Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Google Virus leitet Seiten um

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.10.2010, 15:16   #1
Thomas126
 
Google Virus leitet Seiten um - Standard

Google Virus leitet Seiten um



Einen guten Mittag wünsche ich!
Seid gestern habe ich ein Problem mit Google! Mein Browser, Firefox, läuft augenscheinlich einwandfrei und installiert habe ich auf meinem Windows Vista auch nichts, und trotzdem werde ich, wenn ich in Google eine Suche starte und von dort auf auf die jeweiligen Seiten klicke einfach umgeleitet! Zu irgendwelchem Schrott und weiteren Viren...

Ich habe mich auch schon über Google versucht zu erkunden, was nicht leicht fällt, wenn man jetzt die Google Ergebnisse per Hand übertragen muss, und bin auf ein bekanntes Problem gestoßen. Anscheinend bin ich also nicht der einzige, der mit diesem Problem zu kämpfen hat!
Auch in diesem Board war schon ein Beitrag, in dem ich leider nichts posten konnte und auch mit der Lösung dort nichts anzufangen wusste. So habe ich mir mal den hijack heruntergeladen und ein Scan mit Log durchgeführt:
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:04:34, on 01.10.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\tsnp2uvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\pdfforge Toolbar\SearchSettings.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Tom\AppData\Local\Temp\Rar$EX00.872\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Tom\Desktop\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - (no file)
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - User Startup: winhelp.exe
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU)
O13 - Gopher Prefix: 
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS3 {de_DE} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Reset Reader (resetWinService) - Unknown owner - C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\iTeleport\UltraVNC\WinVNC.exe
 
--
End of file - 13406 bytes
         
--- --- ---



Ist daran irgendetwas aufällig? kann mir jemand helfen? Ich freue mich über jede Hilfe! Danke!
mit freundlichen Grüßen,
Thomas

Alt 01.10.2010, 19:48   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google Virus leitet Seiten um - Standard

Google Virus leitet Seiten um



Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 02.10.2010, 18:52   #3
Thomas126
 
Google Virus leitet Seiten um - Standard

Google Virus leitet Seiten um



Malwarebytes Ergenbis:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4733

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

02.10.2010 18:32:53
mbam-log-2010-10-02 (18-32-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 522467
Laufzeit: 3 Stunde(n), 13 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
C:\Users\Tom\CryptLoad_1.1.6\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Users\Tom\CryptLoad_1.1.6\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.
         
Irgendetwas aufälliges? Desweiteren sagt mir Malewarebytes das er eine Verbindung zu einer IP Adresse: 91:188:60:86 erfolgreich gestoppt hat! Daran ist doch irgendetwas faul! Also auch nachdem ich die 5 Plagegeister gelöscht habe!

OTL Ergebnis:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.10.2010 19:54:30 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Tom\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 440,37 Gb Total Space | 187,63 Gb Free Space | 42,61% Space Free | Partition Type: NTFS
Drive D: | 25,38 Gb Total Space | 12,51 Gb Free Space | 49,32% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TOM-LAPTOP
Current User Name: Tom
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tom\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\iTeleport\UltraVNC\winvnc.exe (UltraVNC)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe ()
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Windows\tsnp2uvc.exe ()
PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Programme\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
PRC - C:\Programme\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Tom\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (uvnc_service) -- C:\Program Files\iTeleport\UltraVNC\WinVNC.exe (UltraVNC)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (resetWinService) -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (Capture Device Service) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.16 22:41:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.16 22:41:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.09.16 23:22:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.09.11 12:05:13 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\mozilla\Extensions
[2010.09.11 12:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.25 05:31:09 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.10.01 19:17:16 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\a0byep8x.default\extensions
[2010.08.20 19:12:10 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\a0byep8x.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010.05.02 11:47:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\a0byep8x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.06.29 18:29:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\a0byep8x.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010.09.04 12:23:52 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\a0byep8x.default\extensions\foxyproxy@eric.h.jung
[2010.08.02 17:42:45 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.02 17:42:45 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009.04.27 21:21:14 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2009.04.27 21:21:15 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com
[2010.08.02 05:44:02 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.02 05:44:02 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.02 05:44:02 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.02 05:44:02 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.02 05:44:02 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.21 18:31:20 | 000,000,789 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Programme\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (GreenTree Applications, Inc.)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{F3DB8B9B-EEB0-771E-6319-C385A04E1465}] C:\Users\Tom\AppData\Roaming\Muloso\sobou.exe (Kaspersky Lab)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [grpchost] C:\Users\Tom\AppData\Local\Temp\certreg.DLL ()
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Programme\LimeWire\LimeWire.exe (Lime Wire, LLC)
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Tom\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tom\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O33 - MountPoints2\{2df5e9e5-36fa-11de-9298-001f1617844d}\Shell - "" = AutoRun
O33 - MountPoints2\{2df5e9e5-36fa-11de-9298-001f1617844d}\Shell\AutoRun\command - "" = I:\start.exe -- File not found
O33 - MountPoints2\{340c7c65-3452-11df-9812-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{340c7c65-3452-11df-9812-806e6f6e6963}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{90d1bd73-2b92-11df-b1a1-001f1619d89f}\Shell\AutoRun\command - "" = F:\avira.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.02 19:56:29 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\Virenhilfe
[2010.10.02 14:22:56 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Malwarebytes
[2010.10.02 14:22:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.02 14:22:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.02 14:22:35 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.02 14:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.02 14:22:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2010.10.02 13:51:56 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Google
[2010.10.01 23:00:51 | 000,009,336 | ---- | C] (hxxp://www.internals.com) -- C:\Windows\System32\WinIo.sys
[2010.10.01 16:04:00 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Tom\Desktop\HijackThis.exe
[2010.09.30 19:09:26 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows
[2010.09.30 19:09:24 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010.09.29 17:54:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.09.28 16:13:12 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.09.28 16:13:11 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.09.27 17:39:54 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.09.27 17:39:53 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.09.27 17:39:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.09.27 17:39:53 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.09.27 17:39:53 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.09.27 17:39:53 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.09.27 17:39:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.09.27 17:39:52 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.09.27 17:39:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.09.27 17:39:52 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.09.27 17:39:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.09.27 17:39:51 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.09.27 17:39:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.09.27 17:39:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.09.27 17:39:50 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.09.27 17:37:37 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010.09.27 17:37:37 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010.09.27 17:37:37 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010.09.27 17:37:36 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010.09.27 17:37:35 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010.09.27 17:37:35 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010.09.27 17:37:35 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010.09.27 17:37:35 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010.09.27 17:37:34 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.09.27 17:37:34 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010.09.27 17:37:34 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010.09.27 17:37:34 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.09.27 17:37:33 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010.09.27 17:37:33 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010.09.27 17:37:33 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010.09.27 17:37:33 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010.09.27 17:37:32 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.09.27 17:37:31 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010.09.27 17:37:30 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010.09.27 17:37:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.09.27 17:37:30 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010.09.27 17:37:30 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010.09.27 17:37:30 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010.09.27 17:37:30 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010.09.27 17:37:29 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010.09.21 19:04:24 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\treiber
[2010.09.20 16:21:50 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\Nero
[2010.09.15 16:12:01 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010.09.11 12:05:07 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Thunderbird
[2010.09.11 12:05:07 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Thunderbird
[2010.09.11 12:04:58 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird
[2010.09.09 17:44:25 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
[2009.02.27 19:17:28 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009.02.27 19:17:27 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2 C:\Users\Tom\*.tmp files -> C:\Users\Tom\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.02 19:57:23 | 005,242,880 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT
[2010.10.02 19:56:25 | 000,148,643 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.10.02 19:56:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1765325698-2615006005-1292777395-1000UA.job
[2010.10.02 19:43:10 | 000,148,643 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.10.02 19:24:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.02 19:24:52 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.02 19:24:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.02 19:24:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.02 19:24:39 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.02 19:23:45 | 000,524,288 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.10.02 19:23:45 | 000,065,536 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.10.02 19:23:16 | 006,291,456 | -H-- | M] () -- C:\Users\Tom\AppData\Local\IconCache.db
[2010.10.02 14:22:39 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.02 14:22:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\OTL.exe
[2010.10.02 14:15:54 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.10.02 13:56:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1765325698-2615006005-1292777395-1000Core.job
[2010.10.01 18:11:02 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.10.01 15:18:15 | 000,001,779 | ---- | M] () -- C:\Users\Tom\Desktop\index.html
[2010.09.30 18:45:12 | 001,791,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.09.29 22:12:56 | 000,129,960 | ---- | M] () -- C:\Users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.09.25 15:08:05 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.25 15:08:05 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.25 15:08:05 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.25 15:08:05 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.25 15:08:05 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.25 12:12:37 | 000,138,240 | ---- | M] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.11 12:04:21 | 000,000,680 | ---- | M] () -- C:\Users\Tom\AppData\Local\d3d9caps.dat
[2010.09.08 20:30:12 | 105,361,061 | ---- | M] () -- C:\Users\Tom\Desktop\iphigenie_grosse_stimmen_ard_radiofestival_20100801_2359.mp3
[2010.09.05 20:17:41 | 001,396,736 | ---- | M] () -- C:\Users\Tom\Documents\anezeige.indd
[2 C:\Users\Tom\*.tmp files -> C:\Users\Tom\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.02 14:22:39 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.02 13:51:59 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1765325698-2615006005-1292777395-1000UA.job
[2010.10.02 13:51:57 | 000,001,058 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1765325698-2615006005-1292777395-1000Core.job
[2010.10.01 15:12:03 | 000,001,779 | ---- | C] () -- C:\Users\Tom\Desktop\index.html
[2010.09.27 17:39:52 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010.09.08 20:24:19 | 105,361,061 | ---- | C] () -- C:\Users\Tom\Desktop\iphigenie_grosse_stimmen_ard_radiofestival_20100801_2359.mp3
[2010.09.05 20:17:41 | 001,396,736 | ---- | C] () -- C:\Users\Tom\Documents\anezeige.indd
[2010.06.18 19:24:09 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2010.01.24 04:22:49 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2009.10.22 21:52:53 | 000,000,819 | ---- | C] () -- C:\Windows\CoDUO.INI
[2009.10.22 21:37:59 | 000,000,745 | ---- | C] () -- C:\Windows\CoD.INI
[2009.09.24 16:30:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.27 02:45:21 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.08.27 02:45:18 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.07.27 22:36:12 | 000,210,456 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009.07.27 22:36:12 | 000,206,360 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009.07.27 22:36:12 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009.07.27 22:36:12 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009.07.27 22:36:12 | 000,194,072 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009.07.27 22:36:12 | 000,026,136 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009.06.25 15:51:46 | 000,000,680 | ---- | C] () -- C:\Users\Tom\AppData\Local\d3d9caps.dat
[2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll
[2009.06.07 05:21:23 | 000,002,673 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\SAS7_000.DAT
[2009.05.19 14:43:05 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2009.05.02 10:35:14 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.04.28 16:10:12 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.04.27 22:13:36 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2009.04.27 21:50:53 | 000,138,240 | ---- | C] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.27 21:47:08 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.02.27 19:17:28 | 001,799,808 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009.02.27 19:17:28 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009.02.27 19:17:28 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009.02.26 22:09:31 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009.02.26 22:09:31 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\F928A0FA17.sys
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0A8E2C33
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:F35A93AD
< End of report >
         
