| |
| |||||||
Log-Analyse und Auswertung: Schädling weiß net wie ich ihn loswerdeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.08.2010, 22:45
| #1 |
| |  Schädling weiß net wie ich ihn loswerde Hallo, Ich habe einen schädling oder mehrere Trojaner. Habe diese schon mit Netlimiter gefunden und geblockt allerdings wie bekomme ich sie jetzt weg? Netlimiter sagt die Pfade der Anwendungen wo ich mir sicher bin das es die Trojaner sind, sind: c:\dokumente und einstellungen\chef\lokale einstellungen\temp\rar$ex01.659\pokerbot - the don of nyc\pokerbot 1.0.exe c:\dokumente und einstellungen\chef\desktop\pokerbot - the don of nyc\pokerbot 1.0.exe c:\dokumente und einstellungen\chef\lokale einstellungen\temp\rar$ex00.663\wordmixbot swift.exe c:\dokumente und einstellungen\chef\lokale einstellungen\temp\rar$ex00.783\wordmixbot swift.exe Allerdings finde ich die datein dort net  So nun noch nen HijackThis file: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:36:30, on 04.08.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17055) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe c:\Programme\Microsoft Security Essentials\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\System32\svchost.exe C:\Programme\NetLimiter 3\nlsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Programme\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programme\Analog Devices\SoundMAX\Smax4.exe C:\Programme\Toshiba\Tvs\TvsTray.exe C:\WINDOWS\AGRSMMSG.exe C:\Programme\Toshiba\Toshiba Applet\thotkey.exe C:\WINDOWS\system32\TPSMain.exe C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\TPSBattM.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\WINDOWS\vVX1000.exe C:\Programme\T-Mobile\web'n'walk Manager\DataCardMonitor.exe C:\Programme\Microsoft Security Essentials\msseces.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Programme\NetLimiter 3\NLClientApp.exe C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe C:\Programme\Mozilla Firefox\plugin-container.exe C:\Dokumente und Einstellungen\Chef\Eigene Dateien\Downloads\FxSpL2Me.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\Chef\Eigene Dateien\Downloads\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll R3 - URLSearchHook: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll F2 - REG:system.ini: Shell=Explorer.exe O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [Tvs] C:\Programme\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [THotkey] C:\Programme\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe O4 - HKLM\..\Run: [PadTouch] C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [EPGServiceTool] C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DataCardMonitor] C:\Programme\T-Mobile\web'n'walk Manager\DataCardMonitor.exe O4 - HKLM\..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_silver_Bild_de\TrayServer.exe O4 - HKLM\..\Run: [MSSE] "c:\Programme\Microsoft Security Essentials\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [help] C:\WINDOWS\system32\help32.exe O4 - HKLM\..\Run: [fun] C:\WINDOWS\system32\fun.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Programme\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [AdobeUpdater] "C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe" O4 - HKCU\..\Run: [NetLimiter] C:\Programme\NetLimiter 3\NLClientApp.exe /tray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: AutoStart IR.lnk = C:\Programme\WinTV\Ir.exe O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Icq 5.1\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Icq 5.1\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: eBay - {E419F90C-9E2E-40C4-B970-B297298E45A7} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Imapi Helper - Alex Feinman - C:\Programme\Alex Feinman\ISO Recorder\ImapiHelper.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: NetLimiter 3 Service (nlsvc) - Locktime Software - C:\Programme\NetLimiter 3\nlsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Programme\WinPcap\rpcapd.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programme\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- End of file - 13458 bytes |
|
04.08.2010, 23:13
| #2 |
| /// Malwareteam   | Schädling weiß net wie ich ihn loswerde Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite bitte folgendes ab. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Bitte lasse die Dateien aus der Code-Box bei Virustotal überprüfen Code:
ATTFilter C:\WINDOWS\system32\help32.exe
C:\WINDOWS\system32\fun.exe
Schritt 2 Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
Schritt 3 Rootkit-Suche mit Gmer Was sind Rootkits? Wichtig: Bei jedem Rootkit-Scans soll/en:
Lade Dir Gmer von dieser Seite herunter (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Nun das Logfile in Code-Tags posten. |
|
04.08.2010, 23:19
| #3 |
| | Schädling weiß net wie ich ihn loswerde schonmal danke werde nurn mal anfangen.
__________________2 Kurze entwarnungen kann ich schon geben  Die beiden tools sind zu 100% unbedenklich da ich sie selbst geschrieben hab C:\WINDOWS\system32\help32.exe C:\WINDOWS\system32\fun.exe OTL Log Code:
ATTFilter OTL logfile created on: 05.08.2010 00:21:42 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Chef\Eigene Dateien\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 292,00 Mb Available Physical Memory | 29,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 74,53 Gb Total Space | 5,02 Gb Free Space | 6,74% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NOTEBOOK Current User Name: Chef Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Chef\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - C:\Programme\NetLimiter 3\NLClientApp.exe (Locktime Software) PRC - C:\Programme\NetLimiter 3\nlsvc.exe (Locktime Software) PRC - c:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\T-Mobile\web'n'walk Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\WINDOWS\vVX1000.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) PRC - C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\WinTV\EPG Services\System\EPGService.exe (Hauppauge Computer Works) PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB) PRC - C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe (Teleca AB) PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation) PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA) PRC - C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.) PRC - C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA) PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\Programme\Analog Devices\SoundMAX\SMax4.exe (Analog Devices, Inc.) PRC - C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) PRC - C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) PRC - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Chef\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (Akamai) -- c:\Programme\Gemeinsame Dateien\Akamai\rswin_3725.dll () SRV - (nlsvc) -- C:\Programme\NetLimiter 3\nlsvc.exe (Locktime Software) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) SRV - (EPGService) -- C:\Programme\WinTV\EPG Services\System\EPGService.exe (Hauppauge Computer Works) SRV - (HauppaugeTVServer) -- C:\Programme\WinTV\HCWTVServer.exe (Hauppauge Computer Works) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) SRV - (Imapi Helper) -- C:\Programme\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (TAPPSRV) -- C:\Programme\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.) SRV - (CFSvcs) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (SoundMAX Agent Service (default)) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.) ========== Driver Services (SafeList) ========== DRV - (VBoxDrv) -- C:\WINDOWS\System32\VBoxDrv.sys File not found DRV - (GEARAspiWDM) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys File not found DRV - (nltdi) -- C:\Programme\NetLimiter 3\nltdi.sys (Locktime Software) DRV - (NLNdisPT) -- C:\WINDOWS\system32\drivers\nlndis.sys (Locktime Software) DRV - (NLNdisMP) -- C:\WINDOWS\system32\drivers\nlndis.sys (Locktime Software) DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation) DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc) DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (nocashio) -- C:\WINDOWS\system32\drivers\nocashio.sys () DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (VClone) -- C:\WINDOWS\system32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (VX1000) -- C:\WINDOWS\system32\drivers\VX1000.sys (Microsoft Corporation) DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (hcw95rc) -- C:\WINDOWS\system32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.) DRV - (hcw95bda) -- C:\WINDOWS\system32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.) DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (tcpipBM) -- C:\WINDOWS\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (ManyCam) -- C:\WINDOWS\system32\drivers\ManyCam.sys (ManyCam LLC.) DRV - (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM) -- C:\WINDOWS\system32\drivers\s3017unic.sys (MCCI Corporation) DRV - (s3017obex) -- C:\WINDOWS\system32\drivers\s3017obex.sys (MCCI Corporation) DRV - (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s3017mgmt.sys (MCCI Corporation) DRV - (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS) -- C:\WINDOWS\system32\drivers\s3017nd5.sys (MCCI Corporation) DRV - (s3017mdm) -- C:\WINDOWS\system32\drivers\s3017mdm.sys (MCCI Corporation) DRV - (s3017mdfl) -- C:\WINDOWS\system32\drivers\s3017mdfl.sys (MCCI Corporation) DRV - (s3017bus) Sony Ericsson Device 3017 driver (WDM) -- C:\WINDOWS\system32\drivers\s3017bus.sys (MCCI Corporation) DRV - (ISODrive) -- C:\Dokumente und Einstellungen\Chef\Eigene Dateien\ICQ\321018787\ReceivedFiles\792063 792063\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.) DRV - (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) -- C:\WINDOWS\system32\drivers\s116unic.sys (MCCI Corporation) DRV - (s116obex) -- C:\WINDOWS\system32\drivers\s116obex.sys (MCCI Corporation) DRV - (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) -- C:\WINDOWS\system32\drivers\s116nd5.sys (MCCI Corporation) DRV - (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s116mgmt.sys (MCCI Corporation) DRV - (s116mdm) -- C:\WINDOWS\system32\drivers\s116mdm.sys (MCCI Corporation) DRV - (s116mdfl) -- C:\WINDOWS\system32\drivers\s116mdfl.sys (MCCI Corporation) DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\WINDOWS\system32\drivers\s116bus.sys (MCCI Corporation) DRV - (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) -- C:\WINDOWS\system32\drivers\se27unic.sys (MCCI) DRV - (SE27obex) -- C:\WINDOWS\system32\drivers\SE27obex.sys (MCCI) DRV - (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) -- C:\WINDOWS\system32\drivers\se27nd5.sys (MCCI) DRV - (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\SE27mgmt.sys (MCCI) DRV - (SE27mdm) -- C:\WINDOWS\system32\drivers\SE27mdm.sys (MCCI) DRV - (SE27mdfl) -- C:\WINDOWS\system32\drivers\SE27mdfl.sys (MCCI) DRV - (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\SE27bus.sys (MCCI) DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation) DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell) DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments) DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions) DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions) DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions) DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions) DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions) DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions) DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions) DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions) DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions) DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions) DRV - (TVALD) -- C:\WINDOWS\system32\drivers\NBSMI.sys (Toshiba Corporation) DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions) DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions) DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions) DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMSC) DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\Tosrfec.sys (TOSHIBA Corporation) DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://google.icq.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.) IE - HKCU\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://my.autoitbot.de/" FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3 FF - prefs.js..extensions.enabledItems: mozrepl@hyperstruct.net:1.0.0.2009122217 FF - prefs.js..extensions.enabledItems: {2468bed5-58f0-43e3-8b35-b49f233a799e}:2.7.1.3 FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q=" FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 9666 FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "data:text/plain,keyword.URL=hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.03 03:21:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.24 18:55:37 | 000,000,000 | ---D | M] [2008.12.30 15:06:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Mozilla\Extensions [2010.08.03 13:32:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Mozilla\Firefox\Profiles\dw0elsqg.default\extensions [2009.08.29 18:45:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Mozilla\Firefox\Profiles\dw0elsqg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.07.25 14:05:09 | 000,000,000 | ---D | M] (Grepolis Ultra Toolbar) -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Mozilla\Firefox\Profiles\dw0elsqg.default\extensions\{2468bed5-58f0-43e3-8b35-b49f233a799e} [2010.05.19 20:41:06 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Mozilla\Firefox\Profiles\dw0elsqg.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2010.06.23 13:47:45 | 000,000,000 | ---D | M] (Web Developer) -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Mozilla\Firefox\Profiles\dw0elsqg.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2010.07.25 13:19:47 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Mozilla\Firefox\Profiles\dw0elsqg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.06.23 14:21:24 | 000,000,000 | ---D | M] (FoxTab) -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Mozilla\Firefox\Profiles\dw0elsqg.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2009.06.14 20:34:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Mozilla\Firefox\Profiles\dw0elsqg.default\extensions\battlefieldheroespatcher@ea.com [2010.07.05 16:10:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Mozilla\Firefox\Profiles\dw0elsqg.default\extensions\mozrepl@hyperstruct.net [2010.04.24 19:17:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Mozilla\Firefox\Profiles\dw0elsqg.default\extensions\vlcplugin@radicalsoft.com [2010.07.25 22:53:09 | 000,001,819 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Mozilla\Firefox\Profiles\dw0elsqg.default\searchplugins\bing.xml [2009.03.25 11:49:34 | 000,000,882 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Mozilla\Firefox\Profiles\dw0elsqg.default\searchplugins\conduit.xml [2009.11.16 15:43:34 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Mozilla\Firefox\Profiles\dw0elsqg.default\searchplugins\sweetim.xml [2010.08.04 13:40:58 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2008.05.19 14:57:00 | 002,641,920 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npRACtrl.dll [2006.08.09 12:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npWebLaunch.dll [2008.02.28 14:30:00 | 000,008,784 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\ractrlkeyhook.dll [2008.02.28 14:33:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\unicows.dll [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 15:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.) O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - No CLSID value found. O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll (ICQ Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [CFSServ.exe] File not found O4 - HKLM..\Run: [DataCardMonitor] C:\Programme\T-Mobile\web'n'walk Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [EPGServiceTool] C:\Programme\WinTV\EPG Services\System\EPGClient.exe (Hauppauge Inc.) O4 - HKLM..\Run: [fun] C:\WINDOWS\system32\fun.exe () O4 - HKLM..\Run: [help] C:\WINDOWS\system32\help32.exe () O4 - HKLM..\Run: [MSSE] c:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [PadTouch] C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA) O4 - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () O4 - HKLM..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TFncKy] File not found O4 - HKLM..\Run: [THotkey] C:\Programme\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA) O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_silver_Bild_de\Trayserver.exe (MAGIX AG) O4 - HKLM..\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [VirtualCloneDrive] C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [AdobeUpdater] C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [Konni Symbol Autostart] File not found O4 - HKCU..\Run: [NetLimiter] C:\Programme\NetLimiter 3\NLClientApp.exe (Locktime Software) O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoStart IR.lnk = C:\Programme\WinTV\Ir.exe (Hauppauge Computer Works) O4 - Startup: C:\Dokumente und Einstellungen\Chef\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Icq 5.1\ICQLite.exe (ICQ Ltd.) O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Icq 5.1\ICQLite.exe (ICQ Ltd.) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Chef\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Chef\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.01.22 10:53:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{34a63f10-26cd-11df-af35-0013ce2864fd}\Shell - "" = AutoRun O33 - MountPoints2\{34a63f10-26cd-11df-af35-0013ce2864fd}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{34a63f10-26cd-11df-af35-0013ce2864fd}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{58dd624a-75ec-11de-b811-0013ce2864fd}\Shell - "" = AutoRun O33 - MountPoints2\{58dd624a-75ec-11de-b811-0013ce2864fd}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{58dd624a-75ec-11de-b811-0013ce2864fd}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{58dd624c-75ec-11de-b811-0013ce2864fd}\Shell - "" = AutoRun O33 - MountPoints2\{58dd624c-75ec-11de-b811-0013ce2864fd}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{58dd624c-75ec-11de-b811-0013ce2864fd}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{d23c3301-35c7-11de-b7f8-0013ce2864fd}\Shell\Auto\command - "" = ulqlpfjsw.exe O33 - MountPoints2\{d23c3301-35c7-11de-b7f8-0013ce2864fd}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ef0da429-7f9e-11df-af56-ff428e29241d}\Shell - "" = AutoRun O33 - MountPoints2\{ef0da429-7f9e-11df-af56-ff428e29241d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ef0da429-7f9e-11df-af56-ff428e29241d}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found O33 - MountPoints2\{f686a572-03ed-11dd-b6ee-0013ce52e863}\Shell - "" = AutoRun O33 - MountPoints2\{f686a572-03ed-11dd-b6ee-0013ce52e863}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f686a572-03ed-11dd-b6ee-0013ce52e863}\Shell\AutoRun\command - "" = E:\pushinst.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.04 23:54:54 | 000,000,000 | ---D | C] -- C:\Programme\Trojancheck 6 [2010.08.04 23:04:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chef\Eigene Dateien\Simply Super Software [2010.08.04 22:57:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\TrojanHunter [2010.08.04 22:48:50 | 000,000,000 | ---D | C] -- C:\Programme\TrojanHunter 5.3 [2010.08.03 03:19:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chef\Desktop\HTML Projekt Lucas,Mathis, Eric,Burak,Robert,Lukas [2010.07.31 02:00:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chef\Lokale Einstellungen\Anwendungsdaten\Locktime [2010.07.31 01:54:47 | 000,000,000 | ---D | C] -- C:\Programme\NetLimiter 3 [2010.07.31 00:57:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Locktime [2010.07.31 00:55:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Locktime [2010.07.30 02:45:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chef\Desktop\Poker Institut HandOdds [2010.07.29 15:24:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Mozilla-Cache [2010.07.26 14:01:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Skype [2010.07.26 13:54:22 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [2010.07.26 13:54:14 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2010.07.25 21:28:13 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft [2010.07.25 21:27:21 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live [2010.07.25 09:36:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chef\Lokale Einstellungen\Anwendungsdaten\PCHealth [2010.07.25 09:36:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\PCHealth [2010.07.23 00:30:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Wireshark [2010.07.22 00:44:22 | 000,000,000 | ---D | C] -- C:\Programme\thriXXX [2010.07.19 11:53:53 | 000,000,000 | ---D | C] -- C:\Oxin's Style! [2010.07.16 14:31:51 | 000,000,000 | ---D | C] -- C:\games [2010.07.14 16:12:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chef\Desktop\koda [2010.07.14 13:47:13 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [2010.07.08 14:12:49 | 000,000,000 | ---D | C] -- C:\Programme\ICQ Status Checker [2010.07.07 15:33:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Chef\Desktop\new [2005.01.22 14:56:39 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.05 00:01:01 | 000,000,224 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2010.08.04 23:22:06 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2010.08.04 23:16:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.04 23:16:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.04 23:16:19 | 1073,201,152 | -HS- | M] () -- C:\hiberfil.sys [2010.08.04 23:14:52 | 008,388,608 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\ntuser.dat [2010.08.04 23:14:52 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Chef\ntuser.ini [2010.08.04 22:49:32 | 000,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll [2010.08.03 23:11:03 | 000,001,353 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\SciTE.session [2010.08.03 23:10:25 | 000,043,229 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Desktop\tttt.au3 [2010.08.02 15:41:19 | 000,001,247 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Desktop\ttttk.au3 [2010.07.29 15:57:03 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.07.27 08:29:42 | 008,503,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll [2010.07.26 22:07:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.07.25 21:39:02 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.07.25 21:31:07 | 000,000,592 | ---- | M] () -- C:\WINDOWS\win.ini [2010.07.25 21:31:07 | 000,000,311 | RHS- | M] () -- C:\boot.ini [2010.07.25 21:31:07 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.07.25 17:49:41 | 000,000,152 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Desktop\config.ini [2010.07.25 15:20:36 | 000,061,200 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Desktop\knuddels.jpg [2010.07.25 15:20:36 | 000,025,971 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\.recently-used.xbel [2010.07.22 20:36:46 | 000,011,588 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\gsview32.ini [2010.07.20 11:39:23 | 001,335,130 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Eigene Dateien\subway2.pdf [2010.07.18 22:00:15 | 000,419,655 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Eigene Dateien\langeweile.exe [2010.07.18 21:59:32 | 000,002,028 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Eigene Dateien\ttttt.au3 [2010.07.16 14:31:54 | 000,000,639 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Desktop\Icy Tower.lnk [2010.07.15 21:14:16 | 000,000,000 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\khx [2010.07.15 17:52:04 | 001,069,904 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.07.15 17:52:04 | 000,459,396 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.07.15 17:52:04 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.07.15 17:52:04 | 000,084,722 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.07.15 17:52:04 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.07.15 12:19:05 | 000,017,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Desktop\220px-Lorenzo_Costa_001.jpg [2010.07.14 22:58:53 | 000,030,043 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Desktop\dj.au3 [2010.07.14 22:58:08 | 000,435,221 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Desktop\dj.exe [2010.07.14 13:05:44 | 000,000,110 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Desktop\userdata.ini [2010.07.14 13:03:45 | 000,006,101 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Desktop\test.au3 [2010.07.14 12:54:06 | 001,282,584 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Desktop\Pokerbot 1.0.exe [2010.07.11 19:11:23 | 000,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini [2010.07.09 18:58:50 | 000,001,572 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Desktop\x.JPG [2010.07.09 18:56:45 | 000,009,727 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Desktop\tictic.au3 [2010.07.09 15:07:25 | 000,001,858 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Desktop\tt.JPG [2010.07.08 13:43:40 | 000,011,728 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Eigene Dateien\Trainingstabelle.ods [2010.07.07 19:36:12 | 000,024,290 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Desktop\Plan.pdf [2010.07.07 16:08:18 | 000,011,956 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Desktop\login.JPG [2010.07.06 17:22:22 | 000,223,787 | ---- | M] () -- C:\Dokumente und Einstellungen\Chef\Desktop\button.JPG [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.05 00:14:03 | 001,282,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Desktop\Pokerbot 1.0.exe [2010.08.04 22:48:52 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll [2010.07.25 17:28:37 | 000,000,152 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Desktop\config.ini [2010.07.25 15:20:36 | 000,061,200 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Desktop\knuddels.jpg [2010.07.25 15:20:36 | 000,025,971 