Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virus ihavenet google suche

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.09.2012, 21:23   #1
Jenni105
 
Virus ihavenet google suche - Standard

Virus ihavenet google suche



Hallo, also ich habe seit heut morgen ein komisches Virus oder Trojaner auf meinem PC. Es nervt tierishc, denn immer wenn ich bei google etwas suche kommt die seite "ihavenet.de" und nicht die seite die ich öffnen wollte. habe schon cc cleaner aktiviert und avira. auch OTL ist durchgelauen, aber abgestürzt. ich brauche dringend hilfe...

grüße jenni

achso und außerdem kann ich den normalen sicherheitscenter von windows nicht mehr aktivieren, er hat sich von selbst abgestellt.

OTL hat es doch geschafft... hier das resultatOTL Logfile:
[CODE]OTL logfile created on: 09.09.2012 22:09:45 - Run 1
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\jenny\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,50% Memory free
4,21 Gb Paging File | 2,73 Gb Available in Paging File | 64,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,44 Gb Total Space | 53,72 Gb Free Space | 39,37% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,12 Gb Free Space | 51,23% Space Free | Partition Type: NTFS

Computer Name: JENNY-PC | User Name: jenny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\jenny\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
PRC - C:\Programme\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Windows\System32\bcmwlrmt.dll ()


========== Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (Creative Labs Licensing Service) -- C:\Programme\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2365318


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1108655388-1224657533-1322755027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=5081009
IE - HKU\S-1-5-21-1108655388-1224657533-1322755027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google./
IE - HKU\S-1-5-21-1108655388-1224657533-1322755027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1108655388-1224657533-1322755027-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1108655388-1224657533-1322755027-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1108655388-1224657533-1322755027-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-1108655388-1224657533-1322755027-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}
IE - HKU\S-1-5-21-1108655388-1224657533-1322755027-1000\..\SearchScopes\{21E738AA-DAD8-48E2-9DDD-F4357B7C7DC4}: "URL" = hxxp://start.funmoods.com/results.php?f=4&a=wbst&q={searchTerms}
IE - HKU\S-1-5-21-1108655388-1224657533-1322755027-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1108655388-1224657533-1322755027-1000\..\SearchScopes\{68C56AB2-C7DD-4144-A7D6-64BF7EEA377D}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-1108655388-1224657533-1322755027-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GGLL_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1108655388-1224657533-1322755027-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=E1gtlUGTO-lWbtUofGmL7W4Hh4Y?q={searchTerms}
IE - HKU\S-1-5-21-1108655388-1224657533-1322755027-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-1108655388-1224657533-1322755027-1000\..\SearchScopes\{9F921CD4-EA91-413E-9284-6A7E3D341137}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=fe5ad976-ab65-47c7-99a5-2c4c0d1e424c&apn_sauid=169BF6C0-B9F7-447B-BC7A-70D4E6230400
IE - HKU\S-1-5-21-1108655388-1224657533-1322755027-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2365318
IE - HKU\S-1-5-21-1108655388-1224657533-1322755027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: ffxtlbr@funmoods.com:1.5.0
FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.15.4.100015
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=fe5ad976-ab65-47c7-99a5-2c4c0d1e424c&apn_ptnrs=^ABT&apn_sauid=169BF6C0-B9F7-447B-BC7A-70D4E6230400&apn_dtid=^YYYYYY^YY^DE&&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.09 16:34:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.19 20:14:06 | 000,000,000 | ---D | M]

[2012.09.09 11:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jenny\AppData\Roaming\mozilla\Extensions
[2012.09.09 17:01:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jenny\AppData\Roaming\mozilla\Firefox\Profiles\k5ktxy68.default\extensions
[2010.06.03 09:36:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\jenny\AppData\Roaming\mozilla\Firefox\Profiles\k5ktxy68.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.09.09 11:25:41 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\jenny\AppData\Roaming\mozilla\Firefox\Profiles\k5ktxy68.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012.01.07 16:57:56 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\jenny\AppData\Roaming\mozilla\Firefox\Profiles\k5ktxy68.default\extensions\ffxtlbr@funmoods.com
[2012.09.09 17:04:53 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\jenny\AppData\Roaming\mozilla\Firefox\Profiles\k5ktxy68.default\extensions\toolbar@ask.com
[2012.09.09 17:04:54 | 000,002,413 | ---- | M] () -- C:\Users\jenny\AppData\Roaming\mozilla\firefox\profiles\k5ktxy68.default\searchplugins\askcom.xml
[2012.01.07 16:57:33 | 000,001,798 | ---- | M] () -- C:\Users\jenny\AppData\Roaming\mozilla\firefox\profiles\k5ktxy68.default\searchplugins\funmoods.xml
[2012.09.09 11:25:10 | 000,002,519 | ---- | M] () -- C:\Users\jenny\AppData\Roaming\mozilla\firefox\profiles\k5ktxy68.default\searchplugins\Search_Results.xml
[2012.09.09 16:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.06 03:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.19 18:27:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.09.06 03:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.09 11:25:10 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012.09.06 03:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: hxxp://www.searchnu.com/406
CHR - default_search_provider: Search Results ()
CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=394&systemid=406&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://www.searchnu.com/406
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Transparent = C:\Users\jenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\oegogboflfgdoajlmhilbamjblflfibj\1.0_0\

