|
Plagegeister aller Art und deren Bekämpfung: Google Virus leitet Seiten umWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.10.2010, 15:16 | #1 |
| Google Virus leitet Seiten um Einen guten Mittag wünsche ich! Seid gestern habe ich ein Problem mit Google! Mein Browser, Firefox, läuft augenscheinlich einwandfrei und installiert habe ich auf meinem Windows Vista auch nichts, und trotzdem werde ich, wenn ich in Google eine Suche starte und von dort auf auf die jeweiligen Seiten klicke einfach umgeleitet! Zu irgendwelchem Schrott und weiteren Viren... Ich habe mich auch schon über Google versucht zu erkunden, was nicht leicht fällt, wenn man jetzt die Google Ergebnisse per Hand übertragen muss, und bin auf ein bekanntes Problem gestoßen. Anscheinend bin ich also nicht der einzige, der mit diesem Problem zu kämpfen hat! Auch in diesem Board war schon ein Beitrag, in dem ich leider nichts posten konnte und auch mit der Lösung dort nichts anzufangen wusste. So habe ich mir mal den hijack heruntergeladen und ein Scan mit Log durchgeführt: HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:04:34, on 01.10.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Windows\tsnp2uvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\pdfforge Toolbar\SearchSettings.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Users\Tom\AppData\Local\Temp\Rar$EX00.872\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Tom\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll O1 - Hosts: ::1 localhost O1 - Hosts: 74.208.10.249 gs.apple.com O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - (no file) O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1" O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe" O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O4 - User Startup: winhelp.exe O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU) O13 - Gopher Prefix: O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Version Cue CS3 {de_DE} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Reset Reader (resetWinService) - Unknown owner - C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: uvnc_service - UltraVNC - C:\Program Files\iTeleport\UltraVNC\WinVNC.exe -- End of file - 13406 bytes Ist daran irgendetwas aufällig? kann mir jemand helfen? Ich freue mich über jede Hilfe! Danke! mit freundlichen Grüßen, Thomas |
01.10.2010, 19:48 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google Virus leitet Seiten um Hallo und
__________________Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
02.10.2010, 18:52 | #3 |
| Google Virus leitet Seiten um Malwarebytes Ergenbis:
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4733 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18943 02.10.2010 18:32:53 mbam-log-2010-10-02 (18-32-53).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 522467 Laufzeit: 3 Stunde(n), 13 Minute(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 5 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully. C:\Users\Tom\CryptLoad_1.1.6\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully. C:\Users\Tom\CryptLoad_1.1.6\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully. C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully. OTL Ergebnis: OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.10.2010 19:54:30 - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Tom\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 440,37 Gb Total Space | 187,63 Gb Free Space | 42,61% Space Free | Partition Type: NTFS Drive D: | 25,38 Gb Total Space | 12,51 Gb Free Space | 49,32% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOM-LAPTOP Current User Name: Tom Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Tom\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\iTeleport\UltraVNC\winvnc.exe (UltraVNC) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe () PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) PRC - C:\Windows\tsnp2uvc.exe () PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Programme\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) PRC - C:\Programme\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Tom\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (uvnc_service) -- C:\Program Files\iTeleport\UltraVNC\WinVNC.exe (UltraVNC) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (resetWinService) -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated) SRV - (Capture Device Service) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2 FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.16 22:41:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.16 22:41:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.09.16 23:22:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.09.11 12:05:13 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\mozilla\Extensions [2010.09.11 12:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.08.25 05:31:09 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2010.10.01 19:17:16 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\a0byep8x.default\extensions [2010.08.20 19:12:10 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\a0byep8x.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671} [2010.05.02 11:47:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\a0byep8x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.06.29 18:29:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\a0byep8x.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2010.09.04 12:23:52 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\a0byep8x.default\extensions\foxyproxy@eric.h.jung [2010.08.02 17:42:45 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.02 17:42:45 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2009.04.27 21:21:14 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402} [2009.04.27 21:21:15 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com [2010.08.02 05:44:02 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.02 05:44:02 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.02 05:44:02 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.02 05:44:02 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.02 05:44:02 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.21 18:31:20 | 000,000,789 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 74.208.10.249 gs.apple.com O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll () O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.) O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll () O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Programme\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (GreenTree Applications, Inc.) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe () O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [{F3DB8B9B-EEB0-771E-6319-C385A04E1465}] C:\Users\Tom\AppData\Roaming\Muloso\sobou.exe (Kaspersky Lab) O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [grpchost] C:\Users\Tom\AppData\Local\Temp\certreg.DLL () O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Programme\LimeWire\LimeWire.exe (Lime Wire, LLC) O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Tom\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Tom\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ] O33 - MountPoints2\{2df5e9e5-36fa-11de-9298-001f1617844d}\Shell - "" = AutoRun O33 - MountPoints2\{2df5e9e5-36fa-11de-9298-001f1617844d}\Shell\AutoRun\command - "" = I:\start.exe -- File not found O33 - MountPoints2\{340c7c65-3452-11df-9812-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{340c7c65-3452-11df-9812-806e6f6e6963}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{90d1bd73-2b92-11df-b1a1-001f1619d89f}\Shell\AutoRun\command - "" = F:\avira.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.02 19:56:29 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\Virenhilfe [2010.10.02 14:22:56 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Malwarebytes [2010.10.02 14:22:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.02 14:22:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.10.02 14:22:35 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.02 14:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.02 14:22:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe [2010.10.02 13:51:56 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Google [2010.10.01 23:00:51 | 000,009,336 | ---- | C] (hxxp://www.internals.com) -- C:\Windows\System32\WinIo.sys [2010.10.01 16:04:00 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Tom\Desktop\HijackThis.exe [2010.09.30 19:09:26 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows [2010.09.30 19:09:24 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server [2010.09.29 17:54:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.09.28 16:13:12 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2010.09.28 16:13:11 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2010.09.27 17:39:54 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.09.27 17:39:53 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.09.27 17:39:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.09.27 17:39:53 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.09.27 17:39:53 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.09.27 17:39:53 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.09.27 17:39:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.09.27 17:39:52 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.09.27 17:39:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.09.27 17:39:52 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.09.27 17:39:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.09.27 17:39:51 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.09.27 17:39:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.09.27 17:39:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.09.27 17:39:50 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.09.27 17:37:37 