|
Plagegeister aller Art und deren Bekämpfung: Suchanfrgen werden zu Ad-seiten umgeleitetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
26.03.2010, 14:19 | #1 |
| Suchanfrgen werden zu Ad-seiten umgeleitet Hallo, schon etwas länger habe ich das "Problem" das Suchanfragen in der Adresszeile nicht mehr per Google bearbeitet werden. Zuerst war es eine T-Online Seite die angezeigt wurde, ok dachte ich der Provider hat wohl was an DNS oder so geändert und will wohl Geld dadurch verdienen. (Kann ja nieee mals ein Virus sein oder so, ich doch nicht) Seit neusten wird auf h**p://allpurposeresults.com/error.php?q=test umgeleitet, wobei "test" die Suchanfrage ist. zusätzlich kam zufällig Werbung "Powered by LoudMo", klassisches Anzeichen von AdWare, also schnell mit Malwarebytes alles gescannt, gut das es eine Log-Sammlung gibt: Code:
ATTFilter Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3915 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 26.03.2010 12:26:53 mbam-log-2010-03-26 (12-26-53).txt Scan-Methode: Vollständiger Scan (C:\|D:\|Q:\|) Durchsuchte Objekte: 540174 Laufzeit: 3 hour(s), 19 minute(s), 16 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 6 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 8 Infizierte Dateien: 46 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fzb01g8ec-z (Adware.AdRotator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\flv direct player (Adware.BHO.FL) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Rapid AntiVirus (Rogue.RapidAntiVirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e5e75b7e-410d-9ac4-8c78-89ebbd49c2ba} (Adware.AdRotator) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e5e75b7e-410d-9ac4-8c78-89ebbd49c2ba} (Adware.AdRotator) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\Program Files\FLV Direct Player (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Button (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\ComboBox (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Menu (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Window (Adware.BHO.FL) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Users\Jens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0DH695R\setup[1].exe (Adware.BHO) -> Quarantined and deleted successfully. C:\Windows\System32\Fzb01g8EC-Z.exe (Adware.AdRotator) -> Quarantined and deleted successfully. D:\Downloads\Neuer Ordner (2)\FLVDirect.exe (Adware.MediaPass) -> Quarantined and deleted successfully. D:\Program Files\Wireshark\uninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully. D:\xampp\Uninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\downloading.swf (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\dskinliteu.dll (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\FLVPlayer.exe (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\player.dat (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\preload.swf (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\uninstall.exe (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin.xml (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Button\button_default.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Button\button_disable.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Button\button_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Button\button_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Button\button_normal.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonDown.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonHot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonNor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\ComboBox\edit_back.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Menu\menubg.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_arrow.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_check.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Menu\menuitem_select.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_seperator.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Window\BottomBorder.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Window\downarrow.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Window\LeftBorder.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Window\Logo.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Window\main.ico (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Window\RightBorder.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Window\TitlePattern.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully. C:\Windows\System32\HPFL15C1Wv_2.dll (Adware.AdRotator) -> Quarantined and deleted successfully. Die plötzlichen Ads von "LoudMo" sind jetzt weg, allerdings ist immer noch die Suchumleitung nach "allpurposeresults.com" vorhanden. Dann bin ich die allgemeine Liste durchgegangen, habe den CCleaner benutzt, einige Altlasten entfernt, allerdings alles noch unverändert. Neustart durchgeführt und RSIT gestartet, jedoch nur eine Fehlermeldung erhalten: Code:
ATTFilter Line -1: Error Subscript used with non-Array variable Da ich erst unabhängi von diesem Forum auf der Suche war entspricht die Reihenfolge nicht ganz der Anleitung. Über weitere Vorgehensweisen würde ich mich freuen. |
26.03.2010, 14:32 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Suchanfrgen werden zu Ad-seiten umgeleitet Hallo und
__________________RSIT solltest Du mal im Kompatibilitätsmodus ausführen (Rechtsklick auf RSIT.exe, Reiter Kompatibilität) => Windows XP einstellen und ausführen Alternative zu RSIT => Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
26.03.2010, 15:09 | #3 |
| Suchanfrgen werden zu Ad-seiten umgeleitet Hier die OTL-Logs:
__________________Code:
ATTFilter OTL logfile created on: 26.03.2010 14:41:30 - Run 1 OTL by OldTimer - Version 3.1.37.3 Folder = D:\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 36,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 33,66 Gb Total Space | 1,98 Gb Free Space | 5,87% Space Free | Partition Type: NTFS Drive D: | 78,12 Gb Total Space | 11,48 Gb Free Space | 14,69% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ***-NOTEBOOK Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - Q:\140062.deu\Office14\ONENOTEM.EXE File not found PRC - D:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox 3\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Essentials\MpCmdRun.exe (Microsoft Corporation) PRC - D:\Downloads\Miranda\Miranda IM\miranda32.exe ( ) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE () PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Programme\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net) PRC - C:\Programme\ThinkVantage Fingerprint Software\upeksrvc.exe (UPEK Inc.) PRC - C:\Programme\ThinkVantage Fingerprint Software\upeksvr.exe (UPEK Inc.) PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Programme\COMODO\Firewall\cfp.exe () PRC - C:\Programme\COMODO\Firewall\cmdagent.exe () PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - d:\xampp\mysql\bin\mysqld.exe () PRC - D:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - d:\xampp\apache\bin\httpd.exe (Apache Software Foundation) PRC - D:\xampp\apache\bin\httpd.exe (Apache Software Foundation) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - D:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe (SIEMENS AG) PRC - D:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe (SIEMENS AG) PRC - D:\Program Files\Common Files\Siemens\S7UBTOOX\S7ubtoox.exe (SIEMENS AG) PRC - D:\Program Files\Common Files\Siemens\S7UBTOOX\S7ubTstx.exe (SIEMENS AG) PRC - D:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe (SIEMENS AG) PRC - D:\Program Files\Common Files\Siemens\SWS\almsrv\almsrvx.exe (SIEMENS AG) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Compal\Smart Battery\SMBTray.exe (Compal Electronics, Inc.) PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - D:\Program Files\Common Files\Siemens\SQLANY\dbsrv9.exe (iAnywhere Solutions, Inc.) PRC - C:\Windows\vsnp2uvc.exe (Sonix) PRC - D:\Program Files\National Instruments\Shared\Security\nidmsrv.exe (National Instruments, Inc.) PRC - C:\Windows\System32\lktsrv.exe (National Instruments, Inc.) PRC - C:\Windows\System32\lkads.exe (National Instruments, Inc.) PRC - C:\Windows\System32\lkcitdl.exe (National Instruments, Inc.) PRC - C:\Windows\System32\nisvcloc.exe (National Instruments Corp.) ========== Modules (SafeList) ========== MOD - D:\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\guard32.dll () MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (jhguv) -- File not found SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (cvhsvc) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (UpekSrvc) -- C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe (UPEK Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (cmdAgent) -- C:\Program Files\COMODO\Firewall\cmdagent.exe () SRV - (mysql) -- d:\xampp\mysql\bin\mysqld.exe () SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (Apache2.2) -- d:\xampp\apache\bin\httpd.exe (Apache Software Foundation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (XAMPP) -- D:\xampp\service.exe () SRV - (s7oiehsx) -- D:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe (SIEMENS AG) SRV - (IGDCTRL) -- D:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (S7TraceServiceX) -- C:\Programme\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe (SIEMENS AG) SRV - (s7asysvx) -- D:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe (SIEMENS AG) SRV - (almservice) -- D:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe (SIEMENS AG) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (NIDomainService) -- D:\Program Files\National Instruments\Shared\Security\nidmsrv.exe (National Instruments, Inc.) SRV - (lkTimeSync) -- C:\Windows\System32\lktsrv.exe (National Instruments, Inc.) SRV - (lkClassAds) -- C:\Windows\System32\lkads.exe (National Instruments, Inc.) SRV - (NILM License Manager) -- D:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation) SRV - (LkCitadelServer) -- C:\Windows\System32\lkcitdl.exe (National Instruments, Inc.) SRV - (niSvcLoc) -- C:\Windows\System32\nisvcloc.exe (National Instruments Corp.) SRV - (OpcEnum) -- C:\Windows\System32\OPCENUM.EXE () ========== Driver Services (SafeList) ========== DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (sftvol) -- C:\Programme\Microsoft Application Virtualization Client\drivers\SftVollh.sys (Microsoft Corporation) DRV - (sftplay) -- C:\Programme\Microsoft Application Virtualization Client\drivers\sftplaylh.sys (Microsoft Corporation) DRV - (sftfs) -- C:\Programme\Microsoft Application Virtualization Client\drivers\SftFSlh.sys (Microsoft Corporation) DRV - (WinDriver6) -- C:\Windows\System32\drivers\windrvr6.sys (Jungo) DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc) DRV - (PnkBstrK) -- C:\Windows\System32\drivers\PnkBstrK.sys () DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdguard.sys (COMODO) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.) DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO) DRV - (Inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH) DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (SNTIE) SIMATIC Industrial Ethernet (ISO) -- C:\Windows\System32\drivers\SNTIE.SYS (SIEMENS AG) DRV - (s7snsrtx) -- C:\Windows\System32\drivers\s7snsrtx.sys (SIEMENS AG) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (CamFilter) -- C:\Windows\System32\drivers\Camfilter.sys (Compal Inc.) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (EMSC) -- C:\Windows\system32\DRIVERS\EMSC.SYS (Windows (R) Codename Longhorn DDK provider) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (cvintdrv) -- C:\Windows\System32\drivers\cvintdrv.sys () DRV - (dfmirage) -- C:\Windows\System32\drivers\dfmirage.sys (DemoForge, LLC) DRV - (TVicPort) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan) DRV - (Hardlock) -- C:\Windows\System32\drivers\hardlock.sys (Aladdin Knowledge Systems) DRV - (fwkbd) -- C:\Windows\System32\drivers\FwKbd.sys () DRV - (dpmcslv) -- C:\Windows\System32\drivers\dpmcslv.sys (Siemens AG) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE 58 7E FE 29 C2 CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6 FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19 FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2 FF - prefs.js..extensions.enabledItems: check4change-owner@mozdev.org:1.7 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:3.1.2 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3 FF - prefs.js..extensions.enabledItems: firecookie@janodvarko.cz:1.0.2 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.22 FF - prefs.js..extensions.enabledItems: {f13b157f-b174-47e7-a34d-4815ddfdfeb8}:0.9.87.4 FF - prefs.js..extensions.enabledItems: pencil@evolus.vn:1.0.6 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.2 FF - prefs.js..extensions.enabledItems: pixelperfectplugin@openhouseconcepts.com:1.5.6 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2 FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.6 FF - prefs.js..extensions.enabledItems: {1d8e98fb-53c3-47a8-9fb9-1b51bbf3890d}:1.2 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2 FF - prefs.js..extensions.enabledItems: {f8316a1e-0745-5b69-6437-bbcc0d88bfaa}:4.6.6.4 FF - prefs.js..network.proxy.backup.ftp: "yolno.infp" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.gopher: "yolno.infp" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "yolno.infp" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "yolno.infp" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "74.222.8.26" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.gopher: "74.222.8.26" FF - prefs.js..network.proxy.gopher_port: 3128 FF - prefs.js..network.proxy.http: "74.222.8.26" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "74.222.8.26" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "74.222.8.26" FF - prefs.js..network.proxy.ssl_port: 3128 FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.02.26 19:49:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox 3\components [2010.03.24 16:37:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3\plugins [2010.03.24 16:37:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.02.26 19:49:32 | 000,000,000 | ---D | M] [2008.06.18 07:57:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.03.26 07:15:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions [2009.08.20 21:25:04 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2010.01.27 19:58:15 | 000,000,000 | ---D | M] (FetchMP3 Video to Audio Converter) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{1d8e98fb-53c3-47a8-9fb9-1b51bbf3890d} [2009.09.15 21:24:10 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42} [2010.02.11 21:51:31 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947} [2009.04.21 21:01:15 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe} [2010.03.21 15:37:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.01.08 15:03:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.08.29 09:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{E2082660-5330-49e6-BD84-9978CE15BA72} [2009.10.20 11:43:33 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8} [2009.08.21 16:40:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\avg@script.1 [2010.02.18 22:15:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\check4change-owner@mozdev.org [2010.02.13 11:28:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\de-DE@dictionaries.addons.mozilla.org [2009.07.01 19:36:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\elemhidehelper@adblockplus.org [2008.05.04 18:05:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\en-GB@dictionaries.addons.mozilla.org [2010.03.14 23:41:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\firebug@software.joehewitt.com [2010.01.13 22:34:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\firecookie@janodvarko.cz [2009.12.13 00:15:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\pencil@evolus.vn [2010.03.18 21:54:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\personas@christopher.beard [2010.02.08 19:52:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\pixelperfectplugin@openhouseconcepts.com [2010.01.27 16:06:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\smarterwiki@wikiatic.com [2009.05.09 08:07:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\sqlime@security.compass [2009.05.28 15:19:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\xssme@security.compass [2010.03.14 23:41:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\youtube2mp3@mondayx.de O1 HOSTS File: ([2010.01.24 18:09:46 | 000,000,901 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 pro_001.mirrow.loc O1 - Hosts: 192.168.2.103 root.loc O1 - Hosts: 192.168.2.103 live.loc O1 - Hosts: 192.168.2.103 phpBB.loc O1 - Hosts: 192.168.2.103 pma.loc O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (Zend Studio) - {95188727-288F-4581-A48D-EAB3BD027314} - D:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [COMODO Firewall Pro] C:\Program Files\COMODO\Firewall\cfp.exe () O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\Firewall\cfp.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [NokiaMusic FastStart] D:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [S7UB Start] D:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe (SIEMENS AG) O4 - HKLM..\Run: [SMBTray] C:\Programme\Compal\Smart Battery\SMBTray.exe (Compal Electronics, Inc.) O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -Mozilla\5.0 ( File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Zend Studio - Debug current page - D:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll () O8 - Extra context menu item: Zend Studio - Debug next page - D:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll () O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\psfus: DllName - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1c4ac2f5-fa73-11dc-9241-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1c4ac2f5-fa73-11dc-9241-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found O33 - MountPoints2\{70a5fedc-8029-11dd-941f-001b3868aa49}\Shell\1\Command - "" = .\recycled\info.exe O33 - MountPoints2\{b8e4ab6e-47a9-11de-a745-001b3868aa49}\Shell - "" = AutoRun O33 - MountPoints2\{b8e4ab6e-47a9-11de-a745-001b3868aa49}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found O33 - MountPoints2\{de79b896-1b91-11de-bbf3-001b3868aa49}\Shell - "" = AutoRun O33 - MountPoints2\{de79b896-1b91-11de-bbf3-001b3868aa49}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.03.26 13:26:26 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.03.26 13:26:25 | 000,000,000 | ---D | C] -- C:\rsit [2010.03.26 08:18:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.03.26 08:18:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.03.26 08:18:07 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.03.26 08:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.03.25 08:00:42 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Essentials [2010.03.24 16:00:45 | 000,157,712 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys [2010.03.17 03:01:52 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2010.03.11 16:36:41 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2010.03.11 16:36:35 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll [2010.03.08 20:53:03 | 000,000,000 | ---D | C] -- C:\Users\***\dwhelper [2010.03.03 20:05:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ManyCam [2010.03.02 16:34:36 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Tabctl32.ocx [2010.02.27 10:56:00 | 000,000,000 | ---D | C] -- C:\Downloads [2010.02.26 19:48:11 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys [2010.02.26 19:47:43 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution [2010.02.25 12:44:09 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.02.25 12:44:08 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.02.25 12:07:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FRITZ! [2010.02.25 09:13:02 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\AVM [2009.08.27 15:43:40 | 000,570,128 | ---- | C] (Microsoft Corporation) -- C:\Programme\Common Files\dao350.dll [2008.03.25 16:58:16 | 000,081,920 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2008.03.25 16:58:16 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2006.01.20 13:11:59 | 000,253,952 | ---- | C] (XtraLogiX GbR) -- C:\Programme\Graph_Pro.exe [2 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.03.26 14:41:57 | 010,223,616 | -HS- | M] () -- C:\Users\***\ntuser.dat [2010.03.26 14:35:39 | 001,575,692 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.03.26 14:35:39 | 000,676,562 