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {64577F6F-8A9D-413A-B4C8-D080D6AEAF88} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {64577F6F-8A9D-413A-B4C8-D080D6AEAF88} - No CLSID value found.
O3 - HKU\S-1-5-21-1108655388-1224657533-1322755027-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1108655388-1224657533-1322755027-1000\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1108655388-1224657533-1322755027-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-1108655388-1224657533-1322755027-1000..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1108655388-1224657533-1322755027-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1108655388-1224657533-1322755027-1000\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKU\S-1-5-21-1108655388-1224657533-1322755027-1000\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CE26FA0-3EA5-42E4-A1D6-151609EF9AF7}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9C2C6EC-7529-47AF-9161-9E320079D5B0}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\jenny\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\jenny\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5e3cba6d-1e29-11de-aebd-00219be24688}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe USER-SJA11M87SQ.vbs
O33 - MountPoints2\{7c3dbc84-c75f-11dd-8a7d-00219be24688}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.09.09 21:59:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.09.09 17:08:36 | 000,000,000 | ---D | C] -- C:\Users\jenny\AppData\Roaming\Avira
[2012.09.09 17:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.09.09 17:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.09.09 17:01:28 | 000,000,000 | ---D | C] -- C:\Users\jenny\AppData\Local\APN
[2012.09.09 17:01:20 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.09.09 17:01:19 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.09.09 17:01:19 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.09.09 17:01:19 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.09.09 17:01:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.09.09 17:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.09.09 16:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.09.09 16:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.09.09 16:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.09.09 11:25:32 | 000,000,000 | ---D | C] -- C:\Users\jenny\AppData\Local\Ilivid Player
[2012.09.07 12:16:05 | 000,000,000 | ---D | C] -- C:\Users\jenny\Deez_Nuts-Fuck_The_World-2012-pLAN9
[2012.08.26 20:28:17 | 000,000,000 | ---D | C] -- C:\Users\jenny\AppData\Roaming\Opera
[2012.08.26 20:28:17 | 000,000,000 | ---D | C] -- C:\Users\jenny\AppData\Local\Opera
[2012.08.26 20:27:28 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012.08.26 20:27:12 | 000,000,000 | R--D | C] -- C:\Users\jenny\Downloads
[2012.08.20 18:38:07 | 000,000,000 | ---D | C] -- C:\Users\jenny\103DICAM
[2012.08.20 17:51:56 | 000,000,000 | ---D | C] -- C:\Users\jenny\Documents\mutti bewerbung
[2012.08.16 12:25:54 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.08.16 12:25:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.16 12:25:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.08.16 12:25:52 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.08.16 12:25:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.16 12:25:50 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.08.16 12:25:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.08.16 12:25:16 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files - Modified Within 30 Days ==========

