Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Hab da anscheinend nen Trojaner^^

Hab da anscheinend nen Trojaner^^


Log-Analyse und Auswertung: Hab da anscheinend nen Trojaner^^

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 02.05.2010, 17:44   #1
Bravia
 
Hab da anscheinend nen Trojaner^^ - Standard

Hab da anscheinend nen Trojaner^^


Hey,

ich kenn mich nich so sehr mit der Materie Virus Trojaner etc. aus..
so vorab..

heute hab ich per Link im ICQ ne "Bilddatei" gesendet bekommen.. ich bin ausversehn sogar noch draufgekommen und des hat sich im internet geöffnet und gleich runtergeladen..

jetzt wo ichs gern löschen möcht, steht da, dass ich das nich kann, weil da die Berechtigung von dem anderen PC benötigt wird......

Hab mir auch so nen Prog. runtergeladen wo da anscheinend so nen protokoll vom System usw erstellt.. vielleicht könnt ihr mir sagen, wie ich des wegbekomm....



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:06, on 02.05.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Wallpaper Juggler\WallPaperJugglerM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Windows\WindowsMobile\wmdSync.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
D:\ICQ7.1\ICQ.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
D:\Program Files\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
D:\Program Files\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\PIC024785085726032.JPG(2).scr
C:\Windows\explorer.exe
C:\Program Files\Common Files\Symantec Shared\SecurityHistory\mcui32.exe
D:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton-Symbolleiste anzeigen - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [tray"] "C:\Program Files\CodedColor\byngo.exe /tray"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Wallpaper Juggler Monitor] "D:\Program Files\Wallpaper Juggler\WallpaperJugglerM.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ICQ] "D:\ICQ7.1\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Bluetooth Monitor.lnk = ?
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - D:\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - D:\ICQ7.1\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - hxxp://www.webtip.ch/cgi-bin/toshiba/tracker_url_de.pl?hxxp://www.ebay.de/ (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TwonkyMedia - PacketVideo - D:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 12107 bytes

Alt 03.05.2010, 14:29   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hab da anscheinend nen Trojaner^^ - Standard

Hab da anscheinend nen Trojaner^^


Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________
Alt 03.05.2010, 20:06   #3
Bravia
 
Hab da anscheinend nen Trojaner^^ - Standard

Hab da anscheinend nen Trojaner^^


OTL logfile created on: 03.05.2010 20:57:58 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = D:\
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 56,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,22 Gb Total Space | 1,24 Gb Free Space | 1,67% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 135,53 Gb Free Space | 90,93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 73,36 Gb Total Space | 68,55 Gb Free Space | 93,44% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALPHA-PC
Current User Name: Alpha
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - D:\OTL.exe (OldTimer Tools)
PRC - D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - D:\ICQ7.1\ICQ.exe (ICQ, LLC.)
PRC - D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Program Files\Winamp\winamp.exe (Nullsoft, Inc.)
PRC - D:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynToshiba.exe (Synaptics, Inc.)
PRC - C:\Windows\System32\p2phost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Protector Suite QL\upeksvr.exe (UPEK Inc.)
PRC - C:\Program Files\Protector Suite QL\psqltray.exe (UPEK Inc.)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - D:\Program Files\Wallpaper Juggler\WallPaperJugglerM.exe (Topdownloads Networks)


========== Modules (SafeList) ==========

MOD - D:\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (ServiceLayer) -- D:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (TwonkyMedia) -- D:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe (PacketVideo)
SRV - (LiveUpdate Notice) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (FirebirdServerMAGIXInstance) -- D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100502.005\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100502.005\NAVENG.SYS (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20100422.001\IDSvix86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (wgdhpfjcq) -- C:\Program Files\Mozilla Firefox\wgdhpfjcq.sys ()
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (COH_Mon) -- C:\Windows\System32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (CO_Mon) -- C:\Windows\System32\drivers\CO_Mon.sys (Symantec Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (CplIR) -- C:\Windows\system32\DRIVERS\CplIR.SYS (COMPAL ELECTRONIC INC.)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.1.3
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q="
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.18 18:51:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.04 19:36:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.18 18:51:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.04 19:36:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.18 18:51:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.04 19:36:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.18 18:51:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.04 19:36:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.18 18:51:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.04 19:36:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.18 18:51:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.04 19:36:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.18 18:51:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.04 19:36:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.18 18:51:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.04 19:36:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010.04.10 02:13:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010.04.02 21:59:46 | 000,000,000 | ---D | M]