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\.recently-used.xbel [2010.07.25 10:00:32 | 000,001,247 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Desktop\ttttk.au3 [2010.07.23 14:50:40 | 000,043,229 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Desktop\tttt.au3 [2010.07.20 11:39:22 | 001,335,130 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Eigene Dateien\subway2.pdf [2010.07.18 21:56:27 | 000,419,655 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Eigene Dateien\langeweile.exe [2010.07.18 20:54:38 | 000,002,028 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Eigene Dateien\ttttt.au3 [2010.07.16 14:31:54 | 000,000,639 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Desktop\Icy Tower.lnk [2010.07.15 21:14:16 | 000,000,000 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\khx [2010.07.15 12:19:02 | 000,017,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Desktop\220px-Lorenzo_Costa_001.jpg [2010.07.14 22:58:03 | 000,435,221 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Desktop\dj.exe [2010.07.14 22:32:02 | 000,030,043 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Desktop\dj.au3 [2010.07.09 18:58:50 | 000,001,572 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Desktop\x.JPG [2010.07.09 15:07:25 | 000,001,858 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Desktop\tt.JPG [2010.07.09 15:06:42 | 000,009,727 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Desktop\tictic.au3 [2010.07.08 13:43:39 | 000,011,728 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Eigene Dateien\Trainingstabelle.ods [2010.07.07 19:36:09 | 000,024,290 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Desktop\Plan.pdf [2010.07.07 18:00:53 | 000,000,110 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Desktop\userdata.ini [2010.07.07 16:08:18 | 000,011,956 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Desktop\login.JPG [2010.07.06 17:41:06 | 000,006,101 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Desktop\test.au3 [2010.07.06 17:22:21 | 000,223,787 | ---- | C] () -- C:\Dokumente und Einstellungen\Chef\Desktop\button.JPG [2010.07.04 16:59:14 | 000,000,311 | ---- | C] () -- C:\WINDOWS\game.ini [2010.04.05 13:06:54 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2010.04.05 13:06:35 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2009.12.08 12:35:57 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll [2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2009.08.22 22:35:39 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll [2009.08.07 01:11:02 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wwp.INI [2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2009.07.08 18:22:40 | 000,760,320 | ---- | C] () -- C:\WINDOWS\System32\kcpp.dll [2009.07.07 22:46:59 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2009.06.19 14:11:35 | 000,025,713 | ---- | C] () -- C:\WINDOWS\CSTBox.INI [2009.06.07 13:27:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll [2009.04.30 18:33:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\CamTraxAPI.dll [2009.04.19 21:39:39 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys [2009.04.10 11:44:33 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2009.04.10 09:04:09 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll [2009.01.30 20:07:19 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini [2009.01.08 20:03:49 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\wk32.dll [2009.01.08 20:03:49 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\ic32.dll [2008.12.14 12:13:33 | 000,000,077 | ---- | C] () -- C:\WINDOWS\MemoDvx.INI [2008.11.09 22:42:55 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2008.11.09 22:42:54 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2008.10.07 20:44:44 | 000,000,109 | ---- | C] () -- C:\WINDOWS\GMouse.ini [2008.09.22 14:48:39 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.07.20 00:01:28 | 000,000,048 | ---- | C] () -- C:\WINDOWS\scmate.ini [2008.06.11 19:41:54 | 000,002,086 | ---- | C] () -- C:\WINDOWS\vtplus32.ini [2008.06.11 19:41:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI [2008.06.11 19:41:19 | 000,032,135 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2008.06.11 19:41:11 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll [2008.06.11 19:40:23 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll [2008.06.11 19:39:47 | 000,006,353 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI [2008.06.11 19:38:13 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2008.06.04 20:32:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2008.05.11 20:47:16 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2008.05.11 18:47:09 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys [2008.04.23 14:59:56 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2007.08.09 12:08:04 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll [2006.05.12 09:56:38 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\RagTimeSearch.dll [2005.01.24 16:41:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005.01.24 16:33:20 | 000,000,466 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini [2005.01.24 16:28:51 | 000,006,757 | ---- | C] () -- C:\WINDOWS\TcdsASC2.ini [2005.01.24 16:22:40 | 000,000,507 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005.01.22 16:30:05 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini [2005.01.22 15:33:21 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2005.01.22 15:33:21 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2005.01.22 15:33:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2005.01.22 15:33:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2005.01.22 15:33:21 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2005.01.22 15:33:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2005.01.22 15:29:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI [2005.01.22 15:01:26 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\MousePage.dll [2005.01.22 14:56:39 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll [2005.01.22 14:44:52 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini [2005.01.22 14:44:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll [2005.01.22 14:44:52 | 000,010,163 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini [2005.01.22 14:44:52 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini [2005.01.22 14:37:00 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys [2005.01.22 14:37:00 | 000,028,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys [2005.01.22 10:56:19 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2005.01.22 10:39:35 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004.09.15 03:26:08 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2004.08.04 09:58:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2004.07.21 02:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll [2004.06.17 19:55:40 | 001,527,808 | ---- | C] () -- C:\WINDOWS\System32\TosMousePage.dll [2004.06.17 19:48:54 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\TosKeyboardPage.dll [2004.01.15 23:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll [2003.07.30 00:33:24 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll [2002.06.04 18:58:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll ========== LOP Check ========== [2009.10.15 16:23:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Armagetron [2008.07.24 00:36:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software [2009.04.04 22:38:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Laconic Software [2010.07.31 00:55:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Locktime [2010.04.05 13:09:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2008.07.28 11:36:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RagTime [2010.03.30 11:41:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM [2008.05.02 22:07:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca [2010.08.04 23:52:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.03.20 00:37:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania [2009.07.21 01:04:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2008.07.19 23:03:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\AD ON Multimedia [2009.10.15 16:24:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Armagetron [2008.11.09 22:46:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Ascaron Entertainment [2009.04.10 09:31:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Atari [2009.04.13 20:20:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\avidemux [2009.06.19 14:14:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Canon [2008.05.12 02:58:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Engelmann Media [2008.05.13 