[2012.09.09 22:20:03 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.09 21:14:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.09 20:34:14 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.09 20:34:11 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.09 20:34:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.09 20:34:04 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\bdwxmat.job
[2012.09.09 20:33:49 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.09 17:02:30 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.09.09 16:47:21 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.09.09 16:34:38 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.09.09 15:45:02 | 000,644,284 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.09 15:45:02 | 000,610,842 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.09 15:45:02 | 000,133,660 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.09 15:45:02 | 000,110,684 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.09 15:39:09 | 000,027,915 | ---- | M] () -- C:\Users\jenny\Leittext stuhl.jpg
[2012.09.09 15:38:26 | 000,028,796 | ---- | M] () -- C:\Users\jenny\Leittext pippi.jpg
[2012.09.09 13:25:35 | 000,006,213 | ---- | M] () -- C:\Users\jenny\urin.jpg
[2012.09.09 13:16:58 | 000,030,631 | ---- | M] () -- C:\Users\jenny\400_F_21274437_uPeEsjwW8l7G8yiQvLJwWQYFQ5V12iwn.jpg
[2012.09.08 18:11:40 | 000,014,856 | ---- | M] () -- C:\Users\jenny\1347120700625.jpg
[2012.09.08 18:06:44 | 000,018,822 | ---- | M] () -- C:\Users\jenny\1347120405180.jpg
[2012.09.08 18:06:36 | 000,017,908 | ---- | M] () -- C:\Users\jenny\1347120397054.jpg
[2012.09.08 18:06:30 | 000,018,687 | ---- | M] () -- C:\Users\jenny\1347120391339.jpg
[2012.09.08 18:05:58 | 000,019,596 | ---- | M] () -- C:\Users\jenny\1347120359150.jpg
[2012.09.08 18:05:36 | 000,018,166 | ---- | M] () -- C:\Users\jenny\1347120337316.jpg
[2012.09.08 18:05:24 | 000,015,187 | ---- | M] () -- C:\Users\jenny\1347120324898.jpg
[2012.09.08 18:05:18 | 000,018,262 | ---- | M] () -- C:\Users\jenny\1347120318279.jpg
[2012.09.08 18:04:44 | 000,014,856 | ---- | M] () -- C:\Users\jenny\1347120284063.jpg
[2012.09.08 18:04:30 | 000,016,052 | ---- | M] () -- C:\Users\jenny\1347120270996.jpg
[2012.09.08 18:04:18 | 000,015,273 | ---- | M] () -- C:\Users\jenny\1347120258366.jpg
[2012.09.08 18:04:16 | 000,013,905 | ---- | M] () -- C:\Users\jenny\1347120255847.jpg
[2012.09.08 18:03:48 | 000,021,836 | ---- | M] () -- C:\Users\jenny\1347120229239.jpg
[2012.09.08 18:03:26 | 000,016,292 | ---- | M] () -- C:\Users\jenny\1347120207201.jpg
[2012.09.08 18:03:10 | 000,018,634 | ---- | M] () -- C:\Users\jenny\1347120190337.jpg
[2012.09.08 18:01:28 | 000,011,840 | ---- | M] () -- C:\Users\jenny\1347120089326.jpg
[2012.09.07 12:14:13 | 115,084,006 | ---- | M] () -- C:\Users\jenny\Deez_Nuts-Fuck_The_World-2012-pLAN9.rar
[2012.09.04 14:35:54 | 000,002,251 | ---- | M] () -- C:\Users\jenny\deutschlinie3a5.gif
[2012.09.04 14:29:30 | 000,034,059 | ---- | M] () -- C:\Users\jenny\eins5.gif
[2012.09.04 14:28:53 | 000,034,059 | ---- | M] () -- C:\Users\jenny\eins3.gif
[2012.09.04 14:28:47 | 000,034,059 | ---- | M] () -- C:\Users\jenny\eins.gif
