Skype - Facebook Virus

Quemada · 07.10.2010, 13:33

Hallo,

ich habe gestern habe ich einen Link in Skype bekommen. Dieser Link war ein download link und ich, blöd wie ich bin, downloade und führe die Datei natürlich aus.

Naja, nun habe ich schon meinen PC mit Malwarebytes' Anti-Malware auf Malware scannen lassen und die gefundene Malware entfernen lassen.
Allerding bin ich mir immer noch nicht sicher, ob ich die Malware wirklich los geworden bin.

OTL Lofgiles:

OTL.txt:

Code:

ATTFilter

OTL logfile created on: 07.10.2010 14:05:46 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 52,40 Gb Free Space | 22,50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.10.07 14:05:15 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\OTL.exe
PRC - [2010.10.05 10:07:00 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgtray.exe
PRC - [2010.09.23 17:41:50 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgnsx.exe
PRC - [2010.09.21 07:40:50 | 000,977,976 | ---- | M] (Google Inc.) -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
PRC - [2010.07.17 08:39:10 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgrsx.exe
PRC - [2010.07.17 08:39:04 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgwdsvc.exe
PRC - [2010.07.17 08:38:20 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgcsrvx.exe
PRC - [2010.07.17 08:38:19 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgchsvx.exe
PRC - [2010.05.14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010.02.25 19:42:02 | 000,716,616 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010.02.25 19:40:18 | 001,047,880 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009.02.06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Contacts\wlcomm.exe
PRC - [2008.12.18 04:25:12 | 029,181,272 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008.07.11 02:27:52 | 040,999,448 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2007.12.01 03:48:34 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\osk.exe
PRC - [2007.12.01 03:48:18 | 004,922,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.07.27 14:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msswchx.exe
PRC - [2007.02.13 17:30:40 | 000,512,000 | ---- | M] () -- C:\ShaiyaServer\SERVER\PSM_Client\PSM_Agent.exe
PRC - [2007.02.13 17:30:36 | 000,507,904 | ---- | M] () -- C:\ShaiyaServer\SERVER\PSM_Server\PSMServer_Agent.exe
PRC - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
PRC - [2006.02.17 11:39:02 | 000,139,264 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2006.02.17 11:35:58 | 000,127,035 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006.02.17 11:35:42 | 000,061,503 | ---- | M] (NVIDIA) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006.02.17 11:17:08 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
PRC - [2005.01.14 09:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.10.07 14:05:15 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\OTL.exe
MOD - [2009.09.21 19:15:56 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\psapi.dll
MOD - [2007.12.01 03:45:34 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007.12.01 03:44:16 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3264_x-ww_d751ffbf\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - File not found [Disabled | Stopped] -- c:\Dokumente und Einstellungen\***\Desktop\rappelz_p\sql\MSSQL10.RAPPELZ_AUTH\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$AUTH) SQL Server-Agent (AUTH)
SRV - File not found [Auto | Stopped] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - File not found [Auto | Stopped] --  -- (mysql)
SRV - File not found [Auto | Stopped] -- c:\Dokumente und Einstellungen\***\Desktop\rappelz_p\sql\MSSQL10.RAPPELZ_AUTH\MSSQL\Binn\sqlservr.exe -- (MSSQL$AUTH) SQL Server (AUTH)
SRV - File not found [Disabled | Stopped] -- C:\Programme\Apache Software Foundation\Apache2.2\bin\httpd.exe -- (Apache2.2)
SRV - [2010.09.27 12:32:38 | 000,431,432 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010.09.23 20:34:55 | 002,950,744 | ---- | M] () [Auto | Running] -- c:\Programme\Gemeinsame Dateien\Akamai\netsession_win_062a651.dll -- (Akamai)
SRV - [2010.09.06 21:22:41 | 001,323,008 | ---- | M] () [On_Demand | Stopped] -- C:\ShaiyaServer\SERVER\PSM_Client\Bin\ps_game.exe -- (ps_game)
SRV - [2010.07.21 09:30:45 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Programme\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010.07.17 08:39:04 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010.07.08 13:13:08 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.05.14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010.04.28 17:27:00 | 003,522,800 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010.02.25 19:40:18 | 001,047,880 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.02.25 19:37:08 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.10.20 14:26:56 | 000,458,752 | ---- | M] () [On_Demand | Stopped] -- C:\ShaiyaServer\SERVER\PSM_Client\Bin\ps_dbAgent.exe -- (ps_dbAgent)
SRV - [2009.10.20 14:26:56 | 000,307,200 | ---- | M] () [On_Demand | Stopped] -- C:\ShaiyaServer\SERVER\PSM_Client\Bin\ps_gameLog.exe -- (ps_gameLog)
SRV - [2009.10.09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009.06.17 11:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2009.06.10 05:59:42 | 000,286,720 | ---- | M] () [On_Demand | Stopped] -- C:\ShaiyaServer\SERVER\PSM_Client\Bin\ps_userLog.exe -- (ps_userLog)
SRV - [2009.06.10 05:59:34 | 000,323,584 | ---- | M] () [On_Demand | Stopped] -- C:\ShaiyaServer\SERVER\PSM_Client\Bin\ps_session.exe -- (ps_session)
SRV - [2008.12.18 04:25:12 | 029,181,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SQL Server (MSSQLSERVER)
SRV - [2008.12.10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008.07.11 02:27:52 | 040,999,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2008.07.11 02:27:52 | 000,369,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS)
SRV - [2008.07.11 02:27:48 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2008.07.10 02:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.07.10 02:49:34 | 000,258,072 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2007.12.07 03:46:58 | 000,319,488 | ---- | M] () [On_Demand | Stopped] -- C:\ShaiyaServer\SERVER\PSM_Client\Bin\ps_login.exe -- (ps_login)
SRV - [2007.02.13 17:30:40 | 000,512,000 | ---- | M] () [Auto | Running] -- C:\ShaiyaServer\SERVER\PSM_Client\PSM_Agent.exe -- (shaiya_serverf)
SRV - [2007.02.13 17:30:36 | 000,507,904 | ---- | M] () [Auto | Stopped] -- C:\ShaiyaServer\SERVER\PSM_Server\PSMServer_Agent.exe -- (shaiya_server)
SRV - [2007.02.13 17:30:36 | 000,507,904 | ---- | M] () [Auto | Running] -- C:\ShaiyaServer\SERVER\PSM_Server\PSMServer_Agent.exe -- (PSM_AgentServer)
SRV - [2007.01.09 17:16:12 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.02.17 11:39:02 | 000,139,264 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2006.02.17 11:35:58 | 000,127,035 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006.02.17 11:35:42 | 000,061,503 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006.02.17 11:17:08 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
SRV - [2005.10.14 03:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.01.14 09:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\gPotato.eu\Rappelz\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV - [2010.07.17 08:39:12 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010.07.17 08:38:21 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010.06.08 01:57:00 | 010,531,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010.06.03 09:44:07 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010.02.03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.05.25 10:13:52 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008.07.10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2007.11.30 18:44:24 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007.11.30 18:31:16 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007.11.30 18:30:58 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2007.07.27 14:00:00 | 000,005,888 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\dmload.sys -- (dmload)
DRV - [2006.10.09 15:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX)
DRV - [2006.10.09 14:46:42 | 000,017,536 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2006.10.04 09:14:26 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5)
DRV - [2006.02.17 04:28:32 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.02.17 04:28:30 | 000,034,176 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.01.27 08:04:16 | 000,099,584 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005.10.05 11:21:10 | 000,141,312 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005.08.11 07:49:28 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005.03.09 16:53:00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005.02.24 12:29:14 | 000,162,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.sys -- (PAC207)
DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005.01.04 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004.10.27 16:21:36 | 000,138,240 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004.10.27 16:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001.08.17 13:14:24 | 000,444,416 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fpcibase.sys -- (fpcibase)
DRV - [2001.08.17 13:13:48 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\2203\toolbaru.dll File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Programme\AskSearch\bin\DefaultSearch.dll ()
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://home.sweetim.com"
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: GodLesZ-ShaiyaChecker@shaiya-obscura.dz-net.net:1.1.1
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.6.2
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.8
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.8
FF - prefs.js..extensions.enabledItems: timetrack@usablehack.com:1.2.5
FF - prefs.js..keyword.URL: "hxxp://de.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_de&p="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.startup.homepage: "hxxp://www.die-staemme.de/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programme\AVG\AVG9\Firefox [2010.09.23 17:42:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Programme\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010.05.23 08:18:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.05 16:11:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.07 06:29:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2009.11.15 20:28:22 | 000,000,000 | ---D | M]
 