10:59:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\FFSJ [2010.04.12 21:10:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\FileZilla [2008.09.21 21:40:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\FinalBurner Video DVD [2010.04.04 21:36:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\GetRightToGo [2010.07.25 15:20:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\gtk-2.0 [2009.07.22 11:31:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\HCM Updater [2010.08.04 23:49:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\ICQ [2008.05.12 03:05:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\ICQ Toolbar [2008.12.07 23:03:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\ICQ-Tools.de [2008.12.24 14:57:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\ICQLite [2008.04.06 17:20:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\InterVideo [2010.04.24 11:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\JAM Software [2010.07.31 00:57:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Locktime [2010.04.05 13:10:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\MAGIX [2010.04.04 21:50:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\ManyCam [2008.12.07 23:01:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\McLoad [2009.04.09 16:55:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Meine Die Schlacht um Mittelerde™ II-Dateien [2008.09.08 16:26:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\MyPhoneExplorer [2010.03.18 22:27:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\OpenOffice.org [2010.03.18 22:11:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\OpenOffice.org3 [2009.11.30 22:12:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\PStill [2010.03.24 00:24:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\RagTime [2008.08.02 14:25:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Ruff-FTP [2010.04.29 14:42:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Sierra [2009.02.27 19:41:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\soul.im [2008.08.10 13:02:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Steganos [2009.11.22 14:39:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\TeamViewer [2008.05.12 03:18:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Teewars [2008.09.06 19:31:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Teeworlds [2008.05.02 22:35:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Teleca [2008.07.11 15:23:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Template [2008.07.15 13:43:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\toshiba [2010.08.04 22:57:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\TrojanHunter [2010.07.23 00:30:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Chef\Anwendungsdaten\Wireshark [2010.08.04 23:22:06 | 000,000,400 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2010.08.05 00:01:01 | 000,000,224 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:302A9871 @Alternate Data Stream - 102 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CB0AACC9 < End of report > Extras log: Code:
ATTFilter OTL Extras logfile created on: 05.08.2010 00:21:43 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Chef\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.023,00 Mb Total Physical Memory | 292,00 Mb Available Physical Memory | 29,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,53 Gb Total Space | 5,02 Gb Free Space | 6,74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NOTEBOOK
Current User Name: Chef
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Unstopcp] -- "C:\Programme\Roadkil.Net\UnstopCpy_4_2_Win2K_UP.exe" "%1" * (Roadkil.Net)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1036:TCP" = 1036:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ Library -- File not found
"C:\Programme\MultiProxy\MProxy.exe" = C:\Programme\MultiProxy\MProxy.exe:*:Enabled:MultiProxy personal proxy server -- (MishkinSoft, hxxp://www.multiproxy.org)
"C:\WINDOWS\HitFakär.exe" = C:\WINDOWS\HitFakär.exe:*:Enabled:Steam -- File not found
"C:\Programme\Acclaim Entertainment\Turok 2\Turok2MP.exe" = C:\Programme\Acclaim Entertainment\Turok 2\Turok2MP.exe:*:Enabled:Turok2MP -- ()
"C:\Programme\Veoh Networks\Veoh\VeohClient.exe" = C:\Programme\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- (Veoh Networks)
"C:\Programme\TOSHIBA\ConfigFree\CFXFER.exe" = C:\Programme\TOSHIBA\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine -- (TOSHIBA CORPORATION)
"C:\Dokumente und Einstellungen\Chef\Eigene Dateien\ICQ\321018787\ReceivedFiles\236402786 Sweet Cherry\Turok 2\Turok2MP.exe" = C:\Dokumente und Einstellungen\Chef\Eigene Dateien\ICQ\321018787\ReceivedFiles\236402786 Sweet Cherry\Turok 2\Turok2MP.exe:*:Enabled:Turok2MP -- File not found
"D:\Spiele\LittleFighter2\LF2_v1.9\lf2.exe" = D:\Spiele\LittleFighter2\LF2_v1.9\lf2.exe:*:Enabled:lf2 -- File not found
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Ruff-Tech\Ruff-FTP\ftpsck.exe" = C:\Programme\Ruff-Tech\Ruff-FTP\ftpsck.exe:*:Enabled:Ftp-Client -- (Ruff-Tech)
"C:\Dokumente und Einstellungen\Chef\Eigene Dateien\ICQ\321018787\ReceivedFiles\489986273 jojo\Nightfire\Bond.exe" = C:\Dokumente und Einstellungen\Chef\Eigene Dateien\ICQ\321018787\ReceivedFiles\489986273 jojo\Nightfire\Bond.exe:*:Enabled:Bond -- File not found
"C:\Programme\EA GAMES\Battlefield 2\BF2_r.exe" = C:\Programme\EA GAMES\Battlefield 2\BF2_r.exe:*:Enabled:BF2_r -- File not found
"D:\Programme\THQ\Company of Heroes\RelicCOH.exe" = D:\Programme\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts -- File not found
"C:\Dokumente und Einstellungen\Chef\Eigene Dateien\ICQ\321018787\ReceivedFiles\489986273 jojo\Far Cry\Bin32\Editor.exe" = C:\Dokumente und Einstellungen\Chef\Eigene Dateien\ICQ\321018787\ReceivedFiles\489986273 jojo\Far Cry\Bin32\Editor.exe:*:Enabled:CryEngine Sanbdbox(tm). -- File not found
"C:\Dokumente und Einstellungen\Chef\Eigene Dateien\ICQ\321018787\ReceivedFiles\489986273 jojo\Battlefield 2\BF2.exe" = C:\Dokumente und Einstellungen\Chef\Eigene Dateien\ICQ\321018787\ReceivedFiles\489986273 jojo\Battlefield 2\BF2.exe:*:Disabled:BF2 -- File not found
"C:\Programme\EA GAMES\Battlefield 2\bf2_w32ded.exe" = C:\Programme\EA GAMES\Battlefield 2\bf2_w32ded.exe:*:Enabled:bf2_w32ded -- File not found
"C:\Programme\Tremulous\tremulous.exe" = C:\Programme\Tremulous\tremulous.exe:*:Enabled:tremulous -- ()
"C:\Programme\Electronic Arts\Battlefield 2142\crack.exe" = C:\Programme\Electronic Arts\Battlefield 2142\crack.exe:*:Enabled:crack -- ()
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"G:\Programme\EA GAMES\Battlefield 2\BF2.exe" = G:\Programme\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- File not found
"C:\Icq 5.1\ICQLite.exe" = C:\Icq 5.1\ICQLite.exe:*:Enabled:ICQ Lite -- (ICQ Ltd.)
"C:\Dokumente und Einstellungen\Chef\Eigene Dateien\ICQ\321018787\ReceivedFiles\489986273 jojo\XIII\system\XIII.exe" = C:\Dokumente und Einstellungen\Chef\Eigene Dateien\ICQ\321018787\ReceivedFiles\489986273 jojo\XIII\system\XIII.exe:*:Enabled:XIII -- File not found
"C:\Dokumente und Einstellungen\Chef\Eigene Dateien\ICQ\321018787\ReceivedFiles\489986273 jojo\XIII\system\XIIIEd.exe" = C:\Dokumente und Einstellungen\Chef\Eigene Dateien\ICQ\321018787\ReceivedFiles\489986273 jojo\XIII\system\XIIIEd.exe:*:Enabled:XIIIEd -- File not found
"C:\Dokumente und Einstellungen\Chef\Desktop\Battlefield 2\BF2.exe" = C:\Dokumente und Einstellungen\Chef\Desktop\Battlefield 2\BF2.exe:*:Enabled:BF2 -- File not found
"C:\Programme\TrackMania Nations ESWC\TmNationsESWC.exe" = C:\Programme\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC -- ()
"C:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat" = C:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat:*:Enabled:Die Schlacht um Mittelerde™ II -- File not found
"C:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\patchget.dat" = C:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\patchget.dat:*:Enabled:patchgrabber -- File not found
"C:\Programme\Microsoft LifeCam\LifeCam.exe" = C:\Programme\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Programme\Microsoft LifeCam\LifeEnC2.exe" = C:\Programme\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Programme\Microsoft LifeCam\LifeExp.exe" = C:\Programme\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Programme\Microsoft LifeCam\LifeTray.exe" = C:\Programme\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Chef\Eigene Dateien\gameboy\VisualBoyAdvance.exe" = C:\Dokumente und Einstellungen\Chef\Eigene Dateien\gameboy\VisualBoyAdvance.exe:*:Enabled:VisualBoyAdvance emulator -- File not found
"C:\Programme\EA GAMES\Battlefield 2\BF2.exe" = C:\Programme\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- File not found