[2012.09.04 14:12:22 | 000,122,880 | RHS- | M] () -- C:\Windows\System32\scesrv6.dll
[2012.09.03 13:10:11 | 000,049,271 | ---- | M] () -- C:\Users\jenny\malen_nach_Zahlen33.jpg
[2012.09.03 13:04:51 | 000,065,332 | ---- | M] () -- C:\Users\jenny\image374.jpg
[2012.09.03 13:03:54 | 000,429,960 | ---- | M] () -- C:\Users\jenny\malen-nach-Zahlen.jpg
[2012.09.03 13:03:49 | 000,485,085 | ---- | M] () -- C:\Users\jenny\rätsel1.jpg
[2012.09.01 16:34:04 | 000,059,026 | ---- | M] () -- C:\Users\jenny\JSwafing-Vicente-Dots-rot-weiss.jpg
[2012.09.01 16:28:25 | 000,111,845 | ---- | M] () -- C:\Users\jenny\Documents\JSwafing-Vicente-Dots-rot-weiss.jpg
[2012.09.01 16:27:54 | 000,078,294 | ---- | M] () -- C:\Users\jenny\Documents\fr_inke_rehlein_punkte_rot-349x349.jpg
[2012.09.01 16:27:42 | 000,016,741 | ---- | M] () -- C:\Users\jenny\Documents\Sgy4a6BfIrKU0ZdDuzyh7g.jpg
[2012.08.20 17:03:35 | 000,004,006 | ---- | M] () -- C:\Users\jenny\AppData\Roaming\wklnhst.dat
[2012.08.16 19:14:42 | 000,300,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012.09.09 17:02:30 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.09.09 16:47:21 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.09.09 16:34:38 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.09.09 16:34:38 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.09.09 15:39:08 | 000,027,915 | ---- | C] () -- C:\Users\jenny\Leittext stuhl.jpg
[2012.09.09 15:38:25 | 000,028,796 | ---- | C] () -- C:\Users\jenny\Leittext pippi.jpg
[2012.09.09 13:25:35 | 000,006,213 | ---- | C] () -- C:\Users\jenny\urin.jpg
[2012.09.09 13:16:58 | 000,030,631 | ---- | C] () -- C:\Users\jenny\400_F_21274437_uPeEsjwW8l7G8yiQvLJwWQYFQ5V12iwn.jpg
[2012.09.09 11:27:55 | 000,021,836 | ---- | C] () -- C:\Users\jenny\1347120229239.jpg
[2012.09.09 11:27:55 | 000,019,596 | ---- | C] () -- C:\Users\jenny\1347120359150.jpg
[2012.09.09 11:27:55 | 000,018,822 | ---- | C] () -- C:\Users\jenny\1347120405180.jpg
[2012.09.09 11:27:55 | 000,018,687 | ---- | C] () -- C:\Users\jenny\1347120391339.jpg
[2012.09.09 11:27:55 | 000,018,634 | ---- | C] () -- C:\Users\jenny\1347120190337.jpg
[2012.09.09 11:27:55 | 000,018,262 | ---- | C] () -- C:\Users\jenny\1347120318279.jpg
[2012.09.09 11:27:55 | 000,018,166 | ---- | C] () -- C:\Users\jenny\1347120337316.jpg
[2012.09.09 11:27:55 | 000,017,908 | ---- | C] () -- C:\Users\jenny\1347120397054.jpg
[2012.09.09 11:27:55 | 000,016,292 | ---- | C] () -- C:\Users\jenny\1347120207201.jpg
[2012.09.09 11:27:55 | 000,016,052 | ---- | C] () -- C:\Users\jenny\1347120270996.jpg
[2012.09.09 11:27:55 | 000,015,273 | ---- | C] () -- C:\Users\jenny\1347120258366.jpg
[2012.09.09 11:27:55 | 000,015,187 | ---- | C] () -- C:\Users\jenny\1347120324898.jpg
[2012.09.09 11:27:55 | 000,014,856 | ---- | C] () -- C:\Users\jenny\1347120700625.jpg
[2012.09.09 11:27:55 | 000,014,856 | ---- | C] () -- C:\Users\jenny\1347120284063.jpg
[2012.09.09 11:27:55 | 000,013,905 | ---- | C] () -- C:\Users\jenny\1347120255847.jpg
[2012.09.09 11:27:55 | 000,011,840 | ---- | C] () -- C:\Users\jenny\1347120089326.jpg
[2012.09.07 12:09:10 | 115,084,006 | ---- | C] () -- C:\Users\jenny\Deez_Nuts-Fuck_The_World-2012-pLAN9.rar
