64 Bit HP CIO Components Installer "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "HP Imaging Device Functions" = HP Imaging Device Functions 11.0 "HP Photosmart Essential" = HP Photosmart Essential 3.0 "HP Smart Web Printing" = HP Smart Web Printing "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 11.0 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Drivers" = NVIDIA Drivers "Shop for HP Supplies" = Shop for HP Supplies "WinRAR archiver" = WinRAR 4.00 Beta 5 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0019BCD5-6D1C-6B47-8214-A151D5FCFDDC}" = Catalyst Control Center Localization Thai "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{014A0EB1-C226-1CAF-7B72-49321CB0E9B3}" = CCC Help Hungarian "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM) "{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE "{0AF5BF1B-FFE1-2C85-FDDC-3A44EFD341EC}" = Catalyst Control Center Localization Italian "{0BB291F1-BEBA-2530-990B-863B206B1F8A}" = Catalyst Control Center Localization German "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{114C3B4C-CA35-1027-B126-F10DAB0F20B7}" = CCC Help Norwegian "{11908571-96AB-2B21-EDBE-7852B087E925}" = Catalyst Control Center Localization Portuguese "{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{22E95014-3038-4909-8708-48AE7FEFBF05}" = DSL Connection Manager "{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23C7264E-BAA0-73B7-0B7C-BA1CCA40F438}" = CCC Help Chinese Standard "{23D2AA7C-FFB2-3271-7568-58D9CE58598F}" = CCC Help German "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{25468ED2-C4F8-C7EB-5CDB-20D934D6A1F9}" = CCC Help French "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26 "{277AF855-DF15-BDCA-D570-5B94C5371201}" = CCC Help Polish "{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply "{2BEC7DA6-3455-5674-4A0E-09A6777A2C25}" = Catalyst Control Center Localization Dutch "{2CC86F66-6C15-3D00-F05E-830846CF2393}" = CCC Help Turkish "{2DDB9835-EE7B-FF38-084C-EBB81710A5FB}" = Catalyst Control Center Graphics Previews Vista "{2E4609A3-F5AF-4408-B0C4-B8B84BC753DF}" = Catalyst Control Center - Branding "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{35BEB65B-B67C-C104-CE7E-56D71378822D}" = Catalyst Control Center Localization Swedish "{36D76EB0-F8A6-BD4A-A3C9-B07BE72FF6CD}" = Catalyst Control Center Graphics Full New "{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup "{395AB8C5-F3A8-4380-8718-7A11EC5829F6}" = iCON 210 "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3B7AD0B6-B25D-EB03-5657-E9B3ECBC3C28}" = Catalyst Control Center Graphics Light "{3C9DDCA5-D9EF-B431-B7E8-3B2286E92FEE}" = Catalyst Control Center Core Implementation "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2 "{441BA798-953E-1FF2-F9B8-7D1BED5E3278}" = CCC Help Chinese Traditional "{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4C074190-CE6F-1960-F8BC-B00CF700CAA4}" = Catalyst Control Center Localization Korean "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4DDF7B07-6CC5-CEE9-CA52-E95F8547EBC0}" = Catalyst Control Center Localization Greek "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In "{56B74948-05CA-C84D-307C-A578F98DAF33}" = Catalyst Control Center Localization Japanese "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{590129B0-8CBD-0C3D-55C6-693C5C910A53}" = Catalyst Control Center Graphics Full Existing "{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5F87D8F9-A373-11D5-AA2E-0008C760B784}" = Ultimate Ride "{60706F47-9AD7-59C5-2BFF-A747086FE30B}" = Catalyst Control Center Localization Finnish "{607576AD-A631-77DE-3D8C-3FBA257962D0}" = Skins "{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software "{61B8FF9A-E7A4-0500-34C9-2A218825F09C}" = Catalyst Control Center InstallProxy "{61E1C6E3-1793-2F66-B14D-E8899F8F36D7}" = Catalyst Control Center Localization Turkish "{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4220_ProductContext "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support "{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2 "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{6F058B03-40A6-3023-ACE4-C031CB5F51E6}" = CCC Help Portuguese "{6F1D0A3C-3E04-3E6D-2286-1B1900777555}" = Catalyst Control Center Localization Chinese Standard "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari "{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5 "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{795288DC-2652-44A5-99FD-2ECDF3C633BF}" = SweetIM for Messenger 3.3 "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{7C0B4269-EFF1-FE99-2298-B5752BBCD1CE}" = Catalyst Control Center Graphics Previews Common "{815E4EFD-6A9C-50F5-3C7B-DD5984BF1CBB}" = Catalyst Control Center Localization Danish "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme "{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid "{8D8637C8-BD8F-71AF-1E15-B4104FDFF6A9}" = CCC Help Japanese "{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4C534E-431F-4A17-97D4-D1682B19A054}" = Emergency4 "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp "{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7 "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback "{9E3A383E-0AF0-97F3-3FFF-E466DFDD302B}" = CCC Help Greek "{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS "{A40DD5A8-B549-126F-DEDE-2A0DD11342F0}" = CCC Help Danish "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B03DF1CE-9964-0BCB-A53E-9ABE88B17F60}" = Catalyst Control Center Localization Spanish "{B04F82E0-C4F2-58B3-C799-FAC82F6F88C1}" = CCC Help Russian "{B0516082-BA15-2ACC-A354-0CA22CFE4CF9}" = CCC Help Spanish "{B3891007-20E0-83BB-93F8-3062A2ED39EB}" = CCC Help Italian "{B3DA638A-7AC7-4202-C489-898D8A5AE48B}" = CCC Help Dutch "{B593E002-4F0A-2537-AF4D-59C371FCE60F}" = CCC Help Finnish "{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200 "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}" = muvee autoProducer 6.1 "{B9CB4A55-002A-5FC0-DF39-A5D5FF2F036D}" = Catalyst Control Center Localization French "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer "{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min "{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C485E0AA-2176-835B-8555-C08002E8517B}" = Catalyst Control Center Localization Norwegian "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update "{C948C303-C151-B075-DDD6-F69B963B70EF}" = Catalyst Control Center Localization Russian "{C9E04998-234A-4ACE-6C91-30F7E8EA735D}" = Catalyst Control Center Localization Polish "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting "{CCB5EE8A-8DE8-E4E2-1D3D-31C9CC3519C9}" = Catalyst Control Center Localization Chinese Traditional "{CE557ABF-2A29-4AB4-A7EB-29F5FA1BECEA}" = DSL Connection Manager "{D11016EA-8CFB-4E07-91D4-28606762DF06}" = Der Planer 3 "{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService "{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms "{D2299355-97DE-1DBC-98EB-C5F2357F874C}" = Catalyst Control Center Localization Hungarian "{D2C6274D-C3C0-0C1B-5E79-B94843622343}" = Catalyst Control Center Localization Czech "{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3 "{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5 "{D78C15E3-7648-A466-651C-FB618B3659AD}" = CCC Help Korean "{DC2A30B7-030B-6842-C5D5-AE3D5E7B8ECC}" = ccc-core-static "{DF18DFB5-A9CC-1A17-9861-2187C1265CD4}" = CCC Help Swedish "{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout "{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox "{E9DA117D-B2B8-9F7D-DBD7-FF2A730FBB8A}" = CCC Help Czech "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer "{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery "{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.149 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable "{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor "{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}" = HP Easy Setup - Frontend "{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4210_Help "{F93D2591-8201-4692-BD8D-67A0BFAC9C14}" = SweetIM Toolbar for Internet Explorer 3.9 "{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go "{FDC5251B-4139-1DAE-8CCC-20AAC4E5422E}" = CCC Help Thai "{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10 "{FF063B2A-19DB-C210-C06D-8BBECD7D45B4}" = CCC Help English "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 4.65 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "AOL Toolbar" = AOL Toolbar 5.0 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI "Cross Fire_is1" = Cross Fire En "DAEMON Tools Lite" = DAEMON Tools Lite "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "DivX Setup.divx.com" = DivX-Setup "EA Download Manager" = EA Download Manager "Euro Truck Simulator" = Euro Truck Simulator 1.00 "FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011 "FileZilla Client" = FileZilla Client "Fraps" = Fraps "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube Download 3_is1" = Free YouTube Download 3 version "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version "Freibier" = Freibier "GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2 "Google Chrome" = Google Chrome "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "ICQToolbar" = ICQ Toolbar "iLivid" = iLivid "Indeo® Software" = Indeo® Software "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de) "NSS" = Norton Security Scan "o2DE" = Mobile Connection Manager "OpenAL" = OpenAL "PC-Doctor for Windows" = Hardware Diagnose Tools "Quick Memory Editor_is1" = Quick Memory Editor 5.5 "Real Desktop Standard_is1" = Real Desktop 1.61 Standard "RealDesktop Toolbar" = RealDesktop Toolbar "Regnum Online" = Regnum Online 1.6.2 "RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3 "SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "Searchqu 406 MediaBar" = Windows iLivid Toolbar "softonic-de3 Toolbar" = softonic-de3 Toolbar "Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator "Tankwagen-Simulator 2011_is1" = Tankwagen-Simulator 2011 "Tour de Franz" = Tour de Franz "Uniblue RegistryBooster" = Uniblue RegistryBooster "Uninstall_is1" = Uninstall "Update Engine" = Sony Ericsson Update Engine "UseNeXT_is1" = UseNeXT "VLC media player" = VLC media player 1.1.11 "Vodafone WCDMA Composite Device Drive" = Vodafone WCDMA Composite Device Drive Software "WildTangent hp Master Uninstall" = HP Games "Woodcutter Simulator" = Woodcutter Simulator "World of Warcraft" = World of Warcraft "WTA-d81f286f-9499-43ee-9c03-59e4803c1b65" = Build-a-lot 3 "Xfire" = Xfire (remove only) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer "UnityWebPlayer" = Unity Web Player ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
![]() | #4 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() winsvc.exe wo ist die fundmeldung?? bitte deinstaliere registry booster, solche programme können dir das system kaputt machen und oben drein bringen sie überhaupt nichts.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
![]() | #5 |
![]() ![]() | ![]() winsvc.exe bei meinem avir antivir virenschutz kam diese meldung mit diesem virus ich habe ihn über facebook bekommen. Darum habe ich gedacht ich frage mal lieber |
![]() | #6 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() winsvc.exe ich möchte die avira meldung... und sende mir den link den du über fb bekommen hast als private nachicht.