[2008.10.08 08:47:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2010.09.29 12:47:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\uo7jdr3p.default\extensions
[2009.07.21 11:05:15 | 000,000,000 | ---D | M] (Session Manager) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\uo7jdr3p.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2010.04.07 09:05:10 | 000,000,000 | ---D | M] (Stylish) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\uo7jdr3p.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.06.17 20:59:48 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\uo7jdr3p.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2009.07.21 11:05:23 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\uo7jdr3p.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009.01.23 13:19:23 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\uo7jdr3p.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2009.06.04 20:48:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\uo7jdr3p.default\extensions\ChoiceGuard@Microsoft
[2009.08.10 11:53:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\uo7jdr3p.default\extensions\firebug@software.joehewitt.com
[2010.09.22 12:51:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\uo7jdr3p.default\extensions\GodLesZ-ShaiyaChecker@shaiya-obscura.dz-net.net
[2010.02.26 19:24:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\uo7jdr3p.default\extensions\moveplayer@movenetworks.com
[2008.10.08 12:15:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\uo7jdr3p.default\extensions\pennerbar3@pennergame.de
[2009.07.21 11:05:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\uo7jdr3p.default\extensions\timetrack@usablehack.com
[2008.11.09 11:25:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\uo7jdr3p.default\extensions\toolbar_extras@de.yahoo.com
[2009.01.23 13:19:22 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\uo7jdr3p.default\searchplugins\sweetim.xml
[2010.10.02 17:08:54 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.10.02 17:08:54 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de
[2010.05.25 18:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2009.03.25 12:42:28 | 000,114,688 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2009.11.23 15:34:21 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.11.23 15:34:21 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.11.23 15:34:21 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.11.23 15:34:21 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.11.23 15:34:21 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2007.07.27 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {074C1DC5-9320-4A9A-947D-C042949C6216} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (no name) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - No CLSID value found.
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof0.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\2203\toolbaru.dll File not found
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Programme\Styler\TB\StylerTB.dll (StyleFantasist)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\2203\toolbaru.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\2203\toolbaru.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsof0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Internet_001.lnk =  File not found
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Skype (2).lnk = C:\WINDOWS\Installer\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}\SkypeIcon.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecycleFiles = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuEjectPC = 0
O8 - Extra context menu item: Add to AMV Converter... - C:\Programme\MP3 Player Utilities 4.15\AMVConverter\grab.html ()
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programme\MP3 Player Utilities 4.15\MediaManager\grab.html ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe ()
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.11.26 15:56:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.06 22:02:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2010.10.06 22:02:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.10.06 22:02:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.10.06 22:02:10 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.06 22:02:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.10.06 21:50:36 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent
[2010.10.02 17:08:55 | 000,000,000 | ---D | C] -- C:\Programme\Unlocker
[2010.10.02 17:08:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\QuickStoresToolbar
[2010.10.02 14:18:33 | 001,835,008 | ---- | C] (Microsoft) -- C:\Dokumente und Einstellungen\***\Desktop\Seven.msstyles
[2010.10.02 14:18:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Shell
[2010.09.26 08:57:57 | 000,000,000 | ---D | C] -- C:\Programme\Speed Gear
[2010.09.26 08:42:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PriceGong
[2010.09.18 16:09:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\gctmp
[2010.09.18 16:09:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Xenocode
[2010.09.18 16:09:08 | 000,000,000 | ---D | C] -- C:\Programme\Game Cam V2
[2010.09.18 10:35:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\BlueShot
[2010.09.18 10:35:14 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMAPI32.OCX
[2010.09.18 10:35:13 | 000,000,000 | ---D | C] -- C:\Programme\BlueShot
[2010.09.10 18:13:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2010.09.10 18:13:22 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager
[2010.09.09 08:53:48 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\hamachi.sys
[2010.09.07 16:50:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\EasySetup
[2010.09.07 16:48:29 | 000,000,000 | ---D | C] -- C:\Programme\EasySetup
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.07 13:47:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.07 13:35:29 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.07 13:35:28 | 003,597,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.10.07 13:34:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.10.07 13:34:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.07 13:33:16 | 010,485,760 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT
[2010.10.07 13:29:00 | 000,001,228 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1037202297-955046455-3802400216-1005UA.job
[2010.10.07 09:02:20 | 065,681,351 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.10.07 05:29:01 | 000,001,176 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1037202297-955046455-3802400216-1005Core.job
[2010.10.06 22:02:14 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.06 21:38:00 | 000,002,407 | ---- | M] () -- C:\WINDOWS\mdlu.dl
[2010.10.06 13:48:43 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.04 18:04:20 | 000,000,020 | ---- | M] () -- C:\WINDOWS\Shaiya.SData
[2010.10.04 09:35:16 | 000,000,605 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Shaiya.lnk
[2010.10.03 18:24:07 | 000,045,087 | ---- | M] () -- C:\Dokumente und Einstellungen\***\.recently-used.xbel
[2010.10.03 18:23:08 | 000,000,953 | ---- | M] () -- C:\Dokumente und Einstellungen\***\SciTE.session
[2010.10.03 09:49:40 | 000,704,191 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\eq.jpg
[2010.10.03 09:47:52 | 014,862,099 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\eq.c
[2010.10.03 09:47:24 | 003,843,038 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\eq.xcf
[2010.10.03 09:46:53 | 001,207,702 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\eq.png
[2010.10.03 09:41:07 | 000,041,075 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\bg.jpg
[2010.10.02 22:00:03 | 000,000,104 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\spam.au3
[2010.10.02 18:59:45 | 000,000,648 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\AutoIt.lnk
[2010.10.02 17:08:36 | 001,015,869 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\unlocker1.9.0.exe
[2010.09.29 21:10:21 | 000,000,055 | ---- | M] () -- C:\WINDOWS\SpeedGear.INI
[2010.09.27 13:48:12 | 000,000,050 | ---- | M] () -- C:\WINDOWS\MegaManager.INI
[2010.09.25 09:27:46 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.09.25 09:27:46 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010.09.24 05:30:22 | 000,002,403 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Google Chrome.lnk
[2010.09.18 16:14:04 | 000,004,402 | ---- | M] () -- C:\video.pass
[2010.09.15 21:02:34 | 000,000,600 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\winscp.rnd
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.06 22:02:14 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.06 21:38:00 | 000,002,407 | ---- | C] () -- C:\WINDOWS\mdlu.dl
[2010.10.05 21:58:15 | 000,005,632 | -HS- | C] () -- C:\Dokumente und Einstellungen\***\Thumbs.db
[2010.10.05 13:31:14 | 000,012,288 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\shaiya.dll
[2010.10.05 13:31:14 | 000,010,240 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\injector.exe
[2010.10.04 18:04:20 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Shaiya.SData
[2010.10.03 18:24:07 | 000,045,087 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.recently-used.xbel
[2010.10.03 09:49:40 | 000,704,191 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\eq.jpg
[2010.10.03 09:47:44 | 014,862,099 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\eq.c
[2010.10.03 09:47:23 | 003,843,038 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\eq.xcf
[2010.10.03 09:46:42 | 001,207,702 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\eq.png
[2010.10.03 09:41:07 | 000,041,075 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\bg.jpg
[2010.10.02 21:56:41 | 000,000,104 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\spam.au3
[2010.10.02 18:59:45 | 000,000,648 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\AutoIt.lnk
[2010.10.02 17:08:29 | 001,015,869 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\unlocker1.9.0.exe
[2010.10.02 15:35:14 | 000,000,605 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Shaiya.lnk
[2010.09.26 08:58:06 | 000,000,055 | ---- | C] () -- C:\WINDOWS\SpeedGear.INI
[2010.09.25 09:27:46 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010.09.25 09:27:46 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010.09.18 16:11:25 | 000,004,402 | ---- | C] () -- C:\video.pass
[2010.08.25 15:56:22 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010.08.21 08:49:08 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2010.08.21 08:49:08 | 000,165,643 | ---- | C] () -- C:\WINDOWS\System32\libmhash.dll
[2010.08.21 08:49:08 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\expat.dll
[2010.08.21 08:49:08 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\mSQL.dll
[2010.08.21 08:49:07 | 000,872,448 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2010.08.21 08:49:07 | 000,872,448 | ---- | C] () -- C:\WINDOWS\System32\iconv.dll
[2010.08.21 08:49:07 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\sablot.dll
[2010.08.21 08:49:07 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2010.08.21 08:49:07 | 000,047,027 | ---- | C] () -- C:\WINDOWS\System32\libintl-1.dll
[2010.08.21 08:49:06 | 000,039,335 | ---- | C] () -- C:\WINDOWS\php.ini
[2010.08.20 13:19:39 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\php_mssql.dll
[2010.07.21 14:46:56 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\winscp.rnd
[2010.07.02 14:20:44 | 000,000,145 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2010.06.02 18:39:00 | 000,001,456 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Adobe Für Web speichern 12.0 Prefs
[2010.06.02 16:17:45 | 000,000,132 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe GIF Format CS5 Prefs
[2010.05.11 20:47:37 | 000,000,132 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe PNG Format CS5 Prefs
[2010.03.27 10:54:29 | 000,000,033 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010.03.21 21:25:45 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\AscSQLite.dll
[2010.01.06 21:58:06 | 000,000,739 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log
[2010.01.01 14:38:37 | 000,000,584 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010.01.01 14:37:57 | 000,001,074 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ss.ini
[2009.10.27 20:58:57 | 000,001,073 | ---- | C] () -- C:\WINDOWS\pftp.ini
[2009.07.01 20:37:31 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009.06.30 19:26:07 | 000,000,009 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\mdb.bin
[2009.06.30 13:36:16 | 000,000,143 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.05.18 13:25:42 | 000,003,188 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\winexpert.log
[2009.05.12 17:40:15 | 000,000,048 | ---- | C] () -- C:\WINDOWS\scmate.ini
[2009.03.14 17:01:08 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009.02.12 21:32:25 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2008.12.13 09:35:11 | 000,003,635 | ---- | C] () -- C:\WINDOWS\my.ini
[2008.12.11 22:38:34 | 000,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2008.11.06 11:20:16 | 000,362,029 | ---- | C] () -- C:\WINDOWS\System32\SQLite3.dll
[2008.09.20 21:23:09 | 000,741,896 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2008.08.16 19:35:58 | 000,001,755 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2008.08.15 20:31:20 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.08.15 20:31:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.05.15 16:04:22 | 000,271,872 | ---- | C] () -- C:\WINDOWS\System32\EMRegSys.dll
[2008.04.21 20:08:43 | 000,068,096 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.21 19:47:25 | 000,000,072 | ---- | C] () -- C:\WINDOWS\MediaManager.INI
[2008.03.16 13:14:35 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008.03.11 12:47:24 | 000,884,736 | ---- | C] () -- C:\WINDOWS\System32\HDX4MediaConverter.dll
[2008.02.26 18:30:38 | 000,000,413 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008.02.26 18:30:36 | 000,000,092 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008.01.14 20:07:55 | 000,000,066 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008.01.14 13:06:30 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.11.26 16:25:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007.11.26 16:03:48 | 000,022,254 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2007.11.26 16:02:20 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007.11.26 16:02:19 | 000,021,933 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007.11.26 16:02:08 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007.07.27 14:00:00 | 000,005,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\dmload.sys
[2007.01.30 07:03:40 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006.12.12 18:24:42 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006.11.02 09:27:46 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.ini
[2006.03.06 10:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2006.01.30 14:42:22 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini
[2006.01.24 12:15:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006.01.24 12:15:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005.02.24 12:29:14 | 000,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.sys
[2005.01.25 15:15:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL
[2004.09.16 14:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004.09.16 14:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2002.11.13 09:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2002.01.25 08:04:50 | 000,005,440 | ---- | C] () -- C:\WINDOWS\System32\mciwa16.dll
[2002.01.25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspsbext.ini
[2002.01.25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfidrv.ini
[2002.01.25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfbase.ini
[2002.01.25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspaudrv.ini
[2002.01.25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspapdrv.ini
[2002.01.25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mciwaw95.ini
[2002.01.25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspwa.ini
[2002.01.25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspct.ini
[2002.01.25 08:04:50 | 000,000,220 | ---- | C] () -- C:\WINDOWS\System32\pspwave.ini
[2002.01.25 08:04:50 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspdss.ini
[2002.01.25 08:04:50 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspddi.ini
 