[2012.09.04 14:35:54 | 000,002,251 | ---- | C] () -- C:\Users\jenny\deutschlinie3a5.gif
[2012.09.04 14:29:30 | 000,034,059 | ---- | C] () -- C:\Users\jenny\eins5.gif
[2012.09.04 14:28:53 | 000,034,059 | ---- | C] () -- C:\Users\jenny\eins3.gif
[2012.09.04 14:28:35 | 000,034,059 | ---- | C] () -- C:\Users\jenny\eins.gif
[2012.09.04 14:12:23 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\bdwxmat.job
[2012.09.04 14:12:22 | 000,122,880 | RHS- | C] () -- C:\Windows\System32\scesrv6.dll
[2012.09.03 13:10:11 | 000,049,271 | ---- | C] () -- C:\Users\jenny\malen_nach_Zahlen33.jpg
[2012.09.03 13:04:48 | 000,065,332 | ---- | C] () -- C:\Users\jenny\image374.jpg
[2012.09.03 13:03:53 | 000,429,960 | ---- | C] () -- C:\Users\jenny\malen-nach-Zahlen.jpg
[2012.09.03 13:03:45 | 000,485,085 | ---- | C] () -- C:\Users\jenny\rätsel1.jpg
[2012.09.01 16:30:34 | 000,059,026 | ---- | C] () -- C:\Users\jenny\JSwafing-Vicente-Dots-rot-weiss.jpg
[2012.09.01 16:28:25 | 000,111,845 | ---- | C] () -- C:\Users\jenny\Documents\JSwafing-Vicente-Dots-rot-weiss.jpg
[2012.09.01 16:27:54 | 000,078,294 | ---- | C] () -- C:\Users\jenny\Documents\fr_inke_rehlein_punkte_rot-349x349.jpg
[2012.09.01 16:27:42 | 000,016,741 | ---- | C] () -- C:\Users\jenny\Documents\Sgy4a6BfIrKU0ZdDuzyh7g.jpg
[2012.08.01 14:44:52 | 060,869,579 | ---- | C] () -- C:\Users\jenny\Slender_v0_9_5.zip
[2012.06.03 20:06:16 | 000,933,888 | ---- | C] () -- C:\Users\jenny\900 jahre ahlum.MSWMM
[2012.06.03 19:29:48 | 000,000,919 | ---- | C] () -- C:\Users\jenny\Freemium TubeBox.lnk
[2011.12.31 17:29:27 | 000,000,552 | ---- | C] () -- C:\Users\jenny\AppData\Local\d3d8caps.dat
[2011.12.14 20:09:03 | 000,073,951 | ---- | C] () -- C:\Users\jenny\HerzinfaktundSchlaganfallerkennen.pdf
[2011.11.26 18:10:59 | 000,071,680 | ---- | C] () -- C:\Users\jenny\AppData\Roaming\chrtmp
[2011.10.13 18:00:18 | 004,806,303 | -H-- | C] () -- C:\Users\jenny\Cache.mxc3
[2010.02.18 12:22:04 | 000,000,104 | ---- | C] () -- C:\Users\jenny\Spiele.lnk
[2009.03.02 21:21:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.11.05 11:50:36 | 000,006,648 | ---- | C] () -- C:\Users\jenny\AppData\Local\d3d9caps.dat
[2008.10.16 13:38:25 | 000,004,006 | ---- | C] () -- C:\Users\jenny\AppData\Roaming\wklnhst.dat
[2008.10.14 13:26:59 | 000,000,761 | ---- | C] () -- C:\Users\jenny\Meine freigegebenen Ordner.lnk
[2008.10.14 11:58:46 | 000,097,792 | ---- | C] () -- C:\Users\jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012.06.03 19:30:24 | 000,000,000 | ---D | M] -- C:\Users\jenny\AppData\Roaming\Freemium
[2011.11.24 18:31:12 | 000,000,000 | ---D | M] -- C:\Users\jenny\AppData\Roaming\Jens Lorek
[2012.08.26 20:28:17 | 000,000,000 | ---D | M] -- C:\Users\jenny\AppData\Roaming\Opera
[2010.06.06 22:35:27 | 000,000,000 | ---D | M] -- C:\Users\jenny\AppData\Roaming\PC Suite
[2011.03.07 22:17:49 | 000,000,000 | ---D | M] -- C:\Users\jenny\AppData\Roaming\PCDr
[2008.10.16 13:38:40 | 000,000,000 | ---D | M] -- C:\Users\jenny\AppData\Roaming\Template
[2010.06.05 16:32:29 | 000,000,000 | ---D | M] -- C:\Users\jenny\AppData\Roaming\Zylom
[2012.09.09 20:34:04 | 000,000,300 | ---- | M] () -- C:\Windows\Tasks\bdwxmat.job
[2012.09.09 19:18:04 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