__________________ --> winsvc.exe |
![]() | #7 |
![]() ![]() | ![]() winsvc.exe Hier der Link: hxxp://www.bacolodhouseandlot.com/facebook_img.php?l=IMG37384.JPG Hier der Bericht: Avira AntiVir Personal Erstellungsdatum der Reportdatei: Mittwoch, 19. Oktober 2011 15:27 Es wird nach 3411502 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows Vista x64 Windowsversion : (Service Pack 2) [6.0.6002] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : *****-PC Versionsinformationen: BUILD.DAT : 35934 Bytes 28.09.2011 13:14:00 AVSCAN.EXE : 484008 Bytes 03.07.2011 10:51:42 AVSCAN.DLL : 57192 Bytes 03.07.2011 10:51:42 LUKE.DLL : 45416 Bytes 03.07.2011 10:51:42 LUKERES.DLL : 13672 Bytes 14.01.2010 12:22:40 AVSCPLR.DLL : 119656 Bytes 03.07.2011 10:51:42 AVREG.DLL : 88833 Bytes 19.07.2011 14:11:09 VBASE000.VDF : 19875328 Bytes 06.11.2009 17:27:44 VBASE001.VDF : 13342208 Bytes 14.12.2010 11:43:14 VBASE002.VDF : 1950720 Bytes 09.02.2011 09:25:46 VBASE003.VDF : 1980416 Bytes 07.04.2011 16:28:54 VBASE004.VDF : 2354176 Bytes 31.05.2011 12:59:19 VBASE005.VDF : 1788416 Bytes 07.07.2011 19:14:55 VBASE006.VDF : 6411776 Bytes 16.08.2011 14:51:44 VBASE007.VDF : 2389504 Bytes 05.10.2011 15:04:42 VBASE008.VDF : 2048 Bytes 05.10.2011 15:04:42 VBASE009.VDF : 2048 Bytes 05.10.2011 15:04:42 VBASE010.VDF : 2048 Bytes 05.10.2011 15:04:42 VBASE011.VDF : 2048 Bytes 05.10.2011 15:04:42 VBASE012.VDF : 2048 Bytes 05.10.2011 15:04:42 VBASE013.VDF : 161792 Bytes 07.10.2011 15:04:43 VBASE014.VDF : 130048 Bytes 10.10.2011 15:04:44 VBASE015.VDF : 113664 Bytes 11.10.2011 15:04:44 VBASE016.VDF : 163328 Bytes 14.10.2011 16:27:27 VBASE017.VDF : 187904 Bytes 18.10.2011 10:42:15 VBASE018.VDF : 2048 Bytes 18.10.2011 10:42:15 VBASE019.VDF : 2048 Bytes 18.10.2011 10:42:15 VBASE020.VDF : 2048 Bytes 18.10.2011 10:42:15 VBASE021.VDF : 2048 Bytes 18.10.2011 10:42:15 VBASE022.VDF : 2048 Bytes 18.10.2011 10:42:15 VBASE023.VDF : 2048 Bytes 18.10.2011 10:42:15 VBASE024.VDF : 2048 Bytes 18.10.2011 10:42:15 VBASE025.VDF : 2048 Bytes 18.10.2011 10:42:15 VBASE026.VDF : 2048 Bytes 18.10.2011 10:42:15 VBASE027.VDF : 2048 Bytes 18.10.2011 10:42:15 VBASE028.VDF : 2048 Bytes 18.10.2011 10:42:15 VBASE029.VDF : 2048 Bytes 18.10.2011 10:42:16 VBASE030.VDF : 2048 Bytes 18.10.2011 10:42:16 VBASE031.VDF : 60416 Bytes 19.10.2011 10:42:16 Engineversion : AEVDF.DLL : 106868 Bytes 30.07.2010 13:53:59 AESCRIPT.DLL : 467322 Bytes 13.10.2011 15:04:54 AESCN.DLL : 127349 Bytes 22.11.2010 13:30:36 AESBX.DLL : 323957 Bytes 02.06.2011 12:59:52 AERDL.DLL : 639348 Bytes 10.09.2011 16:06:09 AEPACK.DLL : 684408 Bytes 25.09.2011 14:54:37 AEOFFICE.DLL : 201083 Bytes 19.09.2011 13:56:09 AEHEUR.DLL : 3748217 Bytes 13.10.2011 15:04:53 AEHELP.DLL : 254327 Bytes 31.07.2011 09:12:19 AEGEN.DLL : 401780 Bytes 28.08.2011 10:35:49 AEEMU.DLL : 393589 Bytes 22.11.2010 13:29:56 AECORE.DLL : 196983 Bytes 28.08.2011 10:35:49 AEBB.DLL : 53618 Bytes 28.04.2010 15:53:51 AVWINLL.DLL : 19304 Bytes 21.04.2011 05:52:39 AVPREF.DLL : 44904 Bytes 03.07.2011 10:51:42 AVREP.DLL : 174120 Bytes 03.07.2011 10:51:42 AVARKT.DLL : 255336 Bytes 03.07.2011 10:51:41 AVEVTLOG.DLL : 203112 Bytes 03.07.2011 10:51:41 SQLITE3.DLL : 355688 Bytes 17.06.2010 13:27:22 AVSMTP.DLL : 63848 Bytes 13.12.2010 07:39:56 NETNT.DLL : 11624 Bytes 17.06.2010 13:27:21 RCIMAGE.DLL : 2589544 Bytes 03.07.2011 10:51:41 RCTEXT.DLL : 98664 Bytes 03.07.2011 10:51:41 Konfiguration für den aktuellen Suchlauf: Job Name..............................: avguard_async_scan Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_50202131\guard_slideup.avp Protokollierung.......................: standard Primäre Aktion........................: reparieren Sekundäre Aktion......................: quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: vollständig Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+SPR, Beginn des Suchlaufs: Mittwoch, 19. Oktober 2011 15:27 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'game.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Skype.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'IELowutil.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ImpWiFiSvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'RealDesktopSvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'NASvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'LSSrvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ICQ Service.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AccVSSvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Users\*****\Downloads\IMG04506864689.JPG(1).scr' C:\Users\*****\Downloads\IMG04506864689.JPG(1).scr [FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ae67999.qua' verschoben! Ende des Suchlaufs: Mittwoch, 19. Oktober 2011 15:27 Benötigte Zeit: 00:02 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 19 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 18 Dateien ohne Befall 0 Archive wurden durchsucht 0 Warnungen 1 Hinweise |
![]() | #8 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() winsvc.exe ok otl.txt fehlt, und hatte ich nicht gesagt als private nachicht den link?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
![]() | #9 |
![]() ![]() | ![]() winsvc.exe Oh sorry ich habe gedacht private Nachricht in Facebook sorry. Hier die otl.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.10.2011 12:23:00 - Run 1 OTL by OldTimer - Version Folder = C:\Users\*****\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19154) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 57,56% Memory free 8,20 Gb Paging File | 6,35 Gb Available in Paging File | 77,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 582,63 Gb Total Space | 303,86 Gb Free Space | 52,15% Space Free | Partition Type: NTFS Drive D: | 13,54 Gb Total Space | 1,86 Gb Free Space | 13,75% Space Free | Partition Type: NTFS Drive E: | 925,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: *****-PC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files (x86)\RealDesktop Toolbar\RealDesktopSvc.exe () PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D) PRC - C:\Program Files (x86)\Common Files\AccSys\AccVSSvc.exe (AccSys GmbH) ========== Modules (No Company Name) ========== MOD - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCoreGecko6.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (RealDesktop Toolbar Helper) -- C:\Program Files (x86)\RealDesktop Toolbar\RealDesktopSvc.exe () SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (TGCM_ImportWiFiSvc) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D) SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (accvssvc) -- C:\Program Files (x86)\Common Files\AccSys\AccVSSvc.exe (AccSys GmbH) SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (s1018mdm) -- C:\Windows\SysNative\DRIVERS\s1018mdm.sys (MCCI Corporation) DRV:64bit: - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\SysNative\DRIVERS\s1018unic.sys (MCCI Corporation) DRV:64bit: - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\DRIVERS\s1018mgmt.sys (MCCI Corporation) DRV:64bit: - (s1018obex) -- C:\Windows\SysNative\DRIVERS\s1018obex.sys (MCCI Corporation) DRV:64bit: - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\SysNative\DRIVERS\s1018bus.sys (MCCI Corporation) DRV:64bit: - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\SysNative\DRIVERS\s1018nd5.sys (MCCI Corporation) DRV:64bit: - (s1018mdfl) -- C:\Windows\SysNative\DRIVERS\s1018mdfl.sys (MCCI Corporation) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (gtstusbser_64) -- C:\Windows\SysNative\DRIVERS\gtstusbser_64.sys (Option N.V.) DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\DRIVERS\s0016mdm.sys (MCCI Corporation) DRV:64bit: - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\SysNative\DRIVERS\s0016unic.sys (MCCI Corporation) DRV:64bit: - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\DRIVERS\s0016mgmt.sys (MCCI Corporation) DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\DRIVERS\s0016obex.sys (MCCI Corporation) DRV:64bit: - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\SysNative\DRIVERS\s0016nd5.sys (MCCI Corporation) DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\DRIVERS\s0016mdfl.sys (MCCI Corporation) DRV:64bit: - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\SysNative\DRIVERS\s0016bus.sys (MCCI Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (AmdLLD64) -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys (AMD, Inc.) DRV - (gtstusbser_64) -- C:\Windows\SysWOW64\drivers\gtstusbser_64.sys (Option N.V.) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Home IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = Home IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = Home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}: FF - prefs.js..extensions.enabledItems: realdesktop@realdesktop.com:1.7 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}: FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}: FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com: FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Creative Software Inc) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.03.28 10:58:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.22 15:22:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.21 20:33:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.03.28 10:58:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7F9CE3EE-80D7-4EEA-BF8E-DFD3A4E95509}: C:\Users\*****\AppData\Local\{7F9CE3EE-80D7-4EEA-BF8E-DFD3A4E95509} [2011.06.20 16:24:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2011.10.11 18:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions [2010.04.27 18:48:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.09.29 18:24:12 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.06.20 16:24:29 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2010.08.06 12:08:33 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.10.11 18:00:02 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2011.04.23 17:31:27 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\DTToolbar@toolbarnet.com [2011.04.09 22:15:30 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\engine@conduit.com [2011.09.22 14:47:18 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus WebGuard") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\toolbar@ask.com [2010.03.16 11:42:56 | 000,000,927 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\conduit.xml [2011.03.02 18:09:41 | 000,002,059 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\daemon-search.xml [2011.10.15 18:29:13 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-1.xml [2010.10.24 21:04:48 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-10.xml [2010.10.30 09:01:36 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-11.xml [2010.12.21 19:42:26 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-12.xml [2011.03.03 14:33:36 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-13.xml [2011.03.08 10:01:56 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-14.xml [2011.03.26 15:16:19 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-15.xml [2011.04.10 00:36:48 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-16.xml [2011.05.26 13:29:59 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-17.xml [2011.06.21 13:23:35 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-18.xml [2011.07.20 19:18:27 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-19.xml [2010.03.25 13:35:00 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-2.xml [2011.08.16 21:57:52 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-20.xml [2011.08.21 11:40:21 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-21.xml [2011.09.25 16:55:40 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-22.xml [2011.09.29 20:34:03 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-23.xml [2010.04.04 14:04:46 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-3.xml [2010.04.15 12:51:07 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-4.xml [2010.07.12 14:13:12 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-5.xml [2010.07.22 20:11:44 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-6.xml [2010.07.27 22:02:41 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-7.xml [2010.09.09 10:05:34 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-8.xml [2010.09.20 17:25:09 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-9.xml [2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin.xml [2011.06.20 16:24:23 | 000,002,501 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\SearchResults.xml [2010.10.20 14:04:07 | 000,003,915 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\sweetim.xml [2011.07.05 17:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.01.24 01:12:00 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.06.05 10:20:45 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.01.26 16:03:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.07 18:32:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.05 17:38:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2010.07.11 20:42:30 | 000,000,000 | ---D | M] (Real Desktop Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\realdesktop@realdesktop.com [2011.04.08 16:31:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2011.04.08 16:31:16 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SS35HOGG.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SS35HOGG.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2011.09.22 15:22:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2009.04.08 04:06:28 | 000,122,880 | ---- | M] (AB) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOP7PlugIn.dll [2010.04.25 19:59:24 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll [2011.09.22 15:22:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.22 15:22:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.22 15:22:01 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.22 15:22:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.18 10:24:50 | 000,002,772 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\RealDesktop.xml [2011.10.18 10:24:50 | 000,002,754 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\RealDesktop.xml.bak [2011.06.20 16:24:23 | 000,002,501 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml [2011.09.22 15:22:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.22 15:22:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Search Results (Enabled) CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=102&systemid=406&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\pdf.dll CHR - plugin: Google Gears (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: NPOP7Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOP7PlugIn.dll CHR - plugin: Pando Web Installer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\\npGoogleOneClick8.dll CHR - plugin: Unity Player (Enabled) = C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Media Go Detector (Enabled) = c:\Program Files (x86)\Sony\Media Go\npmediago.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\Update\\%ProgramW6432%\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll File not found O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll (Bandoo Media, inc) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Real Desktop Toolbar) - {4C350B19-6CA1-4569-B14C-296D8D653009} - C:\Program Files (x86)\RealDesktop Toolbar\realdesktoptb.dll (RealDesktop) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found. O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Real Desktop Toolbar) - {4C350B19-6CA1-4569-B14C-296D8D653009} - C:\Program Files (x86)\RealDesktop Toolbar\realdesktoptb.dll (RealDesktop) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKCU..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8 - Extra context menu item: Free YouTube Download - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A615081A-DB1C-42C8-8B6A-0E4FEC46738B}: DhcpNameServer = O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\datamngr.dll) -C:\PROGRA~2\WI371A~1\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll) -C:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll (Bandoo Media, inc) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\IMG_0173.JPG O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\IMG_0173.JPG O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.11.25 16:17:40 | 000,000,000 | ---D | M] - E:\autorun -- [ CDFS ] O32 - AutoRun File - [2010.10.15 09:52:30 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2011.10.18 12:20:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2011.10.13 17:18:11 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.10.13 17:18:08 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.10.13 17:18:08 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.10.13 17:18:08 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2011.10.13 17:18:07 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2011.10.13 17:18:07 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011.10.13 17:18:07 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.10.13 17:18:07 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.10.13 17:18:07 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2011.10.13 17:18:07 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.10.13 17:18:07 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2011.10.13 17:18:07 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.10.13 17:18:06 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.10.13 17:18:06 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.10.13 17:18:06 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.10.13 17:18:06 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2011.10.13 17:18:06 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2011.10.13 17:18:06 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2011.10.13 17:18:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2011.10.13 17:18:06 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.10.13 17:18:06 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2011.10.13 17:18:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2011.10.13 17:18:06 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.10.13 17:18:06 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2011.10.13 17:18:05 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2011.10.13 17:18:05 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2011.10.13 17:18:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.10.13 17:18:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.10.13 17:18:05 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.10.13 17:17:01 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll [2011.10.13 17:17:00 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2011.10.13 17:17:00 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll [2011.10.13 17:17:00 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll [2011.10.13 17:17:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll [2011.10.13 17:17:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll [2011.10.13 17:16:48 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2011.10.13 17:16:48 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2011.10.13 17:16:48 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax [2011.10.13 17:16:48 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax [2011.10.13 17:16:48 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax [2011.10.13 17:16:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax [2011.10.13 17:16:48 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax [2011.10.13 17:16:48 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax [2011.10.08 10:31:48 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\.minecraft [2011.10.08 10:31:08 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Neuer Ordner [2011.10.07 22:39:47 | 000,000,000 | RHSD | C] -- C:\Users\*****\M-1-52-5782-8752-5245 [2011.09.20 17:34:26 | 000,000,000 | ---D | C] -- C:\Windows\pss ========== Files - Modified Within 30 Days ========== [2011.10.18 12:24:21 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.10.18 12:24:21 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.10.18 12:20:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2011.10.18 11:59:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.10.18 10:25:17 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.10.18 10:25:15 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2011.10.18 10:24:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.10.17 22:32:04 | 000,053,248 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.17 22:28:01 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0F185AB9-B531-44FD-B108-644E5495223C}.job [2011.10.16 10:35:11 | 000,334,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.10.13 19:21:19 | 001,460,240 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.10.13 19:21:19 | 000,632,718 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.10.13 19:21:19 | 000,599,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.10.13 19:21:19 | 000,130,244 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.10.13 19:21:19 | 000,106,884 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.10.13 18:02:10 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.10.01 01:25:22 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.10.01 01:23:56 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2011.10.01 01:21:52 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.10.01 01:21:49 | 000,710,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.10.01 01:21:20 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.10.01 01:21:00 | 001,538,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2011.10.01 01:20:40 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.10.01 01:20:40 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2011.10.01 01:20:39 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2011.10.01 01:20:38 | 000,252,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.10.01 01:20:38 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2011.10.01 01:06:08 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.10.01 01:04:42 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2011.10.01 01:02:38 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.10.01 01:02:06 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.10.01 01:01:51 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011.10.01 01:01:34 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.10.01 01:01:34 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2011.10.01 01:01:34 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2011.10.01 01:01:33 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.10.01 01:01:33 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2011.10.01 00:29:23 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.10.01 00:07:25 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.09.30 23:48:19 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2011.09.30 23:47:58 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2011.09.30 23:47:24 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.09.30 23:29:54 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2011.09.30 23:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2011.09.30 23:29:05 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe ========== Files Created - No Company Name ========== [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.01.26 17:48:21 | 000,000,680 | ---- | C] () -- C:\Users\*****\AppData\Local\d3d9caps.dat [2011.01.20 21:14:51 | 000,000,120 | ---- | C] () -- C:\Users\*****\AppData\Local\Mtano.dat [2011.01.20 21:14:51 | 000,000,000 | ---- | C] () -- C:\Users\*****\AppData\Local\Rdedokoxaxedako.bin [2011.01.07 18:09:40 | 000,001,078 | ---- | C] () -- C:\Windows\disney.ini [2011.01.07 18:09:38 | 000,000,175 | ---- | C] () -- C:\Windows\disneysy.ini [2010.12.05 15:48:32 | 000,028,160 | ---- | C] () -- C:\Windows\SysWow64\localuid.dll [2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2010.07.07 13:54:53 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.01.01 15:11:24 | 002,729,472 | ---- | C] () -- C:\Windows\SysWow64\fun_avcodec.dll [2009.11.20 19:14:15 | 000,078,241 | ---- | C] () -- C:\Windows\hpqins05.dat [2009.10.15 20:26:15 | 000,053,248 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.06 14:51:56 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.10.06 14:51:13 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009.10.06 14:50:31 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.10.02 17:29:33 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2009.09.28 18:03:53 | 000,001,572 | ---- | C] () -- C:\Windows\Mobile Partner Manager.INI [2009.06.18 16:55:18 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll [2009.06.18 16:12:13 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2009.03.28 11:09:30 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat.temp [2009.03.28 10:53:37 | 000,187,912 | ---- | C] () -- C:\Windows\hpoins28.dat [2009.01.20 14:17:53 | 000,000,488 | ---- | C] () -- C:\Users\*****\AppData\Roaming\wklnhst.dat [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008.09.12 22:17:35 | 000,000,428 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2008.09.12 22:06:31 | 000,115,801 | ---- | C] () -- C:\Windows\hpqins13.dat [2008.09.12 21:54:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.09.12 21:49:58 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat [2008.09.12 21:44:13 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll [2008.09.12 21:44:13 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll [2008.07.01 06:02:41 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin < End of report > |
![]() | #10 |
![]() ![]() | ![]() winsvc.exe Oh sorry ich habe gedacht private Nachricht in Facebook sorry. Hier die otl.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.10.2011 12:23:00 - Run 1 OTL by OldTimer - Version Folder = C:\Users\*****\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19154) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 57,56% Memory free 8,20 Gb Paging File | 6,35 Gb Available in Paging File | 77,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 582,63 Gb Total Space | 303,86 Gb Free Space | 52,15% Space Free | Partition Type: NTFS Drive D: | 13,54 Gb Total Space | 1,86 Gb Free Space | 13,75% Space Free | Partition Type: NTFS Drive E: | 925,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: *****-PC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files (x86)\RealDesktop Toolbar\RealDesktopSvc.exe () PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D) PRC - C:\Program Files (x86)\Common Files\AccSys\AccVSSvc.exe (AccSys GmbH) ========== Modules (No Company Name) ========== MOD - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCoreGecko6.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (RealDesktop Toolbar Helper) -- C:\Program Files (x86)\RealDesktop Toolbar\RealDesktopSvc.exe () SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (TGCM_ImportWiFiSvc) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D) SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (accvssvc) -- C:\Program Files (x86)\Common Files\AccSys\AccVSSvc.exe (AccSys GmbH) SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (s1018mdm) -- C:\Windows\SysNative\DRIVERS\s1018mdm.sys (MCCI Corporation) DRV:64bit: - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\SysNative\DRIVERS\s1018unic.sys (MCCI Corporation) DRV:64bit: - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\DRIVERS\s1018mgmt.sys (MCCI Corporation) DRV:64bit: - (s1018obex) -- C:\Windows\SysNative\DRIVERS\s1018obex.sys (MCCI Corporation) DRV:64bit: - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\SysNative\DRIVERS\s1018bus.sys (MCCI Corporation) DRV:64bit: - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\SysNative\DRIVERS\s1018nd5.sys (MCCI Corporation) DRV:64bit: - (s1018mdfl) -- C:\Windows\SysNative\DRIVERS\s1018mdfl.sys (MCCI Corporation) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (gtstusbser_64) -- C:\Windows\SysNative\DRIVERS\gtstusbser_64.sys (Option N.V.) DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\DRIVERS\s0016mdm.sys (MCCI Corporation) DRV:64bit: - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\SysNative\DRIVERS\s0016unic.sys (MCCI Corporation) DRV:64bit: - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\DRIVERS\s0016mgmt.sys (MCCI Corporation) DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\DRIVERS\s0016obex.sys (MCCI Corporation) DRV:64bit: - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\SysNative\DRIVERS\s0016nd5.sys (MCCI Corporation) DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\DRIVERS\s0016mdfl.sys (MCCI Corporation) DRV:64bit: - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\SysNative\DRIVERS\s0016bus.sys (MCCI Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (AmdLLD64) -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys (AMD, Inc.) DRV - (gtstusbser_64) -- C:\Windows\SysWOW64\drivers\gtstusbser_64.sys (Option N.V.) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Home IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = Home IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = Home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Home IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}: FF - prefs.js..extensions.enabledItems: realdesktop@realdesktop.com:1.7 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}: FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}: FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com: FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Creative Software Inc) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.03.28 10:58:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.22 15:22:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.21 20:33:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.03.28 10:58:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7F9CE3EE-80D7-4EEA-BF8E-DFD3A4E95509}: C:\Users\*****\AppData\Local\{7F9CE3EE-80D7-4EEA-BF8E-DFD3A4E95509} [2011.06.20 16:24:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2011.10.11 18:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions [2010.04.27 18:48:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.09.29 18:24:12 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.06.20 16:24:29 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} [2010.08.06 12:08:33 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.10.11 18:00:02 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2011.04.23 17:31:27 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\DTToolbar@toolbarnet.com [2011.04.09 22:15:30 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\engine@conduit.com [2011.09.22 14:47:18 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus WebGuard") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\toolbar@ask.com [2010.03.16 11:42:56 | 000,000,927 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\conduit.xml [2011.03.02 18:09:41 | 000,002,059 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\daemon-search.xml [2011.10.15 18:29:13 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-1.xml [2010.10.24 21:04:48 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-10.xml [2010.10.30 09:01:36 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-11.xml [2010.12.21 19:42:26 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-12.xml [2011.03.03 14:33:36 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-13.xml [2011.03.08 10:01:56 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-14.xml [2011.03.26 15:16:19 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-15.xml [2011.04.10 00:36:48 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-16.xml [2011.05.26 13:29:59 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-17.xml [2011.06.21 13:23:35 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-18.xml [2011.07.20 19:18:27 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-19.xml [2010.03.25 13:35:00 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-2.xml [2011.08.16 21:57:52 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-20.xml [2011.08.21 11:40:21 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-21.xml [2011.09.25 16:55:40 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-22.xml [2011.09.29 20:34:03 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-23.xml [2010.04.04 14:04:46 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-3.xml [2010.04.15 12:51:07 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-4.xml [2010.07.12 14:13:12 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-5.xml [2010.07.22 20:11:44 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-6.xml [2010.07.27 22:02:41 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-7.xml [2010.09.09 10:05:34 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-8.xml [2010.09.20 17:25:09 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-9.xml [2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin.xml [2011.06.20 16:24:23 | 000,002,501 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\SearchResults.xml [2010.10.20 14:04:07 | 000,003,915 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\sweetim.xml [2011.07.05 17:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.01.24 01:12:00 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.06.05 10:20:45 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.01.26 16:03:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.07 18:32:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.05 17:38:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2010.07.11 20:42:30 | 000,000,000 | ---D | M] (Real Desktop Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\realdesktop@realdesktop.com [2011.04.08 16:31:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2011.04.08 16:31:16 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SS35HOGG.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI () (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SS35HOGG.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2011.09.22 15:22:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2009.04.08 04:06:28 | 000,122,880 | ---- | M] (AB) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOP7PlugIn.dll [2010.04.25 19:59:24 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll [2011.09.22 15:22:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.22 15:22:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.22 15:22:01 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.22 15:22:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.18 10:24:50 | 000,002,772 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\RealDesktop.xml [2011.10.18 10:24:50 | 000,002,754 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\RealDesktop.xml.bak [2011.06.20 16:24:23 | 000,002,501 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml [2011.09.22 15:22:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.22 15:22:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Search Results (Enabled) CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=102&systemid=406&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\pdf.dll CHR - plugin: Google Gears (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java(TM) Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: NPOP7Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOP7PlugIn.dll CHR - plugin: Pando Web Installer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\\npGoogleOneClick8.dll CHR - plugin: Unity Player (Enabled) = C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Media Go Detector (Enabled) = c:\Program Files (x86)\Sony\Media Go\npmediago.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\Update\\%ProgramW6432%\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll File not found O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll (Bandoo Media, inc) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Real Desktop Toolbar) - {4C350B19-6CA1-4569-B14C-296D8D653009} - C:\Program Files (x86)\RealDesktop Toolbar\realdesktoptb.dll (RealDesktop) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found. O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Real Desktop Toolbar) - {4C350B19-6CA1-4569-B14C-296D8D653009} - C:\Program Files (x86)\RealDesktop Toolbar\realdesktoptb.dll (RealDesktop) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKCU..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8 - Extra context menu item: Free YouTube Download - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A615081A-DB1C-42C8-8B6A-0E4FEC46738B}: DhcpNameServer = O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\datamngr.dll) -C:\PROGRA~2\WI371A~1\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll) -C:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll (Bandoo Media, inc) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\IMG_0173.JPG O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\IMG_0173.JPG O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.11.25 16:17:40 | 000,000,000 | ---D | M] - E:\autorun -- [ CDFS ] O32 - AutoRun File - [2010.10.15 09:52:30 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2011.10.18 12:20:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2011.10.13 17:18:11 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.10.13 17:18:08 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.10.13 17:18:08 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.10.13 17:18:08 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2011.10.13 17:18:07 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2011.10.13 17:18:07 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011.10.13 17:18:07 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.10.13 17:18:07 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.10.13 17:18:07 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2011.10.13 17:18:07 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.10.13 17:18:07 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2011.10.13 17:18:07 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.10.13 17:18:06 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.10.13 17:18:06 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.10.13 17:18:06 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.10.13 17:18:06 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2011.10.13 17:18:06 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2011.10.13 17:18:06 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2011.10.13 17:18:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2011.10.13 17:18:06 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.10.13 17:18:06 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2011.10.13 17:18:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2011.10.13 17:18:06 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.10.13 17:18:06 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2011.10.13 17:18:05 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2011.10.13 17:18:05 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2011.10.13 17:18:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.10.13 17:18:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2011.10.13 17:18:05 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.10.13 17:17:01 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll [2011.10.13 17:17:00 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2011.10.13 17:17:00 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll [2011.10.13 17:17:00 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll [2011.10.13 17:17:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll [2011.10.13 17:17:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll [2011.10.13 17:16:48 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2011.10.13 17:16:48 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2011.10.13 17:16:48 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax [2011.10.13 17:16:48 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax [2011.10.13 17:16:48 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax [2011.10.13 17:16:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax [2011.10.13 17:16:48 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax [2011.10.13 17:16:48 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax [2011.10.08 10:31:48 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\.minecraft [2011.10.08 10:31:08 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Neuer Ordner [2011.10.07 22:39:47 | 000,000,000 | RHSD | C] -- C:\Users\*****\M-1-52-5782-8752-5245 [2011.09.20 17:34:26 | 000,000,000 | ---D | C] -- C:\Windows\pss ========== Files - Modified Within 30 Days ========== [2011.10.18 12:24:21 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.10.18 12:24:21 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.10.18 12:20:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2011.10.18 11:59:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.10.18 10:25:17 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.10.18 10:25:15 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2011.10.18 10:24:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.10.17 22:32:04 | 000,053,248 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.17 22:28:01 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0F185AB9-B531-44FD-B108-644E5495223C}.job [2011.10.16 10:35:11 | 000,334,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.10.13 19:21:19 | 001,460,240 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.10.13 19:21:19 | 000,632,718 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.10.13 19:21:19 | 000,599,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.10.13 19:21:19 | 000,130,244 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.10.13 19:21:19 | 000,106,884 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.10.13 18:02:10 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.10.01 01:25:22 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.10.01 01:23:56 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2011.10.01 01:21:52 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.10.01 01:21:49 | 000,710,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.10.01 01:21:20 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2011.10.01 01:21:00 | 001,538,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2011.10.01 01:20:40 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.10.01 01:20:40 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2011.10.01 01:20:39 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2011.10.01 01:20:38 | 000,252,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2011.10.01 01:20:38 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2011.10.01 01:06:08 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.10.01 01:04:42 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2011.10.01 01:02:38 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.10.01 01:02:06 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2011.10.01 01:01:51 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011.10.01 01:01:34 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.10.01 01:01:34 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2011.10.01 01:01:34 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2011.10.01 01:01:33 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2011.10.01 01:01:33 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2011.10.01 00:29:23 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2011.10.01 00:07:25 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2011.09.30 23:48:19 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2011.09.30 23:47:58 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2011.09.30 23:47:24 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2011.09.30 23:29:54 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2011.09.30 23:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe [2011.09.30 23:29:05 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe ========== Files Created - No Company Name ========== [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.01.26 17:48:21 | 000,000,680 | ---- | C] () -- C:\Users\*****\AppData\Local\d3d9caps.dat [2011.01.20 21:14:51 | 000,000,120 | ---- | C] () -- C:\Users\*****\AppData\Local\Mtano.dat [2011.01.20 21:14:51 | 000,000,000 | ---- | C] () -- C:\Users\*****\AppData\Local\Rdedokoxaxedako.bin [2011.01.07 18:09:40 | 000,001,078 | ---- | C] () -- C:\Windows\disney.ini [2011.01.07 18:09:38 | 000,000,175 | ---- | C] () -- C:\Windows\disneysy.ini [2010.12.05 15:48:32 | 000,028,160 | ---- | C] () -- C:\Windows\SysWow64\localuid.dll [2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2010.07.07 13:54:53 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.01.01 15:11:24 | 002,729,472 | ---- | C] () -- C:\Windows\SysWow64\fun_avcodec.dll [2009.11.20 19:14:15 | 000,078,241 | ---- | C] () -- C:\Windows\hpqins05.dat [2009.10.15 20:26:15 | 000,053,248 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.06 14:51:56 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.10.06 14:51:13 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2009.10.06 14:50:31 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.10.02 17:29:33 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2009.09.28 18:03:53 | 000,001,572 | ---- | C] () -- C:\Windows\Mobile Partner Manager.INI [2009.06.18 16:55:18 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll [2009.06.18 16:12:13 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2009.03.28 11:09:30 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat.temp [2009.03.28 10:53:37 | 000,187,912 | ---- | C] () -- C:\Windows\hpoins28.dat [2009.01.20 14:17:53 | 000,000,488 | ---- | C] () -- C:\Users\*****\AppData\Roaming\wklnhst.dat [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008.09.12 22:17:35 | 000,000,428 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2008.09.12 22:06:31 | 000,115,801 | ---- | C] () -- C:\Windows\hpqins13.dat [2008.09.12 21:54:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.09.12 21:49:58 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat [2008.09.12 21:44:13 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll [2008.09.12 21:44:13 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll [2008.07.01 06:02:41 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin < End of report > |
![]() | #11 |
/// Malware-holic ![]() ![]() ![]() ![]() ![]() ![]() | ![]() winsvc.exe hiho achtung! dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKCU\..\URLSearchHook: - No CLSID value found FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406" O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\Update\\%ProgramW6432%\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll File not found O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found O3 - HKLM\..\Toolbar: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found O4 - HKLM..\Run: [] File not found :Files :Commands [purity] [EMPTYFLASH] [resethosts] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
![]() |
Themen zu winsvc.exe |
compu, computer, fund, malware, tr/crypt.xpack.ge, tr/crypt.xpack.gen, virus, winsvc.exe |