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2010.09.27 17:37:37 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2010.09.27 17:37:37 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2010.09.27 17:37:36 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll [2010.09.27 17:37:35 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2010.09.27 17:37:35 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2010.09.27 17:37:35 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2010.09.27 17:37:35 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2010.09.27 17:37:34 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2010.09.27 17:37:34 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2010.09.27 17:37:34 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2010.09.27 17:37:34 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2010.09.27 17:37:33 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe [2010.09.27 17:37:33 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2010.09.27 17:37:33 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2010.09.27 17:37:33 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2010.09.27 17:37:32 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.09.27 17:37:31 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2010.09.27 17:37:30 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2010.09.27 17:37:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.09.27 17:37:30 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2010.09.27 17:37:30 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2010.09.27 17:37:30 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2010.09.27 17:37:30 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe [2010.09.27 17:37:29 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe [2010.09.21 19:04:24 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\treiber [2010.09.20 16:21:50 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\Nero [2010.09.15 16:12:01 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2010.09.11 12:05:07 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Thunderbird [2010.09.11 12:05:07 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Thunderbird [2010.09.11 12:04:58 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird [2010.09.09 17:44:25 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll [2009.02.27 19:17:28 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2009.02.27 19:17:27 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2 C:\Users\Tom\*.tmp files -> C:\Users\Tom\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.02 19:57:23 | 005,242,880 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT [2010.10.02 19:56:25 | 000,148,643 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.10.02 19:56:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1765325698-2615006005-1292777395-1000UA.job [2010.10.02 19:43:10 | 000,148,643 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.10.02 19:24:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.02 19:24:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.02 19:24:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.10.02 19:24:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.02 19:24:39 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys [2010.10.02 19:23:45 | 000,524,288 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.10.02 19:23:45 | 000,065,536 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.10.02 19:23:16 | 006,291,456 | -H-- | M] () -- C:\Users\Tom\AppData\Local\IconCache.db [2010.10.02 14:22:39 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.02 14:22:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe [2010.10.02 14:15:54 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat [2010.10.02 13:56:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1765325698-2615006005-1292777395-1000Core.job [2010.10.01 18:11:02 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2010.10.01 15:18:15 | 000,001,779 | ---- | M] () -- C:\Users\Tom\Desktop\index.html [2010.09.30 18:45:12 | 001,791,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.09.29 22:12:56 | 000,129,960 | ---- | M] () -- C:\Users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT [2010.09.25 15:08:05 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.25 15:08:05 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.25 15:08:05 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.25 15:08:05 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.25 15:08:05 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.09.25 12:12:37 | 000,138,240 | ---- | M] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.11 12:04:21 | 000,000,680 | ---- | M] () -- C:\Users\Tom\AppData\Local\d3d9caps.dat [2010.09.08 20:30:12 | 105,361,061 | ---- | M] () -- C:\Users\Tom\Desktop\iphigenie_grosse_stimmen_ard_radiofestival_20100801_2359.mp3 [2010.09.05 20:17:41 | 001,396,736 | ---- | M] () -- C:\Users\Tom\Documents\anezeige.indd [2 C:\Users\Tom\*.tmp files -> C:\Users\Tom\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.02 14:22:39 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.02 13:51:59 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1765325698-2615006005-1292777395-1000UA.job [2010.10.02 13:51:57 | 000,001,058 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1765325698-2615006005-1292777395-1000Core.job [2010.10.01 15:12:03 | 000,001,779 | ---- | C] () -- C:\Users\Tom\Desktop\index.html [2010.09.27 17:39:52 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2010.09.08 20:24:19 | 105,361,061 | ---- | C] () -- C:\Users\Tom\Desktop\iphigenie_grosse_stimmen_ard_radiofestival_20100801_2359.mp3 [2010.09.05 20:17:41 | 001,396,736 | ---- | C] () -- C:\Users\Tom\Documents\anezeige.indd [2010.06.18 19:24:09 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll [2010.01.24 04:22:49 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll [2009.10.22 21:52:53 | 000,000,819 | ---- | C] () -- C:\Windows\CoDUO.INI [2009.10.22 21:37:59 | 000,000,745 | ---- | C] () -- C:\Windows\CoD.INI [2009.09.24 16:30:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.27 02:45:21 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.08.27 02:45:18 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.07.27 22:36:12 | 000,210,456 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2009.07.27 22:36:12 | 000,206,360 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2009.07.27 22:36:12 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2009.07.27 22:36:12 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2009.07.27 22:36:12 | 000,194,072 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2009.07.27 22:36:12 | 000,026,136 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2009.06.25 15:51:46 | 000,000,680 | ---- | C] () -- C:\Users\Tom\AppData\Local\d3d9caps.dat [2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll [2009.06.07 05:21:23 | 000,002,673 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\SAS7_000.DAT [2009.05.19 14:43:05 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2009.05.02 10:35:14 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009.04.28 16:10:12 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.04.27 22:13:36 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll [2009.04.27 21:50:53 | 000,138,240 | ---- | C] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.27 21:47:08 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009.02.27 19:17:28 | 001,799,808 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2009.02.27 19:17:28 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2009.02.27 19:17:28 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2009.02.26 22:09:31 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2009.02.26 22:09:31 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\F928A0FA17.sys [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0A8E2C33 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:F35A93AD < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 02.10.2010 19:54:30 - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Tom\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 440,37 Gb Total Space | 187,63 Gb Free Space | 42,61% Space Free | Partition Type: NTFS Drive D: | 25,38 Gb Total Space | 12,51 Gb Free Space | 49,32% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOM-LAPTOP Current User Name: Tom Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1DCA93A5-1653-47D3-A68C-32BB325F47C3}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{2D83589D-8A58-4481-BB0B-2F6E088EE186}" = lport=2869 | protocol=6 | dir=in | app=system | "{41B9DA22-CF59-46A3-9A36-1EC7F8812F55}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{86D52E6A-10BD-4563-A2CC-B762BFCFBE27}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{8D049072-0D83-4ED8-830A-DD1BB2D491B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{BDC88737-81E7-4A39-ABCB-E511AD1DD48B}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server | "{DC82EE6C-1904-443F-87CD-9FABBDDB2C34}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{F7F3154A-819A-4C99-850A-6F1A7321A590}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | "{FFBC59DE-8D35-417E-9AAC-38866DF8335D}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02E9FEF2-F4FF-4DFA-A63D-A710AF5DE91E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{0C10F217-4B41-4A16-B95D-A9BA594029FA}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | "{1861E6E9-49CD-4CB2-AB6E-16D3DA4768EA}" = protocol=17 | dir=in | app=c:\program files\iteleport\ultravnc\vncviewer.exe | "{1C7B3175-48AF-49A4-9764-0742D1DCE4AF}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{221519C8-CEE4-4237-A234-4273936BE935}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe | "{26F658D0-F04A-4195-AE37-2152C614F5A8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{34E547C8-9915-4EEC-B8CF-678E938C36BE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{35787D41-9C3E-42DD-A6AE-0AB2EE89BC29}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{373E3A23-5122-469B-A068-E0D5B7707D66}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | "{39D5F8C8-C8AA-4D38-890C-3BFE3D3B12C6}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | "{4FD3110A-746C-49F8-B499-404F755F022E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{50007747-F8E4-44C8-97F7-4A2C7AB2D602}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | "{5E6D0C49-70E8-4417-84AC-74AD1D18F721}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | "{61E4A1EA-695A-4000-8D25-EE9B76885AE3}" = protocol=17 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat | "{62257257-3CE8-468E-8131-62148F8C65B6}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe | "{69B1C7EA-D4B0-4FF3-9135-9E3E3B78CD43}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe | "{6E66D388-6B3A-4E1B-BB55-D7397F2C6024}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe | "{77F28305-C9E7-4705-9139-D14BDB917A97}" = protocol=17 | dir=in | app=c:\users\tom\appdata\local\temp\blizzard installer bootstrap - 000ae204\installer.exe | "{7A9086FF-F726-4CD0-9892-DAD47C2C7C1A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | "{7E1BFB59-F8CE-48D6-BD77-186CBBC6877D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{88B82457-14E5-4192-87D4-035FAE4D8E8A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | "{8F866F42-EE7B-492D-B248-DB87F68C3812}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | "{977D386D-D1EC-4FA7-AB3C-B33DB0D8003E}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe | "{A1FD789E-DFBD-428C-8393-8E2F9D2D131E}" = protocol=6 | dir=in | app=c:\program files\iteleport\ultravnc\vncviewer.exe | "{A8AE38E1-55C0-4034-A677-2E369B58ADA5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{AB185BC7-6C2E-4319-9A27-BB54C676D3B7}" = protocol=17 | dir=in | app=c:\users\tom\appdata\local\temp\blizzard installer bootstrap - 03e30245\installer.exe | "{AC9A2B62-52EA-4572-9E64-6D7D4B92ED2B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | "{AE1366A4-5B9A-496B-B6C3-55C2E8AABB72}" = protocol=6 | dir=in | app=c:\games\firefly studios\stronghold 2\stronghold2.exe | "{B63AEB7F-8FFC-4D9A-81A9-75BEC9AD2D05}" = protocol=17 | dir=in | app=c:\users\tom\appdata\local\temp\blizzard installer bootstrap - 01086cfa\installer.exe | "{B763E221-E9B1-4685-A3B4-5E4F1F96C8AD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | "{B8276A8F-8B82-4686-B463-A4F63BE94BAF}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe | "{B845F07C-2717-461A-B935-C38CD1686A9F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | "{BA324872-B864-4D8D-9C95-2B746B8E049E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | "{C02289A7-8976-48A1-8574-B53107B53F33}" = protocol=6 | dir=in | app=c:\users\tom\appdata\local\temp\blizzard installer bootstrap - 03e30245\installer.exe | "{C235C887-E2BB-4B84-9003-601C4C10FF60}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C24F5637-0F52-4119-9E2E-9D5ECE66B59C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9506-to-3.0.9.9551-dede-downloader.exe | "{C2863CEB-5CB1-49DB-BFEE-0DB2AB24B4CC}" = protocol=6 | dir=in | app=c:\users\tom\appdata\local\temp\blizzard installer bootstrap - 01086cfa\installer.exe | "{C2AC0E8B-32B3-4E24-8948-39FE0E5760C1}" = protocol=6 | dir=in | app=c:\users\tom\appdata\local\temp\blizzard installer bootstrap - 000ae204\installer.exe | "{CF7F3439-D9B1-4F69-A9EA-AC1F278C6B08}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | "{D016AF25-B84D-41FE-9706-0BA7DA8F3891}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | "{D7A46527-2D70-42C1-9EA9-8971B78A6831}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | "{D835978F-F257-4501-9CA9-90E0A6265C64}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{E0A4396C-06BC-476B-9166-178A8B01E3D5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E7F3645E-1E7E-4012-95B8-960BEACE1FC8}" = protocol=17 | dir=in | app=c:\games\firefly studios\stronghold 2\stronghold2.exe | "{E81137EE-C417-4201-88B5-6E66AF5C556B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9506-to-3.0.9.9551-dede-downloader.exe | "{E8868BB3-AD49-499D-AB68-781C648E47E6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{EB7E48AB-B599-44EA-A343-CE8660790E1A}" = protocol=6 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat | "{EE5F334C-3215-4B8A-89A2-ABFE252EEA46}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{F684470A-265E-4D35-A1A0-B1181F1FC1DF}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | "{FAB7794E-1B93-4868-A939-EA3CE58AF68D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | "{FB6CBF4C-AA08-4FB8-8A99-E66F8B59A169}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe | "TCP Query User{053207A7-BDA7-4B1B-B164-670C3B6A007A}C:\users\tom\desktop\ticketszstem\livezilla server admin.exe" = protocol=6 | dir=in | app=c:\users\tom\desktop\ticketszstem\livezilla server admin.exe | "TCP Query User{06079F08-DF40-4E95-A4D3-6DF94EF1E818}C:\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=c:\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe | "TCP Query User{0AC53CD5-A102-4D5C-9BF1-A7C37F246659}C:7\xampp\filezillaftp\filezilla server.exe" = protocol=6 | dir=in | app=c:7\xampp\filezillaftp\filezilla server.exe | "TCP Query User{0F58D8B4-C796-4F4E-92E2-7BF96A7FDB87}C:\program files\adobe\adobe flash cs3\flash.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash cs3\flash.exe | "TCP Query User{160F3B5E-BA31-4998-8BDC-DE78A0AFDABE}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "TCP Query User{180A5B6E-1445-4100-8795-43C241DDE5A7}C:\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\games\world of warcraft\backgrounddownloader.exe | "TCP Query User{38247FEB-A3F6-4036-9497-A4A20F0228B9}C:\users\tom\desktop\dslan_v1.3\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\tom\desktop\dslan_v1.3\mysql\bin\mysqld.exe | "TCP Query User{3BF33F60-F4EB-4E6C-87CA-25134BFD6E7E}C:\program files\call of duty\coduomp.exe" = protocol=6 | dir=in | app=c:\program files\call of duty\coduomp.exe | "TCP Query User{492DDB2E-ED1F-403A-AD59-97A45B5CEF8D}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe | "TCP Query User{6D40322D-7903-4F2D-87B9-F8C5DEA05DD5}C:\games\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\games\world of warcraft\repair.exe | "TCP Query User{757D6741-577E-4D8A-9682-7E5AFD738740}C:\users\tom\cryptload_1.1.6\routerclient.exe" = protocol=6 | dir=in | app=c:\users\tom\cryptload_1.1.6\routerclient.exe | "TCP Query User{7E4F6961-2C6B-44E2-A59F-C8AF8482480E}C:\program files\apachefriends\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\program files\apachefriends\xampp\mysql\bin\mysqld.exe | "TCP Query User{8118B610-C4A2-4417-AA73-4546C6F4FB9B}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{8FA81ADD-A758-4A91-91E8-55C30E2F6689}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | "TCP Query User{912AD64B-43D8-4FFF-BE61-50C1A346043E}C:\program files\apachefriends\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\program files\apachefriends\xampp\mercurymail\mercury.exe | "TCP Query User{9BB6B642-E492-479C-9827-7BFFC4BA0DB3}G:\live stream\zattoo\zattoo\zattood.exe" = protocol=6 | dir=in | app=g:\live stream\zattoo\zattoo\zattood.exe | "TCP Query User{A04C3742-45E3-4DD0-B27B-5C2AA4971612}C:7\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:7\xampp\apache\bin\httpd.exe | "TCP Query User{ABD0C537-BBA7-48C5-978F-F01CD3860C5B}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | "TCP Query User{AF5CB563-D91B-4426-B558-85A66D37CB89}C:\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=c:\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | "TCP Query User{B4ACF3C0-0F8F-4483-8774-38F52AAD5317}F:\spiele\cossacks - back to war\dmcr.exe" = protocol=6 | dir=in | app=f:\spiele\cossacks - back to war\dmcr.exe | "TCP Query User{BF35F62F-5344-43C4-BCAC-B131D8D46F2D}C:\program files\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files\hlsw\hlsw.exe | "TCP Query User{BF8F1ABF-3BD8-4724-B54B-A4F333C18847}C:7\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:7\xampp\mysql\bin\mysqld.exe | "TCP Query User{C5675735-57EC-4735-9961-0D0FE9C74961}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{CB6B4F01-2F23-493D-92E9-2FBC0AB1E3B8}C:\games\firefly studios\stronghold 2\stronghold2.exe" = protocol=6 | dir=in | app=c:\games\firefly studios\stronghold 2\stronghold2.exe | "TCP Query User{CC714442-0B5A-4D2C-A9D1-7F71FAFB00CE}C:\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\games\world of warcraft\launcher.exe | "TCP Query User{CF0FD9E2-86A0-4A4F-8C32-BA7FE6368822}C:7\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:7\xampp\mercurymail\mercury.exe | "TCP Query User{D0ED964D-71E2-4C7E-AFA1-5177ADA026F5}C:\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=6 | dir=in | app=c:\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | "TCP Query User{D1F41DCA-4EA5-4456-941C-ACC9314710DC}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "TCP Query User{D21E8302-9DFD-43B9-990C-EC86F06D13C6}C:\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\games\world of warcraft\launcher.exe | "TCP Query User{D238D6A1-DDE8-49FB-A6F0-993D3CEAB6AE}C:\users\tom\appdata\local\temp\rar$ex00.101\teamspeak3-server_win32\ts3server_win32.exe" = protocol=6 | dir=in | app=c:\users\tom\appdata\local\temp\rar$ex00.101\teamspeak3-server_win32\ts3server_win32.exe | "TCP Query User{D891ADBC-1014-4F39-AEEB-751E5303C3FF}C:\users\tom\desktop\dslan_v1.3\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\users\tom\desktop\dslan_v1.3\apache\bin\apache.exe | "TCP Query User{D8AF7459-0EB4-4B4E-BB38-34DAB184552D}C:\program files\smartftp client\smartftp.exe" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe | "TCP Query User{DB3CAE86-8B7D-4A0C-89BB-30DA3FC05DE4}C:\games\valve\hl.exe" = protocol=6 | dir=in | app=c:\games\valve\hl.exe | "TCP Query User{E0B56C8E-C56D-474C-A05B-C974F6DD4F3A}C:\program files\call of duty\coduomp.exe" = protocol=6 | dir=in | app=c:\program files\call of