und teil 2OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 09.09.2012 22:09:45 - Run 1
OTL by OldTimer - Version 3.2.61.3     Folder = C:\Users\jenny\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,50% Memory free
4,21 Gb Paging File | 2,73 Gb Available in Paging File | 64,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,44 Gb Total Space | 53,72 Gb Free Space | 39,37% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,12 Gb Free Space | 51,23% Space Free | Partition Type: NTFS
 
Computer Name: JENNY-PC | User Name: jenny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1108655388-1224657533-1322755027-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AD02ED9-386C-46BA-8D66-7B05A219994F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{0B561A7E-0E36-4044-A965-428E4459EE9B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1540E78F-18F9-460C-A3B2-FB7BF01F10B5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{204F33F6-7D91-4253-978C-10AF2E403AEA}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{29955A70-8007-43B6-8A82-409207BAF167}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{405E4725-3F4F-4E53-91E2-EE590615B166}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{409616F3-09E2-41CA-98FE-A61C47A505BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4518E9B3-3736-43B8-8AF8-B9F5B9B7A12D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4791A88E-66AE-4DB8-9955-36A6FF6DFE83}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4D20CA3C-141A-4AEF-A8EC-34EAF5D7000C}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4ED8A2EC-B1E8-4D8B-B8E2-FF44A208757D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{55AFF4EB-5A6A-45E0-98A0-CC7B0CEFC978}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5E207566-EF2D-4A75-AD02-0885603F1B4E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6D60238E-0A1E-44AF-90D6-FF7FF34A7094}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{872EE746-DE74-4469-9D99-5E6B2260A604}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{87399DB8-56F6-4A97-86EC-02A50ABE180E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{87C9DE24-2144-4B5B-9E5F-7286C8272029}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{8EC42C9A-9AAD-4557-901E-02B3ABCE1250}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{931D229F-DC74-4CB3-ABA7-284DB8672348}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{96E60396-68EC-4B4D-B99F-D7ADCDE6FAE3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{9A45EB2F-BED9-4671-A00D-D0967B991B1C}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9E8AD805-575B-4921-BD5C-60244E2F84C0}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{9F193AB4-BAA6-45CC-82EA-4236D47F28A6}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A1764660-E431-4D43-A235-169831844AD3}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{AB35F5DF-59B4-429F-8E51-31A736E7F8D2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AB9965DF-B5AC-4C03-8BC1-F7F3AFC250F2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B23DE9CD-0D92-49B5-99D0-C8902F90BD15}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{BDD83667-9BCF-416E-A7FC-2F492F495213}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{C4A5D223-FE01-4D96-9C4F-2B8F7AFD3CD3}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C56F0B07-A9A5-432A-858E-E649CF8742EE}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{C93040B8-D637-4004-B3D4-7B89A34ECFC9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CB3D3AD6-B689-47ED-AD2B-883A02D3B9C5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DAB26F86-7BC8-4F4A-A16B-F20F2C0995C3}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E085B669-0178-4324-8489-971BD540A1C1}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | 
"{E0A81518-1918-4692-97AE-4CB7704F4705}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E75F73BF-A32F-45C9-A7C5-C157EBD4D9E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E8513260-6CF4-4D8A-931A-082AD8C67459}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{EB70408D-E6E5-42BC-BEA0-80473CD1D445}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FAF5BF4D-3E3D-407F-9AFE-F4DC80BB74D4}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BC60C01-07F3-4778-83AD-A3831ADC0275}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{1F63AD5F-879C-4DE9-856D-B434A658A3B3}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe | 
"{22190781-24C5-4C13-8547-104234A4A1D8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2AA95B10-7BB5-4DE1-941F-37815E1C0B72}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2DA0CA78-AC67-4E59-80AA-BACFE1B6386E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{35281561-A8D5-4FBE-88DD-4A7E30B840AF}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{355F7DE2-8F50-45C1-A497-3035B7EB3D94}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{36303A8F-CE9A-4EE7-8579-7283F0CE8F12}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{363DAF5D-EA5F-4568-A7DE-72A0919907D1}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | 
"{38D90582-ECC2-4771-8F37-B5E69E448C93}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3910F5AB-6955-4F21-9A6B-38578C28FB7F}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{3AF57163-2992-4699-814A-033940AE1DDA}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{3B21BCC2-87B2-44BB-95F1-D9B07D81CC0D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3DF126BC-6C91-4BD4-8AD0-596B2B55E7FE}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{458077E0-476B-4F82-A8DC-5F3A3AFAADB9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{63EB9D07-5922-431C-A860-73E33C18CB1E}" = protocol=6 | dir=out | app=system | 
"{651491AA-8F88-4E18-9B13-B262854B9DD9}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{756320A0-F2D7-4E9A-A775-AF1AFE70BB93}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7F0367A4-B050-4324-849A-78BA4815E938}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{877CAF75-7CE9-4198-B2E7-1EC8C5C44066}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8819B519-5D47-4577-9749-B9F78B2AF93B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{88C46F81-EFB3-47BE-8729-1C63C3AA8310}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8EAFEBD8-1B68-4BB3-B4BC-D777FA3CDFEC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{916FC4DB-F1AB-4001-ACF7-50E0650F93BB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9344C52F-0E42-47D4-A53C-0ADB2E160A5C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{9521B23D-3241-4712-9D1E-13C1A225A24E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{975E9EC1-A0FB-44F5-AD14-8E6E93F1F197}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | 
"{9B470743-E15D-4656-B617-F6C37226E5B9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{9FA54CB8-DB98-45DA-AD18-DED426D505D1}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A1C9D940-3227-4D2F-9B9F-033B734D498D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A29275E3-CCC9-4414-8DC5-F307C585408E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{AB72A6F3-D439-45D4-B4A7-927B0AED9FC2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AF4F83EF-B1C3-49F9-B7CB-AE2FD8E4C1D2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B21282EF-90C0-4E4F-A236-FC9D187E3483}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B30EC202-B270-4108-96D2-5A96976F8EBE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BA4E083D-2A06-4020-92C3-10609F0F4859}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C15E7F11-5BF9-4590-BF92-0F0D73679631}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C362D2BD-49C3-49E0-A7FE-1868C1D6F3FA}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | 