--- --- ---

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 02.10.2010 19:54:30 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Tom\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 440,37 Gb Total Space | 187,63 Gb Free Space | 42,61% Space Free | Partition Type: NTFS
Drive D: | 25,38 Gb Total Space | 12,51 Gb Free Space | 49,32% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TOM-LAPTOP
Current User Name: Tom
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DCA93A5-1653-47D3-A68C-32BB325F47C3}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{2D83589D-8A58-4481-BB0B-2F6E088EE186}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{41B9DA22-CF59-46A3-9A36-1EC7F8812F55}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{86D52E6A-10BD-4563-A2CC-B762BFCFBE27}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{8D049072-0D83-4ED8-830A-DD1BB2D491B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{BDC88737-81E7-4A39-ABCB-E511AD1DD48B}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{DC82EE6C-1904-443F-87CD-9FABBDDB2C34}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{F7F3154A-819A-4C99-850A-6F1A7321A590}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{FFBC59DE-8D35-417E-9AAC-38866DF8335D}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02E9FEF2-F4FF-4DFA-A63D-A710AF5DE91E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{0C10F217-4B41-4A16-B95D-A9BA594029FA}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{1861E6E9-49CD-4CB2-AB6E-16D3DA4768EA}" = protocol=17 | dir=in | app=c:\program files\iteleport\ultravnc\vncviewer.exe | 
"{1C7B3175-48AF-49A4-9764-0742D1DCE4AF}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{221519C8-CEE4-4237-A234-4273936BE935}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe | 
"{26F658D0-F04A-4195-AE37-2152C614F5A8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{34E547C8-9915-4EEC-B8CF-678E938C36BE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{35787D41-9C3E-42DD-A6AE-0AB2EE89BC29}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{373E3A23-5122-469B-A068-E0D5B7707D66}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{39D5F8C8-C8AA-4D38-890C-3BFE3D3B12C6}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{4FD3110A-746C-49F8-B499-404F755F022E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{50007747-F8E4-44C8-97F7-4A2C7AB2D602}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{5E6D0C49-70E8-4417-84AC-74AD1D18F721}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{61E4A1EA-695A-4000-8D25-EE9B76885AE3}" = protocol=17 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat | 
"{62257257-3CE8-468E-8131-62148F8C65B6}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe | 
"{69B1C7EA-D4B0-4FF3-9135-9E3E3B78CD43}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe | 
"{6E66D388-6B3A-4E1B-BB55-D7397F2C6024}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe | 
"{77F28305-C9E7-4705-9139-D14BDB917A97}" = protocol=17 | dir=in | app=c:\users\tom\appdata\local\temp\blizzard installer bootstrap - 000ae204\installer.exe | 
"{7A9086FF-F726-4CD0-9892-DAD47C2C7C1A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{7E1BFB59-F8CE-48D6-BD77-186CBBC6877D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{88B82457-14E5-4192-87D4-035FAE4D8E8A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{8F866F42-EE7B-492D-B248-DB87F68C3812}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{977D386D-D1EC-4FA7-AB3C-B33DB0D8003E}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe | 
"{A1FD789E-DFBD-428C-8393-8E2F9D2D131E}" = protocol=6 | dir=in | app=c:\program files\iteleport\ultravnc\vncviewer.exe | 
"{A8AE38E1-55C0-4034-A677-2E369B58ADA5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AB185BC7-6C2E-4319-9A27-BB54C676D3B7}" = protocol=17 | dir=in | app=c:\users\tom\appdata\local\temp\blizzard installer bootstrap - 03e30245\installer.exe | 
"{AC9A2B62-52EA-4572-9E64-6D7D4B92ED2B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{AE1366A4-5B9A-496B-B6C3-55C2E8AABB72}" = protocol=6 | dir=in | app=c:\games\firefly studios\stronghold 2\stronghold2.exe | 
"{B63AEB7F-8FFC-4D9A-81A9-75BEC9AD2D05}" = protocol=17 | dir=in | app=c:\users\tom\appdata\local\temp\blizzard installer bootstrap - 01086cfa\installer.exe | 
"{B763E221-E9B1-4685-A3B4-5E4F1F96C8AD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{B8276A8F-8B82-4686-B463-A4F63BE94BAF}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe | 
"{B845F07C-2717-461A-B935-C38CD1686A9F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{BA324872-B864-4D8D-9C95-2B746B8E049E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{C02289A7-8976-48A1-8574-B53107B53F33}" = protocol=6 | dir=in | app=c:\users\tom\appdata\local\temp\blizzard installer bootstrap - 03e30245\installer.exe | 
"{C235C887-E2BB-4B84-9003-601C4C10FF60}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C24F5637-0F52-4119-9E2E-9D5ECE66B59C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9506-to-3.0.9.9551-dede-downloader.exe | 
"{C2863CEB-5CB1-49DB-BFEE-0DB2AB24B4CC}" = protocol=6 | dir=in | app=c:\users\tom\appdata\local\temp\blizzard installer bootstrap - 01086cfa\installer.exe | 
"{C2AC0E8B-32B3-4E24-8948-39FE0E5760C1}" = protocol=6 | dir=in | app=c:\users\tom\appdata\local\temp\blizzard installer bootstrap - 000ae204\installer.exe | 
"{CF7F3439-D9B1-4F69-A9EA-AC1F278C6B08}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{D016AF25-B84D-41FE-9706-0BA7DA8F3891}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{D7A46527-2D70-42C1-9EA9-8971B78A6831}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{D835978F-F257-4501-9CA9-90E0A6265C64}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{E0A4396C-06BC-476B-9166-178A8B01E3D5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E7F3645E-1E7E-4012-95B8-960BEACE1FC8}" = protocol=17 | dir=in | app=c:\games\firefly studios\stronghold 2\stronghold2.exe | 
"{E81137EE-C417-4201-88B5-6E66AF5C556B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.8.9506-to-3.0.9.9551-dede-downloader.exe | 
"{E8868BB3-AD49-499D-AB68-781C648E47E6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{EB7E48AB-B599-44EA-A343-CE8660790E1A}" = protocol=6 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat | 
"{EE5F334C-3215-4B8A-89A2-ABFE252EEA46}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F684470A-265E-4D35-A1A0-B1181F1FC1DF}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{FAB7794E-1B93-4868-A939-EA3CE58AF68D}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{FB6CBF4C-AA08-4FB8-8A99-E66F8B59A169}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe | 
"TCP Query User{053207A7-BDA7-4B1B-B164-670C3B6A007A}C:\users\tom\desktop\ticketszstem\livezilla server admin.exe" = protocol=6 | dir=in | app=c:\users\tom\desktop\ticketszstem\livezilla server admin.exe | 
"TCP Query User{06079F08-DF40-4E95-A4D3-6DF94EF1E818}C:\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe" = protocol=6 | dir=in | app=c:\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe | 
"TCP Query User{0AC53CD5-A102-4D5C-9BF1-A7C37F246659}C:7\xampp\filezillaftp\filezilla server.exe" = protocol=6 | dir=in | app=c:7\xampp\filezillaftp\filezilla server.exe | 
"TCP Query User{0F58D8B4-C796-4F4E-92E2-7BF96A7FDB87}C:\program files\adobe\adobe flash cs3\flash.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash cs3\flash.exe | 
"TCP Query User{160F3B5E-BA31-4998-8BDC-DE78A0AFDABE}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{180A5B6E-1445-4100-8795-43C241DDE5A7}C:\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\games\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{38247FEB-A3F6-4036-9497-A4A20F0228B9}C:\users\tom\desktop\dslan_v1.3\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\tom\desktop\dslan_v1.3\mysql\bin\mysqld.exe | 
"TCP Query User{3BF33F60-F4EB-4E6C-87CA-25134BFD6E7E}C:\program files\call of duty\coduomp.exe" = protocol=6 | dir=in | app=c:\program files\call of duty\coduomp.exe | 
"TCP Query User{492DDB2E-ED1F-403A-AD59-97A45B5CEF8D}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe | 
"TCP Query User{6D40322D-7903-4F2D-87B9-F8C5DEA05DD5}C:\games\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\games\world of warcraft\repair.exe | 
"TCP Query User{757D6741-577E-4D8A-9682-7E5AFD738740}C:\users\tom\cryptload_1.1.6\routerclient.exe" = protocol=6 | dir=in | app=c:\users\tom\cryptload_1.1.6\routerclient.exe | 
"TCP Query User{7E4F6961-2C6B-44E2-A59F-C8AF8482480E}C:\program files\apachefriends\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\program files\apachefriends\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{8118B610-C4A2-4417-AA73-4546C6F4FB9B}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{8FA81ADD-A758-4A91-91E8-55C30E2F6689}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{912AD64B-43D8-4FFF-BE61-50C1A346043E}C:\program files\apachefriends\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\program files\apachefriends\xampp\mercurymail\mercury.exe | 
"TCP Query User{9BB6B642-E492-479C-9827-7BFFC4BA0DB3}G:\live stream\zattoo\zattoo\zattood.exe" = protocol=6 | dir=in | app=g:\live stream\zattoo\zattoo\zattood.exe | 
"TCP Query User{A04C3742-45E3-4DD0-B27B-5C2AA4971612}C:7\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:7\xampp\apache\bin\httpd.exe | 
"TCP Query User{ABD0C537-BBA7-48C5-978F-F01CD3860C5B}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{AF5CB563-D91B-4426-B558-85A66D37CB89}C:\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=6 | dir=in | app=c:\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"TCP Query User{B4ACF3C0-0F8F-4483-8774-38F52AAD5317}F:\spiele\cossacks - back to war\dmcr.exe" = protocol=6 | dir=in | app=f:\spiele\cossacks - back to war\dmcr.exe | 
"TCP Query User{BF35F62F-5344-43C4-BCAC-B131D8D46F2D}C:\program files\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files\hlsw\hlsw.exe | 
"TCP Query User{BF8F1ABF-3BD8-4724-B54B-A4F333C18847}C:7\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:7\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{C5675735-57EC-4735-9961-0D0FE9C74961}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{CB6B4F01-2F23-493D-92E9-2FBC0AB1E3B8}C:\games\firefly studios\stronghold 2\stronghold2.exe" = protocol=6 | dir=in | app=c:\games\firefly studios\stronghold 2\stronghold2.exe | 