[2008.09.03 14:01:49 | 000,000,000 | ---D | M] -- C:\Users\Alpha\AppData\Roaming\mozilla\Extensions
[2010.05.03 19:04:15 | 000,000,000 | ---D | M] -- C:\Users\Alpha\AppData\Roaming\mozilla\Firefox\Profiles\eldlk7fd.default\extensions
[2009.07.05 14:06:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alpha\AppData\Roaming\mozilla\Firefox\Profiles\eldlk7fd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.28 18:52:43 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Alpha\AppData\Roaming\mozilla\Firefox\Profiles\eldlk7fd.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.01.28 18:52:35 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Alpha\AppData\Roaming\mozilla\Firefox\Profiles\eldlk7fd.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010.01.02 22:07:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alpha\AppData\Roaming\mozilla\Firefox\Profiles\eldlk7fd.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.01.28 18:52:43 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Users\Alpha\AppData\Roaming\mozilla\Firefox\Profiles\eldlk7fd.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2010.02.15 18:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alpha\AppData\Roaming\mozilla\Firefox\Profiles\eldlk7fd.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.02.15 18:23:28 | 000,000,000 | ---D | M] -- C:\Users\Alpha\AppData\Roaming\mozilla\Firefox\Profiles\eldlk7fd.default\extensions\staged-xpis
[2010.04.28 16:22:15 | 000,000,950 | ---- | M] () -- C:\Users\Alpha\AppData\Roaming\Mozilla\FireFox\Profiles\eldlk7fd.default\searchplugins\icqplugin-1.xml
[2010.02.19 09:15:17 | 000,000,950 | ---- | M] () -- C:\Users\Alpha\AppData\Roaming\Mozilla\FireFox\Profiles\eldlk7fd.default\searchplugins\icqplugin-2.xml
[2010.02.03 15:37:50 | 000,000,947 | ---- | M] () -- C:\Users\Alpha\AppData\Roaming\Mozilla\FireFox\Profiles\eldlk7fd.default\searchplugins\icqplugin.xml
[2009.07.26 09:38:27 | 000,001,196 | ---- | M] () -- C:\Users\Alpha\AppData\Roaming\Mozilla\FireFox\Profiles\eldlk7fd.default\searchplugins\winamp-search.xml
[2010.02.18 13:37:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.21 12:53:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2007.08.25 05:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2009.03.25 11:42:28 | 000,114,688 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010.01.30 14:14:36 | 000,001,487 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.30 14:14:36 | 000,001,779 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\clipfish.xml
[2010.01.30 14:14:36 | 000,001,013 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\conrad.xml
[2007.07.26 14:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2010.01.30 14:14:36 | 000,002,487 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\discount24.xml
[2010.01.30 14:14:36 | 000,000,860 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\ebay-de.xml
[2009.08.18 22:24:16 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.30 14:14:36 | 000,001,047 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\musicload.xml
[2010.01.30 14:14:36 | 000,002,120 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\myvideo.xml
[2010.01.30 14:14:36 | 000,002,023 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\otto.xml
[2010.01.30 14:14:36 | 000,000,758 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\quelle.xml
[2010.01.30 14:14:36 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\telefonbuch-de.xml
[2009.09.11 16:35:10 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.08.18 22:24:16 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
[2010.01.30 14:14:36 | 000,005,375 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yodl.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton-Symbolleiste anzeigen) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton-Symbolleiste anzeigen) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe File not found
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe File not found
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe File not found
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [tray"] C:\Program Files\CodedColor\byngo.exe File not found
O4 - HKLM..\Run: [Wallpaper Juggler Monitor] D:\Program Files\Wallpaper Juggler\WallpaperJugglerM.exe (Topdownloads Networks)
O4 - HKLM..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CollaborationHost] C:\Windows\System32\p2phost.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] D:\ICQ7.1\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save YouTube Video - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - D:\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - D:\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Users\Alpha\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Alpha\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{053d4ab7-5e0c-11dd-968e-001b38aace94}\Shell - "" = AutoRun
O33 - MountPoints2\{053d4ab7-5e0c-11dd-968e-001b38aace94}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{128bd5d4-9d4a-11de-85da-001b38aace94}\Shell - "" = AutoRun
O33 - MountPoints2\{128bd5d4-9d4a-11de-85da-001b38aace94}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{60be7f77-0b39-11de-909a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{60be7f77-0b39-11de-909a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{60be7fb3-0b39-11de-909a-001b38aace94}\Shell - "" = AutoRun
O33 - MountPoints2\{60be7fb3-0b39-11de-909a-001b38aace94}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{75350a45-25d7-11de-ba7b-001b38aace94}\Shell - "" = AutoRun
O33 - MountPoints2\{75350a45-25d7-11de-ba7b-001b38aace94}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{75350a67-25d7-11de-ba7b-001b38aace94}\Shell - "" = AutoRun
O33 - MountPoints2\{75350a67-25d7-11de-ba7b-001b38aace94}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{7b13ceb0-a9cb-11de-b3ec-001b38aace94}\Shell - "" = AutoRun
O33 - MountPoints2\{7b13ceb0-a9cb-11de-b3ec-001b38aace94}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{8d69ed32-5a8c-11de-87ec-001b38aace94}\Shell - "" = AutoRun
O33 - MountPoints2\{8d69ed32-5a8c-11de-87ec-001b38aace94}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{925fd455-4904-11de-9a2f-00037ad861dc}\Shell - "" = AutoRun
O33 - MountPoints2\{925fd455-4904-11de-9a2f-00037ad861dc}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{925fd464-4904-11de-9a2f-00037ad861dc}\Shell - "" = AutoRun