"{C7F1E41C-3D93-41F0-8A95-0E6D836C04A6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C9918112-DC60-4935-8F27-4FC1278AC05A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CC135232-7C2A-4E4F-BC09-A1632370BD53}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DAA36DCD-3EC0-4F07-8A76-EA6D6B53F086}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{DD9EBBDA-7662-4BD1-ABD7-8E279781D79D}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DF1744D8-F6E4-4A8E-B91A-D61A993C8F90}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E2EF52AB-6E24-4CAD-93A6-8C9E417B49A7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EAFDD1A7-EB8C-48C4-8E3A-507EE418F219}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F01802B7-96FC-451F-ACD9-BFFA395A69E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F35827AA-20B4-4E1D-90E0-80981648457F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F5686009-31BF-4848-BF70-0EF542F22781}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F814F624-AE26-453F-9085-32221F80AE3B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FFB7BD50-CF3B-41E9-84DD-25A939FA949C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{26F98CD9-307F-47E1-AE56-3795BFF7F6B5}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{77135CF6-2F02-4940-9C00-5B16C942D33A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{77EDFB7E-7427-4943-9D5B-DF829C631738}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{9B7536BE-2184-4B9E-8947-3B039317A470}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{9F4A909A-B8D6-467A-B6D9-19AB3C7169BF}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{D45A16DA-1244-4C82-B450-A6C9B6E2C52A}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{FB661C1C-7228-4BA0-982A-BE67D32A4424}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{110E327D-1F14-49C6-8E78-4D0864C6BF34}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{1E3C62B7-2408-4325-997F-DE308A423C3F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{242C8322-73E1-486B-BEF2-2778D9E6CCC0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{74349BAA-0FE3-4B68-8EDF-2A64F4DE1778}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{78900129-DD04-48CD-A324-E57B5DDB0AD5}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{8D2D085B-0E50-4719-A6F9-8099A5A5C822}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{9CF43CFB-859A-47FA-816D-6E46D794638C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}" = Windows Live Family Safety
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_EXCEL_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_POWERPOINT_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_WORD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_EXCEL_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_POWERPOINT_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_WORD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_POWERPOINT_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_POWERPOINT_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_EXCEL_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_POWERPOINT_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_WORD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{3CB0380B-0413-4C44-A63B-DCD6369EAF4E}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_EXCEL_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_POWERPOINT_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_WORD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F3BD8E81-C020-44F9-B014-1E0214D23556}" = SA30xx Media Converter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"{FE6E1AF6-6B88-44FE-8101-84AE6A52B393}" = Windows Live Movie Maker-Betaversion
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11b Network Adapter" = Dienstprogramm für Dell Wireless WLAN Karte
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"EXCEL" = Microsoft Office Excel 2007
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"POWERPOINT" = Microsoft Office PowerPoint 2007
"VISPRO" = Microsoft Office Visio Professional 2007
"Windows Mobile Device Handbook" = Windows Mobile®-Gerätehandbuch
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WORD" = Microsoft Office Word 2007
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1108655388-1224657533-1322755027-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.09.2012 12:08:38 | Computer Name = jenny-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 09.09.2012 12:08:38 | Computer Name = jenny-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 09.09.2012 12:08:38 | Computer Name = jenny-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 09.09.2012 12:08:38 | Computer Name = jenny-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 09.09.2012 12:08:38 | Computer Name = jenny-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 09.09.2012 12:08:38 | Computer Name = jenny-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 09.09.2012 12:08:39 | Computer Name = jenny-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 09.09.2012 12:08:39 | Computer Name = jenny-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 09.09.2012 13:17:48 | Computer Name = jenny-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 09.09.2012 14:34:35 | Computer Name = jenny-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 27.11.2008 12:00:14 | Computer Name = jenny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 10, Application Name: Microsoft Office Visio, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 45
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 26.02.2011 14:59:25 | Computer Name = jenny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12572
 seconds with 2520 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2011 14:40:41 | Computer Name = jenny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2011 14:40:43 | Computer Name = jenny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 22.07.2011 12:57:02 | Computer Name = jenny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.10.2011 06:26:18 | Computer Name = jenny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 741
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 23.11.2011 16:27:07 | Computer Name = jenny-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 48
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 09.09.2012 06:04:37 | Computer Name = jenny-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 09.09.2012 09:37:17 | Computer Name = jenny-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 09.09.2012 09:40:49 | Computer Name = jenny-PC | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 09.09.2012 09:54:03 | Computer Name = jenny-PC | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 09.09.2012 09:54:04 | Computer Name = jenny-PC | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 09.09.2012 09:56:26 | Computer Name = jenny-PC | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 09.09.2012 11:33:42 | Computer Name = jenny-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 09.09.2012 12:06:06 | Computer Name = jenny-PC | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 09.09.2012 13:05:08 | Computer Name = jenny-PC | Source = WMPNetworkSvc | ID = 866333
Description = 
 