"TCP Query User{CC714442-0B5A-4D2C-A9D1-7F71FAFB00CE}C:\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\games\world of warcraft\launcher.exe | 
"TCP Query User{CF0FD9E2-86A0-4A4F-8C32-BA7FE6368822}C:7\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:7\xampp\mercurymail\mercury.exe | 
"TCP Query User{D0ED964D-71E2-4C7E-AFA1-5177ADA026F5}C:\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=6 | dir=in | app=c:\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 
"TCP Query User{D1F41DCA-4EA5-4456-941C-ACC9314710DC}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{D21E8302-9DFD-43B9-990C-EC86F06D13C6}C:\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\games\world of warcraft\launcher.exe | 
"TCP Query User{D238D6A1-DDE8-49FB-A6F0-993D3CEAB6AE}C:\users\tom\appdata\local\temp\rar$ex00.101\teamspeak3-server_win32\ts3server_win32.exe" = protocol=6 | dir=in | app=c:\users\tom\appdata\local\temp\rar$ex00.101\teamspeak3-server_win32\ts3server_win32.exe | 
"TCP Query User{D891ADBC-1014-4F39-AEEB-751E5303C3FF}C:\users\tom\desktop\dslan_v1.3\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\users\tom\desktop\dslan_v1.3\apache\bin\apache.exe | 
"TCP Query User{D8AF7459-0EB4-4B4E-BB38-34DAB184552D}C:\program files\smartftp client\smartftp.exe" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe | 
"TCP Query User{DB3CAE86-8B7D-4A0C-89BB-30DA3FC05DE4}C:\games\valve\hl.exe" = protocol=6 | dir=in | app=c:\games\valve\hl.exe | 
"TCP Query User{E0B56C8E-C56D-474C-A05B-C974F6DD4F3A}C:\program files\call of duty\coduomp.exe" = protocol=6 | dir=in | app=c:\program files\call of duty\coduomp.exe | 
"TCP Query User{E0FCFB08-E40C-41F6-B8D3-FA6E10C89BFD}C:\games\valve\hl.exe" = protocol=6 | dir=in | app=c:\games\valve\hl.exe | 
"TCP Query User{F97609A4-724D-4B90-A64D-D5EA56F820FC}C:\program files\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files\hlsw\hlsw.exe | 
"UDP Query User{05D6D464-F3D2-4C8D-AAB7-0F2B8950B99A}C:\program files\call of duty\coduomp.exe" = protocol=17 | dir=in | app=c:\program files\call of duty\coduomp.exe | 
"UDP Query User{12F70D32-677E-44D0-A826-7B7A69F1CA20}C:7\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:7\xampp\apache\bin\httpd.exe | 
"UDP Query User{14991EAD-0299-40EC-A5DD-4FDBF3638CB1}C:\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe" = protocol=17 | dir=in | app=c:\games\world of warcraft\wow-3.3.0.11159-to-3.3.2.11403-dede-downloader.exe | 
"UDP Query User{25788B8C-901B-4E57-81A8-FC310AA4C142}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"UDP Query User{2C46E1BE-D051-4E0C-8D81-BA4EF728D0AD}C:\users\tom\appdata\local\temp\rar$ex00.101\teamspeak3-server_win32\ts3server_win32.exe" = protocol=17 | dir=in | app=c:\users\tom\appdata\local\temp\rar$ex00.101\teamspeak3-server_win32\ts3server_win32.exe | 
"UDP Query User{33A1B86C-D428-4161-B3ED-BF61D3BA8DCF}C:\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe" = protocol=17 | dir=in | app=c:\games\world of warcraft\wow-3.2.2.10505-to-3.3.0.10958-dede-downloader.exe | 
"UDP Query User{3C6FCA02-6F98-4A31-A482-28B3FFB32A53}C:\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\games\world of warcraft\launcher.exe | 
"UDP Query User{3F888003-9C53-4D21-83F7-9338CC80C826}C:\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\games\world of warcraft\launcher.exe | 
"UDP Query User{41C7B054-E2AF-4C4E-9D40-3F8301941FCF}C:\program files\apachefriends\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\program files\apachefriends\xampp\mercurymail\mercury.exe | 
"UDP Query User{43BD4357-6A36-4393-9295-320282A7650F}C:\games\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\games\world of warcraft\repair.exe | 
"UDP Query User{5527830B-9D83-46B0-A939-5FD8FD9E6E91}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{5678FDDB-839D-44D4-BE36-B885F0C04AAF}C:\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\games\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{59A5491A-A599-4263-9029-90F02F0BF80B}C:\users\tom\desktop\ticketszstem\livezilla server admin.exe" = protocol=17 | dir=in | app=c:\users\tom\desktop\ticketszstem\livezilla server admin.exe | 
"UDP Query User{5AAB79CC-40BB-4736-A5D4-DE6B76FA541D}C:\users\tom\desktop\dslan_v1.3\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\tom\desktop\dslan_v1.3\mysql\bin\mysqld.exe | 
"UDP Query User{6BB3995B-2908-446A-A99C-47375554E7D0}C:\users\tom\cryptload_1.1.6\routerclient.exe" = protocol=17 | dir=in | app=c:\users\tom\cryptload_1.1.6\routerclient.exe | 
"UDP Query User{7AAEA7B8-C007-4200-9EDD-4C9EE30574DF}F:\spiele\cossacks - back to war\dmcr.exe" = protocol=17 | dir=in | app=f:\spiele\cossacks - back to war\dmcr.exe | 
"UDP Query User{7F038A13-6734-4F04-97BE-B3A50EE8531E}C:\program files\apachefriends\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\program files\apachefriends\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{8F228E94-7C7A-403C-BBFB-D71FBEBF96DF}C:\program files\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files\hlsw\hlsw.exe | 
"UDP Query User{9C5237C4-3032-4BE3-941E-A1E97B5E8DDE}C:\games\valve\hl.exe" = protocol=17 | dir=in | app=c:\games\valve\hl.exe | 
"UDP Query User{A2FAFAFF-7590-48A8-96B8-EF3AECEEE9C4}C:\program files\call of duty\coduomp.exe" = protocol=17 | dir=in | app=c:\program files\call of duty\coduomp.exe | 
"UDP Query User{A807AE64-1DB0-44F0-A4FA-C1A81224CCC9}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{ADBBA42B-1E95-4086-95D6-439464C68DB5}C:\games\firefly studios\stronghold 2\stronghold2.exe" = protocol=17 | dir=in | app=c:\games\firefly studios\stronghold 2\stronghold2.exe | 
"UDP Query User{ADC9D4CF-17CD-4F51-9D15-BD76150AFCAA}C:\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=17 | dir=in | app=c:\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 
"UDP Query User{B63E3704-D953-431F-BBEB-CACBE94A2EEF}G:\live stream\zattoo\zattoo\zattood.exe" = protocol=17 | dir=in | app=g:\live stream\zattoo\zattoo\zattood.exe | 
"UDP Query User{B7727C34-9067-4B60-8FCA-3F65373290A6}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{B8149EA8-53E8-4BD1-994F-CCCDD179629B}C:\program files\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files\hlsw\hlsw.exe | 
"UDP Query User{D2015B09-DF70-4522-A867-F0DCDFDC43B1}C:\games\valve\hl.exe" = protocol=17 | dir=in | app=c:\games\valve\hl.exe | 
"UDP Query User{D2205E4D-4A08-4C93-AF22-9054590BAB90}C:\users\tom\desktop\dslan_v1.3\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\users\tom\desktop\dslan_v1.3\apache\bin\apache.exe | 
"UDP Query User{DC842FCC-2934-44D1-94F2-FBE9ECC8D0FA}C:7\xampp\filezillaftp\filezilla server.exe" = protocol=17 | dir=in | app=c:7\xampp\filezillaftp\filezilla server.exe | 
"UDP Query User{E0B47884-0E1A-428E-A728-5F28B11FB6C9}C:7\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:7\xampp\mercurymail\mercury.exe | 
"UDP Query User{E4072D12-9DB5-4D1F-B86A-67184A71A375}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe | 
"UDP Query User{EC87ABBC-1164-4759-8F41-30A3B6E76327}C:\program files\smartftp client\smartftp.exe" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe | 
"UDP Query User{F21139DF-AB3E-475C-BFBE-F20DE620E809}C:7\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:7\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{F45484EB-94AA-4662-B7F9-BA40A2BB61B7}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{F597021D-A977-4603-BB43-36B665194B07}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"UDP Query User{F8F358D4-C13C-43E0-A81D-38A67C539D94}C:\program files\adobe\adobe flash cs3\flash.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash cs3\flash.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004685F7-9FB6-4789-812F-59ABB34A55AF}" = Adobe Setup
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0FC9C3C9-443B-4790-BD09-7F871161E9FB}" = iTeleport Connect
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2C65AEAA-EDF4-42E0-AA43-D74A5362CA02}" = Adobe Setup
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB Video Device
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{684A391E-6F9C-42A9-8EEB-1CB19A2EE94B}" = Adobe Setup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{C9D456FD-C25B-49DE-AA71-6B76D6550B23}" = Adobe Fireworks CS3
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DA896917-C1DA-45B2-B4D2-68162F16C0DD}" = Adobe Creative Suite 3 Master Collection
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DFFDDCF5-CB32-4354-8823-1B9E68025953}" = Adobe Setup
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EFFE151C-F863-4B1E-9E22-3C1369B4C690}" = phase6_17
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF3E2850-BD2E-4B56-A89D-21E588D518E0}" = Adobe Contribute CS3
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_3675c95c239b992d5d0ee8fce969b9e" = Adobe After Effects CS3 Third Party Content
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_67a7fb1e97aa14ee9ef0950eb6fd757" = Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen
"Adobe_71c180716438072ebd356ce2549df41" = Adobe Premiere Pro CS3 Third Party Content
"Adobe_964bfb680412b96a6c9f203bc15c9fe" = Adobe Encore CS3 Codecs
"Angebote ALDI SÜD" = Angebote ALDI SÜD Bildschirmschoner
"ASIO4ALL" = ASIO4ALL
"Ask Toolbar_is1" = Ask Toolbar
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Badaboom" = Badaboom 1.1.1.194
"Call of Duty" = Call of Duty
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Flash Decompiler Trillix_is1" = Flash Decompiler Trillix
"Flash Slideshow Maker Pro" = Flash Slideshow Maker Pro 4.88
"Free YouTube Download_is1" = Free YouTube Download 2.2
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.2
"Hardcore" = Hardcore
"HijackThis" = HijackThis 2.0.2
"HLSW_is1" = HLSW v1.3.2.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Basic)
"LimeWire" = LimeWire 5.5.14
"M4A MP3 Converter" = M4A MP3 Converter 3.2 build 717
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"mp3-2-wav" = mp3-2-wav converter 1.14
"NVIDIA Drivers" = NVIDIA Drivers
"PoiZone" = PoiZone
"PokerStars.net" = PokerStars.net
"Sawer" = Sawer
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Toxic Biohazard" = Toxic Biohazard
"Ultra QuickTime Converter_is1" = Ultra QuickTime Converter 3.6.0525
"Ultravnc2_is1" = UltraVNC 1.0.6.5
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"XnView_is1" = XnView 1.96.2
"Zattoo" = Zattoo 3.3.4 Beta
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
__________________