========== LOP Check ==========
 
[2008.11.21 17:39:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\12203
[2008.11.22 09:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\14CB
[2008.11.20 14:33:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\253C8
[2008.11.21 19:07:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\253C9
[2008.11.21 19:10:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2A1D4
[2008.11.19 14:17:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2ACB
[2008.11.19 16:00:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\333D8
[2010.06.18 16:57:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar
[2010.05.23 08:18:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9
[2008.02.26 18:41:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2010.07.08 15:21:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData
[2010.01.01 14:37:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreeRIP
[2009.09.04 19:23:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Licenses
[2009.10.26 23:32:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MySQL
[2009.06.30 17:10:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Netzmanager
[2008.08.15 20:27:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Newsoft
[2010.08.26 20:13:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2010.09.10 18:14:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2009.01.23 13:19:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM
[2009.06.30 13:32:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2009.10.24 14:08:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010.03.22 14:59:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2008.11.14 18:16:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VirtualFarm
[2010.05.02 10:35:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2009.11.15 20:28:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2009.06.30 17:10:29 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{B2EE6530-D038-4C90-9039-001247EB238A}
[2010.03.22 14:59:16 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2009.01.06 12:56:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AIMP
[2010.06.23 19:13:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Atari
[2009.12.11 13:57:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AVG9
[2008.11.14 15:52:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Big Fish Games
[2009.01.07 19:41:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Blender Foundation
[2010.09.18 10:35:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\BlueShot
[2010.05.14 12:03:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.01.01 14:41:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CocoonSoftware
[2010.10.02 10:19:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DNA
[2010.09.07 16:50:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\EasySetup
[2009.09.04 19:22:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Engelmann Media
[2010.06.03 09:31:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Eternia Games
[2008.11.11 15:21:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FarmerJane
[2010.09.16 15:44:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FileZilla
[2009.11.23 19:49:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FOG Downloader
[2008.11.14 15:51:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Go Go Gourmet
[2010.10.03 09:49:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0
[2009.10.14 14:19:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ
[2008.09.15 13:50:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ Toolbar
[2009.12.08 15:01:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\inkscape
[2010.08.02 15:36:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mael
[2008.12.02 15:16:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Notepad++
[2008.12.02 15:42:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Nvu
[2009.03.14 16:47:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera
[2010.10.06 21:38:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PriceGong
[2010.10.06 21:37:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\QuickStoresToolbar
[2009.10.27 20:21:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ruff-FTP
[2010.05.11 20:33:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009.05.18 13:17:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Steganos
[2009.05.28 18:18:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Styler
[2009.06.30 13:33:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\T-Online
[2009.01.28 15:38:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TeamViewer
[2009.12.12 20:19:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Teeworlds
[2009.06.18 20:19:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\temp
[2009.10.30 19:03:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Thunderbird
[2010.01.27 14:21:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TS3Client
[2010.03.22 14:59:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TuneUp Software
[2010.05.28 17:59:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Uniblue
[2009.11.15 20:28:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Zylom
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:BFAD7A5D
@Alternate Data Stream - 124 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E1D818F7
@Alternate Data Stream - 118 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B9F8237A
@Alternate Data Stream - 114 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:961B4D58
@Alternate Data Stream - 110 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A3B8F70C
@Alternate Data Stream - 108 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:AA60673F
< End of report >

Extras.txt:

Code:

ATTFilter

OTL Extras logfile created on: 07.10.2010 14:05:46 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 52,40 Gb Free Space | 22,50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.js [@ = UltraEdit.js] -- C:\Programme\IDM Computer Solutions\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"8303:UDP" = 8303:UDP:*:Enabled:Teeworlds
"9303:UDP" = 9303:UDP:*:Enabled:teeworlds_sry_insatgib
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"8304:UDP" = 8304:UDP:*:Enabled:SHaiya
"1433:TCP" = 1433:TCP:*:Disabled:SQL
"1433:UDP" = 1433:UDP:*:Disabled:SQL
"30800:TCP" = 30800:TCP:*:Enabled:login
"30810:TCP" = 30810:TCP:*:Enabled:game
"30900:TCP" = 30900:TCP:*:Enabled:session
"30901:TCP" = 30901:TCP:*:Enabled:userlog
"30911:TCP" = 30911:TCP:*:Enabled:dbagent
"30912:TCP" = 30912:TCP:*:Enabled:gamelog
"40900:TCP" = 40900:TCP:*:Enabled:psmagent
"1060:TCP" = 1060:TCP:*:Enabled:connectionmanager
"1056:TCP" = 1056:TCP:*:Enabled:dbagent2
"1072:TCP" = 1072:TCP:*:Enabled:gamelog
"9743:TCP" = 9743:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\***\temp\TeamViewer3\TeamViewer.exe" = C:\Dokumente und Einstellungen\***\temp\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Dokumente und Einstellungen\***\Eigene Dateien\ICQ\495016732\ReceivedFiles\499353534 @= eXcut @=\WoW-BurningCrusade-deDE-Installer-downloader.exe" = C:\Dokumente und Einstellungen\***\Eigene Dateien\ICQ\495016732\ReceivedFiles\499353534 @= eXcut @=\WoW-BurningCrusade-deDE-Installer-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Programme\Teamspeak2_RC21\server_windows.exe" = C:\Programme\Teamspeak2_RC21\server_windows.exe:*:Enabled:Server -- ()
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Dokumente und Einstellungen\***\temp\TeamViewer\Version4\TeamViewer.exe" = C:\Dokumente und Einstellungen\***\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\Metin2_Germany\metin2.bin" = C:\Programme\Metin2_Germany\metin2.bin:*:Enabled:metin2 -- ()
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\***\Desktop\Dateien\Neuer Ordner\programme\wosportable\mysql\bin\mysqld-nt.exe" = C:\Dokumente und Einstellungen\***\Desktop\Dateien\Neuer Ordner\programme\wosportable\mysql\bin\mysqld-nt.exe:*:Enabled:mysqld-nt -- File not found
"C:\Dokumente und Einstellungen\***\Desktop\Dateien\hmmm\zombie_srv.exe" = C:\Dokumente und Einstellungen\***\Desktop\Dateien\hmmm\zombie_srv.exe:*:Enabled:zombie_srv -- File not found
"C:\Dokumente und Einstellungen\***\Desktop\Dateien\hmmm\teeworlds_srv_SotF.exe" = C:\Dokumente und Einstellungen\***\Desktop\Dateien\hmmm\teeworlds_srv_SotF.exe:*:Enabled:teeworlds_srv_SotF -- File not found
"C:\Dokumente und Einstellungen\***\Desktop\Dateien\hmmm\teeworlds_srv.exe" = C:\Dokumente und Einstellungen\***\Desktop\Dateien\hmmm\teeworlds_srv.exe:*:Enabled:teeworlds_srv -- File not found
"C:\Programme\Ruff-Tech\Ruff-FTP\ftpsck.exe" = C:\Programme\Ruff-Tech\Ruff-FTP\ftpsck.exe:*:Enabled:Ftp-Client -- (Ruff-Tech)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Dokumente und Einstellungen\***\Desktop\noch mehr o.O\teeworlds-0.5.2-win32\teeworlds_srv_kpack.exe" = C:\Dokumente und Einstellungen\***\Desktop\noch mehr o.O\teeworlds-0.5.2-win32\teeworlds_srv_kpack.exe:*:Enabled:teeworlds_srv_kpack -- ()
"C:\Programme\DNA\btdna.exe" = C:\Programme\DNA\btdna.exe:*:Enabled:DNA -- File not found
"C:\Programme\BitTorrent\bittorrent.exe" = C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Programme\FTP\SmartFTP.exe" = C:\Programme\FTP\SmartFTP.exe:*:Enabled:SmartFTP Client 4.0 -- (SmartSoft Ltd.)
"C:\Dokumente und Einstellungen\***\Desktop\noch mehr o.O\teeworlds-0.5.2-win32\zomb_srv.exe" = C:\Dokumente und Einstellungen\***\Desktop\noch mehr o.O\teeworlds-0.5.2-win32\zomb_srv.exe:*:Enabled:zomb_srv -- ()
"C:\Dokumente und Einstellungen\***\Desktop\noch mehr o.O\teeworlds-0.5.2-win32\teeworlds_srv_race.exe" = C:\Dokumente und Einstellungen\***\Desktop\noch mehr o.O\teeworlds-0.5.2-win32\teeworlds_srv_race.exe:*:Enabled:teeworlds_srv_race -- ()
"C:\Dokumente und Einstellungen\***\Desktop\lmfao\lol\Client\Gods Revolution.exe" = C:\Dokumente und Einstellungen\***\Desktop\lmfao\lol\Client\Gods Revolution.exe:*:Enabled:Gods Revolution -- File not found
"C:\Programme\AVG\AVG9\avgemc.exe" = C:\Programme\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG9\avgupd.exe" = C:\Programme\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG9\avgnsx.exe" = C:\Programme\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Dokumente und Einstellungen\***\Desktop\lmfao\lol\Client\Metin2.exe" = C:\Dokumente und Einstellungen\***\Desktop\lmfao\lol\Client\Metin2.exe:*:Enabled:Metin2 -- File not found
"C:\Dokumente und Einstellungen\***\Desktop\lmfao\lol\Client\ByPass Metin.exe" = C:\Dokumente und Einstellungen\***\Desktop\lmfao\lol\Client\ByPass Metin.exe:*:Enabled:ByPass Metin -- File not found
"C:\Dokumente und Einstellungen\***\Desktop\lmfao\lol\Client\NoControl.exe" = C:\Dokumente und Einstellungen\***\Desktop\lmfao\lol\Client\NoControl.exe:*:Enabled:NoControl -- File not found
"C:\Dokumente und Einstellungen\***\Desktop\lmfao\lol\Client\metin2.bin" = C:\Dokumente und Einstellungen\***\Desktop\lmfao\lol\Client\metin2.bin:*:Enabled:metin2 -- File not found
"C:\gPotato.eu\Allods Online\bin\Launcher.exe" = C:\gPotato.eu\Allods Online\bin\Launcher.exe:*:Enabled:Allods Online launcher.exe -- (© 2008 - 2009 Astrum Nival, LLC)
"C:\gPotato.eu\Allods Online\bin\AOgame.exe" = C:\gPotato.eu\Allods Online\bin\AOgame.exe:*:Enabled:Allods Online AOgame.exe -- (© 2008 - 2009 Astrum Nival, LLC)
"C:\Dokumente und Einstellungen\***\Desktop\noch mehr o.O\lmfao\pack\root.eix\metin2.bin" = C:\Dokumente und Einstellungen\***\Desktop\noch mehr o.O\lmfao\pack\root.eix\metin2.bin:*:Enabled:metin2 -- ()
"C:\Dokumente und Einstellungen\***\Desktop\noch mehr o.O\lmfao\pack\root.eix\Metin2.exe" = C:\Dokumente und Einstellungen\***\Desktop\noch mehr o.O\lmfao\pack\root.eix\Metin2.exe:*:Enabled:Metin2 -- ()
"C:\Programme\eDgMt2\eDgMt2.exe" = C:\Programme\eDgMt2\eDgMt2.exe:*:Enabled:eDgMt2 -- ()
"C:\Dokumente und Einstellungen\***\Desktop\noch mehr o.O\teeworlds-0.5.2-win32\teeworlds_srv_dd.exe" = C:\Dokumente und Einstellungen\***\Desktop\noch mehr o.O\teeworlds-0.5.2-win32\teeworlds_srv_dd.exe:*:Enabled:teeworlds_srv_dd -- ()
"C:\Dokumente und Einstellungen\***\Desktop\noch mehr o.O\teeworlds-0.5.2-win32\teeworlds_srv.exe" = C:\Dokumente und Einstellungen\***\Desktop\noch mehr o.O\teeworlds-0.5.2-win32\teeworlds_srv.exe:*:Enabled:teeworlds_srv -- ()
"C:\Dokumente und Einstellungen\***\Desktop\src\auth_bin\PrincessAuroraServer.exe" = C:\Dokumente und Einstellungen\***\Desktop\src\auth_bin\PrincessAuroraServer.exe:*:Enabled:PrincessAuroraServer -- File not found
"C:\Dokumente und Einstellungen\***\Desktop\rappelz_p\Rappelz\DE\2008-09-25\SE\PrincessAuroraServer.exe" = C:\Dokumente und Einstellungen\***\Desktop\rappelz_p\Rappelz\DE\2008-09-25\SE\PrincessAuroraServer.exe:*:Enabled:PrincessAuroraServer -- File not found
"C:\Dokumente und Einstellungen\***\Desktop\rappelz_p\src\auth_bin\PrincessAuroraServer.exe" = C:\Dokumente und Einstellungen\***\Desktop\rappelz_p\src\auth_bin\PrincessAuroraServer.exe:*:Enabled:PrincessAuroraServer -- File not found
"C:\Programme\WinSCP\WinSCP.exe" = C:\Programme\WinSCP\WinSCP.exe:*:Enabled:WinSCP: SFTP, FTP and SCP client -- (Martin Prikryl)
"C:\Xampp\xampp\mysql\bin\mysqld.exe" = C:\Xampp\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server -- (MySQL AB)
"C:\Xampp\xampp\FileZillaFTP\FileZilla Server.exe" = C:\Xampp\xampp\FileZillaFTP\FileZilla Server.exe:*:Enabled:FileZilla Server -- (FileZilla Project)
"C:\Xampp\xampp\MercuryMail\mercury.exe" = C:\Xampp\xampp\MercuryMail\mercury.exe:*:Enabled:Mercury/32 Core Processing Module v4.72 -- (David Harris)
"C:\FoxServ\apache\Apache.exe" = C:\FoxServ\apache\Apache.exe:*:Enabled:Apache.exe -- File not found
"C:\MiniWebServ\MiniWebserver.exe" = C:\MiniWebServ\MiniWebserver.exe:*:Enabled:MiniWebserver -- ()
"C:\EasyServ\apache\Apache.exe" = C:\EasyServ\apache\Apache.exe:*:Enabled:Apache -- ()
"C:\Programme\KeyFocus\KFWS\bin\kfwserv.exe" = C:\Programme\KeyFocus\KFWS\bin\kfwserv.exe:*:Enabled:kfwserv -- ()
"C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe" = C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Programme\Abyss Web Server\abyssws.exe" = C:\Programme\Abyss Web Server\abyssws.exe:*:Enabled:Abyss Web Server X1 -- (Aprelium)
"C:\Own\Apache2\bin\Apache.exe" = C:\Own\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Dokumente und Einstellungen\***\Desktop\vdrive\.sys\mysql\bin\mysqld.exe" = C:\Dokumente und Einstellungen\***\Desktop\vdrive\.sys\mysql\bin\mysqld.exe:*:Enabled:mysqld -- File not found
"C:\Dokumente und Einstellungen\***\Desktop\vdrive\.sys\apache2\bin\httpd.exe" = C:\Dokumente und Einstellungen\***\Desktop\vdrive\.sys\apache2\bin\httpd.exe:*:Enabled:Apache HTTP Server -- File not found
"C:\Programme\Adobe\Adobe Flash Builder 4\FlashBuilder.exe" = C:\Programme\Adobe\Adobe Flash Builder 4\FlashBuilder.exe:*:Enabled:FlashBuilder -- File not found
"C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\P12743574.JPG-www.facebook.exe" = C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor -- File not found
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{0524D62A-72D6-4D01-B4E8-546BA5B0B9EC}_is1" = eDgMt2 Client 1.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{053B3DA8-91B5-4682-A130-715412A1A252}" = Paint.NET v3.5.4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0B69DA57-BC7D-461D-B7D6-2AA9F08869CD}" = QuickTime