O33 - MountPoints2\{925fd464-4904-11de-9a2f-00037ad861dc}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{b97e7aaf-50ec-11dd-9058-001b38aace94}\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008.01.19 09:33:29 | 000,013,312 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{cd4c641e-5975-11dd-b9b0-001b38aace94}\Shell - "" = AutoRun
O33 - MountPoints2\{cd4c641e-5975-11dd-b9b0-001b38aace94}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{cd4c6436-5975-11dd-b9b0-001b38aace94}\Shell - "" = AutoRun
O33 - MountPoints2\{cd4c6436-5975-11dd-b9b0-001b38aace94}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{e4c30d25-99c2-11dd-87db-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e4c30d25-99c2-11dd-87db-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{e4c30d66-99c2-11dd-87db-0013e8dc73c3}\Shell - "" = AutoRun
O33 - MountPoints2\{e4c30d66-99c2-11dd-87db-0013e8dc73c3}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{e4c30d6d-99c2-11dd-87db-001b38aace94}\Shell - "" = AutoRun
O33 - MountPoints2\{e4c30d6d-99c2-11dd-87db-001b38aace94}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\E\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008.01.19 09:33:29 | 000,013,312 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\H\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008.01.19 09:33:29 | 000,013,312 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.05.03 20:56:30 | 000,000,000 | ---D | C] -- C:\Users\Alpha\AppData\Roaming\Malwarebytes
[2010.05.03 20:56:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.03 20:56:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.03 20:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.04 10:59:48 | 000,000,000 | ---D | C] -- C:\Users\Alpha\Desktop\Headhunterz-Studio Session
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.03 21:02:25 | 003,932,160 | -HS- | M] () -- C:\Users\Alpha\NTUSER.DAT
[2010.05.03 20:56:13 | 000,000,616 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.03 20:54:15 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.03 20:54:15 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.03 20:37:15 | 000,000,596 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security Online - Systemprüfung ausführen - Alpha.job
[2010.05.03 18:54:18 | 000,424,077 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.05.03 18:54:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.03 16:47:55 | 000,424,077 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.05.01 11:23:59 | 001,484,683 | R--- | M] () -- C:\Users\Alpha\Desktop\10 KA Formel Michel.jpg
[2010.04.29 22:07:27 | 000,046,592 | ---- | M] () -- C:\Users\Alpha\Desktop\JÄGER.doc
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.26 12:30:27 | 000,828,232 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.26 12:30:27 | 000,387,728 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.26 12:30:27 | 000,299,796 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.26 12:30:27 | 000,091,036 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.26 12:30:27 | 000,064,326 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.26 12:25:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.10 02:14:06 | 000,000,836 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.04.10 02:13:23 | 003,123,412 | -H-- | M] () -- C:\Users\Alpha\AppData\Local\IconCache.db
[2010.04.09 10:34:53 | 000,010,173 | ---- | M] () -- C:\Users\Alpha\Desktop\Rechtschutznummer.docx
[2010.04.07 23:21:27 | 000,520,616 | ---- | M] () -- C:\Users\Alpha\Desktop\070420101154.jpg
[2010.04.07 23:20:56 | 000,560,475 | ---- | M] () -- C:\Users\Alpha\Desktop\070420101153.jpg
[2010.04.07 23:20:29 | 000,645,716 | ---- | M] () -- C:\Users\Alpha\Desktop\070420101155.jpg
[2010.04.06 22:39:24 | 000,614,421 | ---- | M] () -- C:\Users\Alpha\Desktop\060420101146.jpg
[2010.04.04 13:14:24 | 000,083,968 | ---- | M] () -- C:\Users\Alpha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.03 20:56:13 | 000,000,616 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.01 11:24:20 | 001,484,683 | R--- | C] () -- C:\Users\Alpha\Desktop\10 KA Formel Michel.jpg
[2010.04.27 21:06:31 | 000,046,592 | ---- | C] () -- C:\Users\Alpha\Desktop\JÄGER.doc
[2010.04.09 10:34:52 | 000,010,173 | ---- | C] () -- C:\Users\Alpha\Desktop\Rechtschutznummer.docx
[2010.04.07 23:21:27 | 000,520,616 | ---- | C] () -- C:\Users\Alpha\Desktop\070420101154.jpg
[2010.04.07 23:20:56 | 000,560,475 | ---- | C] () -- C:\Users\Alpha\Desktop\070420101153.jpg
[2010.04.07 23:20:29 | 000,645,716 | ---- | C] () -- C:\Users\Alpha\Desktop\070420101155.jpg
[2010.04.06 22:39:24 | 000,614,421 | ---- | C] () -- C:\Users\Alpha\Desktop\060420101146.jpg
[2009.12.28 11:28:21 | 000,049,152 | ---- | C] () -- C:\Windows\System32\TosBthSupport.dll
[2009.11.18 22:39:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll
[2009.10.14 17:35:18 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009.06.16 18:47:58 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.05.25 10:26:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.03.14 13:42:17 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssp2ml3.dll
[2008.12.30 21:10:13 | 000,000,280 | ---- | C] () -- C:\Windows\game.ini
[2008.07.24 18:30:07 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008.07.24 18:21:14 | 000,000,099 | ---- | C] () -- C:\Windows\WirelessFTP.INI
[2008.07.14 20:45:38 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2007.07.10 23:05:17 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007.07.10 23:05:17 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007.07.10 23:05:17 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007.07.10 23:05:17 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007.07.10 23:05:17 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007.07.10 23:05:17 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007.04.16 08:35:21 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.04.16 08:02:55 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007.04.16 07:26:26 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007.04.16 07:26:26 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007.04.16 07:26:26 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007.04.16 07:26:26 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007.04.16 07:23:35 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.04.16 06:38:28 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.11.23 14:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
< End of report >
__________________
Alt 03.05.2010, 20:06   #4
Bravia
 