duty\coduomp.exe | "TCP Query User{E0FCFB08-E40C-41F6-B8D3-FA6E10C89BFD}C:\games\valve\hl.exe" = protocol=6 | dir=in | app=c:\games\valve\hl.exe | "TCP Query User{F97609A4-724D-4B90-A64D-D5EA56F820FC}C:\program files\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files\hlsw\hlsw.exe | "UDP Query User{05D6D464-F3D2-4C8D-AAB7-0F2B8950B99A}C:\program files\call of duty\coduomp.exe" = protocol=17 | dir=in | app=c:\program files\call of duty\coduomp.exe | "UDP Query User{12F70D32-677E-44D0-A826-7B7A69F1CA20}C:7\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:7\xampp\apache\bin\httpd.exe | "UDP Query User{14991EAD-0299-40EC-A5DD-4FDBF3638CB1}C:\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=c:\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | "UDP Query User{25788B8C-901B-4E57-81A8-FC310AA4C142}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "UDP Query User{2C46E1BE-D051-4E0C-8D81-BA4EF728D0AD}C:\users\tom\appdata\local\temp\rar$ex00.101\teamspeak3-server_win32\ts3server_win32.exe" = protocol=17 | dir=in | app=c:\users\tom\appdata\local\temp\rar$ex00.101\teamspeak3-server_win32\ts3server_win32.exe | "UDP Query User{33A1B86C-D428-4161-B3ED-BF61D3BA8DCF}C:\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=c:\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe | "UDP Query User{3C6FCA02-6F98-4A31-A482-28B3FFB32A53}C:\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\games\world of warcraft\launcher.exe | "UDP Query User{3F888003-9C53-4D21-83F7-9338CC80C826}C:\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\games\world of warcraft\launcher.exe | "UDP Query User{41C7B054-E2AF-4C4E-9D40-3F8301941FCF}C:\program files\apachefriends\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\program files\apachefriends\xampp\mercurymail\mercury.exe | "UDP Query User{43BD4357-6A36-4393-9295-320282A7650F}C:\games\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\games\world of warcraft\repair.exe | "UDP Query User{5527830B-9D83-46B0-A939-5FD8FD9E6E91}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | "UDP Query User{5678FDDB-839D-44D4-BE36-B885F0C04AAF}C:\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\games\world of warcraft\backgrounddownloader.exe | "UDP Query User{59A5491A-A599-4263-9029-90F02F0BF80B}C:\users\tom\desktop\ticketszstem\livezilla server admin.exe" = protocol=17 | dir=in | app=c:\users\tom\desktop\ticketszstem\livezilla server admin.exe | "UDP Query User{5AAB79CC-40BB-4736-A5D4-DE6B76FA541D}C:\users\tom\desktop\dslan_v1.3\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\tom\desktop\dslan_v1.3\mysql\bin\mysqld.exe | "UDP Query User{6BB3995B-2908-446A-A99C-47375554E7D0}C:\users\tom\cryptload_1.1.6\routerclient.exe" = protocol=17 | dir=in | app=c:\users\tom\cryptload_1.1.6\routerclient.exe | "UDP Query User{7AAEA7B8-C007-4200-9EDD-4C9EE30574DF}F:\spiele\cossacks - back to war\dmcr.exe" = protocol=17 | dir=in | app=f:\spiele\cossacks - back to war\dmcr.exe | "UDP Query User{7F038A13-6734-4F04-97BE-B3A50EE8531E}C:\program files\apachefriends\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\program files\apachefriends\xampp\mysql\bin\mysqld.exe | "UDP Query User{8F228E94-7C7A-403C-BBFB-D71FBEBF96DF}C:\program files\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files\hlsw\hlsw.exe | "UDP Query User{9C5237C4-3032-4BE3-941E-A1E97B5E8DDE}C:\games\valve\hl.exe" = protocol=17 | dir=in | app=c:\games\valve\hl.exe | "UDP Query User{A2FAFAFF-7590-48A8-96B8-EF3AECEEE9C4}C:\program files\call of duty\coduomp.exe" = protocol=17 | dir=in | app=c:\program files\call of duty\coduomp.exe | "UDP Query User{A807AE64-1DB0-44F0-A4FA-C1A81224CCC9}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{ADBBA42B-1E95-4086-95D6-439464C68DB5}C:\games\firefly studios\stronghold 2\stronghold2.exe" = protocol=17 | dir=in | app=c:\games\firefly studios\stronghold 2\stronghold2.exe | "UDP Query User{ADC9D4CF-17CD-4F51-9D15-BD76150AFCAA}C:\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=17 | dir=in | app=c:\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | "UDP Query User{B63E3704-D953-431F-BBEB-CACBE94A2EEF}G:\live stream\zattoo\zattoo\zattood.exe" = protocol=17 | dir=in | app=g:\live stream\zattoo\zattoo\zattood.exe | "UDP Query User{B7727C34-9067-4B60-8FCA-3F65373290A6}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{B8149EA8-53E8-4BD1-994F-CCCDD179629B}C:\program files\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files\hlsw\hlsw.exe | "UDP Query User{D2015B09-DF70-4522-A867-F0DCDFDC43B1}C:\games\valve\hl.exe" = protocol=17 | dir=in | app=c:\games\valve\hl.exe | "UDP Query User{D2205E4D-4A08-4C93-AF22-9054590BAB90}C:\users\tom\desktop\dslan_v1.3\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\users\tom\desktop\dslan_v1.3\apache\bin\apache.exe | "UDP Query User{DC842FCC-2934-44D1-94F2-FBE9ECC8D0FA}C:7\xampp\filezillaftp\filezilla server.exe" = protocol=17 | dir=in | app=c:7\xampp\filezillaftp\filezilla server.exe | "UDP Query User{E0B47884-0E1A-428E-A728-5F28B11FB6C9}C:7\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:7\xampp\mercurymail\mercury.exe | "UDP Query User{E4072D12-9DB5-4D1F-B86A-67184A71A375}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe | "UDP Query User{EC87ABBC-1164-4759-8F41-30A3B6E76327}C:\program files\smartftp client\smartftp.exe" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe | "UDP Query User{F21139DF-AB3E-475C-BFBE-F20DE620E809}C:7\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:7\xampp\mysql\bin\mysqld.exe | "UDP Query User{F45484EB-94AA-4662-B7F9-BA40A2BB61B7}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | "UDP Query User{F597021D-A977-4603-BB43-36B665194B07}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "UDP Query User{F8F358D4-C13C-43E0-A81D-38A67C539D94}C:\program files\adobe\adobe flash cs3\flash.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash cs3\flash.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{004685F7-9FB6-4789-812F-59ABB34A55AF}" = Adobe Setup "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{0FC9C3C9-443B-4790-BD09-7F871161E9FB}" = iTeleport Connect "{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6 "{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets "{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins "{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2 "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{2C65AEAA-EDF4-42E0-AA43-D74A5362CA02}" = Adobe Setup "{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB Video Device "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm) "{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3 "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials "{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content "{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3 "{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content "{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008 "{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{684A391E-6F9C-42A9-8EEB-1CB19A2EE94B}" = Adobe Setup "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash "{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3 "{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3 "{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive "{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3 "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3 "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0 "{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX "{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3 "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3 "{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3 "{C9D456FD-C25B-49DE-AA71-6B76D6550B23}" = Adobe Fireworks CS3 "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3 "{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3 "{DA896917-C1DA-45B2-B4D2-68162F16C0DD}" = Adobe Creative Suite 3 Master Collection "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DFFDDCF5-CB32-4354-8823-1B9E68025953}" = Adobe Setup "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler "{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked "{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3 "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime "{EFFE151C-F863-4B1E-9E22-3C1369B4C690}" = phase6_17 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "{FF3E2850-BD2E-4B56-A89D-21E588D518E0}" = Adobe Contribute CS3 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Adobe_3675c95c239b992d5d0ee8fce969b9e" = Adobe After Effects CS3 Third Party Content "Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2 "Adobe_67a7fb1e97aa14ee9ef0950eb6fd757" = Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen "Adobe_71c180716438072ebd356ce2549df41" = Adobe Premiere Pro CS3 Third Party Content "Adobe_964bfb680412b96a6c9f203bc15c9fe" = Adobe Encore CS3 Codecs "Angebote ALDI SÜD" = Angebote ALDI SÜD Bildschirmschoner "ASIO4ALL" = ASIO4ALL "Ask Toolbar_is1" = Ask Toolbar "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Badaboom" = Badaboom 1.1.1.194 "Call of Duty" = Call of Duty "ENTERPRISE" = Microsoft Office Enterprise 2007 "Flash Decompiler Trillix_is1" = Flash Decompiler Trillix "Flash Slideshow Maker Pro" = Flash Slideshow Maker Pro 4.88 "Free YouTube Download_is1" = Free YouTube Download 2.2 "Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.2 "Hardcore" = Hardcore "HijackThis" = HijackThis 2.0.2 "HLSW_is1" = HLSW v1.3.2.1 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow "InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11 "KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Basic) "LimeWire" = LimeWire 5.5.14 "M4A MP3 Converter" = M4A MP3 Converter 3.2 build 717 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4) "mp3-2-wav" = mp3-2-wav converter 1.14 "NVIDIA Drivers" = NVIDIA Drivers "PoiZone" = PoiZone "PokerStars.net" = PokerStars.net "Sawer" = Sawer "SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only) "SynTPDeinstKey" = Synaptics Pointing Device Driver "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Toxic Biohazard" = Toxic Biohazard "Ultra QuickTime Converter_is1" = Ultra QuickTime Converter 3.6.0525 "Ultravnc2_is1" = UltraVNC 1.0.6.5 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 0.9.9 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "World of Warcraft" = World of Warcraft "XnView_is1" = XnView 1.96.2 "Zattoo" = Zattoo 3.3.4 Beta ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Geändert von Thomas126 (02.10.2010 um 19:19 Uhr) |