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = Die Sims Deluxe
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{13800ED7-C5CA-35FB-A612-2296DEF19BB0}" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - DEU
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1B3EC2E9-67E3-4D10-B1B8-BD71D7DC8930}" = Eternia LastChaos
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20c31435-2a0a-4580-be8b-ac06fc243ca4}" = Python 2.7
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23170F69-40C1-2701-0465-000001000000}" = 7-Zip 4.65
"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition
"{2CC40CFF-2FBA-4180-B096-2CE625F61233}" = WinExpert
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{30355ED7-DE49-4C8D-BE23-2161D36E8A9A}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32E2F180-247C-4077-B06A-20F9868568E0}_is1" = UltraMixer 2.3.7.1
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{38734F9F-0913-4E2B-0001-65A173AEFC78}" = MyTube BigPack
"{38C7CB9E-1451-38D5-BB97-B7FC59E1A8B8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - deu
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A862C7D-0504-48BC-AEF8-7F7479C7C158}" = Apache HTTP Server 2.0.48
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C3FDF98-57CF-4FF4-9C95-167AE920ECCE}" = Dark GDK
"{3CDD84B1-0155-4BDA-B9DB-11055BD51450}" = KFWS
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F50AF3B-8997-4916-0095-99D63DDB785A}" = Harry Potter TM
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42A74897-DE10-11D5-AB0D-000374890932}" = Perfect FTP
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser
"{4D180A2C-9364-4384-8889-9DD425EC1497}" = PHP 5.3.3
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56403FFF-145E-35C5-A090-96598BE57FB8}" = Microsoft Visual Basic 2008 Express Edition - DEU
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{660D9A39-FEC9-432A-B322-F1D6FE57BC57}" = SmartFTP Client
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6E9CFEF5-0245-411F-8587-CF83DF9D4B05}" = Microsoft SQL Server 2008 Database Engine Services
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CD2DA07-6695-4FFE-A2A6-5F7055F1A8FA}" = EasySetup  2.0.4e
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{80A97464-A741-44B0-8AD6-0C16B1FEF7F6}" = Norton Security Scan
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{84975365-177A-42EB-A265-9C9B6DB1FEA1}" = Trust Photo Tools
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.16
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.15
"{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}" = SweetIM Toolbar for Internet Explorer 3.4
"{8F714418-F3C3-3BF0-B548-E4BDA7AD41DE}" = Microsoft Visual Basic 2008 Express Edition with SP1 - DEU
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007
"{90120000-0021-0407-0000-0000000FF1CE}_VisualWebDeveloper_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_VisualWebDeveloper_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90877318-0BD0-4BDE-BFC0-C4BB12DAC86A}_is1" = Rappelz
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{990036E7-D647-45A4-8F7F-1CB277EF0ABD}" = RollerCoaster Tycoon 3 Demo
"{99A37AC7-E724-4621-B167-500B5A52B69C}" = LastChaosGER
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9BBB19C0-1FE1-4A4E-B25F-C9E1B0497EC5}" = Shaiya(US)
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4512736-8D63-4298-9271-5329931FA46B}" = Microsoft SQL Server Management Studio Express
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{BAE340DA-D955-4B3D-8D1D-94F6ADD16245}" = SSP2v208
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE4CE2A3-1284-4DDA-A6FB-A268D3AE76BA}" = MySQL Server 5.4
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C91C4EF4-63E1-41EE-AE6A-5152628FDC21}" = Microsoft SQL Server 2008 Native Client
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAF7A270-55D5-455F-B0D1-6C51EADC1C3A}" = Presto! Mr. Photo 4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{d40af016-506c-43fb-a738-bd54fa8c1e85}" = Python 3.1.2
"{D5A7D7AB-3093-3619-9261-74DB250ECF7B}" = Microsoft Visual C++ 2008 Express Edition with SP1 - DEU
"{D8830AB0-80DD-47C8-BCC3-B46A2DE62AA5}" = Mega Manager
"{D9226EB1-C528-48AC-B423-BD9240E1F60B}" = Opera 9.62
"{D922EF97-6657-3075-BC93-A6CF59444E84}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF5D17F4-B925-4A3F-9D77-A4C22E08A6CB}" = MySQL Server 6.0
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E2CBF3FE-A24F-40DF-B25D-8C9E05F0CD63}" = UltraEdit 15.20
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E848C9C0-E6FF-4A3F-9D67-AE53AC3628FE}" = SweetIM for Messenger 2.7
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6CE1230-A694-4B86-B21C-A11A112689DA}" = Trust WB-1400T Webcam
"{F8D315CF-615E-3AAC-ABF6-C0FA91EDDDBA}" = Microsoft Visual C# 2008 Express Edition with SP1 - DEU
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F916C6DF-2601-4385-9500-C45FF398D4CB}" = Install(GE)
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"Adobe AIR" = Adobe AIR
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AdventuresofSheepy" = AdventuresofSheepy (remove only)
"Akamai" = Akamai NetSession Interface
"Alice Greenfingers 2 Deluxe" = Alice Greenfingers 2 Deluxe
"AnvSoft Photo Flash Maker Free" = AnvSoft Photo Flash Maker Free 5.10
"AstrumNival Allods" = Allods Online 1.0.05.41
"AudioRecorder" = AudioRecorder
"AudioRecorder 3.0" = AudioRecorder 3.0
"AutoItv3" = AutoIt v3.3.6.0
"AVG9Uninstall" = AVG Free 9.0
"BlueShot 1.2.0_is1" = BlueShot 1.2.0
"CamStudio" = CamStudio
"CANONBJ_Deinstall_CNMS400.CPD" = S400
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Crimson Editor" = Crimson Editor (remove only)
"DivX Content Uploader" = DivX Content Uploader
"FarmingSimulator2009DemoDE_is1" = Landwirtschafts-Simulator 2009 Demo
"FileZilla Client" = FileZilla Client 3.3.2
"FlorensiaEU" = FlorensiaEU 1.08.17
"FoxServ" = FoxServ 3.1 Beta 1
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.1
"Free WAV to MP3 Converter" = Free WAV to MP3 Converter
"Free YouTube Download_is1" = Free YouTube Download 2.2
"ft_Transport Tycoon Deluxe" = Transport Tycoon Deluxe
"FUSSBALL MANAGER 08" = FUSSBALL MANAGER 08
"Game Cam" = Game Cam 2.54.0.47
"Game Maker 7.0" = Game Maker 7.0
"GameSpy Arcade" = GameSpy Arcade
"HijackThis" = HijackThis 2.0.2
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Inkscape" = Inkscape 0.47
"InstallShield_{0B69DA57-BC7D-461D-B7D6-2AA9F08869CD}" = QuickTime
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{F6CE1230-A694-4B86-B21C-A11A112689DA}" = Trust WB-1400T Webcam
"lcc-win32 (base system)_is1" = lcc-win32 version 3.2 (base system)
"Lexmark 1200 Series" = Lexmark 1200 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2008 Express Edition - DEU" = Microsoft Visual Basic 2008 Express Edition - DEU
"Microsoft Visual Basic 2008 Express Edition with SP1 - DEU" = Microsoft Visual Basic 2008 Express Edition mit SP1 - DEU
"Microsoft Visual C# 2008 Express Edition with SP1 - DEU" = Microsoft Visual C# 2008 Express Edition mit SP1 - DEU
"Microsoft Visual C++ 2008 Express Edition with SP1 - DEU" = Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"Microsoft Visual Web Developer 2008 Express Edition with SP1 - DEU" = Microsoft Visual Web Developer 2008 Express Edition mit SP1 - DEU
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library for Microsoft Visual Studio 2008 Express Editions" = MSDN Library für Microsoft Visual Studio 2008 Express Editions
"MSNINST" = MSN
"Neffy" = Neffy 1,3,29,0
"Netzmanager" = Netzmanager
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Nvu_is1" = Nvu 1.0
"OpenAL" = OpenAL
"OpenTTD" = OpenTTD 0.6.1
"Parkman" = Parkman (remove only)
"PFPortChecker" = PFPortChecker 1.0.36
"Pipeman" = Pipeman (remove only)
"PMView 2000" = PMView 2000
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0
"Regnum Online" = Regnum Online 
"Ruff-FTP_is1" = Ruff-Tech
"Sauerbraten" = Sauerbraten
"SciTE4AutoIt3" = SciTE4AutoIt3 31-10-2009
"Security Task Manager" = Security Task Manager 1.7h
"Shop for HP Supplies" = Shop for HP Supplies
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 4.12.2.4
"Sorades - Die Befreiung" = Sorades - Die Befreiung
"Speed Gear_is1" = Speed Gear v7.1
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 2 Server_is1" = TeamSpeak 2 Server RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The Personal FTP Server_is1" = The Personal FTP Server 6.0.1f
"Trojancheck_is1" = Trojancheck 6
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.9.0
"VCP" = Remove Vista Customization Pack v3
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VistaMizer ExpansionPack" = VistaMizer ExpansionPack 1.0.0.0
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WampServer 2_is1" = WampServer 2.0
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.8
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.33
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
"Xvid_is1" = Xvid 1.1.2 final uninstall
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AbyssWebServer" = Abyss Web Server X1 (remove only)
"BitTorrent DNA" = DNA
"CCPlayer" = CCPlayer
"Google Chrome" = Google Chrome
"QUICKMEDIACONVERTER" = QuickMediaConverter
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.10.2010 22:29:17 | Computer Name = *** | Source = Google Update | ID = 20
Description = 
 