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.03.26 14:35:39 | 000,637,256 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.03.26 14:35:39 | 000,147,014 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.03.26 14:35:39 | 000,121,564 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.03.26 14:32:59 | 000,232,348 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2010.03.26 14:31:05 | 000,123,808 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2010.03.26 14:27:28 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.03.26 14:27:27 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.03.26 14:27:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.03.26 14:26:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.03.26 13:19:04 | 000,000,232 | ---- | M] () -- C:\Windows\win.ini [2010.03.26 13:01:58 | 000,000,708 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk [2010.03.26 12:29:06 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.03.26 12:28:21 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{344485b2-1f31-11df-a36f-001b3868aa49}.TMContainer00000000000000000001.regtrans-ms [2010.03.26 12:28:21 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{344485b2-1f31-11df-a36f-001b3868aa49}.TM.blf [2010.03.26 12:28:04 | 006,291,456 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.03.26 08:18:14 | 000,000,616 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.03.25 23:43:14 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A522CF25-CAAB-4EAB-85D9-A6991B693371}.job [2010.03.25 14:19:45 | 000,232,348 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.dat [2010.03.25 08:00:44 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.03.24 16:00:28 | 000,000,036 | ---- | M] () -- C:\Users\***\AppData\Local\housecall.guid.cache [2010.03.17 22:26:54 | 000,000,162 | -H-- | M] () -- C:\Users\***\Documents\~$rmelSammlung_ET.docx [2010.03.17 22:26:46 | 000,887,725 | ---- | M] () -- C:\Users\***\Documents\FormelSammlung_ET.docx [2010.03.17 21:57:25 | 000,001,355 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2010.03.06 21:01:29 | 000,001,426 | ---- | M] () -- C:\List.conf [2010.03.06 15:25:12 | 000,000,316 | ---- | M] () -- C:\Users\***\cinderella2-user.properties [2010.03.04 15:21:19 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Install_NSS.job [2010.03.03 11:42:02 | 000,002,464 | ---- | M] () -- C:\Windows\netdet.ini [2010.02.27 20:57:43 | 000,000,650 | ---- | M] () -- C:\Users\***\Desktop\CryptLoad.exe - Verknüpfung.lnk [2010.02.27 19:35:40 | 000,001,393 | ---- | M] () -- C:\Users\***\Documents\#newfile2.lyx# [2010.02.27 12:45:57 | 000,020,598 | ---- | M] () -- C:\Users\***\Documents\Kalender von ***.ics [2010.02.26 09:29:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf [2 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.03.26 13:01:58 | 000,000,708 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk [2010.03.26 08:18:14 | 000,000,616 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.03.25 08:00:44 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.03.24 16:00:28 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Local\housecall.guid.cache [2010.03.17 22:26:54 | 000,000,162 | -H-- | C] () -- C:\Users\***\Documents\~$rmelSammlung_ET.docx [2010.03.17 22:25:13 | 000,887,725 | ---- | C] () -- C:\Users\***\Documents\FormelSammlung_ET.docx [2010.03.17 21:57:25 | 000,001,355 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2010.03.06 15:25:12 | 000,000,316 | ---- | C] () -- C:\Users\***\cinderella2-user.properties [2010.03.03 20:06:30 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\Install_NSS.job [2010.02.27 19:30:40 | 000,001,393 | ---- | C] () -- C:\Users\***\Documents\#newfile2.lyx# [2010.02.27 12:45:57 | 000,020,598 | ---- | C] () -- C:\Users\***\Documents\Kalender von ***.ics [2010.02.27 10:44:25 | 000,001,426 | ---- | C] () -- C:\List.conf [2010.02.26 09:29:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf [2010.02.26 09:24:22 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat [2010.01.16 15:01:13 | 000,002,593 | ---- | C] () -- C:\Windows\SE.INI [2010.01.05 18:40:21 | 000,290,904 | ---- | C] () -- C:\Windows\System32\vc6-re200l.dll [2009.12.25 19:53:12 | 000,002,770 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.12.23 21:05:41 | 000,000,227 | ---- | C] () -- C:\Windows\FTRUN32.INI [2009.12.23 20:20:53 | 000,000,032 | ---- | C] () -- C:\Windows\DVD_Start.INI [2009.11.19 16:31:52 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm [2009.10.18 16:11:32 | 000,000,165 | ---- | C] () -- C:\Users\***\AppData\Local\rahistory.xml [2009.10.07 14:58:16 | 000,000,133 | ---- | C] () -- C:\Windows\Dialux.ini [2009.09.25 15:47:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.05 10:26:52 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2009.09.05 10:26:52 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2009.09.05 10:26:52 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2009.09.05 10:22:18 | 000,000,218 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.08.27 15:55:10 | 000,000,000 | ---- | C] () -- C:\Windows\FwSim.INI [2009.08.27 15:44:58 | 000,104,633 | ---- | C] () -- C:\Windows\System32\drivers\fwDH485.sys [2009.08.27 15:44:58 | 000,002,976 | ---- | C] () -- C:\Windows\System32\drivers\FwKbd.sys [2009.08.27 15:44:56 | 000,031,232 | ---- | C] () -- C:\Windows\System32\s7200L2.dll [2009.03.28 13:11:00 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.03.25 17:39:04 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2009.03.13 19:40:55 | 000,002,464 | ---- | C] () -- C:\Windows\netdet.ini [2009.03.13 19:27:51 | 000,100,352 | ---- | C] () -- C:\Windows\System32\pg32conv.dll [2009.03.13 19:27:50 | 000,030,793 | ---- | C] () -- C:\Windows\System32\crtslv.dll [2009.02.11 16:48:52 | 000,000,026 | ---- | C] () -- C:\Windows\NeoSetup.INI [2009.01.18 20:09:20 | 000,000,146 | ---- | C] () -- C:\Windows\Capture.INI [2008.12.23 16:33:18 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2008.11.01 14:25:03 | 000,000,728 | ---- | C] () -- C:\Users\***\AppData\Local\RAExpertHistory.xml [2008.11.01 14:05:56 | 000,031,007 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2008.10.10 19:40:40 | 000,471,161 | ---- | C] () -- C:\Programme\Mozilla Firefox 3__inst.jar [2008.10.10 16:09:20 | 000,006,783 | ---- | C] () -- C:\Windows\PSPICEEV.INI [2008.10.10 16:09:14 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll [2008.10.10 16:09:14 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll [2008.10.10 16:09:14 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll [2008.10.10 16:09:14 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll [2008.10.10 16:09:14 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll [2008.10.10 16:09:14 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll [2008.10.10 16:09:14 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll [2008.10.10 16:09:14 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll [2008.10.10 16:09:14 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll [2008.10.10 16:09:14 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll [2008.10.10 16:09:14 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll [2008.10.10 16:09:14 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll [2008.10.10 16:09:14 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll [2008.10.10 16:09:14 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll [2008.10.10 16:09:14 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll [2008.10.10 16:09:14 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll [2008.09.14 13:52:48 | 000,000,057 | ---- | C] () -- C:\Windows\System32\FORM.INI [2008.09.13 11:53:50 | 000,000,613 | ---- | C] () -- C:\Users\***\AppData\Roaming\UCO.cache [2008.04.15 17:33:53 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2008.04.06 17:50:21 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2008.03.27 21:02:08 | 000,138,920 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.03.27 12:42:30 | 000,022,328 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys [2008.03.27 12:38:32 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2008.03.27 09:26:20 | 000,034,304 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.26 20:52:56 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.03.26 08:48:02 | 000,156,160 | ---- | C] () -- C:\Windows\System32\unrar3.dll [2008.03.26 08:48:02 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2008.03.26 08:39:04 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008.03.26 06:24:10 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.03.25 22:09:13 | 000,155,384 | ---- | C] () -- C:\Windows\System32\guard32.dll [2008.03.25 17:25:54 | 000,232,348 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2008.03.25 17:19:23 | 000,232,348 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat [2008.03.25 16:58:16 | 009,599,872 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008.03.25 16:58:16 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2008.03.25 16:19:31 | 000,000,552 | ---- | C] () -- C:\Users\***\AppData\Local\d3d8caps.dat [2008.03.25 16:14:28 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2007.06.01 10:58:40 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll [2007.04.17 09:44:28 | 000,266,240 | ---- | C] () -- C:\Windows\System32\EMSC.DLL [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.07.27 10:00:00 | 000,004,096 | ---- | C] () -- C:\Windows\System32\drivers\cvintdrv.sys [2005.06.10 07:46:52 | 000,049,152 | R--- | C] () -- C:\Windows\System32\FDT100.dll [1999.07.16 13:37:56 | 000,136,704 | ---- | C] () -- C:\Windows\System32\TDCTRL.dll [1998.03.11 22:15:52 | 000,025,600 | ---- | C] () -- C:\Windows\System32\CBNDLL.DLL [1998.03.11 22:00:30 | 000,015,408 | ---- | C] () -- C:\Windows\System32\CB560WIN.DLL [1997.01.29 17:53:26 | 000,240,640 | ---- | C] () -- C:\Windows\System32\NMOCOD.DLL [1997.01.15 13:33:46 | 000,009,216 | ---- | C] () -- C:\Windows\System32\CBNVDD.DLL [1996.12.19 13:37:38 | 000,103,360 | ---- | C] () -- C:\Windows\System32\S7OSC16X.DLL [1996.12.19 13:36:48 | 000,014,848 | ---- | C] () -- C:\Windows\System32\S7OSC32X.DLL < End of report > |
26.03.2010, 15:10 | #4 |
| Suchanfrgen werden zu Ad-seiten umgeleitet Teil2 Extra.txt Code:
ATTFilter OTL Extras logfile created on: 26.03.2010 14:41:30 - Run 1 OTL by OldTimer - Version 3.1.37.3 Folder = D:\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 36,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 33,66 Gb Total Space | 1,98 Gb Free Space | 5,87% Space Free | Partition Type: NTFS Drive D: | 78,12 Gb Total Space | 11,48 Gb Free Space | 14,69% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ***-NOTEBOOK Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Mozilla Firefox 3\firefox.exe (Mozilla Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Mozilla Firefox 3\firefox.exe" (Mozilla Corporation) htmlfile [opennew] -- "C:\Program Files\Mozilla Firefox 3\firefox.exe" (Mozilla Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox 3\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox 3\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{C6366704-8839-4F57-AE54-92546807C22E}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | "{F12BA1AD-D48B-4AEC-B6B9-E55A479CAD44}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{046D4E9D-E71A-431A-9CB8-56ADA5D997B3}" = protocol=17 | dir=in | app=d:\program files\fritz!dsl\webwaigd.exe | "{04FCDA6A-6920-4F4A-8A90-1B339372750C}" = protocol=17 | dir=in | app=d:\program files\sierra entertainment\world in conflict\wic_online.exe | "{094ED8BB-7709-40FE-AE03-00648C0503A0}" = protocol=6 | dir=in | app=d:\program files\tobit clipinc\player\clipinc-player.exe | "{096BB17D-5DBB-48AF-9858-3DD4AF04C6F0}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{0B527686-375F-4094-85C6-92EC371FA915}" = protocol=17 | dir=in | app=d:\program files\sierra entertainment\world in conflict\wic_ds.exe | "{116C0881-F9D6-4AAC-8023-19D410095FFD}" = protocol=17 | dir=in | app=d:\program files\tobit clipinc\server\clipinc-server.exe | "{1307B176-B415-4209-B765-197B795AEE83}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2D363B59-A6ED-4A2C-A238-5099208A5EEE}" = protocol=17 | dir=in | app=d:\program files\tobit clipinc\player\clipinc-player.exe | "{3876BC76-260B-4F75-ADA2-2F9B0BA8CBDC}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{3ACFBE09-99B4-49F8-B26D-E918C6A122CA}" = protocol=6 | dir=in | app=d:\program files\tobit clipinc\server\clipinc-server.exe | "{3BB299C6-1AFE-4138-96C2-984AB01BA050}" = protocol=6 | dir=in | app=d:\program files\common files\siemens\sqlany\dbsrv9.exe | "{3F0C64BB-EA8E-40FD-B3FC-EACB2207CB10}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{4AE83A2D-CEE7-405F-B9BC-5686D656C3C9}" = protocol=17 | dir=in | app=d:\program files\fritz!dsl\igdctrl.exe | "{4D6F8DE6-0324-4785-8EBA-5C2DC2426DED}" = protocol=6 | dir=in | app=d:\program files\sierra entertainment\world in conflict\wic_ds.exe | "{5759D9D9-E940-43F4-84B8-EA0A16429EDB}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{59C0E009-46BC-4247-AEBA-6F8EF06F810B}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{5B702407-5B82-4684-A8FD-9657E352E75F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{600AACE7-C4CB-41BF-A658-36BE8F502098}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{613EA574-AACA-4B6A-989B-08466527F0A5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{62190B61-064B-4771-B90F-4400A75E84C6}" = protocol=6 | dir=in | app=d:\program files\siemens\step7\s7bin\s7tgtopx.exe | "{730F77C6-E3A0-4236-9B51-2F3868831831}" = protocol=6 | dir=in | app=d:\program files\siemens\step7\s7inf\s7usiapx.exe | "{76BCA1DE-3413-4BCB-8BA1-2D163D8F1DA6}" = protocol=17 | dir=in | app=d:\program files\siemens\step7\s7bin\s7tgtopx.exe | "{8092A208-7B6D-4F35-9439-8DA320F1D6D2}" = protocol=6 | dir=in | app=d:\program files\sierra entertainment\world in conflict\wic_online.exe | "{80C2F7D5-D2F6-4AB0-B81D-4E35604F48D9}" = protocol=17 | dir=in | app=d:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{8103C9F3-F620-44B5-93C7-3F47B62956AF}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{871825A5-D391-49E0-9DD5-6B2854D005EA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{92BB2EF4-188B-4207-9114-76A0CA0F8999}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{941DFA1F-5905-4503-9400-2790D817EB3B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{95A8A7A8-A9BE-4A1C-8842-C809A61D4D91}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{98B71910-0479-446A-89C6-680A0798FCB8}" = protocol=17 | dir=in | app=c:\windows\system32\s7otbxsx.exe | "{A38CD01C-E7AF-4FD1-80A0-39574A584669}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A84D1D47-BD43-4BBB-9E82-7E5899D29D28}" = protocol=6 | dir=in | app=d:\program files\ultravnc\vncviewer.exe | "{AD0419DF-09C6-4809-AC08-CCF54FE25389}" = protocol=17 | dir=in | app=d:\program files\ultravnc\vncviewer.exe | "{B077F837-9C02-44DF-B7C4-9BA17BB55ABF}" = protocol=6 | dir=in | app=d:\program files\fritz!dsl\fboxupd.exe | "{B1D74072-0D85-4EA4-9053-53FB944B443D}" = protocol=17 | dir=in | app=d:\program files\sierra entertainment\world in conflict\wic.exe | "{BC73845E-ACE2-47D4-A858-FD80262C077E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{C75BDD61-CC0A-4A1F-ACD6-6B12CD97E5BA}" = protocol=17 | dir=in | app=d:\program files\fritz!dsl\fboxupd.exe | "{CC54CE45-7D51-48D5-964C-8FD46F6498CA}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E3B7DE90-DF10-457A-B339-8B5B3AECA0AD}" = protocol=6 | dir=in | app=d:\program files\sierra entertainment\world in conflict\wic.exe | "{E3D633CC-6B54-4B26-9074-0023B6516512}" = protocol=17 | dir=in | app=d:\program files\siemens\step7\s7inf\s7usiapx.exe | "{E445019D-14EC-4349-8CAA-283853AF4FA2}" = protocol=6 | dir=in | app=d:\program files\fritz!dsl\igdctrl.exe | "{E5EA6E74-9E28-4340-BA07-A6E7CC5C35AA}" = protocol=6 | dir=in | app=c:\windows\system32\s7otbxsx.exe | "{E6E93F5C-B4DF-4619-A24F-D2DA92073E14}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "{EA5716C3-360E-471D-9384-23993492A8C3}" = protocol=6 | dir=in | app=d:\program files\fritz!dsl\webwaigd.exe | "{F6AC6D78-E203-4CC8-B016-DA7834CACEDD}" = protocol=17 | dir=in | app=d:\program files\common files\siemens\sqlany\dbsrv9.exe | "{FA66DAE9-C8F1-4022-A450-ED2606FEA059}" = protocol=6 | dir=in | app=d:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{FCF268E7-A31B-46CE-8B9A-F1563C613D5C}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "TCP Query User{0497A5D2-B143-466E-AA29-428FEC75254B}D:\program files\ultravnc\winvnc.exe" = protocol=6 | dir=in | app=d:\program files\ultravnc\winvnc.exe | "TCP Query User{0BA37633-9ABE-475A-BD61-428B8AAFAA78}D:\downloads\ipcurve100win32\ipcurve\ipcurve.exe" = protocol=6 | dir=in | app=d:\downloads\ipcurve100win32\ipcurve\ipcurve.exe | "TCP Query User{0C49B2C1-5AB9-4356-A222-8D14A58D3E2D}D:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=d:\xampp\apache\bin\apache.exe | "TCP Query User{11C6537F-3DFD-49F8-BEA1-4DC7615B6793}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "TCP Query User{18120317-63D8-456B-8A0C-487CB952B06B}C:\downloads\enemy.engaged.2.desert.operations.german.proper-fas\zips\f-ee2d01\fas-ee2d\cohokum\ee2deopt.exe" = protocol=6 | dir=in | app=c:\downloads\enemy.engaged.2.desert.operations.german.proper-fas\zips\f-ee2d01\fas-ee2d\cohokum\ee2deopt.exe | "TCP Query User{3442E195-CABE-43DF-98C3-93672C6DFC15}D:\program files\sixteen tons entertainment\emergency 4\em4.exe" = protocol=6 | dir=in | app=d:\program files\sixteen tons entertainment\emergency 4\em4.exe | "TCP Query User{509386DB-32B5-47BE-A7D8-3A75D885D847}D:\program files\mirandafusion\miranda32.exe" = protocol=6 | dir=in | app=d:\program files\mirandafusion\miranda32.exe | "TCP Query User{53512855-EEE2-4693-8C6A-C6C4FB9CA3D4}D:\xampp\htdocs\fos\dateien\eclipse\eclipse\eclipse.exe" = protocol=6 | dir=in | app=d:\xampp\htdocs\fos\dateien\eclipse\eclipse\eclipse.exe | "TCP Query User{7B5F2614-C853-409F-95DA-8DD58B1A89F7}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | "TCP Query User{A3C9332E-D029-43BD-91DA-912B745F316F}D:\program files\zend\zendstudio-5.5.0\jre\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files\zend\zendstudio-5.5.0\jre\bin\javaw.exe | "TCP Query User{A6348E5E-C653-4324-933E-EC02713DAB98}D:\downloads\miranda\miranda im\miranda32.exe" = protocol=6 | dir=in | app=d:\downloads\miranda\miranda im\miranda32.exe | "TCP Query User{B7BDF954-9D59-4642-B318-25F38EF7074A}D:\downloads\multimedia\cryptload_1.1.5\cryptload.exe" = protocol=6 | dir=in | app=d:\downloads\multimedia\cryptload_1.1.5\cryptload.exe | "TCP Query User{B82B69D1-5953-4259-9C75-891DF3B3B3D6}D:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=d:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "TCP Query User{C136951A-E876-412E-AE2B-DF493F75575E}D:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=d:\program files\azureus\azureus.exe | "TCP Query User{D806CFB0-1D10-4ACE-B67B-9D74AD998442}D:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=d:\program files\mirc\mirc.exe | "TCP Query User{E85BD8FF-E207-4791-9113-149A951F911F}D:\downloads\editoren\ecipse\eclipse\eclipse.exe" = protocol=6 | dir=in | app=d:\downloads\editoren\ecipse\eclipse\eclipse.exe | "UDP Query User{0A8237EC-4142-4D3E-9A8B-542F411EA304}D:\xampp\htdocs\fos\dateien\eclipse\eclipse\eclipse.exe" = protocol=17 | dir=in | app=d:\xampp\htdocs\fos\dateien\eclipse\eclipse\eclipse.exe | "UDP Query User{2E2E7EBB-0C5E-4F1D-9463-1586819C274A}D:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=d:\xampp\apache\bin\apache.exe | "UDP Query User{30E44775-63FF-4015-AF12-12520F5F8422}D:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=d:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "UDP Query User{5D50CB67-B495-4D0A-B23B-0464EB49EB2B}D:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=d:\program files\azureus\azureus.exe | "UDP Query User{62F5FCE2-5ACD-435B-AAB1-1762EDD2F285}D:\downloads\ipcurve100win32\ipcurve\ipcurve.exe" = protocol=17 | dir=in | app=d:\downloads\ipcurve100win32\ipcurve\ipcurve.exe | "UDP Query User{70DCC22A-7076-4ED1-9F93-5373ABB73B2E}D:\program files\sixteen tons entertainment\emergency 4\em4.exe" = protocol=17 | dir=in | app=d:\program files\sixteen tons entertainment\emergency 4\em4.exe | "UDP Query User{9E11D23B-791D-4E74-BFE4-850E2B75C44C}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | "UDP Query User{B1F7D733-6C78-40C8-A518-AB625029C2BF}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "UDP Query User{B9EF8DDF-F28C-41B7-8208-356F2EEF1BD3}D:\downloads\editoren\ecipse\eclipse\eclipse.exe" = protocol=17 | dir=in | app=d:\downloads\editoren\ecipse\eclipse\eclipse.exe | "UDP Query User{C36FD354-85CF-416F-8062-17B22843B3C9}D:\program files\mirandafusion\miranda32.exe" = protocol=17 | dir=in | app=d:\program files\mirandafusion\miranda32.exe | "UDP Query User{C52CBF94-75E6-4BCD-BB59-927CDAEB4A77}D:\downloads\miranda\miranda im\miranda32.exe" = protocol=17 | dir=in | app=d:\downloads\miranda\miranda im\miranda32.exe | "UDP Query User{D87DAE0B-9B0E-4933-BF5A-E3D61153CBCB}D:\program files\ultravnc\winvnc.exe" = protocol=17 | dir=in | app=d:\program files\ultravnc\winvnc.exe | "UDP Query User{DFBD1E95-4937-462F-93D5-EC59F880553A}D:\program files\zend\zendstudio-5.5.0\jre\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files\zend\zendstudio-5.5.0\jre\bin\javaw.exe | "UDP Query User{E0D5C698-CEB9-457E-83F3-829662C51E50}D:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=d:\program files\mirc\mirc.exe | "UDP Query User{F51869D0-4C5B-4E63-B97C-FDEFCE4BFDA9}D:\downloads\multimedia\cryptload_1.1.5\cryptload.exe" = protocol=17 | dir=in | app=d:\downloads\multimedia\cryptload_1.1.5\cryptload.