03.10.2010, 10:18 | #4 |
| Google Virus leitet Seiten um Seit dem ich gestern den Computer nach dem Löschen der 5 verdächtigen Dateien den Computer neugestartet habe, ist es mir nicht mehr möglich Firefox oder Chrome, den ich extra für das Problem mit Google installiert habe, weil es bei ihm das Problem gab, zu starten. Denn immer wenn ich es starte, wird es auch in dem Taskmanager als Prozess angezeigt, verschwindet aber innerhalb von 3-5 Sekunden wieder automatisch! Nur noch der IE ist funktionstüchtig! Ich bin mal wider überfragt! Was hat das zu bedeuten? Ich freue mich über jede Hilfe! |
03.10.2010, 12:34 | #5 |
| Google Virus leitet Seiten um Ich habe mir gedacht, dass ich mein System mal wieder herstellen lasse, und habe gehofft das Problem dadurch zu beheben! Soweit so gut! Laptop neu gestartet und: Die Systemwiederherstellung wurde nicht erfolgreich ausgeführt. Unbekannter Fehler bei der Systemwiederherstellung! Hat das auch mit dem Virus zu tun? Ich erbitte wirklich dringenst um Hilfe! Vielen Dank! |
03.10.2010, 13:35 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google Virus leitet Seiten um Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O4 - HKLM..\Run: [] File not found O4 - HKCU..\Run: [{F3DB8B9B-EEB0-771E-6319-C385A04E1465}] C:\Users\Tom\AppData\Roaming\Muloso\sobou.exe (Kaspersky Lab) O4 - HKCU..\Run: [grpchost] C:\Users\Tom\AppData\Local\Temp\certreg.DLL () O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ] O33 - MountPoints2\{2df5e9e5-36fa-11de-9298-001f1617844d}\Shell - "" = AutoRun O33 - MountPoints2\{2df5e9e5-36fa-11de-9298-001f1617844d}\Shell\AutoRun\command - "" = I:\start.exe -- File not found O33 - MountPoints2\{340c7c65-3452-11df-9812-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{340c7c65-3452-11df-9812-806e6f6e6963}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{90d1bd73-2b92-11df-b1a1-001f1619d89f}\Shell\AutoRun\command - "" = F:\avira.exe -- File not found [2010.09.30 19:09:26 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows [2010.09.30 19:09:24 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0A8E2C33 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:F35A93AD :Files C:\Users\Tom\AppData\Roaming\Muloso :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ --> Google Virus leitet Seiten um |
03.10.2010, 14:20 | #7 |
| Google Virus leitet Seiten um Vielen Dank für deine Hilfe! Aber leider muss ich euch mitteilen, dass wenn ich auf den Botton Fix drücke, alles komplett geschlossen wird, auch die Taskleiste, also nur noch der Hintergrund zu sehen ist, und das OTL Fenster, dass sich 10 Sekunden später aufhängt und keine Rückmeldung gibt. Eizige Möglichkeit dem zu entgehen ist dann sich Abzumelden und wieder anzumelden. Ich habe es 2 mal probiert, mit immer dem selben Ergebnis |
03.10.2010, 15:05 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google Virus leitet Seiten um Probiers mal mit diesem Script: Code:
ATTFilter O4 - HKLM..\Run: [] File not found O4 - HKCU..\Run: [{F3DB8B9B-EEB0-771E-6319-C385A04E1465}] C:\Users\Tom\AppData\Roaming\Muloso\sobou.exe (Kaspersky Lab) O4 - HKCU..\Run: [grpchost] C:\Users\Tom\AppData\Local\Temp\certreg.DLL () O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ] O33 - MountPoints2\{2df5e9e5-36fa-11de-9298-001f1617844d}\Shell - "" = AutoRun O33 - MountPoints2\{2df5e9e5-36fa-11de-9298-001f1617844d}\Shell\AutoRun\command - "" = I:\start.exe -- File not found O33 - MountPoints2\{340c7c65-3452-11df-9812-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{340c7c65-3452-11df-9812-806e6f6e6963}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{90d1bd73-2b92-11df-b1a1-001f1619d89f}\Shell\AutoRun\command - "" = F:\avira.exe -- File not found [2010.09.30 19:09:26 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows [2010.09.30 19:09:24 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0A8E2C33 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:F35A93AD :Files C:\Users\Tom\AppData\Roaming\Muloso :Commands [purity] [resethosts] [emptytemp]
__________________ Logfiles bitte immer in CODE-Tags posten |
03.10.2010, 15:20 | #9 |
| Google Virus leitet Seiten um Endlich hat es geklappt! Neugestartet und folgendes Logergebnis: Code:
ATTFilter Error: Unable to interpret <O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]> in the current context! Error: Unable to interpret <O33 - MountPoints2\{2df5e9e5-36fa-11de-9298-001f1617844d}\Shell - "" = AutoRun> in the current context! Error: Unable to interpret <O33 - MountPoints2\{2df5e9e5-36fa-11de-9298-001f1617844d}\Shell\AutoRun\command - "" = I:\start.exe -- File not found> in the current context! Error: Unable to interpret <O33 - MountPoints2\{340c7c65-3452-11df-9812-806e6f6e6963}\Shell - "" = AutoRun> in the current context! Error: Unable to interpret <O33 - MountPoints2\{340c7c65-3452-11df-9812-806e6f6e6963}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found> in the current context! Error: Unable to interpret <O33 - MountPoints2\{90d1bd73-2b92-11df-b1a1-001f1619d89f}\Shell\AutoRun\command - "" = F:\avira.exe -- File not found> in the current context! Error: Unable to interpret <[2010.09.30 19:09:26 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows> in the current context! Error: Unable to interpret <[2010.09.30 19:09:24 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server> in the current context! Error: Unable to interpret <@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0A8E2C33> in the current context! Error: Unable to interpret <@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:F35A93AD> in the current context! ========== FILES ========== File\Folder C:\Users\Tom\AppData\Roaming\Muloso not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Tom ->Temp folder emptied: 47058006 bytes ->Temporary Internet Files folder emptied: 41610591 bytes ->Java cache emptied: 3969513 bytes ->FireFox cache emptied: 0 bytes ->Google Chrome cache emptied: 42846945 bytes ->Flash cache emptied: 160251 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 130809017 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 254,00 mb OTL by OldTimer - Version 3.2.14.1 log created on 10032010_161340 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Schade hatte gedacht der Virus hätte sich vielleicht schon gelöst, aber Malwarebytes gibt mir wieder an, dass es eine Verbindung zu einer potenziell gefährlichen Seite gesperrt hat |
04.10.2010, 07:13 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google Virus leitet Seiten um Sry ich hatte einen Fehler im Script Mach es bitte nochmal hiermit: Code:
ATTFilter :OTL O4 - HKLM..\Run: [] File not found O4 - HKCU..\Run: [{F3DB8B9B-EEB0-771E-6319-C385A04E1465}] C:\Users\Tom\AppData\Roaming\Muloso\sobou.exe (Kaspersky Lab) O4 - HKCU..\Run: [grpchost] C:\Users\Tom\AppData\Local\Temp\certreg.DLL () O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ] O33 - MountPoints2\{2df5e9e5-36fa-11de-9298-001f1617844d}\Shell - "" = AutoRun O33 - MountPoints2\{2df5e9e5-36fa-11de-9298-001f1617844d}\Shell\AutoRun\command - "" = I:\start.exe -- File not found O33 - MountPoints2\{340c7c65-3452-11df-9812-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{340c7c65-3452-11df-9812-806e6f6e6963}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{90d1bd73-2b92-11df-b1a1-001f1619d89f}\Shell\AutoRun\command - "" = F:\avira.exe -- File not found [2010.09.30 19:09:26 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows [2010.09.30 19:09:24 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0A8E2C33 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:F35A93AD :Files C:\Users\Tom\AppData\Roaming\Muloso :Commands [purity] [resethosts] [emptytemp]
__________________ Logfiles bitte immer in CODE-Tags posten |
04.10.2010, 14:31 | #11 |
| Google Virus leitet Seiten um Vielen dank für deine Bemühungen, cosinus! Ergenbis: Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{F3DB8B9B-EEB0-771E-6319-C385A04E1465} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3DB8B9B-EEB0-771E-6319-C385A04E1465}\ not found. File C:\Users\Tom\AppData\Roaming\Muloso\sobou.exe not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\grpchost not found. File C:\Users\Tom\AppData\Local\Temp\certreg.DLL not found. File D:\autoexec.bat not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2df5e9e5-36fa-11de-9298-001f1617844d}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2df5e9e5-36fa-11de-9298-001f1617844d}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2df5e9e5-36fa-11de-9298-001f1617844d}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2df5e9e5-36fa-11de-9298-001f1617844d}\ not found. File I:\start.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{340c7c65-3452-11df-9812-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{340c7c65-3452-11df-9812-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{340c7c65-3452-11df-9812-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{340c7c65-3452-11df-9812-806e6f6e6963}\ not found. File F:\LaunchU3.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90d1bd73-2b92-11df-b1a1-001f1619d89f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90d1bd73-2b92-11df-b1a1-001f1619d89f}\ not found. File F:\avira.exe not found. Folder C:\Users\Public\Documents\Windows\ not found. Folder C:\Users\Public\Documents\Server\ not found. Unable to delete ADS C:\ProgramData\Temp:0A8E2C33 . Unable to delete ADS C:\ProgramData\Temp:F35A93AD . ========== FILES ========== File\Folder C:\Users\Tom\AppData\Roaming\Muloso not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Tom ->Temp folder emptied: 8138108 bytes ->Temporary Internet Files folder emptied: 257521 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 42368925 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 1419 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 48,00 mb OTL by OldTimer - Version 3.2.14.1 log created on 10042010_152440 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