Hab da anscheinend nen Trojaner^^ - Standard

Hab da anscheinend nen Trojaner^^


OTL Extras logfile created on: 03.05.2010 20:57:58 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = D:\
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 56,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,22 Gb Total Space | 1,24 Gb Free Space | 1,67% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 135,53 Gb Free Space | 90,93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 73,36 Gb Total Space | 68,55 Gb Free Space | 93,44% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALPHA-PC
Current User Name: Alpha
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04216337-655D-4A15-99F1-070EBA8DB8DF}" = lport=137 | protocol=17 | dir=in | app=system |
"{0C8DCF79-58CB-4FD1-A912-7AB79C876FD2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2013ADCE-A726-4D9C-A684-F2642FF36058}" = lport=2869 | protocol=6 | dir=in | app=system |
"{34989DD5-A9D0-43E1-8C3B-606AA581F7A3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{35C9FEAD-56BE-4F05-86DF-C629648CE236}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{43F7B87A-E261-468C-B8FA-BEC9F85AAAB6}" = rport=138 | protocol=17 | dir=out | app=system |
"{63295759-D268-4155-ACF1-D64CF864B2EF}" = lport=139 | protocol=6 | dir=in | app=system |
"{6AA0A6A2-FFEB-4BF2-83EF-2B08D25D5D21}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6E854251-BD15-4F72-8B3D-9C17187AB7FE}" = rport=137 | protocol=17 | dir=out | app=system |
"{754E40EF-C966-482E-9F4A-4DA286703A6B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{886C8292-9406-4BEB-861E-FB13983C9959}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8ACF1265-9A82-4763-8492-D2CCE7C79FA8}" = lport=138 | protocol=17 | dir=in | app=system |
"{98EA4355-0439-4F41-85C7-CE4EB7581775}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A605E233-015F-4DB4-9740-F13D6878AE32}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A7DEBBAC-4664-402E-919A-5CFA1439E7E0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AB12468A-9400-42EB-B5AA-C4F5B7ECA397}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{ADC23CD3-8E9C-40C0-97CE-DA3408A5BEFF}" = lport=445 | protocol=6 | dir=in | app=system |
"{BCE9CA89-B08C-48DE-991C-61CCAC20B379}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C0164A11-1C13-4356-B011-D9F835A8DBCF}" = rport=445 | protocol=6 | dir=out | app=system |
"{C5C3255A-E947-4203-B2E8-B265B23A4EBD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE4DF1F9-006B-4A9B-ABEE-8ECC8E633863}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D20336E8-E3BE-4D73-A1B5-0F2A7988C4B9}" = rport=139 | protocol=6 | dir=out | app=system |
"{D99C6241-5520-42FF-B7F6-299161464953}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09B427E1-F281-4A12-88FA-B93EF668236C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0B8D5C61-FD42-467D-B081-E8FE7F2665E6}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{0D2EC39A-BDDE-43EF-BFC9-AC2D11B7A5D9}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{0E835DB1-4B99-4A22-852F-2D29682B9D42}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{109769C0-FE06-4C88-86C1-CD99205FC770}" = protocol=17 | dir=in | app=d:\program files\nokia\nokia home media server\media server\twonkymedia.exe |
"{114E5198-C529-42DD-85F1-BC4198B766F2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{16301C5F-F321-44F9-9F90-D6A0B9703F46}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{186C8F4E-2AF0-4787-A109-C4A7B4A151A6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{19A24105-6251-431B-A871-239D5319C975}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{1A004EA0-A740-4128-9229-D9B60C9E1440}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1B483FB1-F792-4D7E-8E42-966C852B82B7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1EF2730E-A580-419B-A486-0A9D4DA856C8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{20ACAD97-3E45-4799-B786-9856EA4CF039}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{2DC9170E-A870-4275-BDEF-35F3AA443E8D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2E8D2988-FC7F-4504-AB82-32E839739683}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2EC9F55C-7E87-4D15-B413-74623562B11A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{3060C5EF-8902-44AE-9AB4-283FE2FCA894}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{323ABE08-27C3-425B-BCB6-B1FADB8E7D15}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38DE666A-68E4-42E7-83A3-EE4E4784B5ED}" = protocol=6 | dir=in | app=d:\program files\nokia\nokia home media server\media server\twonkymediaserver.exe |
"{395AA781-92D0-4ABE-8A19-7D30E0F4D223}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{423CFFE6-8557-469A-BE24-29172EBBEC08}" = protocol=17 | dir=in | app=d:\icq7.1\aolload.exe |