Geändert von Thomas126 (02.10.2010 um 19:19 Uhr)

Alt 03.10.2010, 10:18   #4
Thomas126
 
Google Virus leitet Seiten um - Standard

Google Virus leitet Seiten um



Seit dem ich gestern den Computer nach dem Löschen der 5 verdächtigen Dateien den Computer neugestartet habe, ist es mir nicht mehr möglich Firefox oder Chrome, den ich extra für das Problem mit Google installiert habe, weil es bei ihm das Problem gab, zu starten. Denn immer wenn ich es starte, wird es auch in dem Taskmanager als Prozess angezeigt, verschwindet aber innerhalb von 3-5 Sekunden wieder automatisch! Nur noch der IE ist funktionstüchtig!
Ich bin mal wider überfragt! Was hat das zu bedeuten? Ich freue mich über jede Hilfe!

Alt 03.10.2010, 12:34   #5
Thomas126
 
Google Virus leitet Seiten um - Standard

Google Virus leitet Seiten um



Ich habe mir gedacht, dass ich mein System mal wieder herstellen lasse, und habe gehofft das Problem dadurch zu beheben!

Soweit so gut! Laptop neu gestartet und: Die Systemwiederherstellung wurde nicht erfolgreich ausgeführt. Unbekannter Fehler bei der Systemwiederherstellung!


Hat das auch mit dem Virus zu tun? Ich erbitte wirklich dringenst um Hilfe! Vielen Dank!