04.10.2010, 17:55 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google Virus leitet Seiten um Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
04.10.2010, 20:18 | #13 |
| Google Virus leitet Seiten um Wirklich vielen Dank! Bei solchen Problemen bin ich immer überfragt! Eine Frage habe ich aber noch, nachdem ich die Schritte durchgeführt habe, zeigt mir Daemon Tools an, wenn ich es starten will: "Kernel debugger must be deactivated". Was hat das zu bedeuten? Erflogreiches Ergebnis: Code:
ATTFilter ComboFix 10-10-03.03 - Tom 04.10.2010 20:53:52.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.2113 [GMT 2:00] ausgeführt von:: c:\users\Tom\Desktop\cofi.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\pdfforge Toolbar\SearchSettings.dll c:\program files\pdfforge Toolbar\WiDGitoolbarie.dll . ((((((((((((((((((((((( Dateien erstellt von 2010-09-04 bis 2010-10-04 )))))))))))))))))))))))))))))) . 2010-10-04 18:44 . 2010-10-04 18:45 -------- d-----w- C:\32788R22FWJFW 2010-10-04 18:32 . 2010-10-04 18:32 -------- d-----w- c:\program files\CCleaner 2010-10-04 14:00 . 2010-10-04 14:13 -------- d-----w- c:\users\Tom\AppData\Roaming\Genie-Soft 2010-10-04 13:58 . 2010-10-04 13:58 -------- d-----w- c:\program files\Genie-Soft 2010-10-04 13:24 . 2007-01-04 10:15 9336 ----a-w- c:\windows\system32\WinIo.sys 2010-10-03 13:11 . 2010-10-03 13:11 -------- d-----w- C:\_OTL 2010-10-02 12:22 . 2010-10-02 12:22 -------- d-----w- c:\users\Tom\AppData\Roaming\Malwarebytes 2010-10-02 12:22 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-02 12:22 . 2010-10-02 12:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-02 12:22 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-02 11:51 . 2010-10-02 11:53 -------- d-----w- c:\users\Tom\AppData\Local\Google 2010-09-29 15:54 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll 2010-09-28 15:00 . 2010-09-28 15:00 32722952 ----a-w- c:\users\Tom\AppData\Roaming\Genie-Soft\GenieTimeLine\Cache\GenieTimelineSetupPro_Update.exe 2010-09-28 14:13 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-09-15 14:12 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL 2010-09-15 14:12 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe 2010-09-15 14:11 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll 2010-09-15 14:11 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll 2010-09-11 10:05 . 2010-09-16 20:53 -------- d-----w- c:\users\Tom\AppData\Local\Thunderbird 2010-09-11 10:05 . 2010-09-11 10:05 -------- d-----w- c:\users\Tom\AppData\Roaming\Thunderbird 2010-09-11 10:04 . 2010-09-16 21:22 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-09-09 15:44 . 2010-09-09 15:44 -------- d-----w- c:\program files\iPod . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-04 19:05 . 2009-04-27 19:21 -------- d-----w- c:\program files\pdfforge Toolbar 2010-10-04 13:23 . 2009-04-27 19:42 -------- d-----w- c:\users\Tom\AppData\Roaming\Skype 2010-10-04 13:21 . 2009-06-03 18:46 -------- d-----w- c:\users\Tom\AppData\Roaming\skypePM 2010-10-03 12:01 . 2009-02-19 14:18 628742 ----a-w- c:\windows\system32\perfh007.dat 2010-10-03 12:01 . 2009-02-19 14:18 126454 ----a-w- c:\windows\system32\perfc007.dat 2010-10-03 11:45 . 2009-04-28 16:11 -------- d-----w- c:\users\Tom\AppData\Roaming\vlc 2010-10-03 11:45 . 2009-02-26 19:12 -------- d-----w- c:\program files\Microsoft Silverlight 2010-10-02 23:33 . 2010-04-23 08:34 -------- d-----w- c:\users\Tom\AppData\Roaming\Boopy 2010-09-30 16:47 . 2010-08-25 03:30 -------- d-----w- c:\users\Tom\AppData\Roaming\LimeWire 2010-09-29 20:12 . 2009-04-27 19:07 129960 ----a-w- c:\users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT 2010-09-21 18:03 . 2006-11-02 10:25 51200 ----a-w- c:\windows\Inf\infpub.dat 2010-09-21 18:03 . 2006-11-02 10:25 143360 ----a-w- c:\windows\Inf\infstrng.dat 2010-09-21 18:03 . 2006-11-02 10:25 86016 ----a-w- c:\windows\Inf\infstor.dat 2010-09-15 20:58 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-09-11 10:04 . 2009-06-25 13:51 680 ----a-w- c:\users\Tom\AppData\Local\d3d9caps.dat 2010-09-09 15:45 . 2009-08-05 13:28 -------- d-----w- c:\program files\iTunes 2010-09-09 15:44 . 2009-05-22 19:17 -------- d-----w- c:\program files\Common Files\Apple 2010-08-31 21:38 . 2009-04-27 19:18 -------- d-----w- c:\program files\ICQ6.5 2010-08-25 03:30 . 2010-08-25 03:30 8192 ----a-w- c:\users\Tom\AppData\Roaming\LimeWire\browser\xulrunner\AccessibleMarshal.dll 2010-08-25 03:30 . 2010-08-25 03:30 20480 ----a-w- c:\users\Tom\AppData\Roaming\LimeWire\browser\xulrunner\IA2Marshal.dll 2010-08-25 03:30 . 2010-08-25 03:30 20480 ----a-w- c:\users\Tom\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.dll 2010-08-25 03:30 . 2010-08-25 03:30 18944 ----a-w- c:\users\Tom\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.dll 2010-08-25 03:30 . 2010-08-25 03:30 17408 ----a-w- c:\users\Tom\AppData\Roaming\LimeWire\browser\xulrunner\components\auth.dll 2010-08-25 03:30 . 2010-08-25 03:30 -------- d-----w- c:\program files\LimeWire 2010-08-18 19:30 . 2009-04-27 20:18 -------- d-----w- c:\program files\QuickTime 2010-08-17 12:26 . 2009-02-26 19:33 -------- d-----w- c:\program files\Microsoft Works 2010-08-08 04:39 . 2009-05-10 09:20 -------- d-----w- c:\program files\Messenger Plus! Live 2010-07-30 22:00 . 2010-07-30 22:00 292774 ----a-r- c:\users\Tom\AppData\Roaming\Microsoft\Installer\{0FC9C3C9-443B-4790-BD09-7F871161E9FB}\_853F67D554F05449430E7E.exe 2010-07-30 22:00 . 2010-07-30 22:00 292774 ----a-r- c:\users\Tom\AppData\Roaming\Microsoft\Installer\{0FC9C3C9-443B-4790-BD09-7F871161E9FB}\_0BA7603D98DC9FC2500EC9.exe 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-02-26 20:09 . 2009-02-26 20:09 8 --sh--r- c:\windows\System32\F928A0FA17.sys 2009-02-26 20:09 . 2009-02-26 20:09 2828 --sha-w- c:\windows\System32\KGyGaAvL.sys 2009-01-14 14:19 . 2009-01-14 14:12 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-05-04 2356088] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Google Update"="c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-02 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440] "tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2008-08-28 233472] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-10 13605408] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-10 92704] "MDS_Menu"="c:\program files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "PDVD8LanguageShortcut"="c:\program files\HomeCinema\PowerDVD8\Language\Language.exe" [2007-12-14 50472] "UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-01-30 992256] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-10-31 1833504] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] "Genie TimeLine Tray"="c:\program files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe" [2010-09-28 1038464] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "UVS11 Preload"=c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 resetWinService;Reset Reader;c:\program files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe [2008-10-29 70656] R3 wimmount;wimmount;c:\windows\system32\DRIVERS\wimmount.sys [2010-03-30 19024] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-05-02 717296] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289] S2 GenieTimelineService;Genie Timeline Service;c:\program files\Genie-Soft\Genie Timeline\GenieTimelineService.exe [2010-09-28 344704] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464] S2 uvnc_service;uvnc_service;c:\program files\iTeleport\UltraVNC\WinVNC.exe [2009-08-15 1589704] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952] S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-12-23 51232] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhalt des "geplante Tasks" Ordners 2010-10-01 c:\windows\Tasks\1-Klick-Wartung.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-14 11:17] 2010-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1765325698-2615006005-1292777395-1000Core.job - c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-02 11:51] 2010-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1765325698-2615006005-1292777395-1000UA.job - c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-02 11:51] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.aldi.com/ uInternet Settings,ProxyOverride = *.local IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\a0byep8x.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\Tom\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - Entfernte verwaiste Registrierungseinträge - - - - BHO-{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - (no file) WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file) AddRemove-Flash Slideshow Maker Pro - g:\flash slideshow\Flash Slideshow Maker Professional\uninst.exe AddRemove-Free YouTube Download_is1 - g:\rubik's cube\Youtube Downloader\Free YouTube Download\unins000.exe AddRemove-Free YouTube to Mp3 Converter_is1 - g:\program files\Free YouTube to Mp3 Converter\unins000.exe AddRemove-XnView_is1 - g:\program files\XnView\unins000.exe AddRemove-Zattoo - g:\live stream\Zattoo\Zattoo\uninst.exe AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4} . Zeit der Fertigstellung: 2010-10-04 21:10:01 ComboFix-quarantined-files.txt 2010-10-04 19:10 Vor Suchlauf: 11 Verzeichnis(se), 199.054.860.288 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 198.985.277.440 Bytes frei - - End Of File - - 3C31F3C02E7264E50C15C42F4180DAD6 |