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ""Bilder-CD Fachkunde Elektrotechnik"_is1" = Bilder-CD für Fachkunde Elektrotechnik, 25. Auflage - Einzelliz "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0168B3E7-393C-4749-B429-FD5B6FD50567}" = NI Circuit Design Suite Support and Upgrade Utility "{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 "{046ED2B7-14D5-4F2C-A275-09D54CEFE757}" = GTactix "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{07E043CB-B1C1-48E3-B2AF-6BED957DF7CD}" = SIMATIC S7-SCL V5.3 + SP4 Professional 2006 SR4 "{07E043CB-B1C1-48E3-B2AF-6BED957DF7CD}SCL" = SIMATIC S7-SCL V5.3 + SP4 Professional 2006 SR4 "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4 "{0BEA337D-71D0-44C7-A575-932612A00908}" = NI EULA Depot "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4 "{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool "{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu "{1296CAF3-F007-4813-A95F-AD153F978DF1}" = AVRStudio4 "{15BD8E56-D41F-4496-8EA6-13D97AF3F35F}" = MP3Find pro v4.49 "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16551E12-7EBB-4F63-9B6D-4AED6C2A6FB0}" = Ovi Files "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR "{20140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 (Beta) "{20140062-0062-0407-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 (Beta) - Deutsch "{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth "{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 17 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{33BBE45C-6296-488A-B7D5-37E692E71B3F}" = TortoiseSVN 1.6.5.16974 (32 bit) "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{35ED8B97-897C-4BD1-AEAE-6FD3404BA082}" = Ovi Desktop Sync Engine "{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}" = Nokia_Multimedia_Common_Components_2_5 "{39600969-41C3-4658-876E-16F108FC5C92}" = ISO Recorder "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB Video Device "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX "{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{3F64982B-469A-4218-97D0-57B8B69CD1C6}" = Langenscheidt Vokabeltrainer 4.0 Englisch "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit "{449A16C4-83B3-426C-AA4A-00A34E80C093}" = Smart Battery "{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others "{47F94730-ABD2-47F6-920E-EA8CDB6DD0C6}_is1" = BASCOM-AVR "{481C9A00-91AC-4065-870C-BD4E28186E5A}" = PC Connectivity Solution "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater "{4CDE9452-7BA2-46BC-9551-6A041F4A3B66}" = NI LabVIEW Run-Time Engine 8.2 "{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform "{4E4E15DD-6CE6-4AAD-81EC-F8A9C0D83449}" = Vokabeltrainer-Update 4.0.19 "{53FE1175-1B37-4677-924C-62AFFCC83800}" = NI MDF Support "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{6B249FAC-DD1A-405F-A8A2-AA6A2252ED32}" = Eisenbahn.exe Professional 6.0 "{6CAB860B-CB68-462B-AF66-83AEF9BD6ED2}" = NI Circuit Design Suite 10 Pro "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6FADAF5C-C9AC-49E5-8B14-7021F91EF0B5}" = NI LabVIEW Run-Time Engine 8.0.1 "{729518C0-BF90-4653-B1A2-CD0193D14CE6}}_is1" = Helium Music Manager 7 (build 7847) "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch) "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78F08FD6-0606-4F8B-B16D-57758AEF7E9C}" = Automation License Manager V3.0 + SP1 Professional "{78F08FD6-0606-4F8B-B16D-57758AEF7E9C}LicenseManager" = Automation License Manager V3.0 + SP1 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{80AE0E0A-5579-4015-9C1A-35F2F2CE5673}" = Emergency 4 "{80F0B640-3A5E-45B6-ACA0-445AFF78CE85}" = Graphviz "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack "{85B9124A-7EE0-4A60-B141-B233124E7DBD}" = Smart Meeting "{889BF4A8-E783-46C4-8FB8-97A0B977C32A}" = NI LabWindows/CVI 8.0.1 Run-Time Engine "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp "{8D6F5556-EB3C-420D-9B75-020DEF9AD0AC}" = NI Uninstaller "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}" = Nokia Ovi Suite "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.8 "{9BFCF52F-9ACE-4BFF-9265-4A83B48D5EED}" = PKZIP Server for Windows 8.60.0007 "{A0A623D9-C673-47B1-8FB1-9FF4A6C88D9C}" = NavyFIELD Europe (DE) "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver "{A1F7BDF1-6D46-46FC-92D1-BC91202251DD}" = NI Service Locator "{A2DC3907-B0A3-484F-9677-A16F1D58BF60}" = NI TDMS "{A528306A-C5EC-481C-A619-6106334E6800}" = Nokia Ovi Player "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.1 - Deutsch "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B440401C-4804-4F2D-998C-ACF5FC83DA5F}" = SIMATIC S7-PLCSIM V5.4 + SP1 Professional 2006 SR4 "{B440401C-4804-4F2D-998C-ACF5FC83DA5F}PLCSim" = SIMATIC S7-PLCSIM V5.4 + SP1 Professional 2006 SR4 "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B7666229-351B-47D9-AA6F-DF777CF04BBF}" = Caesar IV "{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver "{BA63348B-143D-4CAC-A355-3879402ED781}" = Nokia Ovi Suite Software Updater "{BAADD05A-8BDD-4C1B-BE38-94627C552A86}" = NI Logos 4.7 "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other "{BDE84BB7-8261-4787-8219-A5D60E70146C}" = TRILUX Daten-PlugIn für DIALux 06/2009 "{BE6A4401-F766-4706-97F0-A0332C51A3EE}" = SIMATIC S7-GRAPH V5.3 + SP5 Professional 2006 SR4 "{BE6A4401-F766-4706-97F0-A0332C51A3EE}S7GRAPH" = SIMATIC S7-GRAPH V5.3 + SP5 Professional 2006 SR4 "{BE802A6E-7F0D-4333-B45E-80F06C4DC59C}}_is1" = MP3Test "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CD094AFB-E5B0-4687-A3D2-358E04BCA172}" = NI Circuit Design Suite 10 Core "{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller "{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}" = AVRStudio4 "{D8B7A9C5-7ACE-4F9C-9788-77D08850AB4F}" = NI USI 1.3.0 "{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}" = Garmin POI Loader "{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4 "{DF316006-FA84-40B0-B9B0-880B6487D5D7}" = SIMATIC STEP 7 V5.4 + SP3 + HF1 Professional 2006 SR4 "{DF316006-FA84-40B0-B9B0-880B6487D5D7}STEP7" = SIMATIC STEP 7 V5.4 + SP3 + HF1 Professional 2006 SR4 "{DFD456BA-8C23-4AAD-AF46-E41CE89D022C}" = ThinkVantage Fingerprint Software "{E040012F-A895-482E-87EF-D747ABB0F1D6}" = CADdy++ - SEE Electrical "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware "{EB026BC8-E00C-499D-BD87-89A0566BEB0E}" = AVRStudio4 "{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup "{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = WORLD IN CONFLICT "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects "{F8D315CF-615E-3AAC-ABF6-C0FA91EDDDBA}" = Microsoft Visual C# 2008 Express Edition with SP1 - DEU "{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch) "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FDB8EF7A-4118-4B27-8892-4FBE82729340}" = NI License Manager "{FE2A7490-32EA-47D1-BCB4-0705F73F4C24}" = WinFACT 7 "{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "ActiveTouchMeetingClient" = WebEx "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "AFPL Ghostscript 8.14" = AFPL Ghostscript 8.14 "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts "Audacity_is1" = Audacity 1.2.6 "AuthorsW" = SIMATIC AuthorsW V2.5 + ServicePack 1 "Calc 3D Pro_is1" = Calc 3D Pro Deutsch 2.1.7 "CCleaner" = CCleaner "Cinderella 2.0" = Cinderella 2.0 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "COMODO Firewall Pro" = COMODO Firewall Pro "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "EAGLE 5.2.0" = EAGLE 5.2.0 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "FileZilla Client" = FileZilla Client 3.0.11 "FluidSIM 4.2h Pneumatik Demoversion" = FluidSIM 4.2h Pneumatik Demoversion "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free Sound Recorder" = Free Sound Recorder "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "FreePDF_XP" = FreePDF XP (Remove only) "FWOCX" = SIMATIC ProTool/Pro V6.0 Gemeinsame Dateien "Geo" = Geo "HC51 9.60PL0" = HI-TECH C51-lite V9.60PL0 "HeidiSQL_is1" = HeidiSQL 3.2 "HijackThis" = HijackThis 2.0.2 "InstallShield_{449A16C4-83B3-426C-AA4A-00A34E80C093}" = Smart Battery "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "JabRef 2.5" = JabRef 2.5 "LHTTSGED" = L&H TTS3000 Deutsch "LochMaster_30_Demo_is1" = LochMaster 3.0 (Demo) "LyX" = LyX 1.6.4-1 "MAGIX Ringtone Maker 2 silver US" = MAGIX Ringtone Maker 2 silver (US) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "ManyCam" = ManyCam 2.4 (remove only) "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Essentials" = Microsoft Security Essentials "Microsoft Visual C# 2008 Express Edition with SP1 - DEU" = Microsoft Visual C# 2008 Express Edition mit SP1 - DEU "MiKTeX 2.8" = MiKTeX 2.8 "Mirage Driver_is1" = Mirage Driver 1.1 "Miranda IM" = Miranda IM 0.8.9 "Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre) "MusicBrainz Picard" = MusicBrainz Picard "NI Uninstaller" = National Instruments-Software "Nokia Ovi Suite" = Nokia Ovi Suite "Notepad++" = Notepad++ "NVIDIA Drivers" = NVIDIA Drivers "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 (Beta) "PDF Passwort Knacker 1" = PDF Passwort Knacker 1 "PICC 9.60PL0" = HI-TECH PICC lite V9.60PL0 "ProInst" = Intel(R) PROSet/Wireless Software "PSpice Student" = PSpice Student 9.1 "Python2.2" = Python "RealPlayer 12.0" = RealPlayer "Redirection Port Monitor" = RedMon - Redirection Port Monitor "SIMATIC ProTool/Pro CS Demo V6.0" = SIMATIC ProTool/Pro CS Demo V6.0 + ServicePack 2 "SIMATIC ProTool/Pro RT V6.0" = SIMATIC ProTool/Pro RT V6.0 + ServicePack 2 "SMSERIAL" = Motorola SM56 Data Fax Modem "sPlan_60_Demo_is1" = sPlan 6.0 (Demo) "SystemRequirementsLab" = System Requirements Lab "Target 3001! V14 discover" = Target 3001! V14 discover "Target 3001! V14 pcb-pool" = Target 3001! V14 pcb-pool "TightVNC_is1" = TightVNC 1.3.10 "TUGZip_is1" = TUGZip 3.4 "Ultravnc2_is1" = UltraVNC 1.0.5 "Uninstall_is1" = Uninstall 1.0.0.1 "uniquemagicmp3taggerappid_is1" = Magic MP3 Tagger 2.2.6 "VBSdoc" = VBScript-Dokumentation "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "VLC media player" = VideoLAN VLC media player 0.8.6f "WibTeX_is1" = WibTeX 7.1a "Winamp" = Winamp "WinAVR-20090313" = WinAVR 20090313 (remove only) "WinMerge_is1" = WinMerge 2.12.4 "WinPcapInst" = WinPcap 4.1 beta5 "Zend Studio - 7.0.0" = Zend Studio - 7.0.0 "ZendStudio-5.5.0" = ZendStudio-5.5.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "bdb6cf26dd054a4b" = Youtube-Entferner "GraphCalc" = GraphCalc "IntelliAdmin_NetworkAdministrator" = IntelliAdmin Network Administrator - Remove ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