Error - 09.09.2012 14:34:35 | Computer Name = jenny-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---

--- --- ---

Alt 10.09.2012, 10:58   #2
markusg
/// Malware-holic
 
Virus ihavenet google suche - Standard

Virus ihavenet google suche



hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
[2012.09.09 20:34:04 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\bdwxmat.job
[2012.09.04 14:12:22 | 000,122,880 | RHS- | M] () -- C:\Windows\System32\scesrv6.dll
 :Files
:Commands
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
downloade get info:
File-Upload.net - GetInfo.exe
doppelklicke die .exe
im selben ordner wird nun eine .txt erstellt:
summary-info.txt
diese doppelklicken und deren inhalt posten.
__________________

__________________

Antwort

Themen zu Virus ihavenet google suche
abges, aktiviert, avira searchfree toolbar, brauche, cc cleaner, cleaner, dringend, freemium, google, google earth, heulen, ihavenet, ihavenet.com google suche, install.exe, intranet, komisches, morgen, nervt, office 2007, plug-in, seite, sttray.exe, suche, troja, trojaner, virus, wrapper, wscript.exe, öffnen




Ähnliche Themen: Virus ihavenet google suche


  1. Virus (vermutlich am Router) welcher Google-Bilder Suche behindert.
    Plagegeister aller Art und deren Bekämpfung - 29.08.2014 (4)
  2. Windows7: Windows-Sicherheitscenterdienst kann nicht gestartet werden und Google-Suche wurde zu ihavenet umgeleitet
    Log-Analyse und Auswertung - 06.02.2014 (21)
  3. von google-suche zu ihavenet.com oder anderen Werbeseiten
    Plagegeister aller Art und deren Bekämpfung - 14.11.2013 (28)
  4. Google Suche funktioniert nicht werde andauernd auf Ihavenet.com weitergeleitet!
    Plagegeister aller Art und deren Bekämpfung - 22.10.2013 (3)
  5. google-Suche öffnet "ihavenet"-Seiten
    Plagegeister aller Art und deren Bekämpfung - 16.10.2013 (7)
  6. Suche Hilfe beim ihavenet-Trojaner
    Log-Analyse und Auswertung - 06.10.2013 (7)
  7. Trojaner - Umleitung bei Google-Suche (ihavenet)
    Log-Analyse und Auswertung - 30.09.2013 (30)
  8. ihavenet.com in der Google Suche... wie bekomme ich das weg?
    Plagegeister aller Art und deren Bekämpfung - 07.09.2013 (15)
  9. Weiterleitung nach google suche zu ihavenet.com
    Log-Analyse und Auswertung - 08.05.2013 (9)
  10. Redirect Virus - Lande auf MyFilestore.com bei google Suche
    Log-Analyse und Auswertung - 26.04.2013 (15)
  11. Ihavenet eingefangen, google-Suche leitet den PC um :-(
    Plagegeister aller Art und deren Bekämpfung - 10.04.2013 (11)
  12. Ihavenet.com Trojaner/Virus mit Umleitung von google-Suchanfragen - Verzweiflung
    Plagegeister aller Art und deren Bekämpfung - 21.03.2013 (15)
  13. "ihavenet-Problem" bei Google-Suche im Mozilla Firefox unter Windows Vista 32bit
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (18)
  14. Google Suche Umleitungen Virus??
    Plagegeister aller Art und deren Bekämpfung - 29.10.2012 (17)
  15. virus-seite? google suche wird zu einem werbe paradies...
    Plagegeister aller Art und deren Bekämpfung - 24.07.2011 (32)
  16. ,,Google Virus" Problem bei google suche und PC extrem langsam
    Log-Analyse und Auswertung - 20.10.2010 (17)
  17. Google Suche Virus
    Log-Analyse und Auswertung - 13.12.2008 (1)

Zum Thema Virus ihavenet google suche - Hallo, also ich habe seit heut morgen ein komisches Virus oder Trojaner auf meinem PC. Es nervt tierishc, denn immer wenn ich bei google etwas suche kommt die seite "ihavenet.de" - Virus ihavenet google suche...
Archiv
Du betrachtest: Virus ihavenet google suche auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.