05.10.2010, 07:48 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Google Virus leitet Seiten um Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Downloade Dir anschließend bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
05.10.2010, 15:50 | #15 |
| Google Virus leitet Seiten um GMER hat sich leider immer aufgehangen, ich habe es 3 mal versucht! Asonsten hat alles geklappt! OSAM Ergebnis: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:47:45 on 05.10.2010 OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.10 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskUserS-1-5-21-1765325698-2615006005-1292777395-1000Core.job" - "Google Inc." - C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-1765325698-2615006005-1292777395-1000UA.job" - "Google Inc." - C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe "1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Program Files\TuneUp Utilities 2008\OneClick.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Adobe Version Cue CS3" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.cpl "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\MLCFG32.CPL "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "at43s0v9" (at43s0v9) - "Microsoft Corporation" - C:\Windows\system32\drivers\at43s0v9.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\Tom\AppData\Local\Temp\catchme.sys (File not found) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "wimmount" (wimmount) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimmount.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) "CorelDRAW Shell Extension Component" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {D821600B-0B5D-4d7e-B1CC-034C652E8288} "Genie-Soft Timeline Backup Context Menu Extension" - "Genie-Soft" - C:\Program Files\Genie-Soft\Genie Timeline\GSTimelineContextMenu.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONFILTER.DLL {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\OLKFSTUB.DLL {82AA9188-44E0-40B9-B956-43A10C315B4F} "RootShellFolder Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {2ED7FD81-CBA6-45E5-A49A-5E84889A94E2} "ShellDragDropHandler Class" - "SmartSoft Ltd" - C:\Program Files\SmartFTP Client\sfShellTools.dll {7568C3F3-DF7E-436A-95C2-772819DF58B4} "ShellFolderExternal Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll {119310E6-5FB7-4eeb-BEDB-9E229E76B9B4} "ShellFolderMultiUploadDestination Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll {3B164627-7060-47BB-A1BE-DF5540B02821} "ShellFolderMultiUploadSource Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll {6E0A0931-B89D-45B7-8BF0-F221A6D67257} "ShellFolderRoot Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll {EB5EE1F3-041A-4c03-9D51-2BEC6715FB00} "ShellFolderSearchRoot Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll {F87DED31-303F-4ED1-9BCE-D360FBC74E0A} "SmartFTP ContextMenu Shell Extension" - "SmartSoft Ltd" - C:\Program Files\SmartFTP Client\sfShellTools.dll {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} "SmartFTP Drop ShellIconOverlayHandler" - "SmartSoft Ltd" - C:\Program Files\SmartFTP Client\sfShellTools.dll {FD504287-1372-40d2-ACA6-216A8FCC243D} "SmartFTP FavoritesShellFolder Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll {0848278D-D88B-445b-BEDC-7DFBDB061F5F} "SmartFTP FavoritesShellFolderDesktop class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll {40FDFA48-5F4E-4627-A78E-6A49A3D4492F} "SmartFTP ShellDropHandler Class" - "SmartSoft Ltd" - C:\Program Files\SmartFTP Client\sfShellTools.dll {DAD6E255-ED92-4AC4-8B7D-846640F87358} "Timeline Explorer" - "Genie-Soft" - C:\Program Files\Genie-Soft\Genie Timeline\GSTimelineNSE.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - C:\Windows\System32\uxtuneup.dll {DBD8E168-244D-448C-9922-25508950D1DC} "USIShellExt Class" - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {E312764E-7706-43F1-8DAB-FCDD2B1E416D} "{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_12" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} "Java Plug-in 1.6.0_12" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_12" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_12.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab {C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (HTTP value) "ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll "PokerStars.net" - "PokerStars" - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} "Contribute Toolbar" - "Adobe Systems Incorporated." - C:\Program Files\Adobe\Adobe Contribute CS3\contributeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {074C1DC5-9320-4A9A-947D-C042949C6216} "ContributeBHO Class" - "Adobe Systems Incorporated." - C:\Program Files\Adobe\Adobe Contribute CS3\contributeieplugin.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %SystemDrive%\_OTL\MovedFiles\10032010_151159\C_Users\Public\Documents\Windows )----- "desktop.ini" - ? - C:\_OTL\MovedFiles\10032010_151159\C_Users\Public\Documents\Windows\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "AdobeUpdater" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" "DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun "Google Update" - "Google Inc." - "C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe" /c "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 "ISUSPM" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" "Adobe_ID0EYTHM" - "Adobe Systems Incorporated" - C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "Genie TimeLine Tray" - "Genie-soft" - C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe -auto "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "MDS_Menu" - "CyberLink Corp." - "C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1" "PDVD8LanguageShortcut" - ? - "C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SearchSettings" - "GreenTree Applications, Inc." - C:\Program Files\pdfforge Toolbar\SearchSettings.exe "tsnp2uvc" - ? - C:\Windows\tsnp2uvc.exe "UCam_Menu" - "CyberLink Corp." - "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Adobe PDF Port" - "Adobe Systems Incorporated." - C:\Windows\system32\AdobePDF.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\System32\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software GmbH" - C:\Windows\System32\TuneUpDefragService.exe "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software GmbH" - C:\Windows\System32\uxtuneup.dll "@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "Adobe Version Cue CS3 {de_DE} " (Adobe Version Cue CS3) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Capture Device Service" (Capture Device Service) - "InterVideo Inc." - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\Cyberlink\Shared files\RichVideo.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "Genie Timeline Service" (GenieTimelineService) - "Genie-Soft" - C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe "ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe "Reset Reader" (resetWinService) - ? - C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe (File found, but it contains no detailed information) "uvnc_service" (uvnc_service) - "UltraVNC" - C:\Program Files\iTeleport\UltraVNC\WinVNC.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: MEDION BIOS Manufacturer: Phoenix Technologies LTD System Manufacturer: MEDION System Product Name: ME Series Logical Drives Mask: 0x0000039c Kernel Drivers (total 150): 0x8283E000 \SystemRoot\system32\ntkrnlpa.exe 0x8280B000 \SystemRoot\system32\hal.dll 0x80407000 \SystemRoot\system32\kdcom.dll 0x8040E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8047E000 \SystemRoot\system32\PSHED.dll 0x8048F000 \SystemRoot\system32\BOOTVID.dll 0x80497000 \SystemRoot\system32\CLFS.SYS 0x804D8000 \SystemRoot\system32\CI.dll 0x80603000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8067F000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8068C000 \SystemRoot\System32\Drivers\sptd.sys 0x8079F000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x807A8000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x805B8000 \SystemRoot\system32\drivers\acpi.sys 0x807CE000 \SystemRoot\system32\drivers\msisadrv.sys 0x807D6000 \SystemRoot\system32\drivers\pci.sys 0x82E0D000 \SystemRoot\System32\drivers\partmgr.sys 0x82E1C000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x82E1F000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x82E29000 \SystemRoot\system32\drivers\volmgr.sys 0x82E38000 \SystemRoot\System32\drivers\volmgrx.sys 0x82E82000 \SystemRoot\System32\drivers\mountmgr.sys 0x82E92000 \SystemRoot\system32\drivers\atapi.sys 0x82E9A000 \SystemRoot\system32\drivers\ataport.SYS 0x82EB8000 \SystemRoot\system32\drivers\msahci.sys 0x82EC2000 \SystemRoot\system32\drivers\PCIIDEX.SYS 0x82ED0000 \SystemRoot\system32\drivers\fltmgr.sys 0x82F02000 \SystemRoot\system32\drivers\fileinfo.sys 0x82F12000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8AA0E000 \SystemRoot\system32\drivers\ndis.sys 0x8AB19000 \SystemRoot\system32\drivers\msrpc.sys 0x8AB44000 \SystemRoot\system32\drivers\NETIO.SYS 0x8AC05000 \SystemRoot\System32\drivers\tcpip.sys 0x8ACEF000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x8AE0B000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8AF1B000 \SystemRoot\system32\drivers\volsnap.sys 0x8AF54000 \SystemRoot\System32\Drivers\spldr.sys 0x8AF5C000 \SystemRoot\System32\Drivers\mup.sys 0x8AF6B000 \SystemRoot\System32\drivers\ecache.sys 0x8AF92000 \SystemRoot\system32\drivers\disk.sys 0x8AFA3000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8AFC4000 \SystemRoot\system32\drivers\crcdisk.sys 0x8AFEF000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8AE00000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8AD0A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x8F808000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x8FF3B000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8FFDC000 \SystemRoot\System32\drivers\watchdog.sys 