"{46928863-C3FD-48A3-97C6-4EAF32AA2522}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4761E43F-13B3-4997-89BF-F037B3D058E5}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{4A1FC2F0-92C0-4EE9-B976-EB18CB160BF2}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4B1AEFEB-A4ED-44AB-8F52-CC87F56ED3D3}" = protocol=17 | dir=in | app=d:\icq7.1\icq.exe |
"{4D26A2A0-AEDB-4263-AF77-382198462C44}" = protocol=6 | dir=in | app=d:\program files\nokia\nokia home media server\media server\twonkymedia.exe |
"{4F330080-9DF7-4C93-A9DF-9A1593886B06}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5121628F-2068-4259-8C80-EEB07C67063B}" = protocol=17 | dir=in | app=d:\program files\nokia\nokia home media server\media server\twonkymediaserver.exe |
"{5646218F-EB08-4A3C-BC69-158708357E37}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{69CA2A75-3367-4B92-9F30-22B9EE8DF140}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6A4BFED6-B201-4F95-82E3-809252C02D13}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6C0CA5E0-A921-424D-A61D-B501B4140F9C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6FF026B7-6EBE-4A20-AD5D-D196021833C5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{722B6A28-35AD-41C1-9D17-ED171BDFD63E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{735826CD-FD55-4D61-95DE-E952B718FED2}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{7435E061-4E23-424A-ADDB-38E00FFB7DD5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{754529FC-4AEF-49D5-A61E-A46686BD2B86}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75B6DF00-93AD-4A7F-A172-4616CE7CE777}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{75D51A14-35CD-4CEC-9FA4-978D6F505061}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{772047FC-9BD5-411C-9377-3C32D844AB92}" = protocol=6 | dir=in | app=d:\icq7.1\icq.exe |
"{77E8AEEA-D50C-4F3E-A28F-E9D23A53409D}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{7892FA0F-4D2D-4408-9F82-BE2A55F3362A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{85FCA7CC-971B-48D7-A15D-CA1F77FF4A25}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88A2148A-CBF5-4F0B-89B4-228A4C4D66D1}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{90822B40-9FA2-4BED-8D84-8572478C6FFC}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{935BFF6D-606F-4E71-BFA3-6C93D85A9DD9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{93C7D565-EE82-4E3C-B003-62D801571128}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{93DC8749-02AE-4FEF-BD50-C44F9B3A13B5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{93E8AF05-7A3F-4895-B4D3-CFCB646B91DB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{94C67AD2-19F5-4BB7-B6FB-68C45816837C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9563B3CB-9E52-4FFD-82EF-DAA12B602B15}" = protocol=17 | dir=in | app=d:\icq7.1\aolload.exe |
"{959904B6-D66B-493C-A787-3FE78B16E61F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{98DAC252-F263-4D6D-8262-B155E08A4FF5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9EC25839-F3EF-4C82-B7BF-72C1CEDB91BD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A3C73854-A69B-4A76-B542-32D5558526C9}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{A3F8E612-1C8F-4588-8DAE-82F8FEA8DEE7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A40D6FC1-42D7-40B3-B9A9-E83020D302D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A5109CC2-9F57-4E5F-8B9E-709B26A3B6A7}" = protocol=17 | dir=in | app=d:\icq7.1\icq.exe |
"{AAC41DCF-0C75-483B-A322-0FB950C4FEA2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1025D33-AD02-40DF-BCE2-15825FD2DF7A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B8AEF49A-D2B2-45B6-A391-BE28BB2D7705}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B9152D3C-9EAF-419F-A061-D1B757BBA9ED}" = protocol=6 | dir=in | app=d:\icq7.1\aolload.exe |
"{B9908E9B-4901-4022-A11F-9F831B3D4A0F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C043E574-1E33-4A20-B79B-48368D2367B6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C3725B06-804D-4328-846F-33C67558282A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C83F662F-F90D-430A-B67A-3F79436F83E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C950F36D-2688-4BF8-8E56-B23C86C15436}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{CE7D0D29-360B-4D9F-992E-B794F831067F}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{D61226D6-5A09-4879-A3A9-276B669A6078}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D6EFFB30-CDDF-44E8-801E-E83E80F7AC9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DBD7CE67-7F86-4834-9640-D06841E4F422}" = protocol=6 | dir=out | app=system |
"{DE3B4DA4-3A19-4005-BF64-45DD7DE72588}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DF3E00FD-49FC-4424-945B-47FEA89D152A}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{E08A25D4-84D5-47ED-B02D-486A45C1D402}" = protocol=6 | dir=in | app=d:\icq7.1\icq.exe |
"{E40866B8-6188-460F-B772-4A3E4FBD2F99}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E7811C2C-E1AE-418D-9351-1A470E091519}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E9E2FB35-D43C-418D-BF28-F0609B2CECDC}" = protocol=6 | dir=in | app=d:\icq7.1\aolload.exe |