Error - 06.10.2010 22:47:16 | Computer Name = *** | Source = Google Update | ID = 20
Description = 
 
Error - 06.10.2010 23:26:34 | Computer Name = *** | Source = Google Update | ID = 20
Description = 
 
Error - 06.10.2010 23:29:14 | Computer Name = *** | Source = Google Update | ID = 20
Description = 
 
Error - 06.10.2010 23:47:14 | Computer Name = *** | Source = Google Update | ID = 20
Description = 
 
Error - 07.10.2010 00:26:34 | Computer Name = *** | Source = Google Update | ID = 20
Description = 
 
Error - 07.10.2010 00:29:16 | Computer Name = *** | Source = Google Update | ID = 20
Description = 
 
Error - 07.10.2010 00:41:59 | Computer Name = *** | Source = Google Update | ID = 20
Description = 
 
Error - 07.10.2010 00:47:14 | Computer Name = *** | Source = Google Update | ID = 20
Description = 
 
Error - 07.10.2010 00:50:30 | Computer Name = *** | Source = Google Update | ID = 20
Description = 
 
[ System Events ]
Error - 24.07.2010 05:25:05 | Computer Name = *** | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der
 SID (S-1-5-18) für Benutzer NT-AUTORITÄT\SYSTEM keine Startberechtigung (Lokal)
 für die COM-Serveranwendung mit CLSID   {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}   gewährt.
 Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
 geändert werden.
 
Error - 24.07.2010 05:26:32 | Computer Name = *** | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
 Peer  "atom.uhr.de,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten
wiederholt.
Fehler:
 Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)
 
Error - 24.07.2010 05:26:32 | Computer Name = *** | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
 Zeitquellen  konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb  der
 nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung  mit der Quelle
 herzustellen.  Der NtpClient verfügt über keine Quelle mit genauer Zeit.
 
Error - 24.07.2010 05:26:36 | Computer Name = *** | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
 Peer  "atom.uhr.de,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten
wiederholt.
Fehler:
 Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)
 
Error - 24.07.2010 05:26:36 | Computer Name = *** | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
 Zeitquellen  konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb  der
 nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung  mit der Quelle
 herzustellen.  Der NtpClient verfügt über keine Quelle mit genauer Zeit.
 
Error - 24.07.2010 05:26:54 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apache2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%3
 
Error - 24.07.2010 05:26:54 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "mysql" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%3
 
Error - 24.07.2010 05:26:54 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "shaiya_server" wurde aufgrund folgenden Fehlers nicht 
gestartet:   %%3
 
Error - 24.07.2010 05:26:54 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "shaiya_serverf" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%3
 
Error - 24.07.2010 05:28:12 | Computer Name = *** | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
 gestartet.
 
 
< End of report >

Ich hoffe, ihr könnt mir helfen.

Quemada

cosinus · 07.10.2010, 20:27

Zitat:

Naja, nun habe ich schon meinen PC mit Malwarebytes' Anti-Malware auf Malware scannen lassen und die gefundene Malware entfernen lassen.

Und warum postest Du das Log nicht?

Quemada · 07.10.2010, 20:45

Zitat:

Zitat von cosinus

Und warum postest Du das Log nicht?

Tut mir leid. Habe das Programm direkt danach laufen lassen und hätte nicht gedacht, dass ich das Log noch brauche. Dementsprechend habe ich das Log auch nicht mehr.

War denn noch etwas auffälliges bei den Logfiles, wenn ich fragen darf.

cosinus · 08.10.2010, 07:48

Dann öffne Malwarebytes und schau im Reiter Logdateien nach.
Ohne zu wissen was genau gefunden wurde wird das eine Sache für die

Quemada · 08.10.2010, 15:56

Hier.

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4758

Windows 5.1.2600 Service Pack 3, v.3264
Internet Explorer 7.0.5730.13

07.10.2010 06:29:26
mbam-log-2010-10-07 (06-29-26).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 201545
Laufzeit: 1 Stunde(n), 7 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 145
Infizierte Registrierungswerte: 10
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 23
Infizierte Dateien: 111

Infizierte Speicherprozesse:
C:\WINDOWS\nvsvc32.exe (Trojan.Agent) -> Unloaded process successfully.

Infizierte Speichermodule:
C:\Programme\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Programme\MyWebSearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nvidia driver monitor (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nvidia driver monitor (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Dokumente und Einstellungen\***\Anwendungsdaten\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***r\Anwendungsdaten\FunWebProducts\Data\*** (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
C:\Programme\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
C:\Programme\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Programme\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Message\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Delete on reboot.
C:\Programme\MyWebSearch\SrchAstt\2.bin (Adware.MyWebSearch) -> Delete on reboot.

Infizierte Dateien:
C:\Programme\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Programme\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Programme\MyWebSearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Programme\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Delete on reboot.
C:\Programme\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Delete on reboot.
C:\Programme\MyWebSearch\bar\2.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\***\Eigene Dateien\downloads\P12743574.JPG-www.facebook.exe (Worm.Palevo) -> Quarantined and deleted successfully.
C:\Programme\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\crypted.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\ScreenSaver\Images\0078C5D8.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\FunWebProducts\Shared\Cache\WebfettiBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\2.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\00263BE7 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\0043E1EE.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\0043E3F1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\0043E5B6.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\0043E76C.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\004C2895 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\0075C9CF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\0075D306.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\0075D4CB.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\0075D77B.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\0075DAE6.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\0075DCDA.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\00BD56E2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\00C7E779 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\01700E88.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Message\COMMON\ask_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Message\COMMON\mws_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Message\COMMON\tp_grad.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Programme\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\nvsvc32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\wintybrd.png (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\wintybrdf.jpg (Malware.Trace) -> Quarantined and deleted successfully.
C:\Programme\ICQToolbar\2203\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.

cosinus · 08.10.2010, 18:46

Zitat:

Art des Suchlaufs: Quick-Scan

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Quemada · 09.10.2010, 09:38

Hier.

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4780

Windows 5.1.2600 Service Pack 3, v.3264
Internet Explorer 7.0.5730.13

09.10.2010 10:36:03
mbam-log-2010-10-09 (10-36-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 631184
Laufzeit: 3 Stunde(n), 23 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\***\Desktop\noch mehr o.O\Dateien\Neuer Ordner\programme\gnumeric\App\Gnumeric\bin\ssconvert.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{72F6202F-DE44-4082-A723-CB85D1C63D54}\RP133\A0232801.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

cosinus · 09.10.2010, 17:54

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
[2010.10.06 21:38:00 | 000,002,407 | ---- | C] () -- C:\WINDOWS\mdlu.dl
[2008.11.21 17:39:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\12203
[2008.11.22 09:08:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\14CB
[2008.11.20 14:33:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\253C8
[2008.11.21 19:07:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\253C9
[2008.11.21 19:10:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2A1D4
[2008.11.19 14:17:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2ACB
[2008.11.19 16:00:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\333D8
[2009.06.30 17:10:29 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{B2EE6530-D038-4C90-9039-001247EB238A}
[2010.03.22 14:59:16 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
@Alternate Data Stream - 98 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:BFAD7A5D
@Alternate Data Stream - 124 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E1D818F7
@Alternate Data Stream - 118 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B9F8237A
@Alternate Data Stream - 114 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:961B4D58
@Alternate Data Stream - 110 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A3B8F70C
@Alternate Data Stream - 108 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:AA60673F
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Quemada · 09.10.2010, 18:40

Ich bekomme einen Bluescreen mit der Meldung:

IRQL_NOT_LESS_OR_EQUAL

STOP:0x0000000A (0x0000FFDF, 0x00000002, 0x00000001, 0x806E7A8E)

cosinus · 09.10.2010, 19:27

Beim Fix? Probier es bitte nochmal!

Quemada · 09.10.2010, 20:01

Ja, beim fix. Als erstes wird die explorer.exe beendet, bzw. die Desktopsymbole und die Taskleiste verschwindet. Habe es bereits mehrmals versucht.

cosinus · 09.10.2010, 21:00

Ok, dann lassen wir das erstmal weg. Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Quemada · 10.10.2010, 07:45

Hier das Log.

Code:

ATTFilter

ComboFix 10-10-09.01 - *** 09.10.2010  22:26:58.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2014.1408 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\confi.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
 ADS - WINDOWS: deleted 117760 bytes in 1 streams. 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\1.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\a.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\b.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\c.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\d.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\e.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\f.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\g.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\h.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\i.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\J.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\k.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\l.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\m.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\mru.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\n.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\o.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\p.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\q.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\r.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\s.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\t.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\u.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\v.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\w.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\x.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\y.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\z.xml
C:\Install.exe
c:\programme\AskSearch\bin\DefaultSearch.dll
c:\windows\mdlu.dl
c:\windows\My.ini

cosinus · 10.10.2010, 19:18

Das Log ist ist unvollständig! Bitte komplett posten.