0x8FFE8000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8AD13000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x8AD51000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8AD60000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x90204000 \SystemRoot\system32\DRIVERS\NETw5v32.sys 0x9058B000 \SystemRoot\system32\DRIVERS\Rtlh86.sys 0x905AF000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x905B3000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x905C6000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8AB7F000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x905D1000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x905D3000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x905DE000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x905F6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x8ABB0000 \SystemRoot\System32\Drivers\at43s0v9.SYS 0x8ADED000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x82F83000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x82FB2000 \SystemRoot\system32\DRIVERS\storport.sys 0x8FFF3000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8ABE7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x8AA00000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x90801000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x90824000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x90833000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x90847000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x9085C000 \SystemRoot\system32\DRIVERS\termdd.sys 0x9086C000 \SystemRoot\system32\DRIVERS\swenum.sys 0x9086E000 \SystemRoot\system32\DRIVERS\ks.sys 0x90898000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x908A2000 \SystemRoot\system32\DRIVERS\umbus.sys 0x908AF000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x908E4000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x91200000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x91420000 \SystemRoot\system32\drivers\portcls.sys 0x9144D000 \SystemRoot\system32\drivers\drmk.sys 0x91472000 \SystemRoot\system32\drivers\nvhda32v.sys 0x91482000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x9148B000 \SystemRoot\System32\Drivers\Null.SYS 0x91492000 \SystemRoot\System32\Drivers\Beep.SYS 0x914A2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x914A9000 \SystemRoot\System32\drivers\vga.sys 0x914B5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x91801000 \SystemRoot\system32\DRIVERS\snp2uvc.sys 0x919B9000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0x919C6000 \SystemRoot\system32\DRIVERS\sncduvc.SYS 0x919CD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x919D5000 \SystemRoot\system32\drivers\rdpencdd.sys 0x919DD000 \SystemRoot\System32\Drivers\Msfs.SYS 0x919E8000 \SystemRoot\System32\Drivers\Npfs.SYS 0x919F6000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x914D6000 \SystemRoot\system32\DRIVERS\tdx.sys 0x914EC000 \SystemRoot\system32\DRIVERS\smb.sys 0x91500000 \SystemRoot\system32\drivers\afd.sys 0x91548000 \SystemRoot\System32\DRIVERS\netbt.sys 0x9157A000 \SystemRoot\system32\DRIVERS\pacer.sys 0x91590000 \SystemRoot\system32\DRIVERS\netbios.sys 0x9159E000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x915B1000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x915B7000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x915F3000 \SystemRoot\system32\drivers\nsiproxy.sys 0x908F5000 \SystemRoot\System32\Drivers\dfsc.sys 0x9090C000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x915FD000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0x90928000 \SystemRoot\system32\drivers\RTSTOR.SYS 0x9093B000 \SystemRoot\System32\Drivers\fastfat.SYS 0x90963000 \SystemRoot\System32\Drivers\crashdmp.sys 0x90970000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x9097B000 \SystemRoot\System32\Drivers\dump_msahci.sys 0x9ECA0000 \SystemRoot\System32\win32k.sys 0x90985000 \SystemRoot\System32\drivers\Dxapi.sys 0x9098F000 \SystemRoot\system32\DRIVERS\monitor.sys 0x9EEC0000 \SystemRoot\System32\TSDDD.dll 0x9EEE0000 \SystemRoot\System32\ATMFD.DLL 0x9EF30000 \SystemRoot\System32\cdd.dll 0x9099E000 \SystemRoot\system32\drivers\luafv.sys 0x909B9000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0xA300C000 \SystemRoot\system32\drivers\spsys.sys 0xA30BC000 \SystemRoot\system32\DRIVERS\lltdio.sys 0xA30CC000 \SystemRoot\system32\DRIVERS\nwifi.sys 0xA30F6000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA3100000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xA3113000 \SystemRoot\system32\drivers\HTTP.sys 0xA3180000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xA319D000 \SystemRoot\system32\DRIVERS\bowser.sys 0xA31B6000 \SystemRoot\System32\drivers\mpsdrv.sys 0xA31CB000 \SystemRoot\system32\drivers\mrxdav.sys 0x909CD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA5C01000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA5C3A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA5C52000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA5C79000 \SystemRoot\System32\DRIVERS\srv.sys 0xA5CDF000 \SystemRoot\system32\DRIVERS\atksgt.sys 0xA5D22000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0xA7609000 \SystemRoot\system32\drivers\peauth.sys 0xA76E7000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA76F1000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA76FD000 \SystemRoot\system32\DRIVERS\WUDFRd.sys 0xA7712000 \SystemRoot\system32\DRIVERS\WUDFPf.sys 0xA7724000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xA773A000 \??\C:\Windows\system32\drivers\mbam.sys 0x775B0000 \Windows\System32\ntdll.dll 0x10000000 \Program Files\DAEMON Tools Lite\daemon.dll Processes (total 84): 0 System Idle Process 4 System 440 C:\Windows\System32\smss.exe 588 csrss.exe 640 C:\Windows\System32\wininit.exe 652 csrss.exe 684 C:\Windows\System32\services.exe 696 C:\Windows\System32\lsass.exe 704 C:\Windows\System32\lsm.exe 868 C:\Windows\System32\svchost.exe 936 C:\Windows\System32\nvvsvc.exe 964 C:\Windows\System32\svchost.exe 1028 C:\Windows\System32\svchost.exe 1064 C:\Windows\System32\svchost.exe 1100 C:\Windows\System32\svchost.exe 1112 C:\Windows\System32\svchost.exe 1176 C:\Windows\System32\audiodg.exe 1196 C:\Windows\System32\svchost.exe 1212 C:\Windows\System32\SLsvc.exe 1260 C:\Windows\System32\svchost.exe 1352 C:\Windows\System32\winlogon.exe 1436 C:\Windows\System32\svchost.exe 1636 C:\Windows\System32\rundll32.exe 1788 C:\Windows\System32\spoolsv.exe 1824 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1848 C:\Windows\System32\svchost.exe 124 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 276 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 300 C:\Program Files\Bonjour\mDNSResponder.exe 312 C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe 548 C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe 1712 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 2036 C:\Windows\System32\IoctlSvc.exe 456 C:\Windows\System32\svchost.exe 852 C:\Windows\System32\PSIService.exe 1424 C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe 2216 C:\Program Files\Cyberlink\Shared files\RichVideo.exe 2240 C:\Windows\System32\svchost.exe 2284 C:\Program Files\iTeleport\UltraVNC\winvnc.exe 2308 C:\Windows\System32\svchost.exe 2344 C:\Windows\System32\SearchIndexer.exe 2480 WUDFHost.exe 2520 C:\Program Files\iTeleport\UltraVNC\winvnc.exe 3008 C:\Windows\System32\dwm.exe 3060 C:\Windows\System32\taskeng.exe 3132 C:\Windows\explorer.exe 3156 C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe 3280 C:\Windows\System32\conime.exe 3576 C:\Program Files\Genie-Soft\Genie Timeline\WebServer\PHP\php-cgi.exe 3612 C:\Program Files\Genie-Soft\Genie Timeline\WebServer\nginx\GSTimeLineSearch.exe 3620 C:\Program Files\Genie-Soft\Genie Timeline\WebServer\nginx\GSTimeLineSearch.exe 3640 C:\Program Files\Windows Defender\MSASCui.exe 3664 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 3676 C:\Windows\tsnp2uvc.exe 3704 C:\Windows\System32\rundll32.exe 3956 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3976 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 3984 C:\Program Files\pdfforge Toolbar\SearchSettings.exe 3992 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 4004 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe 4032 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe 2104 C:\Program Files\iTunes\iTunesHelper.exe 1240 C:\Program Files\Windows Sidebar\sidebar.exe 2340 C:\Program Files\DAEMON Tools Lite\daemon.exe 1576 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe 1580 C:\Windows\ehome\ehtray.exe 2648 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe 1592 C:\Program Files\Windows Media Player\wmpnscfg.exe 1804 C:\Windows\ehome\ehmsas.exe 3076 C:\Program Files\Windows Media Player\wmpnetwk.exe 3716 C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe 552 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 2832 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 1228 C:\Program Files\iPod\bin\iPodService.exe 4068 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 2836 C:\Windows\System32\wuauclt.exe 3516 C:\Program Files\Mozilla Firefox\firefox.exe 5308 C:\Program Files\Windows Live\Messenger\msnmsgr.exe 5760 C:\Program Files\Windows Live\Contacts\wlcomm.exe 3904 taskeng.exe 5580 C:\Windows\System32\taskeng.exe 4888 C:\Windows\System32\SearchProtocolHost.exe 5800 C:\Windows\System32\SearchFilterHost.exe 5732 C:\Users\Tom\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000006e`17d00000 (FAT32) PhysicalDrive0 Model Number: HitachiHTS545050B9A300, Rev: PB4OC60G Size Device Name MBR Status -------------------------------------------- 465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! |
Themen zu Google Virus leitet Seiten um |
antivir, antivir guard, ask toolbar, askbar, avira, bho, bonjour, browser, desktop, ebay, firefox, google, hijack, hijackthis, limewire, local\temp, mozilla thunderbird, mp3, pdfforge toolbar, plug-in, problem, realtek, scan, senden, server, software, system, usb 2.0, virus, vista, windows |