"{EB30441B-4191-4385-8F6E-F9EC74B9CFE5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EC0067DD-BD45-4640-9067-57E02AEDB8B6}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{EDD44646-15EB-48D9-8348-04B516290FD6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{F1C81C0C-8699-47A5-8DA8-71046037FDDC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F565AA3D-BBA9-4FC6-A22C-FF816BB15EC3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F7947262-4DF2-425A-AC4F-D35C5063FB2D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FA9C5E38-15F0-432D-B493-BE96C5E739EE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FB3137B7-9802-4A0A-8D83-DB81D498ED03}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{FBACCF57-937B-4D2F-BBB5-FEC4B688CEC3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{6BD53795-2B57-411A-820C-A297375F6086}D:\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\icq6.5\icq.exe |
"TCP Query User{93CEFD1A-C485-4DB0-9F63-F45ACEA4A89F}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{16A43DD4-50E8-4232-83CE-42405AC1EDC4}D:\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\icq6.5\icq.exe |
"UDP Query User{9BBCC0F5-F8E9-40BB-A9C5-4E78B9335E0C}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{18B5996A-643E-4176-9BEB-27C45C9F1FC3}" = Nokia Map Loader
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{2CD82D77-8D1E-44FC-9A90-BBA95AC8D6B7}" = Protector Suite QL 5.8
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}" = Norton Internet Security
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{389BE10D-555B-495B-A83E-E3D94B66D26A}" = CDRWIN 7
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42B74521-4706-412A-9A27-AED12B83E886}" = Nokia Ovi Application Installer
"{4AE48A64-6C6A-4E5A-95FA-55F5131DECF9}" = Nokia Ovi One Touch Access
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4F77F6EE-2C99-49F7-940A-2E9C208C3BE1}" = Paint.NET v3.5.2
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}" = Windows Live Family Safety
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{61539202-097E-487E-9237-B291AB56D54C}" = Bluetooth Monitor 3
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}" = Nokia Ovi Content Copier
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72D25670-523F-43D0-A1CB-BC239F15245F}" = PC SpeedScan Pro
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A248CB75-1B6D-407B-B2AC-82A8A349B2D8}" = SymNet
"{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B5264B25-8908-49BB-A708-5A70DFBF8094}" = Nokia Ovi Suite
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{BEC99D86-1D70-4AB8-8D15-E116392F9B7D}" = Nokia Music
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFE77A35-18B1-423B-99AF-9ED341A675F0}" = Symantec Real Time Storage Protection Component
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D3656CE3-0F62-447F-AEF3-9BF29B6197D9}" = Nokia Photos
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E5145D2D-793B-4A16-BA42-3F13EEAA7D5E}" = iTunes
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F5A3D2C9-22CF-489B-8B01-F7159D1A7412}" = Nokia Home Media Server
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF34EA62-92C1-41E6-BA64-B2B7ECB53737}" = Nokia Ovi System Utilities
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Cossacks : The Art Of War" = Cossacks - The Art Of War
"Delicious - Emilys Taste of Fame Deluxe" = Delicious - Emilys Taste of Fame Deluxe
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Dream Render 2.20_is1" = Dream Render 2.20
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Files Suite_is1" = Files Suite v1.2
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Firefox Password Recovery Master_is1" = Firefox Password Recovery Master 1.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HijackThis" = HijackThis 2.0.2
"ICQToolbar" = ICQ Toolbar
"ifolor-OrderClient21" = ifolor Designer
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"MAGIX Music Manager 2007 D" = MAGIX Music Manager 2007 8.1.1.108 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McLoad Preinstaller" = McLoad Preinstaller
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nokia Ovi Application Installer" = Nokia Ovi Application Installer 6.85.3011
"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3011
"Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3011
"Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3016
"NVIDIA Drivers" = NVIDIA Drivers
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"PunkBusterSvc" = PunkBuster Services
"Samsung ML-1640 Series" = Samsung ML-1640 Series
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security Online (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Wallpaper Juggler 2.2" = Wallpaper Juggler 2.2
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Alt 03.05.2010, 20:19   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hab da anscheinend nen Trojaner^^ - Standard