Alt 03.10.2010, 13:35   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google Virus leitet Seiten um - Standard

Google Virus leitet Seiten um



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [{F3DB8B9B-EEB0-771E-6319-C385A04E1465}] C:\Users\Tom\AppData\Roaming\Muloso\sobou.exe (Kaspersky Lab)
O4 - HKCU..\Run: [grpchost] C:\Users\Tom\AppData\Local\Temp\certreg.DLL ()
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O33 - MountPoints2\{2df5e9e5-36fa-11de-9298-001f1617844d}\Shell - "" = AutoRun
O33 - MountPoints2\{2df5e9e5-36fa-11de-9298-001f1617844d}\Shell\AutoRun\command - "" = I:\start.exe -- File not found
O33 - MountPoints2\{340c7c65-3452-11df-9812-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{340c7c65-3452-11df-9812-806e6f6e6963}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{90d1bd73-2b92-11df-b1a1-001f1619d89f}\Shell\AutoRun\command - "" = F:\avira.exe -- File not found
[2010.09.30 19:09:26 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows
[2010.09.30 19:09:24 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0A8E2C33
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:F35A93AD
:Files
C:\Users\Tom\AppData\Roaming\Muloso
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
--> Google Virus leitet Seiten um

Alt 03.10.2010, 14:20   #7
Thomas126
 
Google Virus leitet Seiten um - Standard

Google Virus leitet Seiten um



Vielen Dank für deine Hilfe! Aber leider muss ich euch mitteilen, dass wenn ich auf den Botton Fix drücke, alles komplett geschlossen wird, auch die Taskleiste, also nur noch der Hintergrund zu sehen ist, und das OTL Fenster, dass sich 10 Sekunden später aufhängt und keine Rückmeldung gibt.
Eizige Möglichkeit dem zu entgehen ist dann sich Abzumelden und wieder anzumelden. Ich habe es 2 mal probiert, mit immer dem selben Ergebnis

Alt 03.10.2010, 15:05   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google Virus leitet Seiten um - Standard

Google Virus leitet Seiten um



Probiers mal mit diesem Script:

Code:
ATTFilter
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [{F3DB8B9B-EEB0-771E-6319-C385A04E1465}] C:\Users\Tom\AppData\Roaming\Muloso\sobou.exe (Kaspersky Lab)
O4 - HKCU..\Run: [grpchost] C:\Users\Tom\AppData\Local\Temp\certreg.DLL ()
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O33 - MountPoints2\{2df5e9e5-36fa-11de-9298-001f1617844d}\Shell - "" = AutoRun
O33 - MountPoints2\{2df5e9e5-36fa-11de-9298-001f1617844d}\Shell\AutoRun\command - "" = I:\start.exe -- File not found
O33 - MountPoints2\{340c7c65-3452-11df-9812-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{340c7c65-3452-11df-9812-806e6f6e6963}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{90d1bd73-2b92-11df-b1a1-001f1619d89f}\Shell\AutoRun\command - "" = F:\avira.exe -- File not found
[2010.09.30 19:09:26 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows
[2010.09.30 19:09:24 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0A8E2C33
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:F35A93AD
:Files
C:\Users\Tom\AppData\Roaming\Muloso
:Commands
[purity]
[resethosts]
[emptytemp]
         
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.10.2010, 15:20   #9
Thomas126
 
Google Virus leitet Seiten um - Standard

Google Virus leitet Seiten um



Endlich hat es geklappt! Neugestartet und folgendes Logergebnis:

Code:
ATTFilter
Error: Unable to interpret <O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{2df5e9e5-36fa-11de-9298-001f1617844d}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{2df5e9e5-36fa-11de-9298-001f1617844d}\Shell\AutoRun\command - "" = I:\start.exe -- File not found> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{340c7c65-3452-11df-9812-806e6f6e6963}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{340c7c65-3452-11df-9812-806e6f6e6963}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{90d1bd73-2b92-11df-b1a1-001f1619d89f}\Shell\AutoRun\command - "" = F:\avira.exe -- File not found> in the current context!
Error: Unable to interpret <[2010.09.30 19:09:26 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows> in the current context!
Error: Unable to interpret <[2010.09.30 19:09:24 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0A8E2C33> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:F35A93AD> in the current context!
========== FILES ==========
File\Folder C:\Users\Tom\AppData\Roaming\Muloso not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Tom
->Temp folder emptied: 47058006 bytes
->Temporary Internet Files folder emptied: 41610591 bytes
->Java cache emptied: 3969513 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 42846945 bytes
->Flash cache emptied: 160251 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 130809017 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 254,00 mb
 
 
OTL by OldTimer - Version 3.2.14.1 log created on 10032010_161340

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
Mozilla lässt sich nun auch wieder starten! Vielen Dank schon einmal dafür! Sieht es sauer aus?

Schade hatte gedacht der Virus hätte sich vielleicht schon gelöst, aber Malwarebytes gibt mir wieder an, dass es eine Verbindung zu einer potenziell gefährlichen Seite gesperrt hat

Alt 04.10.2010, 07:13   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google Virus leitet Seiten um - Standard

Google Virus leitet Seiten um



Sry ich hatte einen Fehler im Script
Mach es bitte nochmal hiermit:

Code:
ATTFilter
:OTL
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [{F3DB8B9B-EEB0-771E-6319-C385A04E1465}] C:\Users\Tom\AppData\Roaming\Muloso\sobou.exe (Kaspersky Lab)
O4 - HKCU..\Run: [grpchost] C:\Users\Tom\AppData\Local\Temp\certreg.DLL ()
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O33 - MountPoints2\{2df5e9e5-36fa-11de-9298-001f1617844d}\Shell - "" = AutoRun
O33 - MountPoints2\{2df5e9e5-36fa-11de-9298-001f1617844d}\Shell\AutoRun\command - "" = I:\start.exe -- File not found
O33 - MountPoints2\{340c7c65-3452-11df-9812-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{340c7c65-3452-11df-9812-806e6f6e6963}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{90d1bd73-2b92-11df-b1a1-001f1619d89f}\Shell\AutoRun\command - "" = F:\avira.exe -- File not found
[2010.09.30 19:09:26 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows
[2010.09.30 19:09:24 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:0A8E2C33
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:F35A93AD
:Files
C:\Users\Tom\AppData\Roaming\Muloso
:Commands
[purity]
[resethosts]
[emptytemp]
         
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.10.2010, 14:31   #11
Thomas126
 
Google Virus leitet Seiten um - Standard

Google Virus leitet Seiten um



Vielen dank für deine Bemühungen, cosinus!

Ergenbis:
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{F3DB8B9B-EEB0-771E-6319-C385A04E1465} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3DB8B9B-EEB0-771E-6319-C385A04E1465}\ not found.
File C:\Users\Tom\AppData\Roaming\Muloso\sobou.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\grpchost not found.
File C:\Users\Tom\AppData\Local\Temp\certreg.DLL not found.
File D:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2df5e9e5-36fa-11de-9298-001f1617844d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2df5e9e5-36fa-11de-9298-001f1617844d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2df5e9e5-36fa-11de-9298-001f1617844d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2df5e9e5-36fa-11de-9298-001f1617844d}\ not found.
File I:\start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{340c7c65-3452-11df-9812-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{340c7c65-3452-11df-9812-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{340c7c65-3452-11df-9812-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{340c7c65-3452-11df-9812-806e6f6e6963}\ not found.
File F:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90d1bd73-2b92-11df-b1a1-001f1619d89f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90d1bd73-2b92-11df-b1a1-001f1619d89f}\ not found.
File F:\avira.exe not found.
Folder C:\Users\Public\Documents\Windows\ not found.
Folder C:\Users\Public\Documents\Server\ not found.
Unable to delete ADS C:\ProgramData\Temp:0A8E2C33 .
Unable to delete ADS C:\ProgramData\Temp:F35A93AD .
========== FILES ==========
File\Folder C:\Users\Tom\AppData\Roaming\Muloso not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Tom
->Temp folder emptied: 8138108 bytes
->Temporary Internet Files folder emptied: 257521 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42368925 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1419 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 48,00 mb
 
 
OTL by OldTimer - Version 3.2.14.1 log created on 10042010_152440

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 04.10.2010, 17:55   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google Virus leitet Seiten um - Standard

Google Virus leitet Seiten um



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.10.2010, 20:18   #13
Thomas126
 
Google Virus leitet Seiten um - Standard

Google Virus leitet Seiten um



Wirklich vielen Dank! Bei solchen Problemen bin ich immer überfragt! Eine Frage habe ich aber noch, nachdem ich die Schritte durchgeführt habe, zeigt mir Daemon Tools an, wenn ich es starten will: "Kernel debugger must be deactivated". Was hat das zu bedeuten?

Erflogreiches Ergebnis:
Code:
ATTFilter
ComboFix 10-10-03.03 - Tom 04.10.2010  20:53:52.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.2113 [GMT 2:00]
ausgeführt von:: c:\users\Tom\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\program files\pdfforge Toolbar\WiDGitoolbarie.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2010-09-04 bis 2010-10-04  ))))))))))))))))))))))))))))))
.