26.03.2010, 20:22 | #6 |
| Suchanfrgen werden zu Ad-seiten umgeleitet Nein hatte auch nicht geklappt, deshalb bin ich ja umgestiegen. |
27.03.2010, 00:54 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Suchanfrgen werden zu Ad-seiten umgeleitet Ok. Bitte mal den Avenger anwenden: 1.) Lade Dir von hier Avenger: Swandog46's Public Anti-Malware Tools (Download, linksseitig) 2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen: 3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld: Code:
ATTFilter files to delete: C:\Windows\System32\drivers\FwKbd.sys drivers to delete: FwKbd jhguv 5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein. 6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso. 7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier. 8.) Die Datei c:\avenger\backup.zip bei file-upload.net hochladen und hier verlinken
__________________ Logfiles bitte immer in CODE-Tags posten |
27.03.2010, 09:41 | #8 |
| Suchanfrgen werden zu Ad-seiten umgeleitet sry das hat jetzt eingabegeräte gekillt,externe Maus funktioniert tastertur nicht. Falsche Treiber gekillt? Oder nebenwirkungen? Rückgängig machen wenn ja wie? Bin mit handy am tippen sry für rechtsch. Logs versuche ich mal zu kopieren |
27.03.2010, 09:46 | #9 |
| Suchanfrgen werden zu Ad-seiten umgeleitet so Bildschirmtastertur wenn alles nix hilft werde ich morgen anfangen alles wichtige zu retten und dann wird neu aufgesetzt nur damit ihr wisst das es nicht das gleiche system bleiben muss Geändert von boecki (27.03.2010 um 10:05 Uhr) |
27.03.2010, 12:58 | #10 |
| Suchanfrgen werden zu Ad-seiten umgeleitet sry wo ist der edit Button? beim Firefox hat sich ein Add-in eingeschlichen, nun keine keine Umleitungen mehr, Werbung auch weg bleibt die fehlende Tastatur |
27.03.2010, 13:17 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Suchanfrgen werden zu Ad-seiten umgeleitet Ups sry, hab Dir nen Keyboardtreiber weggescripted Den Rechner bedienen kannst Du aber noch? Wenn ja: 1.) Navigiere zu c:\avenger und entpacke die backup.zip (Password ist infected ) 2.) Kopiere die FwKbd.sys nach C:\Windows\System32\drivers 3.) Doppelklick auf die backup.reg und bestätige mit (Registrierungsinfos hinzufügen bestätigen) 4.) Neustart und die Tastatur sollte hoffentlich wieder gehen
__________________ Logfiles bitte immer in CODE-Tags posten |
27.03.2010, 14:21 | #12 |
| Suchanfrgen werden zu Ad-seiten umgeleitet So die Tastatur funktioniert wieder Nebenbei möchte ich noch diese Handy-Browser umbringen, das war ein absoluter Kampf. Dann hab ich die Bildschirmtastatur ausprobiert, die funktionierte. Die per USB angeschlossene Funkmaus funktionierte, die Tastatur nicht. Nun nochmal eine Kurzzusammenfassung, mit der richtigen Tastatur schrieb es sich viel besser:
|
27.03.2010, 14:43 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Suchanfrgen werden zu Ad-seiten umgeleitet Schön. Hat das so geklappt mit den vier Schritten die ich Dir gepostet hab, um die Tastatur wieder zu reanimieren?
__________________ Logfiles bitte immer in CODE-Tags posten |
27.03.2010, 19:11 | #14 |
| Suchanfrgen werden zu Ad-seiten umgeleitet Ja, hat es nur das die Zip Datei nicht mehr da war, obwohl ich sie aus dem Ordner hoch geladen hatte. Naja und dann hab ich das hoch geladene wieder runter geladen Zwischenstand Viren-Test: 2 Rootkits entfernt: Datei: Q:\140062\Office14\ONENOTEM.exe Threat: HIDDEN_FILE Datei: Q:\140062\Office14\1031\ONINTL.DLL Threat: HIDDEN_FILE Q ist das Laufwerk welches von Office 2010 Beta angelegt wird wenn man die Click to Run Variante gewählt hat. Da werde ich jetzt noch mal durchlaufen lassen. Code:
ATTFilter Malwarebytes' Anti-Malware 1.44 Datenbank Version: 3919 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 27.03.2010 19:00:56 mbam-log-2010-03-27 (19-00-56).txt Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|G:\|Q:\|) Durchsuchte Objekte: 527441 Laufzeit: 3 hour(s), 6 minute(s), 40 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: TrendMicroHouse hat schon 2 Infektionen gefunden, kann aber erst am Ende des Scanns nähere sagen. (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Geändert von boecki (27.03.2010 um 19:28 Uhr) Grund: Virenmeldungen hinzugefügt |
28.03.2010, 10:01 | #15 |
| Suchanfrgen werden zu Ad-seiten umgeleitet Virenscanner sagt nun virenfrei Werde nun einmal neu starten und schauen was dabei raus kommt OTL: Code:
ATTFilter OTL logfile created on: 28.03.2010 09:50:18 - Run 3 OTL by OldTimer - Version 3.1.37.3 Folder = D:\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18882) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free 5,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): c:\pagefile.sys 3067 3067 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 33,66 Gb Total Space | 3,87 Gb Free Space | 11,51% Space Free | Partition Type: NTFS Drive D: | 78,12 Gb Total Space | 11,46 Gb Free Space | 14,67% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ***-NOTEBOOK Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - D:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox 3\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE () PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Programme\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net) PRC - C:\Programme\ThinkVantage Fingerprint Software\upeksrvc.exe (UPEK Inc.) PRC - C:\Programme\ThinkVantage Fingerprint Software\upeksvr.exe (UPEK Inc.) PRC - C:\Programme\COMODO\Firewall\cfp.exe () PRC - C:\Programme\COMODO\Firewall\cmdagent.exe () PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - d:\xampp\mysql\bin\mysqld.exe () PRC - D:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - D:\xampp\apache\bin\httpd.exe (Apache Software Foundation) PRC - d:\xampp\apache\bin\httpd.exe (Apache Software Foundation) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - D:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe (SIEMENS AG) PRC - D:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe (SIEMENS AG) PRC - D:\Program Files\Common Files\Siemens\S7UBTOOX\S7ubtoox.exe (SIEMENS AG) PRC - D:\Program Files\Common Files\Siemens\S7UBTOOX\S7ubTstx.exe (SIEMENS AG) PRC - D:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe (SIEMENS AG) PRC - D:\Program Files\Common Files\Siemens\SWS\almsrv\almsrvx.exe (SIEMENS AG) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - D:\Program Files\Common Files\Siemens\SQLANY\dbsrv9.exe (iAnywhere Solutions, Inc.) PRC - C:\Windows\vsnp2uvc.exe (Sonix) PRC - D:\Program Files\National Instruments\Shared\Security\nidmsrv.exe (National Instruments, Inc.) PRC - C:\Windows\System32\lktsrv.exe (National Instruments, Inc.) PRC - C:\Windows\System32\lkads.exe (National Instruments, Inc.) PRC - C:\Windows\System32\lkcitdl.exe (National Instruments, Inc.) PRC - C:\Windows\System32\nisvcloc.exe (National Instruments Corp.) ========== Modules (SafeList) ========== MOD - D:\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\guard32.dll () MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (cvhsvc) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (UpekSrvc) -- C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe (UPEK Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (cmdAgent) -- C:\Program Files\COMODO\Firewall\cmdagent.exe () SRV - (mysql) -- d:\xampp\mysql\bin\mysqld.exe () SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (Apache2.2) -- d:\xampp\apache\bin\httpd.exe (Apache Software Foundation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (XAMPP) -- D:\xampp\service.exe () SRV - (s7oiehsx) -- D:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe (SIEMENS AG) SRV - (IGDCTRL) -- D:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (S7TraceServiceX) -- C:\Programme\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe (SIEMENS AG) SRV - (s7asysvx) -- D:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe (SIEMENS AG) SRV - (almservice) -- D:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe (SIEMENS AG) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (NIDomainService) -- D:\Program Files\National Instruments\Shared\Security\nidmsrv.exe (National Instruments, Inc.) SRV - (lkTimeSync) -- C:\Windows\System32\lktsrv.exe (National Instruments, Inc.) SRV - (lkClassAds) -- C:\Windows\System32\lkads.exe (National Instruments, Inc.) SRV - (NILM License Manager) -- D:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation) SRV - (LkCitadelServer) -- C:\Windows\System32\lkcitdl.exe (National Instruments, Inc.) SRV - (niSvcLoc) -- C:\Windows\System32\nisvcloc.exe (National Instruments Corp.) SRV - (OpcEnum) -- C:\Windows\System32\OPCENUM.EXE () ========== Driver Services (SafeList) ========== DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (sftvol) -- C:\Programme\Microsoft Application Virtualization Client\drivers\SftVollh.sys (Microsoft Corporation) DRV - (sftplay) -- C:\Programme\Microsoft Application Virtualization Client\drivers\sftplaylh.sys (Microsoft Corporation) DRV - (sftfs) -- C:\Programme\Microsoft Application Virtualization Client\drivers\SftFSlh.sys (Microsoft Corporation) DRV - (WinDriver6) -- C:\Windows\System32\drivers\windrvr6.sys (Jungo) DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc) DRV - (PnkBstrK) -- C:\Windows\System32\drivers\PnkBstrK.sys () DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdguard.sys (COMODO) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.) DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO) DRV - (Inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH) DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (SNTIE) SIMATIC Industrial Ethernet (ISO) -- C:\Windows\System32\drivers\SNTIE.SYS (SIEMENS AG) DRV - (s7snsrtx) -- C:\Windows\System32\drivers\s7snsrtx.sys (SIEMENS AG) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (CamFilter) -- C:\Windows\System32\drivers\Camfilter.sys (Compal Inc.) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (EMSC) -- C:\Windows\system32\DRIVERS\EMSC.SYS (Windows (R) Codename Longhorn DDK provider) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider) DRV - (cvintdrv) -- C:\Windows\System32\drivers\cvintdrv.sys () DRV - (dfmirage) -- C:\Windows\System32\drivers\dfmirage.sys (DemoForge, LLC) DRV - (TVicPort) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan) DRV - (Hardlock) -- C:\Windows\System32\drivers\hardlock.sys (Aladdin Knowledge Systems) DRV - (FwKbd) -- C:\Windows\System32\drivers\FwKbd.sys () DRV - (dpmcslv) -- C:\Windows\System32\drivers\dpmcslv.sys (Siemens AG) DRV - (giveio) -- C:\Windows\system32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE 58 7E FE 29 C2 CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6 FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19 FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2 FF - prefs.js..extensions.enabledItems: check4change-owner@mozdev.org:1.7 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:3.1.2 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3 FF - prefs.js..extensions.enabledItems: firecookie@janodvarko.cz:1.0.2 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.22 FF - prefs.js..extensions.enabledItems: {f13b157f-b174-47e7-a34d-4815ddfdfeb8}:0.9.87.4 FF - prefs.js..extensions.enabledItems: pencil@evolus.vn:1.0.6 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.2 FF - prefs.js..extensions.enabledItems: pixelperfectplugin@openhouseconcepts.com:1.5.6 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2 FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.6 FF - prefs.js..extensions.enabledItems: {1d8e98fb-53c3-47a8-9fb9-1b51bbf3890d}:1.2 FF - prefs.js..network.proxy.backup.ftp: "yolno.infp" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.gopher: "yolno.infp" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "yolno.infp" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "yolno.infp" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "74.222.8.26" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.gopher: "74.222.8.26" FF - prefs.js..network.proxy.gopher_port: 3128 FF - prefs.js..network.proxy.http: "74.222.8.26" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "74.222.8.26" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "74.222.8.26" FF - prefs.js..network.proxy.ssl_port: 3128 FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.02.26 20:49:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox 3\components [2010.03.27 19:43:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3\plugins [2010.03.24 17:37:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.02.26 20:49:32 | 000,000,000 | ---D | M] [2008.06.18 08:57:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.03.28 00:49:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions [2009.08.20 22:25:04 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2010.01.27 20:58:15 | 000,000,000 | ---D | M] (FetchMP3 Video to Audio Converter) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{1d8e98fb-53c3-47a8-9fb9-1b51bbf3890d} [2009.09.15 22:24:10 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42} [2010.02.11 22:51:31 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947} [2009.04.21 22:01:15 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe} [2010.01.08 16:03:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.08.29 10:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{E2082660-5330-49e6-BD84-9978CE15BA72} [2009.10.20 12:43:33 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8} [2009.08.21 17:40:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\avg@script.1 [2010.02.18 23:15:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\check4change-owner@mozdev.org [2010.02.13 12:28:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\de-DE@dictionaries.addons.mozilla.org [2009.07.01 20:36:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\elemhidehelper@adblockplus.org [2008.05.04 19:05:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\en-GB@dictionaries.addons.mozilla.org [2010.03.15 00:41:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\firebug@software.joehewitt.com [2010.01.13 23:34:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\firecookie@janodvarko.cz [2009.12.13 01:15:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\pencil@evolus.vn [2010.03.18 22:54:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\personas@christopher.beard [2010.02.08 20:52:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\pixelperfectplugin@openhouseconcepts.com [2010.01.27 17:06:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\smarterwiki@wikiatic.com [2009.05.09 09:07:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\sqlime@security.compass [2009.05.28 16:19:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\xssme@security.compass [2010.03.15 00:41:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\youtube2mp3@mondayx.de O1 HOSTS File: ([2010.01.24 19:09:46 | 000,000,901 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 pro_001.mirrow.loc O1 - Hosts: 192.168.2.103 root.loc O1 - Hosts: 192.168.2.103 live.loc O1 - Hosts: 192.168.2.103 phpBB.loc O1 - Hosts: 192.168.2.103 pma.loc O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Zend Studio) - {95188727-288F-4581-A48D-EAB3BD027314} - D:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll () O4 - HKLM..\Run: [COMODO Firewall Pro] C:\Program Files\COMODO\Firewall\cfp.exe () O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\Firewall\cfp.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [S7UB Start] D:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe (SIEMENS AG) O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -Mozilla\5.0 ( File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Zend Studio - Debug current page - D:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll () O8 - Extra context menu item: Zend Studio - Debug next page - D:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll () O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\psfus: DllName - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1c4ac2f5-fa73-11dc-9241-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1c4ac2f5-fa73-11dc-9241-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found O33 - MountPoints2\{70a5fedc-8029-11dd-941f-001b3868aa49}\Shell\1\Command - "" = .\recycled\info.exe O33 - MountPoints2\{b8e4ab6e-47a9-11de-a745-001b3868aa49}\Shell - "" = AutoRun O33 - MountPoints2\{b8e4ab6e-47a9-11de-a745-001b3868aa49}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found O33 - MountPoints2\{de79b896-1b91-11de-bbf3-001b3868aa49}\Shell - "" = AutoRun O33 - MountPoints2\{de79b896-1b91-11de-bbf3-001b3868aa49}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.03.27 15:09:50 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2010.03.26 14:26:26 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.03.26 09:18:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.03.26 09:18:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.03.26 09:18:07 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.03.26 09:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.03.25 09:00:42 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Essentials [2010.03.17 04:01:52 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2010.03.11 17:36:41 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll [2010.03.11 17:36:35 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll [2010.03.08 21:53:03 | 000,000,000 | ---D | C] -- C:\Users\***\dwhelper [2010.03.03 21:05:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ManyCam [2010.03.02 17:34:36 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Tabctl32.ocx [2010.02.27 11:56:00 | 000,000,000 | ---D | C] -- C:\Downloads [2010.02.26 20:48:11 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys [2010.02.26 20:47:43 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution [2009.08.27 16:43:40 | 000,570,128 | ---- | C] (Microsoft Corporation) -- C:\Programme\Common Files\dao350.dll [2008.03.25 17:58:16 | 000,081,920 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2008.03.25 17:58:16 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2006.01.20 14:11:59 | 000,253,952 | ---- | C] (XtraLogiX GbR) -- C:\Programme\Graph_Pro.exe [2 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.03.28 09:50:16 | 010,223,616 | -HS- | M] () -- C:\Users\***\ntuser.dat [2010.03.28 09:44:50 | 001,575,692 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.03.28 09:44:50 | 000,676,562 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.03.28 09:44:50 | 000,637,256 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.03.28 09:44:50 | 000,147,014 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.03.28 09:44:50 | 000,121,564 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.03.28 09:42:00 | 000,232,348 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.dat [2010.03.28 09:42:00 | 000,232,348 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2010.03.28 08:46:03 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.03.28 08:46:03 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.03.28 02:05:39 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A522CF25-CAAB-4EAB-85D9-A6991B693371}.job [2010.03.28 00:46:14 | 000,123,808 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2010.03.27 17:18:11 | 000,000,630 | ---- | M] () -- C:\Users\***\Desktop\SpeedFan.lnk [2010.03.27 17:18:06 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo [2010.03.27 16:47:39 | 002,349,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.03.27 16:46:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.03.27 