"C:\Dokumente und Einstellungen\Chef\Eigene Dateien\ICQ\321018787\ReceivedFiles\489986273 jojo\Cossacks II\Data\engine.exe" = C:\Dokumente und Einstellungen\Chef\Eigene Dateien\ICQ\321018787\ReceivedFiles\489986273 jojo\Cossacks II\Data\engine.exe:*:Enabled:Cossacks 2: Napoleonic Wars -- File not found
"C:\Dokumente und Einstellungen\Chef\Eigene Dateien\ICQ\321018787\ReceivedFiles\489986273 jojo\Unreal Tournament 3 (LG)\Binaries\UT3.exe" = C:\Dokumente und Einstellungen\Chef\Eigene Dateien\ICQ\321018787\ReceivedFiles\489986273 jojo\Unreal Tournament 3 (LG)\Binaries\UT3.exe:*:Enabled:UT3 -- File not found
"C:\Dokumente und Einstellungen\Chef\Lokale Einstellungen\Temp\Rar$EX00.152\CT.exe" = C:\Dokumente und Einstellungen\Chef\Lokale Einstellungen\Temp\Rar$EX00.152\CT.exe:*:Enabled:CT (Chicken Tournament) -- File not found
"C:\Programme\Valve\hl.exe" = C:\Programme\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Dokumente und Einstellungen\Chef\Eigene Dateien\ICQ\321018787\ReceivedFiles\489986273 jojo\Far_Cry_LAN_22.08.08_Cracked_incl._coop_and_ctfmode\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe" = C:\Dokumente und Einstellungen\Chef\Eigene Dateien\ICQ\321018787\ReceivedFiles\489986273 jojo\Far_Cry_LAN_22.08.08_Cracked_incl._coop_and_ctfmode\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe:*:Enabled:Far Cry -- File not found
"C:\Dokumente und Einstellungen\Chef\Desktop\Far Cry\Bin32\FarCry.exe" = C:\Dokumente und Einstellungen\Chef\Desktop\Far Cry\Bin32\FarCry.exe:*:Enabled:Far Cry -- File not found
"C:\Dokumente und Einstellungen\Chef\Eigene Dateien\ICQ\321018787\ReceivedFiles\489986273 jojo\Far Cry\Bin32\FarCry.exe" = C:\Dokumente und Einstellungen\Chef\Eigene Dateien\ICQ\321018787\ReceivedFiles\489986273 jojo\Far Cry\Bin32\FarCry.exe:*:Enabled:Far Cry -- File not found
"C:\Programme\EA Sports\Madden NFL 08\mainapp.exe" = C:\Programme\EA Sports\Madden NFL 08\mainapp.exe:*:Enabled:Madden NFL 08 -- (EA - Salt Lake)
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Programme\The Creative Assembly\Rome - Total War\RomeTW-BI.exe" = C:\Programme\The Creative Assembly\Rome - Total War\RomeTW-BI.exe:*:Enabled:Rome: Total War - Barbarian Invasion -- File not found
"C:\Programme\The Creative Assembly\Rome - Total War\RomeTW.exe" = C:\Programme\The Creative Assembly\Rome - Total War\RomeTW.exe:*:Enabled:Rome: Total War -- File not found
"C:\Programme\EA Sports\Madden NFL 08\Updater.exe" = C:\Programme\EA Sports\Madden NFL 08\Updater.exe:*:Enabled:Updater -- ()
"C:\Programme\The Creative Assembly\Rome - Total War\crack.exe" = C:\Programme\The Creative Assembly\Rome - Total War\crack.exe:*:Enabled:Rome: Total War -- (The Creative Assembly Ltd)
"C:\Programme\bmoworld\BomberMan.exe" = C:\Programme\bmoworld\BomberMan.exe:*:Enabled:BomberMan -- File not found
"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- File not found
"C:\Programme\The Creative Assembly\Rome - Total War\crack-BI.exe" = C:\Programme\The Creative Assembly\Rome - Total War\crack-BI.exe:*:Enabled:Rome: Total War - Barbarian Invasion -- (The Creative Assembly Ltd)
"C:\Programme\RagTime Privat\RagTime 5.exe" = C:\Programme\RagTime Privat\RagTime 5.exe:*:Enabled:Das Werkzeug zur professionellen Dokumentenbearbeitung. -- (RagTime GmbH)
"H:\teamviewer\TeamViewer.exe" = H:\teamviewer\TeamViewer.exe:*:Enabled:TeamViewer -- File not found
"C:\Programme\TmNationsForever\TmForever.exe" = C:\Programme\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()
"C:\Programme\The Games Company\Empire Earth Ultimate Edition\Empire Earth I ZdE\EE-AOC.exe" = C:\Programme\The Games Company\Empire Earth Ultimate Edition\Empire Earth I ZdE\EE-AOC.exe:*:Enabled:EE-AOC -- ()
"C:\Programme\The Games Company\Empire Earth Ultimate Edition\Empire Earth I\Empire Earth.exe" = C:\Programme\The Games Company\Empire Earth Ultimate Edition\Empire Earth I\Empire Earth.exe:*:Enabled:Empire Earth -- ()
"C:\Dokumente und Einstellungen\Chef\Lokale Einstellungen\Temp\7zS17CA\setup\HPZnui01.exe" = C:\Dokumente und Einstellungen\Chef\Lokale Einstellungen\Temp\7zS17CA\setup\HPZnui01.exe:*:Enabled:hpznui01.exe -- File not found
"G:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = G:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) - Mehrspieler -- File not found
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{10B75CF6-5A54-4D7B-9169-70AD17181DE1}_is1" = Oxin's Style! 3D Sexvilla 2.058.002
"{115DC143-58A1-4314-853D-FCA35D57EE8A}" = Sony Ericsson PC Suite
"{11745B8A-E942-4674-B729-39110F5962AA}_is1" = FarmVilleBot 2.1.13
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}" = TOSHIBA Benutzerhandbücher
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{247E0933-1877-4208-BF6A-B39E3015B148}" = soul.im
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.209.00
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31CF6C0E-51F0-41D2-B088-A6A143C4303C}" = SweetIM Toolbar for Internet Explorer 3.6
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A47DA3C-0C2E-4D94-9BCE-6EA3550B37C9}" = LaMaster
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD-Speicherkarten-Formatierung
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = SPEEDLINK Strike 2 Gamepad
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5C209D68-1411-4725-8CDE-1676A85E083E}_is1" = ICQ Contact Revealer 1.0
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zoom-Dienstprogramm
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BCB7EAA-598C-4836-B7EA-3642E41AA222}" = Microsoft LifeCam
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B2BC65-F997-4208-AEE5-CF8B809A3A71}" = TIxx21/x515
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EACD785-823D-4D1B-9A5E-85FACAF5DFB3}_is1" = Oxin's Style! 3D Sexvilla 2.055.001
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{912CE296-3D73-4A9D-B3FB-70A5CF7A8568}" = Empire Earth Ultimate Edition
"{913923AB-3AAB-4870-8910-627C4CD82789}" = NetLimiter 3
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{98591F66-BBF6-4CC7-BC7C-8BB488BD2F9A}" = RagTime 6
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E012857-0B5E-40A0-A36A-36751966A79B}_is1" = ICQ Status Checker 1.7
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A306FD29-7D3A-4287-91AC-9A0180931395}_is1" = Roadkil's Unstoppable Copier Version 4.2
"{A3BC1DBD-64D6-4EBC-0091-24C811662D40}" = Madden NFL 08
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A919AABD-61FA-4E16-0000-26966C3D2481}" = GameJack 6
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B1310222-C64A-4E1E-ABE7-2489B33955FB}" = TOSHIBA PC-Diagnose-Tool
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1A80F67-656F-4DF3-A6C4-DE18A47477C5}_is1" = ICQ Away Reader 1.4
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CEEC3316-E759-460d-B7F5-1FB290E231F2}" = HP Photosmart Printer Driver Software 10.0.02
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D23E6E13-653C-415e-937A-598E1CEFACB1}" = PS_SF_02_Software_min
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}" = GameShadow
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.5
"7-Zip" = 7-Zip 3.13
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Arschloch3D - The ultimate card game" = Arschloch3D - The ultimate card game
"ATI Display Driver" = ATI Display Driver
"aTube Catcher" = aTube Catcher
"AutoItv3" = AutoIt v3.3.6.1
"Avi2Dvd" = Avi2Dvd 0.4.5 beta
"Avidemux 2.4" = Avidemux 2.4
"AviSynth" = AviSynth 2.5
"Bridge Building Game" = Bridge Building Game
"CamSpace" = CamSpace
"Canon RAW Codec" = Canon RAW Codec
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"Company of Heroes" = Company of Heroes - Opposing Fronts
"DebugMode Wax 2.0" = DebugMode Wax 2.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Farm Helper" = Farm Helper v1.7
"FFOLKES Unlocks mod v1.20c for BF2142" = FFOLKES Unlocks mod v1.20c for BF2142
"FileZilla Client" = FileZilla Client 3.2.0
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FLV Player" = FLV Player 2.0, build 24
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"free-downloads.net Toolbar" = free-downloads.net Toolbar
"Gemalt 2 1.00" = Gemalt 2 1.00
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"GPStill" = PStill PostScript to PDF Converter (remove only)
"GSview 4.9" = GSview 4.9
"GuildWars Visions_is1" = GuildWars Visions v1.08
"GW Team Builder_is1" = GW Team Builder 1.1.3
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV DVB-T EPG Service" = Hauppauge WinTV DVB-T EPG Service
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV TV Services" = Hauppauge WinTV TV Services
"Hentai3D2-056.001" = thriXXX Hentai3D2-056.001
"Hund 1.00" = Hund 1.00
"ICQLite" = ICQ 5.1
"Icy Tower v1.4_is1" = Icy Tower v1.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{73B2BC65-F997-4208-AEE5-CF8B809A3A71}" = Texas Instruments PCIxx21/x515 drivers.