2010-10-04 18:44 . 2010-10-04 18:45    --------    d-----w-    C:\32788R22FWJFW
2010-10-04 18:32 . 2010-10-04 18:32    --------    d-----w-    c:\program files\CCleaner
2010-10-04 14:00 . 2010-10-04 14:13    --------    d-----w-    c:\users\Tom\AppData\Roaming\Genie-Soft
2010-10-04 13:58 . 2010-10-04 13:58    --------    d-----w-    c:\program files\Genie-Soft
2010-10-04 13:24 . 2007-01-04 10:15    9336    ----a-w-    c:\windows\system32\WinIo.sys
2010-10-03 13:11 . 2010-10-03 13:11    --------    d-----w-    C:\_OTL
2010-10-02 12:22 . 2010-10-02 12:22    --------    d-----w-    c:\users\Tom\AppData\Roaming\Malwarebytes
2010-10-02 12:22 . 2010-04-29 10:19    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 12:22 . 2010-10-02 12:22    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-10-02 12:22 . 2010-04-29 10:19    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-10-02 11:51 . 2010-10-02 11:53    --------    d-----w-    c:\users\Tom\AppData\Local\Google
2010-09-29 15:54 . 2010-06-22 13:30    2048    ----a-w-    c:\windows\system32\tzres.dll
2010-09-28 15:00 . 2010-09-28 15:00    32722952    ----a-w-    c:\users\Tom\AppData\Roaming\Genie-Soft\GenieTimeLine\Cache\GenieTimelineSetupPro_Update.exe
2010-09-28 14:13 . 2010-03-05 14:01    420352    ----a-w-    c:\windows\system32\vbscript.dll
2010-09-15 14:12 . 2010-04-05 17:02    317952    ----a-w-    c:\windows\system32\MP4SDECD.DLL
2010-09-15 14:12 . 2010-08-17 14:11    128000    ----a-w-    c:\windows\system32\spoolsv.exe
2010-09-15 14:11 . 2010-04-16 16:46    502272    ----a-w-    c:\windows\system32\usp10.dll
2010-09-15 14:11 . 2010-05-27 20:08    739328    ----a-w-    c:\windows\system32\inetcomm.dll
2010-09-11 10:05 . 2010-09-16 20:53    --------    d-----w-    c:\users\Tom\AppData\Local\Thunderbird
2010-09-11 10:05 . 2010-09-11 10:05    --------    d-----w-    c:\users\Tom\AppData\Roaming\Thunderbird
2010-09-11 10:04 . 2010-09-16 21:22    --------    d-----w-    c:\program files\Mozilla Thunderbird
2010-09-09 15:44 . 2010-09-09 15:44    --------    d-----w-    c:\program files\iPod

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-04 19:05 . 2009-04-27 19:21    --------    d-----w-    c:\program files\pdfforge Toolbar
2010-10-04 13:23 . 2009-04-27 19:42    --------    d-----w-    c:\users\Tom\AppData\Roaming\Skype
2010-10-04 13:21 . 2009-06-03 18:46    --------    d-----w-    c:\users\Tom\AppData\Roaming\skypePM
2010-10-03 12:01 . 2009-02-19 14:18    628742    ----a-w-    c:\windows\system32\perfh007.dat
2010-10-03 12:01 . 2009-02-19 14:18    126454    ----a-w-    c:\windows\system32\perfc007.dat
2010-10-03 11:45 . 2009-04-28 16:11    --------    d-----w-    c:\users\Tom\AppData\Roaming\vlc
2010-10-03 11:45 . 2009-02-26 19:12    --------    d-----w-    c:\program files\Microsoft Silverlight
2010-10-02 23:33 . 2010-04-23 08:34    --------    d-----w-    c:\users\Tom\AppData\Roaming\Boopy
2010-09-30 16:47 . 2010-08-25 03:30    --------    d-----w-    c:\users\Tom\AppData\Roaming\LimeWire
2010-09-29 20:12 . 2009-04-27 19:07    129960    ----a-w-    c:\users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-21 18:03 . 2006-11-02 10:25    51200    ----a-w-    c:\windows\Inf\infpub.dat
2010-09-21 18:03 . 2006-11-02 10:25    143360    ----a-w-    c:\windows\Inf\infstrng.dat
2010-09-21 18:03 . 2006-11-02 10:25    86016    ----a-w-    c:\windows\Inf\infstor.dat
2010-09-15 20:58 . 2006-11-02 11:18    --------    d-----w-    c:\program files\Windows Mail
2010-09-11 10:04 . 2009-06-25 13:51    680    ----a-w-    c:\users\Tom\AppData\Local\d3d9caps.dat
2010-09-09 15:45 . 2009-08-05 13:28    --------    d-----w-    c:\program files\iTunes
2010-09-09 15:44 . 2009-05-22 19:17    --------    d-----w-    c:\program files\Common Files\Apple
2010-08-31 21:38 . 2009-04-27 19:18    --------    d-----w-    c:\program files\ICQ6.5
2010-08-25 03:30 . 2010-08-25 03:30    8192    ----a-w-    c:\users\Tom\AppData\Roaming\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2010-08-25 03:30 . 2010-08-25 03:30    20480    ----a-w-    c:\users\Tom\AppData\Roaming\LimeWire\browser\xulrunner\IA2Marshal.dll
2010-08-25 03:30 . 2010-08-25 03:30    20480    ----a-w-    c:\users\Tom\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.dll
2010-08-25 03:30 . 2010-08-25 03:30    18944    ----a-w-    c:\users\Tom\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.dll
2010-08-25 03:30 . 2010-08-25 03:30    17408    ----a-w-    c:\users\Tom\AppData\Roaming\LimeWire\browser\xulrunner\components\auth.dll
2010-08-25 03:30 . 2010-08-25 03:30    --------    d-----w-    c:\program files\LimeWire
2010-08-18 19:30 . 2009-04-27 20:18    --------    d-----w-    c:\program files\QuickTime
2010-08-17 12:26 . 2009-02-26 19:33    --------    d-----w-    c:\program files\Microsoft Works
2010-08-08 04:39 . 2009-05-10 09:20    --------    d-----w-    c:\program files\Messenger Plus! Live
2010-07-30 22:00 . 2010-07-30 22:00    292774    ----a-r-    c:\users\Tom\AppData\Roaming\Microsoft\Installer\{0FC9C3C9-443B-4790-BD09-7F871161E9FB}\_853F67D554F05449430E7E.exe
2010-07-30 22:00 . 2010-07-30 22:00    292774    ----a-r-    c:\users\Tom\AppData\Roaming\Microsoft\Installer\{0FC9C3C9-443B-4790-BD09-7F871161E9FB}\_0BA7603D98DC9FC2500EC9.exe
2009-05-01 21:02 . 2009-05-01 21:02    1044480    ----a-w-    c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02    200704    ----a-w-    c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-02-26 20:09 . 2009-02-26 20:09    8    --sh--r-    c:\windows\System32\F928A0FA17.sys
2009-02-26 20:09 . 2009-02-26 20:09    2828    --sha-w-    c:\windows\System32\KGyGaAvL.sys
2009-01-14 14:19 . 2009-01-14 14:12    8192    --sha-w-    c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-05-04 2356088]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Google Update"="c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-02 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2008-08-28 233472]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-10 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-10 92704]
"MDS_Menu"="c:\program files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"PDVD8LanguageShortcut"="c:\program files\HomeCinema\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-01-30 992256]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-10-31 1833504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"Genie TimeLine Tray"="c:\program files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe" [2010-09-28 1038464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UVS11 Preload"=c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 resetWinService;Reset Reader;c:\program files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe [2008-10-29 70656]
R3 wimmount;wimmount;c:\windows\system32\DRIVERS\wimmount.sys [2010-03-30 19024]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-05-02 717296]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
S2 GenieTimelineService;Genie Timeline Service;c:\program files\Genie-Soft\Genie Timeline\GenieTimelineService.exe [2010-09-28 344704]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 uvnc_service;uvnc_service;c:\program files\iTeleport\UltraVNC\WinVNC.exe [2009-08-15 1589704]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-12-23 51232]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-10-01 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-14 11:17]

2010-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1765325698-2615006005-1292777395-1000Core.job
- c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-02 11:51]

2010-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1765325698-2615006005-1292777395-1000UA.job
- c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-02 11:51]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com/
uInternet Settings,ProxyOverride = *.local
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\a0byep8x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Tom\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
AddRemove-Flash Slideshow Maker Pro - g:\flash slideshow\Flash Slideshow Maker Professional\uninst.exe
AddRemove-Free YouTube Download_is1 - g:\rubik's cube\Youtube Downloader\Free YouTube Download\unins000.exe
AddRemove-Free YouTube to Mp3 Converter_is1 - g:\program files\Free YouTube to Mp3 Converter\unins000.exe
AddRemove-XnView_is1 - g:\program files\XnView\unins000.exe
AddRemove-Zattoo - g:\live stream\Zattoo\Zattoo\uninst.exe
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}


.
Zeit der Fertigstellung: 2010-10-04  21:10:01
ComboFix-quarantined-files.txt  2010-10-04 19:10

Vor Suchlauf: 11 Verzeichnis(se), 199.054.860.288 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 198.985.277.440 Bytes frei

- - End Of File - - 3C31F3C02E7264E50C15C42F4180DAD6
         

Alt 05.10.2010, 07:48   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google Virus leitet Seiten um - Standard

Google Virus leitet Seiten um



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Downloade Dir anschließend bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.10.2010, 15:50   #15
Thomas126
 
Google Virus leitet Seiten um - Standard

Google Virus leitet Seiten um



GMER hat sich leider immer aufgehangen, ich habe es 3 mal versucht!
Asonsten hat alles geklappt!