Quemada · 10.10.2010, 19:31

Oh, ist mir gar nicht aufgefallen. ^^

Code:

ATTFilter

ComboFix 10-10-09.01 - Com 09.10.2010  22:26:58.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2014.1408 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\confi.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
 ADS - WINDOWS: deleted 117760 bytes in 1 streams. 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\1.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\a.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\b.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\c.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\d.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\e.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\f.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\g.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\h.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\i.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\J.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\k.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\l.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\m.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\mru.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\n.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\o.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\p.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\q.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\r.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\s.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\t.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\u.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\v.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\w.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\x.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\y.xml
c:\dokumente und einstellungen\***\Anwendungsdaten\PriceGong\Data\z.xml
C:\Install.exe
c:\programme\AskSearch\bin\DefaultSearch.dll
c:\windows\mdlu.dl
c:\windows\My.ini
c:\windows\system32\_004365_.tmp.dll
c:\windows\system32\_004366_.tmp.dll
c:\windows\system32\ReadMe.txt
c:\windows\system32\sysdm.exe

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


(((((((((((((((((((((((   Dateien erstellt von 2010-09-09 bis 2010-10-09  ))))))))))))))))))))))))))))))
.

2010-10-09 20:05 . 2010-10-09 20:05	--------	d-----w-	c:\programme\CCleaner2
2010-10-07 18:20 . 2010-10-07 18:20	--------	d-----w-	C:\_OTL
2010-10-06 20:02 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-06 20:02 . 2010-10-06 20:02	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2010-10-06 20:02 . 2010-10-06 20:02	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-10-06 20:02 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-10-05 08:07 . 2010-10-05 08:07	4100960	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgui.exe
2010-10-05 08:07 . 2010-10-05 08:07	2065760	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgtray.exe
2010-10-05 08:07 . 2010-10-05 08:07	4394336	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgcorex.dll
2010-10-02 15:08 . 2010-10-02 15:10	--------	d-----w-	c:\programme\Unlocker
2010-09-26 06:57 . 2010-09-26 06:57	--------	d-----w-	c:\programme\Speed Gear
2010-09-23 15:42 . 2010-09-23 15:42	3586912	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\setup.exe
2010-09-23 15:41 . 2010-09-23 15:41	620896	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgnsx.exe
2010-09-23 15:41 . 2010-09-23 15:41	1619296	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgssie.dll
2010-09-23 15:41 . 2010-09-23 15:41	1377632	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgssff.dll
2010-09-23 15:41 . 2010-09-23 15:41	942432	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgcfgx.dll
2010-09-23 15:41 . 2010-09-23 15:41	598368	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgsrmx.dll
2010-09-23 15:41 . 2010-09-23 15:41	300896	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgchclx.dll
2010-09-23 15:41 . 2010-09-23 15:41	1690952	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\avg9\update\backup\avgupd.dll
2010-09-18 14:09 . 2010-09-18 14:09	--------	d-----w-	c:\programme\Game Cam V2
2010-09-18 08:35 . 2010-09-18 08:35	--------	d-----w-	c:\programme\BlueShot
2010-09-10 16:13 . 2010-09-10 16:13	334	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_10F61E61D2E284244AF26762C141B7C6.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-09 20:36 . 2009-11-27 13:26	--------	d-----w-	c:\programme\Gemeinsame Dateien\Akamai
2010-10-09 19:02 . 2009-03-14 15:01	--------	d-----w-	c:\programme\Cheat Engine
2010-10-07 18:18 . 2010-06-17 18:59	--------	d-----w-	c:\programme\softonic-de3
2010-10-07 18:16 . 2009-01-23 11:19	--------	d-----w-	c:\programme\SweetIM
2010-10-07 18:16 . 2009-01-23 11:19	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SweetIM
2010-10-07 18:13 . 2010-05-23 06:18	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar
2010-10-03 06:21 . 2008-08-15 18:27	--------	d-----w-	c:\programme\Gemeinsame Dateien\Adobe
2010-10-02 15:33 . 2009-12-26 20:22	--------	d-----w-	c:\programme\Pando Networks
2010-10-02 15:33 . 2007-11-26 14:07	--------	d--h--w-	c:\programme\InstallShield Installation Information
2010-10-02 15:27 . 2010-03-22 12:59	--------	d-----w-	c:\programme\TuneUp Utilities 2010
2010-09-26 06:52 . 2008-08-27 19:46	--------	d-----w-	c:\programme\Google
2010-09-22 16:03 . 2008-12-02 13:16	--------	d-----w-	c:\programme\Notepad++
2010-09-18 08:37 . 2008-11-15 10:57	--------	d-----w-	c:\programme\CamStudio
2010-09-10 16:13 . 2010-09-10 16:13	287	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_0F96ECA58E3Abe44881CA048E1071008.dll
2010-09-07 14:53 . 2010-09-07 14:48	--------	d-----w-	c:\programme\EasySetup
2010-09-05 05:58 . 2008-09-20 19:35	--------	d-----w-	c:\programme\Microsoft Silverlight
2010-09-01 19:16 . 2008-11-16 12:55	--------	d-----w-	c:\programme\Gimp-2.0
2010-08-26 18:13 . 2010-05-11 18:19	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
2010-08-26 17:58 . 2010-08-26 17:58	10134	----a-r-	c:\dokumente und einstellungen\***\Anwendungsdaten\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
2010-08-26 17:58 . 2010-08-26 17:58	--------	d-----w-	c:\programme\My Company Name
2010-08-26 15:42 . 2010-08-26 15:42	977920	----a-w-	C:\siw_cmd.exe
2010-08-25 12:20 . 2010-08-25 12:19	--------	d-----w-	c:\programme\PMView
2010-08-22 09:50 . 2010-08-20 17:04	--------	d-----w-	c:\programme\Apache Software Foundation
2010-08-20 14:47 . 2010-08-20 14:47	--------	d-----w-	c:\programme\Abyss Web Server
2010-08-19 15:18 . 2010-08-19 15:18	--------	d-----w-	c:\programme\KeyFocus
2010-08-11 13:34 . 2010-08-11 13:34	--------	d-----w-	c:\programme\PFPortChecker
2010-08-07 05:59 . 2007-07-27 12:00	636082	----a-w-	c:\windows\system32\perfh007.dat
2010-08-07 05:59 . 2007-07-27 12:00	150166	----a-w-	c:\windows\system32\perfc007.dat
2010-07-30 08:02 . 2010-07-30 08:02	503808	----a-w-	c:\dokumente und einstellungen\Marcel.TW-HENI-01\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4e529bc9-n\msvcp71.dll
2010-07-30 08:02 . 2010-07-30 08:02	499712	----a-w-	c:\dokumente und einstellungen\Marcel.TW-HENI-01\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4e529bc9-n\jmc.dll
2010-07-30 08:02 . 2010-07-30 08:02	348160	----a-w-	c:\dokumente und einstellungen\Marcel.TW-HENI-01\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4e529bc9-n\msvcr71.dll
2010-07-30 07:58 . 2008-01-21 11:12	73856	----a-w-	c:\dokumente und einstellungen\Marcel.TW-HENI-01\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-07-17 06:39 . 2010-05-23 06:19	243024	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2010-07-17 06:39 . 2010-07-17 06:39	12536	----a-w-	c:\windows\system32\avgrsstx.dll
2010-07-17 06:38 . 2010-05-23 06:19	216400	----a-w-	c:\windows\system32\drivers\avgldx86.sys
.

------- Sigcheck -------

[-] 2007-12-01 . 67F172D3A7E9D5D15262058359A83648 . 4922880 . . [6.00.2900.3264] . . c:\windows\explorer.exe
[-] 2007-12-01 . 67F172D3A7E9D5D15262058359A83648 . 4922880 . . [6.00.2900.3264] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2007-12-01 . 3B702D8A5896A34259A70A02357036D1 . 1036800 . . [6.00.2900.3264] . . c:\windows\VCP_SAVE\explorer.exe
[7] 2007-07-27 . 22FE1BE02EADDE1632E478E4125639E0 . 1035264 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2007-07-27 . 22FE1BE02EADDE1632E478E4125639E0 . 1035264 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\e94b50580b3d9c69a3c27b7653239432\backup\sp2gdr\explorer.exe