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"LHTTSENG" = L&H TTS3000 British English
"LucasArts' Rogue Squadron" = LucasArts Rogue Squadron
"MAGIX Video deluxe silver - BILD.de D" = MAGIX Video deluxe silver - BILD.de 8.0.2.7 (D)
"ManyCam" = ManyCam 2.4 (remove only)
"McLoad Preinstaller" = McLoad Preinstaller
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Movies" = Movies
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MPE" = MyPhoneExplorer
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero8Lite_is1" = Nero 8 Lite 8.3.6.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PartyPoker" = PartyPoker
"PIL-py2.6" = Python 2.6 PIL-1.1.7
"Pontifex II" = Pontifex II
"Power Saver" = TOSHIBA Power Saver
"PunkBusterSvc" = PunkBuster Services
"RagTime Privat" = RagTime Privat
"Ruff-FTP_is1" = Ruff-Tech
"Santa Claus in Trouble" = Santa Claus in Trouble
"SciTE4AutoIt3" = SciTE4AutoIt3 2/28/2010
"SeriousSam2" = Serious Sam 2
"ST5UNST #1" = Puschi
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 5" = TeamViewer 5
"TeXnicCenter_is1" = TeXnicCenter Version 1 Beta 7.50
"Text und HTML-Editor 1" = Text und HTML-Editor 1
"thriXXX WebLaunch" = thriXXX WebLaunch
"Timers" = Timers
"TmNations_is1" = TrackMania Nations ESWC 1.7.9
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"Tortuga - Two Treasures_is1" = Tortuga - Two Treasures
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TreeSize Free_is1" = TreeSize Free V2.4
"Tremulous" = Tremulous 1.1.0
"Trial Bike Ultra_is1" = Trial Bike Ultra Powered by AdVantage
"Trojancheck_is1" = Trojancheck 6
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"WebGraphics Optimizer Professional 4.2" = WebGraphics Optimizer Professional 4.2
"web'n'walk Manager" = web'n'walk Manager
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.4.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.1.8
"Wireshark" = Wireshark 1.2.9
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"wxPython2.8-unicode-py26_is1" = wxPython 2.8.11.0 (unicode) for Python 2.6
"X-07 MAPPACK [LAN] Battlefield 2" = X-07 MAPPACK [LAN] Battlefield 2
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
"Yahoo! Companion" = Yahoo! Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"AirMAPS Halloween Special" = AirMAPS Halloween Special
"Skat-Online V7" = Skat-Online V7
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 31.07.2010 11:28:32 | Computer Name = NOTEBOOK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.3855,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x0000100b.
Error - 01.08.2010 20:13:15 | Computer Name = NOTEBOOK | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3855, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 02.08.2010 08:12:58 | Computer Name = NOTEBOOK | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 1.1.6004.0, P3 1.87.1005.0, P4 1.87.1005.0, P5 pws_win32_fignotok.a, P6 NIL,
P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Error - 04.08.2010 16:32:18 | Computer Name = NOTEBOOK | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3855, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 04.08.2010 16:32:18 | Computer Name = NOTEBOOK | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3855, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 04.08.2010 16:32:18 | Computer Name = NOTEBOOK | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3855, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 04.08.2010 16:32:18 | Computer Name = NOTEBOOK | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3855, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 04.08.2010 16:38:00 | Computer Name = NOTEBOOK | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3855, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 04.08.2010 16:43:45 | Computer Name = NOTEBOOK | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3855, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 04.08.2010 16:43:45 | Computer Name = NOTEBOOK | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3855, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ NetLimiter Events ]
Error - 04.08.2010 17:23:29 | Computer Name = NOTEBOOK | Source = NetLimiter 3 Service | ID = 1000
Description =
Error - 04.08.2010 17:45:35 | Computer Name = NOTEBOOK | Source = NetLimiter 3 Service | ID = 1000
Description =
Error - 04.08.2010 17:45:36 | Computer Name = NOTEBOOK | Source = NetLimiter 3 Service | ID = 1000
Description =
Error - 04.08.2010 17:45:37 | Computer Name = NOTEBOOK | Source = NetLimiter 3 Service | ID = 1000
Description =
Error - 04.08.2010 17:57:24 | Computer Name = NOTEBOOK | Source = NetLimiter 3 Service | ID = 1000
Description =
Error - 04.08.2010 17:57:25 | Computer Name = NOTEBOOK | Source = NetLimiter 3 Service | ID = 1000
Description =
Error - 04.08.2010 17:57:26 | Computer Name = NOTEBOOK | Source = NetLimiter 3 Service | ID = 1000
Description =
Error - 04.08.2010 17:57:26 | Computer Name = NOTEBOOK | Source = NetLimiter 3 Service | ID = 1000
Description =
Error - 04.08.2010 17:57:27 | Computer Name = NOTEBOOK | Source = NetLimiter 3 Service | ID = 1000
Description =
Error - 04.08.2010 17:57:27 | Computer Name = NOTEBOOK | Source = NetLimiter 3 Service | ID = 1000
Description =
[ NetLimiter 3 Events ]
Error - 04.08.2010 17:23:29 | Computer Name = NOTEBOOK | Source = NetLimiter 3 Service | ID = 1000
Description = <nl-error-list> <nl-error> <err-code>2150</err-code> <module>NetLimiter.Main.1821</module>
<desc>Failed
to get user info.</desc> <param name='cnnIdHigh' value='30094362'/> <param name='cnnIdLow'
value='4240031152'/> </nl-error> </nl-error-list>
Error - 04.08.2010 17:45:35 | Computer Name = NOTEBOOK | Source = NetLimiter 3 Service | ID = 1000
Description = <nl-error-list> <nl-error> <err-code>2150</err-code> <module>NetLimiter.Main.1821</module>
<desc>Failed
to get user info.</desc> <param name='cnnIdHigh' value='30094365'/> <param name='cnnIdLow'
value='1824583601'/> </nl-error> </nl-error-list>
Error - 04.08.2010 17:45:36 | Computer Name = NOTEBOOK | Source = NetLimiter 3 Service | ID = 1000
Description = <nl-error-list> <nl-error> <err-code>2150</err-code> <module>NetLimiter.Main.1821</module>
<desc>Failed
to get user info.</desc> <param name='cnnIdHigh' value='30094365'/> <param name='cnnIdLow'
value='2605005792'/> </nl-error> </nl-error-list>
Error - 04.08.2010 17:45:37 | Computer Name = NOTEBOOK | Source = NetLimiter 3 Service | ID = 1000
Description = <nl-error-list> <nl-error> <err-code>2150</err-code> <module>NetLimiter.Main.1821</module>