OSAM Ergebnis:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:47:45 on 05.10.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.10

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-1765325698-2615006005-1292777395-1000Core.job" - "Google Inc." - C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-1765325698-2615006005-1292777395-1000UA.job" - "Google Inc." - C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe
"1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Program Files\TuneUp Utilities 2008\OneClick.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Version Cue CS3" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"at43s0v9" (at43s0v9) - "Microsoft Corporation" - C:\Windows\system32\drivers\at43s0v9.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Tom\AppData\Local\Temp\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"wimmount" (wimmount) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimmount.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
 "CorelDRAW Shell Extension Component" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{D821600B-0B5D-4d7e-B1CC-034C652E8288} "Genie-Soft Timeline Backup Context Menu Extension" - "Genie-Soft" - C:\Program Files\Genie-Soft\Genie Timeline\GSTimelineContextMenu.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\OLKFSTUB.DLL
{82AA9188-44E0-40B9-B956-43A10C315B4F} "RootShellFolder Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{2ED7FD81-CBA6-45E5-A49A-5E84889A94E2} "ShellDragDropHandler Class" - "SmartSoft Ltd" - C:\Program Files\SmartFTP Client\sfShellTools.dll
{7568C3F3-DF7E-436A-95C2-772819DF58B4} "ShellFolderExternal Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll
{119310E6-5FB7-4eeb-BEDB-9E229E76B9B4} "ShellFolderMultiUploadDestination Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll
{3B164627-7060-47BB-A1BE-DF5540B02821} "ShellFolderMultiUploadSource Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll
{6E0A0931-B89D-45B7-8BF0-F221A6D67257} "ShellFolderRoot Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll
{EB5EE1F3-041A-4c03-9D51-2BEC6715FB00} "ShellFolderSearchRoot Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFTPShellExtension.dll
{F87DED31-303F-4ED1-9BCE-D360FBC74E0A} "SmartFTP ContextMenu Shell Extension" - "SmartSoft Ltd" - C:\Program Files\SmartFTP Client\sfShellTools.dll
{EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} "SmartFTP Drop ShellIconOverlayHandler" - "SmartSoft Ltd" - C:\Program Files\SmartFTP Client\sfShellTools.dll
{FD504287-1372-40d2-ACA6-216A8FCC243D} "SmartFTP FavoritesShellFolder Class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll
{0848278D-D88B-445b-BEDC-7DFBDB061F5F} "SmartFTP FavoritesShellFolderDesktop class" - "SmartSoft Ltd." - C:\Program Files\SmartFTP Client\sfFavoritesShellExtension.dll
{40FDFA48-5F4E-4627-A78E-6A49A3D4492F} "SmartFTP ShellDropHandler Class" - "SmartSoft Ltd" - C:\Program Files\SmartFTP Client\sfShellTools.dll
{DAD6E255-ED92-4AC4-8B7D-846640F87358} "Timeline Explorer" - "Genie-Soft" - C:\Program Files\Genie-Soft\Genie Timeline\GSTimelineNSE.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software GmbH" - C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - C:\Windows\System32\uxtuneup.dll
{DBD8E168-244D-448C-9922-25508950D1DC} "USIShellExt Class" - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{E312764E-7706-43F1-8DAB-FCDD2B1E416D} "{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_12" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} "Java Plug-in 1.6.0_12" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_12" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_12.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4  (HTTP value)
"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
"PokerStars.net" - "PokerStars" - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} "Contribute Toolbar" - "Adobe Systems Incorporated." - C:\Program Files\Adobe\Adobe Contribute CS3\contributeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{074C1DC5-9320-4A9A-947D-C042949C6216} "ContributeBHO Class" - "Adobe Systems Incorporated." - C:\Program Files\Adobe\Adobe Contribute CS3\contributeieplugin.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %SystemDrive%\_OTL\MovedFiles\10032010_151159\C_Users\Public\Documents\Windows )-----
"desktop.ini" - ? - C:\_OTL\MovedFiles\10032010_151159\C_Users\Public\Documents\Windows\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"AdobeUpdater" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
"Google Update" - "Google Inc." - "C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"ISUSPM" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"Adobe_ID0EYTHM" - "Adobe Systems Incorporated" - C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Genie TimeLine Tray" - "Genie-soft" - C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe -auto
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"MDS_Menu" - "CyberLink Corp." - "C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
"PDVD8LanguageShortcut" - ? - "C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SearchSettings" - "GreenTree Applications, Inc." - C:\Program Files\pdfforge Toolbar\SearchSettings.exe
"tsnp2uvc" - ? - C:\Windows\tsnp2uvc.exe
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\Windows\system32\AdobePDF.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software GmbH" - C:\Windows\System32\TuneUpDefragService.exe
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software GmbH" - C:\Windows\System32\uxtuneup.dll
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Version Cue CS3 {de_DE} " (Adobe Version Cue CS3) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Capture Device Service" (Capture Device Service) - "InterVideo Inc." - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Genie Timeline Service" (GenieTimelineService) - "Genie-Soft" - C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe
"Reset Reader" (resetWinService) - ? - C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe  (File found, but it contains no detailed information)
"uvnc_service" (uvnc_service) - "UltraVNC" - C:\Program Files\iTeleport\UltraVNC\WinVNC.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
MBRCheck Ergebnis:
Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:            
Windows Version:        Windows Vista Home Premium Edition
Windows Information:        Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:    MEDION
BIOS Manufacturer:        Phoenix Technologies LTD
System Manufacturer:        MEDION
System Product Name:        ME Series
Logical Drives Mask:        0x0000039c

Kernel Drivers (total 150):
  0x8283E000 \SystemRoot\system32\ntkrnlpa.exe
  0x8280B000 \SystemRoot\system32\hal.dll
  0x80407000 \SystemRoot\system32\kdcom.dll
  0x8040E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8047E000 \SystemRoot\system32\PSHED.dll
  0x8048F000 \SystemRoot\system32\BOOTVID.dll
  0x80497000 \SystemRoot\system32\CLFS.SYS
  0x804D8000 \SystemRoot\system32\CI.dll
  0x80603000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8067F000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8068C000 \SystemRoot\System32\Drivers\sptd.sys
  0x8079F000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x807A8000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x805B8000 \SystemRoot\system32\drivers\acpi.sys
  0x807CE000 \SystemRoot\system32\drivers\msisadrv.sys
  0x807D6000 \SystemRoot\system32\drivers\pci.sys
  0x82E0D000 \SystemRoot\System32\drivers\partmgr.sys
  0x82E1C000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x82E1F000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x82E29000 \SystemRoot\system32\drivers\volmgr.sys
  0x82E38000 \SystemRoot\System32\drivers\volmgrx.sys
  0x82E82000 \SystemRoot\System32\drivers\mountmgr.sys
  0x82E92000 \SystemRoot\system32\drivers\atapi.sys
  0x82E9A000 \SystemRoot\system32\drivers\ataport.SYS
  0x82EB8000 \SystemRoot\system32\drivers\msahci.sys
  0x82EC2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x82ED0000 \SystemRoot\system32\drivers\fltmgr.sys
  0x82F02000 \SystemRoot\system32\drivers\fileinfo.sys
  0x82F12000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8AA0E000 \SystemRoot\system32\drivers\ndis.sys
  0x8AB19000 \SystemRoot\system32\drivers\msrpc.sys
  0x8AB44000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8AC05000 \SystemRoot\System32\drivers\tcpip.sys
  0x8ACEF000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8AE0B000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8AF1B000 \SystemRoot\system32\drivers\volsnap.sys
  0x8AF54000 \SystemRoot\System32\Drivers\spldr.sys
  0x8AF5C000 \SystemRoot\System32\Drivers\mup.sys
  0x8AF6B000 \SystemRoot\System32\drivers\ecache.sys
  0x8AF92000 \SystemRoot\system32\drivers\disk.sys
  0x8AFA3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8AFC4000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8AFEF000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8AE00000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8AD0A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x8F808000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8FF3B000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8FFDC000 \SystemRoot\System32\drivers\watchdog.sys
  0x8FFE8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8AD13000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8AD51000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8AD60000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x90204000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
  0x9058B000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
  0x905AF000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x905B3000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x905C6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8AB7F000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x905D1000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x905D3000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x905DE000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x905F6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8ABB0000 \SystemRoot\System32\Drivers\at43s0v9.SYS
  0x8ADED000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x82F83000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x82FB2000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8FFF3000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8ABE7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8AA00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x90801000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x90824000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x90833000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x90847000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x9085C000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x9086C000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x9086E000 \SystemRoot\system32\DRIVERS\ks.sys
  0x90898000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x908A2000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x908AF000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x908E4000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x91200000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x91420000 \SystemRoot\system32\drivers\portcls.sys
  0x9144D000 \SystemRoot\system32\drivers\drmk.sys
  0x91472000 \SystemRoot\system32\drivers\nvhda32v.sys
  0x91482000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x9148B000 \SystemRoot\System32\Drivers\Null.SYS
  0x91492000 \SystemRoot\System32\Drivers\Beep.SYS
  0x914A2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x914A9000 \SystemRoot\System32\drivers\vga.sys
  0x914B5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x91801000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
  0x919B9000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x919C6000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
  0x919CD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x919D5000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x919DD000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x919E8000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x919F6000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x914D6000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x914EC000 \SystemRoot\system32\DRIVERS\smb.sys
  0x91500000 \SystemRoot\system32\drivers\afd.sys
  0x91548000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x9157A000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x91590000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x9159E000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x915B1000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x915B7000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x915F3000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x908F5000 \SystemRoot\System32\Drivers\dfsc.sys
  0x9090C000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x915FD000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
  0x90928000 \SystemRoot\system32\drivers\RTSTOR.SYS
  0x9093B000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x90963000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x90970000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x9097B000 \SystemRoot\System32\Drivers\dump_msahci.sys
  0x9ECA0000 \SystemRoot\System32\win32k.sys
  0x90985000 \SystemRoot\System32\drivers\Dxapi.sys
  0x9098F000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x9EEC0000 \SystemRoot\System32\TSDDD.dll
  0x9EEE0000 \SystemRoot\System32\ATMFD.DLL
  0x9EF30000 \SystemRoot\System32\cdd.dll
  0x9099E000 \SystemRoot\system32\drivers\luafv.sys
  0x909B9000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0xA300C000 \SystemRoot\system32\drivers\spsys.sys
  0xA30BC000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0xA30CC000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0xA30F6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xA3100000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0xA3113000 \SystemRoot\system32\drivers\HTTP.sys
  0xA3180000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0xA319D000 \SystemRoot\system32\DRIVERS\bowser.sys
  0xA31B6000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA31CB000 \SystemRoot\system32\drivers\mrxdav.sys
  0x909CD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA5C01000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA5C3A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA5C52000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA5C79000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA5CDF000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0xA5D22000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0xA7609000 \SystemRoot\system32\drivers\peauth.sys
  0xA76E7000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA76F1000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA76FD000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0xA7712000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
  0xA7724000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0xA773A000 \??\C:\Windows\system32\drivers\mbam.sys
  0x775B0000 \Windows\System32\ntdll.dll
  0x10000000 \Program Files\DAEMON Tools Lite\daemon.dll