Hab da anscheinend nen Trojaner^^


Du solltest eigentlich zuerst den Vollscan mit Malwarebytes machen...

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.05.2010, 21:01   #6
Bravia
 
Hab da anscheinend nen Trojaner^^ - Standard

Hab da anscheinend nen Trojaner^^


jo des dauert aber noch bissle^^ denk, dass ich des erst morgen reinstellen kann weil ich jetzt eig ins bett müsst.. wegen prüfungen morgen usw

Alt 04.05.2010, 10:58   #7
Bravia
 
Hab da anscheinend nen Trojaner^^ - Standard

Hab da anscheinend nen Trojaner^^


so jetzt hab ich auch des maleware..

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

04.05.2010 11:57:51
mbam-log-2010-05-04 (11-57-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Durchsuchte Objekte: 260452
Laufzeit: 1 Stunde(n), 46 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.Ascentive) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.Ascentive) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\System32\SysRestore.dll (Rogue.Ascentive) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Alpha\Desktop\USB\USB\3GP_Converter034\Setup.exe (Trojan.Downloader) -> No action taken.
C:\Windows\System32\SysRestore.dll (Rogue.Ascentive) -> No action taken.
C:\Program Files\Mozilla Firefox\wgdhpfjcq.sys (Rootkit.Agent) -> No action taken.
C:\Program Files\Mozilla Firefox\Shadow.sys (Rootkit.Agent) -> No action taken.

Alt 04.05.2010, 11:23   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hab da anscheinend nen Trojaner^^ - Standard

Hab da anscheinend nen Trojaner^^


Zitat:
Datenbank Version: 4052
Du hast Malwarebytes nicht aktualisiert.
  1. MBAM-Signaturen (Datenbank-Version) updaten!!!
  2. neuen Vollscan machen und Log posten
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.05.2010, 14:19   #9
Bravia
 
Hab da anscheinend nen Trojaner^^ - Standard

Hab da anscheinend nen Trojaner^^


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4064

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

04.05.2010 15:17:39
mbam-log-2010-05-04 (15-17-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Durchsuchte Objekte: 260779
Laufzeit: 1 Stunde(n), 36 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\Mozilla Firefox\wgdhpfjcq.sys (Rootkit.Agent) -> No action taken.
C:\Program Files\Mozilla Firefox\Shadow.sys (Rootkit.Agent) -> No action taken.

Alt 04.05.2010, 15:02   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hab da anscheinend nen Trojaner^^ - Standard

Hab da anscheinend nen Trojaner^^


Funde entfernt?


Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
DRV - (wgdhpfjcq) -- C:\Program Files\Mozilla Firefox\wgdhpfjcq.sys ()
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q="
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton-Symbolleiste anzeigen) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton-Symbolleiste anzeigen) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [tray"] C:\Program Files\CodedColor\byngo.exe File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.05.2010, 17:59   #11
Bravia
 
Hab da anscheinend nen Trojaner^^ - Standard

Hab da anscheinend nen Trojaner^^


Habs gemacht.. nach dem Neustart kam dann so nen fehlerfenster .. un da stand was von acceptfehler glaub ich..