<desc>Failed
to get user info.</desc> <param name='cnnIdHigh' value='30094365'/> <param name='cnnIdLow'
value='1824583601'/> </nl-error> </nl-error-list>
Error - 04.08.2010 17:57:24 | Computer Name = NOTEBOOK | Source = NetLimiter 3 Service | ID = 1000
Description = <nl-error-list> <nl-error> <err-code>2150</err-code> <module>NetLimiter.Main.1821</module>
<desc>Failed
to get user info.</desc> <param name='cnnIdHigh' value='30094366'/> <param name='cnnIdLow'
value='3559887408'/> </nl-error> </nl-error-list>
Error - 04.08.2010 17:57:25 | Computer Name = NOTEBOOK | Source = NetLimiter 3 Service | ID = 1000
Description = <nl-error-list> <nl-error> <err-code>2150</err-code> <module>NetLimiter.Main.1821</module>
<desc>Failed
to get user info.</desc> <param name='cnnIdHigh' value='30094367'/> <param name='cnnIdLow'
value='3696592545'/> </nl-error> </nl-error-list>
Error - 04.08.2010 17:57:26 | Computer Name = NOTEBOOK | Source = NetLimiter 3 Service | ID = 1000
Description = <nl-error-list> <nl-error> <err-code>2150</err-code> <module>NetLimiter.Main.1821</module>
<desc>Failed
to get user info.</desc> <param name='cnnIdHigh' value='30094366'/> <param name='cnnIdLow'
value='3559887408'/> </nl-error> </nl-error-list>
Error - 04.08.2010 17:57:26 | Computer Name = NOTEBOOK | Source = NetLimiter 3 Service | ID = 1000
Description = <nl-error-list> <nl-error> <err-code>2150</err-code> <module>NetLimiter.Main.1821</module>
<desc>Failed
to get user info.</desc> <param name='cnnIdHigh' value='30094367'/> <param name='cnnIdLow'
value='3696592545'/> </nl-error> </nl-error-list>
Error - 04.08.2010 17:57:27 | Computer Name = NOTEBOOK | Source = NetLimiter 3 Service | ID = 1000
Description = <nl-error-list> <nl-error> <err-code>2150</err-code> <module>NetLimiter.Main.1821</module>
<desc>Failed
to get user info.</desc> <param name='cnnIdHigh' value='30094366'/> <param name='cnnIdLow'
value='3559887408'/> </nl-error> </nl-error-list>
Error - 04.08.2010 17:57:27 | Computer Name = NOTEBOOK | Source = NetLimiter 3 Service | ID = 1000
Description = <nl-error-list> <nl-error> <err-code>2150</err-code> <module>NetLimiter.Main.1821</module>
<desc>Failed
to get user info.</desc> <param name='cnnIdHigh' value='30094367'/> <param name='cnnIdLow'
value='3696592545'/> </nl-error> </nl-error-list>
[ System Events ]
Error - 03.08.2010 16:33:02 | Computer Name = NOTEBOOK | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "HERMANN",
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{23A94BCB-404F-46A7-8-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error - 03.08.2010 17:33:06 | Computer Name = NOTEBOOK | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "HERMANN",
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{23A94BCB-404F-46A7-8-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error - 03.08.2010 18:45:08 | Computer Name = NOTEBOOK | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "HERMANN",
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{23A94BCB-404F-46A7-8-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error - 03.08.2010 19:57:10 | Computer Name = NOTEBOOK | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "HERMANN",
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{23A94BCB-404F-46A7-8-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error - 04.08.2010 05:16:21 | Computer Name = NOTEBOOK | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "HERMANN",
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{23A94BCB-404F-46A7-8-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error - 04.08.2010 07:17:36 | Computer Name = NOTEBOOK | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "HERMANN",
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{23A94BCB-404F-46A7-8-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error - 04.08.2010 15:47:58 | Computer Name = NOTEBOOK | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "HERMANN",
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{23A94BCB-404F-46A7-8-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error - 04.08.2010 16:25:53 | Computer Name = NOTEBOOK | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "HERMANN",
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{23A94BCB-404F-46A7-8-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error - 04.08.2010 16:33:51 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7034
Description = Dienst "StarWind AE Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 04.08.2010 17:25:54 | Computer Name = NOTEBOOK | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "HERMANN",
der
der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{23A94BCB-404F-46A7-8-Transport
zu sein scheint. Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
< End of report >
Geändert von luki19 (04.08.2010 um 23:41 Uhr) Grund: logs hinzugefügt |
|
04.08.2010, 23:29
| #4 |
| /// Malwareteam | Schädling weiß net wie ich ihn loswerde Ok  Dann mach bei Schritt 2 weiter. |
|
04.08.2010, 23:43
| #5 |
| | Schädling weiß net wie ich ihn loswerde Habe ich schon getan, zumglück war ich bei dem teils selbstgebauten Nootebook zu geizig für nur große Platte und sind nur 80gb drinne Die logs hab ich oben gepostet. Noch mal ganz vielen dank schonmal=) |
|
04.08.2010, 23:46
| #6 |
| /// Malwareteam | Schädling weiß net wie ich ihn loswerde Also noch Schritt 3, dann gehe ich die Logs durch |
|
05.08.2010, 09:53
| #7 |
| | Schädling weiß net wie ich ihn loswerde Hey, danke für deine hilfe, aber bei Schritt wo ich einen Bluescreen bekommen hab, auch noch. Habe ich mich entschlossen, die tage einfach die platte zu formatieren Trotzdem ein fettes  |
|
05.08.2010, 23:17
| #8 |
| /// Malwareteam | Schädling weiß net wie ich ihn loswerde Ok wenns Probleme gibt dann melde Dich |
|
17.08.2010, 12:13
| #9 |
| /// Malwareteam | Schädling weiß net wie ich ihn loswerde Dieses Thema scheint erledigt und wird aus den Abos gelöscht. Solltest Du das Thema erneut benötigen, bitte eine PN an mich. Jeder andere möge bitte einen eigenen Thread starten. |
|
| Themen zu Schädling weiß net wie ich ihn loswerde |
| adobe, ask toolbar, ask.com, bho, bonjour, browser, computer, desktop, ebay, einstellungen, explorer, firefox, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, launch, microsoft security, microsoft security essentials, mozilla, pdf, performance, plug-in, programme, schädling, security, software, sweetim, system, t-mobile, temp, windows, windows xp |
Linear-Darstellung