16:43:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.03.27 15:00:31 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.03.27 14:54:58 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{344485b2-1f31-11df-a36f-001b3868aa49}.TMContainer00000000000000000001.regtrans-ms [2010.03.27 14:54:58 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{344485b2-1f31-11df-a36f-001b3868aa49}.TM.blf [2010.03.27 14:54:51 | 002,073,722 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.03.27 10:03:30 | 000,019,286 | ---- | M] () -- C:\cleanup.exe [2010.03.26 23:32:50 | 000,000,732 | ---- | M] () -- C:\Users\***\Desktop\Defraggler.lnk [2010.03.26 14:19:04 | 000,000,232 | ---- | M] () -- C:\Windows\win.ini [2010.03.26 14:01:58 | 000,000,708 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk [2010.03.26 09:18:14 | 000,000,616 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.03.25 09:00:44 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.03.24 17:00:28 | 000,000,036 | ---- | M] () -- C:\Users\***\AppData\Local\housecall.guid.cache [2010.03.17 23:26:54 | 000,000,162 | -H-- | M] () -- C:\Users\***\Documents\~$rmelSammlung_ET.docx [2010.03.17 23:26:46 | 000,887,725 | ---- | M] () -- C:\Users\***\Documents\FormelSammlung_ET.docx [2010.03.17 22:57:25 | 000,001,355 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2010.03.06 22:01:29 | 000,001,426 | ---- | M] () -- C:\List.conf [2010.03.06 16:25:12 | 000,000,316 | ---- | M] () -- C:\Users\***\cinderella2-user.properties [2010.03.04 16:21:19 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Install_NSS.job [2010.03.03 12:42:02 | 000,002,464 | ---- | M] () -- C:\Windows\netdet.ini [2010.02.27 21:57:43 | 000,000,650 | ---- | M] () -- C:\Users\***\Desktop\CryptLoad.exe - Verknüpfung.lnk [2010.02.27 20:35:40 | 000,001,393 | ---- | M] () -- C:\Users\***\Documents\#newfile2.lyx# [2010.02.27 13:45:57 | 000,020,598 | ---- | M] () -- C:\Users\***\Documents\Kalender von ***.ics [2010.02.26 10:29:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf [2 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.03.27 17:18:11 | 000,000,630 | ---- | C] () -- C:\Users\***\Desktop\SpeedFan.lnk [2010.03.27 17:18:03 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo [2010.03.27 14:53:15 | 000,002,976 | ---- | C] () -- C:\Windows\System32\drivers\FwKbd.sys [2010.03.27 10:03:30 | 000,019,286 | ---- | C] () -- C:\cleanup.exe [2010.03.26 23:32:50 | 000,000,732 | ---- | C] () -- C:\Users\***\Desktop\Defraggler.lnk [2010.03.26 14:01:58 | 000,000,708 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk [2010.03.26 09:18:14 | 000,000,616 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.03.25 09:00:44 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk [2010.03.24 17:00:28 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Local\housecall.guid.cache [2010.03.17 23:26:54 | 000,000,162 | -H-- | C] () -- C:\Users\***\Documents\~$rmelSammlung_ET.docx [2010.03.17 23:25:13 | 000,887,725 | ---- | C] () -- C:\Users\***\Documents\FormelSammlung_ET.docx [2010.03.17 22:57:25 | 000,001,355 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2010.03.06 16:25:12 | 000,000,316 | ---- | C] () -- C:\Users\***\cinderella2-user.properties [2010.03.03 21:06:30 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\Install_NSS.job [2010.02.27 21:57:43 | 000,000,650 | ---- | C] () -- C:\Users\***\Desktop\CryptLoad.exe - Verknüpfung.lnk [2010.02.27 20:30:40 | 000,001,393 | ---- | C] () -- C:\Users\***\Documents\#newfile2.lyx# [2010.02.27 13:45:57 | 000,020,598 | ---- | C] () -- C:\Users\***\Documents\Kalender von ***.ics [2010.02.27 11:44:25 | 000,001,426 | ---- | C] () -- C:\List.conf [2010.02.26 10:29:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf [2010.02.26 10:24:22 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat [2010.01.16 16:01:13 | 000,002,593 | ---- | C] () -- C:\Windows\SE.INI [2010.01.05 19:40:21 | 000,290,904 | ---- | C] () -- C:\Windows\System32\vc6-re200l.dll [2009.12.25 20:53:12 | 000,002,770 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.12.23 22:05:41 | 000,000,227 | ---- | C] () -- C:\Windows\FTRUN32.INI [2009.12.23 21:20:53 | 000,000,032 | ---- | C] () -- C:\Windows\DVD_Start.INI [2009.11.19 17:31:52 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm [2009.10.18 17:11:32 | 000,000,165 | ---- | C] () -- C:\Users\***\AppData\Local\rahistory.xml [2009.10.07 15:58:16 | 000,000,133 | ---- | C] () -- C:\Windows\Dialux.ini [2009.09.25 16:47:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.05 11:26:52 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2009.09.05 11:26:52 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2009.09.05 11:26:52 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2009.09.05 11:22:18 | 000,000,218 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.08.27 16:55:10 | 000,000,000 | ---- | C] () -- C:\Windows\FwSim.INI [2009.08.27 16:44:58 | 000,104,633 | ---- | C] () -- C:\Windows\System32\drivers\fwDH485.sys [2009.08.27 16:44:56 | 000,031,232 | ---- | C] () -- C:\Windows\System32\s7200L2.dll [2009.03.28 14:11:00 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.03.25 18:39:04 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2009.03.13 20:40:55 | 000,002,464 | ---- | C] () -- C:\Windows\netdet.ini [2009.03.13 20:27:51 | 000,100,352 | ---- | C] () -- C:\Windows\System32\pg32conv.dll [2009.03.13 20:27:50 | 000,030,793 | ---- | C] () -- C:\Windows\System32\crtslv.dll [2009.02.11 17:48:52 | 000,000,026 | ---- | C] () -- C:\Windows\NeoSetup.INI [2009.01.18 21:09:20 | 000,000,146 | ---- | C] () -- C:\Windows\Capture.INI [2008.12.23 17:33:18 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2008.11.01 15:25:03 | 000,000,728 | ---- | C] () -- C:\Users\***\AppData\Local\RAExpertHistory.xml [2008.11.01 15:05:56 | 000,031,007 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2008.10.10 20:40:40 | 000,471,161 | ---- | C] () -- C:\Programme\Mozilla Firefox 3__inst.jar [2008.10.10 17:09:20 | 000,006,783 | ---- | C] () -- C:\Windows\PSPICEEV.INI [2008.10.10 17:09:14 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll [2008.10.10 17:09:14 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll [2008.10.10 17:09:14 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll [2008.10.10 17:09:14 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll [2008.10.10 17:09:14 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll [2008.10.10 17:09:14 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll [2008.10.10 17:09:14 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll [2008.10.10 17:09:14 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll [2008.10.10 17:09:14 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll [2008.10.10 17:09:14 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll [2008.10.10 17:09:14 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll [2008.10.10 17:09:14 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll [2008.10.10 17:09:14 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll [2008.10.10 17:09:14 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll [2008.10.10 17:09:14 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll [2008.10.10 17:09:14 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll [2008.09.14 14:52:48 | 000,000,057 | ---- | C] () -- C:\Windows\System32\FORM.INI [2008.09.13 12:53:50 | 000,000,613 | ---- | C] () -- C:\Users\***\AppData\Roaming\UCO.cache [2008.04.15 18:33:53 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2008.04.06 18:50:21 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2008.03.27 22:02:08 | 000,138,920 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.03.27 13:42:30 | 000,022,328 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys [2008.03.27 13:38:32 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2008.03.27 10:26:20 | 000,034,304 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.26 21:52:56 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.03.26 09:48:02 | 000,156,160 | ---- | C] () -- C:\Windows\System32\unrar3.dll [2008.03.26 09:48:02 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2008.03.26 09:39:04 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008.03.26 07:24:10 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.03.25 23:09:13 | 000,155,384 | ---- | C] () -- C:\Windows\System32\guard32.dll [2008.03.25 18:25:54 | 000,232,348 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001 [2008.03.25 18:19:23 | 000,232,348 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat [2008.03.25 17:58:16 | 009,599,872 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008.03.25 17:58:16 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2008.03.25 17:19:31 | 000,000,552 | ---- | C] () -- C:\Users\***\AppData\Local\d3d8caps.dat [2008.03.25 17:14:28 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2007.06.01 11:58:40 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll [2007.04.17 10:44:28 | 000,266,240 | ---- | C] () -- C:\Windows\System32\EMSC.DLL [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.07.27 11:00:00 | 000,004,096 | ---- | C] () -- C:\Windows\System32\drivers\cvintdrv.sys [2005.06.10 08:46:52 | 000,049,152 | R--- | C] () -- C:\Windows\System32\FDT100.dll [1999.07.16 14:37:56 | 000,136,704 | ---- | C] () -- C:\Windows\System32\TDCTRL.dll [1998.03.11 23:15:52 | 000,025,600 | ---- | C] () -- C:\Windows\System32\CBNDLL.DLL [1998.03.11 23:00:30 | 000,015,408 | ---- | C] () -- C:\Windows\System32\CB560WIN.DLL [1997.01.29 18:53:26 | 000,240,640 | ---- | C] () -- C:\Windows\System32\NMOCOD.DLL [1997.01.15 14:33:46 | 000,009,216 | ---- | C] () -- C:\Windows\System32\CBNVDD.DLL [1996.12.19 14:37:38 | 000,103,360 | ---- | C] () -- C:\Windows\System32\S7OSC16X.DLL [1996.12.19 14:36:48 | 000,014,848 | ---- | C] () -- C:\Windows\System32\S7OSC32X.DLL [1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys < End of report > |
Themen zu Suchanfrgen werden zu Ad-seiten umgeleitet |
adware, adware.adrotator, allpurposeresults, antivirus, appdatalow, bot, browser, content.ie5, dateien, dns, explorer, fehlermeldung, flv direct player, frage, geld, google, helper, hijack.system.hidden, install.exe, installation, loudmo, malwarebytes, malwarebytes' anti-malware, microsoft, ordner, problem, seite, setup, software, suche, system32, virus, weitere vorgehensweise, werbung, wireshark |