Alt 04.05.2010, 20:32   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hab da anscheinend nen Trojaner^^ - Standard

Hab da anscheinend nen Trojaner^^


Hilft mir so nicht weiter. Na, dann mach mal nen Durchgang mit CF:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.05.2010, 10:38   #13
Bravia
 
Hab da anscheinend nen Trojaner^^ - Standard

Hab da anscheinend nen Trojaner^^


ey so langsam ranzt mich der scheiß an man.. wenn des ned bald klappt installier ich die ganze scheiße hie nochmal neu... boa...

jetzt kommt so ne kackmeldung von wegen...... die folgenden seiten sind in keinster weise mit combofix verbunden:

www.combofix.org , chombofixdownload.com..
Miniaturansicht angehängter Grafiken
Hab da anscheinend nen Trojaner^^-unbenannt.jpg  

Alt 05.05.2010, 10:45   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Hab da anscheinend nen Trojaner^^ - Standard

Hab da anscheinend nen Trojaner^^


Deine Fäkalsprache hilft da auch nicht weiter. Lies den Disclaimer und akzeptiere ihn. Stand auch alles in meinem Posting drin, was da auf Dich zukommt aber lesen musst Du es schon.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Hab da anscheinend nen Trojaner^^
adobe, agere systems, bho, browser, converter, dll, ebay, explorer, firefox, hijack, hijackthis, internet, internet explorer, intrusion prevention, magix, monitor, mozilla, mp3, nvidia, performance, plug-in, programdata, rundll, saver, software, symantec, system, trojaner, virus, vista, windows


« TR/Crypt.ZPACK.Gen ?!? | Infiziert? »


Ähnliche Themen: Hab da anscheinend nen Trojaner^^


  1. Zeus Bot anscheinend auf PC// Brief von Telekom
    Plagegeister aller Art und deren Bekämpfung - 10.06.2015 (21)
  2. (Anscheinend) Nicht entfernbarer Virus
    Plagegeister aller Art und deren Bekämpfung - 04.03.2015 (15)
  3. Anscheinend Trojaner auf Windows 7/64 bit
    Plagegeister aller Art und deren Bekämpfung - 19.10.2014 (11)
  4. Bundespolizei Trojaner - anscheinend neueste Version - kein abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 31.07.2013 (7)
  5. GVU Trojaner, Windows neu aufgesetzt, anscheinend nicht ausreichend
    Plagegeister aller Art und deren Bekämpfung - 19.05.2013 (11)
  6. Bitte um Hilfe beim GVU -Trojaner der anscheinend nen Rattenschwanz zum Vorschein bringt.
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (6)
  7. Bundes-/GVU-Trojaner, anscheinend neueste Version, nix geht mehr (win7)
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (2)
  8. Malware die anscheinend nicht wegzukriegen ist
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (15)
  9. Anscheinend Bundespolizei-Trojaner auf Rechner meines Freundes
    Plagegeister aller Art und deren Bekämpfung - 24.07.2012 (2)
  10. Anscheinend mit Trojaner von Facebook infiziert
    Log-Analyse und Auswertung - 24.10.2011 (25)
  11. Alter HP Laptop von Trojaner befallen und Neuformatierung anscheinend nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 31.10.2010 (18)
  12. onlinebanking gesperrt da anscheinend trojaner auf pc?
    Antiviren-, Firewall- und andere Schutzprogramme - 14.10.2010 (4)
  13. Anscheinend wider ein Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.06.2010 (7)
  14. Dropper.Gen und anscheinend Sasser
    Log-Analyse und Auswertung - 08.06.2010 (13)
  15. autorun.inf - boot.com - anscheinend trojaner
    Log-Analyse und Auswertung - 01.02.2009 (2)
  16. anscheinend trojaner
    Plagegeister aller Art und deren Bekämpfung - 30.01.2008 (6)
  17. ich hab anscheinend einen trojaner! kann jemand helfen?
    Log-Analyse und Auswertung - 13.09.2005 (14)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Hab da anscheinend nen Trojaner^^ - Hey, ich kenn mich nich so sehr mit der Materie Virus Trojaner etc. aus.. so vorab.. heute hab ich per Link im ICQ ne "Bilddatei" gesendet bekommen.. ich bin ausversehn - Hab da anscheinend nen Trojaner^^...
Archiv
Du betrachtest: Hab da anscheinend nen Trojaner^^ auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55