Processes (total 84):
       0 System Idle Process
       4 System
     440 C:\Windows\System32\smss.exe
     588 csrss.exe
     640 C:\Windows\System32\wininit.exe
     652 csrss.exe
     684 C:\Windows\System32\services.exe
     696 C:\Windows\System32\lsass.exe
     704 C:\Windows\System32\lsm.exe
     868 C:\Windows\System32\svchost.exe
     936 C:\Windows\System32\nvvsvc.exe
     964 C:\Windows\System32\svchost.exe
    1028 C:\Windows\System32\svchost.exe
    1064 C:\Windows\System32\svchost.exe
    1100 C:\Windows\System32\svchost.exe
    1112 C:\Windows\System32\svchost.exe
    1176 C:\Windows\System32\audiodg.exe
    1196 C:\Windows\System32\svchost.exe
    1212 C:\Windows\System32\SLsvc.exe
    1260 C:\Windows\System32\svchost.exe
    1352 C:\Windows\System32\winlogon.exe
    1436 C:\Windows\System32\svchost.exe
    1636 C:\Windows\System32\rundll32.exe
    1788 C:\Windows\System32\spoolsv.exe
    1824 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1848 C:\Windows\System32\svchost.exe
     124 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
     276 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
     300 C:\Program Files\Bonjour\mDNSResponder.exe
     312 C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
     548 C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe
    1712 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    2036 C:\Windows\System32\IoctlSvc.exe
     456 C:\Windows\System32\svchost.exe
     852 C:\Windows\System32\PSIService.exe
    1424 C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
    2216 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    2240 C:\Windows\System32\svchost.exe
    2284 C:\Program Files\iTeleport\UltraVNC\winvnc.exe
    2308 C:\Windows\System32\svchost.exe
    2344 C:\Windows\System32\SearchIndexer.exe
    2480 WUDFHost.exe
    2520 C:\Program Files\iTeleport\UltraVNC\winvnc.exe
    3008 C:\Windows\System32\dwm.exe
    3060 C:\Windows\System32\taskeng.exe
    3132 C:\Windows\explorer.exe
    3156 C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe
    3280 C:\Windows\System32\conime.exe
    3576 C:\Program Files\Genie-Soft\Genie Timeline\WebServer\PHP\php-cgi.exe
    3612 C:\Program Files\Genie-Soft\Genie Timeline\WebServer\nginx\GSTimeLineSearch.exe
    3620 C:\Program Files\Genie-Soft\Genie Timeline\WebServer\nginx\GSTimeLineSearch.exe
    3640 C:\Program Files\Windows Defender\MSASCui.exe
    3664 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    3676 C:\Windows\tsnp2uvc.exe
    3704 C:\Windows\System32\rundll32.exe
    3956 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3976 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3984 C:\Program Files\pdfforge Toolbar\SearchSettings.exe
    3992 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    4004 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    4032 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    2104 C:\Program Files\iTunes\iTunesHelper.exe
    1240 C:\Program Files\Windows Sidebar\sidebar.exe
    2340 C:\Program Files\DAEMON Tools Lite\daemon.exe
    1576 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    1580 C:\Windows\ehome\ehtray.exe
    2648 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    1592 C:\Program Files\Windows Media Player\wmpnscfg.exe
    1804 C:\Windows\ehome\ehmsas.exe
    3076 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3716 C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
     552 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    2832 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    1228 C:\Program Files\iPod\bin\iPodService.exe
    4068 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    2836 C:\Windows\System32\wuauclt.exe
    3516 C:\Program Files\Mozilla Firefox\firefox.exe
    5308 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    5760 C:\Program Files\Windows Live\Contacts\wlcomm.exe
    3904 taskeng.exe
    5580 C:\Windows\System32\taskeng.exe
    4888 C:\Windows\System32\SearchProtocolHost.exe
    5800 C:\Windows\System32\SearchFilterHost.exe
    5732 C:\Users\Tom\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000006e`17d00000  (FAT32)

PhysicalDrive0 Model Number: HitachiHTS545050B9A300, Rev: PB4OC60G

      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \\.\PhysicalDrive0   Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
         

Antwort

Themen zu Google Virus leitet Seiten um
antivir, antivir guard, ask toolbar, askbar, avira, bho, bonjour, browser, desktop, ebay, firefox, google, hijack, hijackthis, limewire, local\temp, mozilla thunderbird, mp3, pdfforge toolbar, plug-in, problem, realtek, scan, senden, server, software, system, usb 2.0, virus, vista, windows




Ähnliche Themen: Google Virus leitet Seiten um


  1. Google leitet auf andere Seiten um....
    Log-Analyse und Auswertung - 25.04.2015 (13)
  2. google leitet mich auf falsche Seiten um (google redirect?)
    Log-Analyse und Auswertung - 14.08.2012 (20)
  3. Google leitet auf falsche Seiten weiter - Virus/Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.02.2012 (7)
  4. google leitet auf falsche Seiten weiter
    Log-Analyse und Auswertung - 02.01.2012 (1)
  5. Google leitet auf falsche Seiten um
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (31)
  6. google leitet an falsche seiten weiter
    Log-Analyse und Auswertung - 08.04.2011 (21)
  7. Google leitet auf andere Seiten um
    Log-Analyse und Auswertung - 05.04.2011 (1)
  8. Google leitet auf andere Seiten um, Seiten wollen sich ungefragt öffnen. Gelöst(?) Sicher?
    Plagegeister aller Art und deren Bekämpfung - 26.07.2010 (8)
  9. Google leitet auf dubiose Seiten weiter
    Plagegeister aller Art und deren Bekämpfung - 28.02.2010 (45)
  10. BackDoor.Tdss.565 - Google leitet auf andere Seiten, finde aber kein Virus.
    Log-Analyse und Auswertung - 26.12.2009 (16)
  11. Google leitet auf falsche Seiten um
    Log-Analyse und Auswertung - 13.03.2009 (5)
  12. Google leitet(e) mich zu anderen Seiten!
    Log-Analyse und Auswertung - 11.02.2009 (8)
  13. Google leitet mich auf andere Seiten
    Log-Analyse und Auswertung - 11.02.2009 (1)
  14. Google leitet seiten weiter an werbeseiten
    Plagegeister aller Art und deren Bekämpfung - 26.01.2009 (9)
  15. google leitet auf Schrott-Seiten um...
    Log-Analyse und Auswertung - 02.01.2009 (12)
  16. Google leitet auf Malware-Seiten um
    Log-Analyse und Auswertung - 23.12.2008 (11)
  17. Google leitet seiten um!
    Log-Analyse und Auswertung - 22.02.2007 (8)

Zum Thema Google Virus leitet Seiten um - Einen guten Mittag wünsche ich! Seid gestern habe ich ein Problem mit Google! Mein Browser, Firefox, läuft augenscheinlich einwandfrei und installiert habe ich auf meinem Windows Vista auch nichts, und - Google Virus leitet Seiten um...
Archiv
Du betrachtest: Google Virus leitet Seiten um auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.