.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programme\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-09-27 2102600]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-09-27 10:32	2102600	----a-w-	c:\programme\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programme\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-09-27 2102600]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programme\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-09-27 2102600]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\programme\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-05 2067808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-07 110696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-12-01 15360]
"InfoCockpit"="c:\programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2009-04-29 268800]
"DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuEjectPC"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-17 06:39	12536	----a-w-	c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06	976832	----a-w-	c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57	35760	----a-w-	c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-08-26 17:47	500208	------w-	c:\programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2009-03-11 11:54	611712	----a-w-	c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]
2008-04-13 12:39	49152	----a-w-	c:\programme\VistaDriveIcon\DrvIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-11-28 14:05	133104	----atw-	c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 20:17	49152	----a-w-	c:\programme\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KFWebServer]
2003-10-11 00:50	114688	----a-w-	c:\programme\KeyFocus\KFWS\bin\kfwsmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]
2006-02-17 09:40	270336	----a-w-	c:\programme\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-06-02 22:48	1753192	----a-w-	c:\programme\NVIDIA Corporation\nView\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-08-15 18:25	155648	----a-w-	c:\programme\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2005-09-07 14:35	716800	----a-w-	c:\programme\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2005-05-20 01:11	925696	----a-r-	c:\programme\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 03:19	148888	----a-w-	c:\programme\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2009-05-20 13:11	111928	----a-r-	c:\programme\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51	17408	----a-w-	c:\programme\Unlocker\UnlockerAssistant.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Dokumente und Einstellungen\\***\\temp\\TeamViewer3\\TeamViewer.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Dokumente und Einstellungen\\***\\Eigene Dateien\\ICQ\\495016732\\ReceivedFiles\\499353534 @= eXcut @=\\WoW-BurningCrusade-deDE-Installer-downloader.exe"=
"c:\\Programme\\Teamspeak2_RC21\\server_windows.exe"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\Dokumente und Einstellungen\\***\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programme\\Metin2_Germany\\metin2.bin"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Ruff-Tech\\Ruff-FTP\\ftpsck.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Dokumente und Einstellungen\\***\\Desktop\\noch mehr o.O\\teeworlds-0.5.2-win32\\teeworlds_srv_kpack.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\FTP\\SmartFTP.exe"=
"c:\\Dokumente und Einstellungen\\***\\Desktop\\noch mehr o.O\\teeworlds-0.5.2-win32\\zomb_srv.exe"=
"c:\\Dokumente und Einstellungen\\***\\Desktop\\noch mehr o.O\\teeworlds-0.5.2-win32\\teeworlds_srv_race.exe"=
"c:\\Programme\\AVG\\AVG9\\avgemc.exe"=
"c:\\Programme\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programme\\AVG\\AVG9\\avgnsx.exe"=
"c:\\gPotato.eu\\Allods Online\\bin\\Launcher.exe"=
"c:\\gPotato.eu\\Allods Online\\bin\\AOgame.exe"=
"c:\\Dokumente und Einstellungen\\***\\Desktop\\noch mehr o.O\\lmfao\\pack\\root.eix\\metin2.bin"=
"c:\\Dokumente und Einstellungen\\***\\Desktop\\noch mehr o.O\\lmfao\\pack\\root.eix\\Metin2.exe"=
"c:\\Programme\\eDgMt2\\eDgMt2.exe"=
"c:\\Dokumente und Einstellungen\\***\\Desktop\\noch mehr o.O\\teeworlds-0.5.2-win32\\teeworlds_srv_dd.exe"=
"c:\\Dokumente und Einstellungen\\***\\Desktop\\noch mehr o.O\\teeworlds-0.5.2-win32\\teeworlds_srv.exe"=
"c:\\Programme\\WinSCP\\WinSCP.exe"=
"c:\\Xampp\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Xampp\\xampp\\FileZillaFTP\\FileZilla Server.exe"=
"c:\\Xampp\\xampp\\MercuryMail\\mercury.exe"=
"c:\\MiniWebServ\\MiniWebserver.exe"=
"c:\\EasyServ\\apache\\Apache.exe"=
"c:\\Programme\\KeyFocus\\KFWS\\bin\\kfwserv.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Programme\\Abyss Web Server\\abyssws.exe"=
"c:\\Own\\Apache2\\bin\\Apache.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8303:UDP"= 8303:UDP:Teeworlds
"9303:UDP"= 9303:UDP:teeworlds_sry_insatgib
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"8304:UDP"= 8304:UDP:SHaiya
"1433:TCP"= 1433:TCP:*:Disabled:SQL
"1433:UDP"= 1433:UDP:*:Disabled:SQL
"30800:TCP"= 30800:TCP:login
"30810:TCP"= 30810:TCP:game
"30900:TCP"= 30900:TCP:session
"30901:TCP"= 30901:TCP:userlog
"30911:TCP"= 30911:TCP:dbagent
"30912:TCP"= 30912:TCP:gamelog
"40900:TCP"= 40900:TCP:psmagent
"1056:TCP"= 1056:TCP:dbagent2
"1072:TCP"= 1072:TCP:gamelog
"4015:TCP"= 4015:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23.05.2010 08:19 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23.05.2010 08:19 243024]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [27.07.2007 14:00 14336]
R2 avg9wd;AVG Free WatchDog;c:\programme\AVG\AVG9\avgwdsvc.exe [17.07.2010 08:39 308136]
R2 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;c:\programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [30.06.2009 13:32 61440]
R2 PSM_AgentServer;Shaiya Agent Server;c:\shaiyaserver\SERVER\PSM_Server\PSMServer_Agent.exe [10.08.2010 12:43 507904]
R2 shaiya_serverf;shaiya_serverf;c:\shaiyaserver\SERVER\PSM_Client\PSM_Agent.exe [10.08.2010 12:43 512000]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25.02.2010 19:40 1047880]
R3 AVMWAN;AVM NDIS WAN CAPI-Treiber;c:\windows\system32\drivers\avmwan.sys [14.01.2008 13:23 37568]
R3 fpcibase;AVM ISDN-Controller FRITZ!Card PCI v2.0;c:\windows\system32\drivers\fpcibase.sys [14.01.2008 13:23 444416]
S2 MSSQL$AUTH;SQL Server (AUTH);"c:\dokumente und einstellungen\***\Desktop\rappelz_p\sql\MSSQL10.RAPPELZ_AUTH\MSSQL\Binn\sqlservr.exe" -sAUTH --> c:\dokumente und einstellungen\***\Desktop\rappelz_p\sql\MSSQL10.RAPPELZ_AUTH\MSSQL\Binn\sqlservr.exe [?]
S2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe  --> c:\programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe  [?]
S2 shaiya_server;shaiya_server;c:\shaiyaserver\SERVER\PSM_Server\PSMServer_Agent.exe [10.08.2010 12:43 507904]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programme\AVG\AVG9\Toolbar\ToolbarBroker.exe [23.05.2010 08:18 431432]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\gPotato.eu\Rappelz\GameGuard\dump_wmimmc.sys --> c:\program files\gPotato.eu\Rappelz\GameGuard\dump_wmimmc.sys [?]
S3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [30.06.2009 13:32 17280]
S3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS [30.06.2009 13:32 17152]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [30.06.2009 13:32 17536]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24.02.2005 12:29 162176]
S3 ps_dbAgent;Shaiya DBAgent Server;c:\shaiyaserver\SERVER\PSM_Client\Bin\ps_dbAgent.exe [10.08.2010 12:43 458752]
S3 ps_game;Shaiya Game Server;c:\shaiyaserver\SERVER\PSM_Client\Bin\ps_game.exe [10.08.2010 12:43 1323008]
S3 ps_gameLog;Shaiya Game Log Server;c:\shaiyaserver\SERVER\PSM_Client\Bin\ps_gameLog.exe [10.08.2010 12:43 307200]
S3 ps_login;Shaiya Login Server;c:\shaiyaserver\SERVER\PSM_Client\Bin\ps_login.exe [10.08.2010 12:43 319488]
S3 ps_session;Shaiya Session Server;c:\shaiyaserver\SERVER\PSM_Client\Bin\ps_session.exe [10.08.2010 12:43 323584]
S3 ps_userLog;Shaiya User Log Server;c:\shaiyaserver\SERVER\PSM_Client\Bin\ps_userLog.exe [10.08.2010 12:43 286720]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;\??\c:\programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys --> c:\programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [?]
S4 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [09.10.2009 05:45 169312]
S4 Apache2.2;Apache2.2;"c:\programme\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice --> c:\programme\Apache Software Foundation\Apache2.2\bin\httpd.exe [?]
S4 avg9emc;AVG Free E-mail Scanner;c:\programme\AVG\AVG9\avgemc.exe [17.07.2010 08:38 921952]
S4 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [20.12.2009 08:26 135664]
S4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\programme\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.07.2008 02:27 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.07.2008 02:49 242712]
S4 SQLAgent$AUTH;SQL Server-Agent (AUTH);"c:\dokumente und einstellungen\***\Desktop\rappelz_p\sql\MSSQL10.RAPPELZ_AUTH\MSSQL\Binn\SQLAGENT.EXE" -i AUTH --> c:\dokumente und einstellungen\***\Desktop\rappelz_p\sql\MSSQL10.RAPPELZ_AUTH\MSSQL\Binn\SQLAGENT.EXE [?]
S4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.07.2008 02:27 369688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners

2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-12-20 06:26]

2010-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-12-20 06:26]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=%s
IE: Add to AMV Converter... - c:\programme\MP3 Player Utilities 4.15\AMVConverter\grab.html
IE: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: MediaManager tool grab multimedia file - c:\programme\MP3 Player Utilities 4.15\MediaManager\grab.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\programme\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\uo7jdr3p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://de.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_de&p=
FF - component: c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\uo7jdr3p.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\FFExternalAlert.dll
FF - component: c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\uo7jdr3p.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCore.dll
FF - component: c:\programme\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\programme\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\programme\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\programme\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\programme\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programme\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\programme\Opera\9.64\program\plugins\npdsplay.dll
FF - plugin: c:\programme\Opera\9.64\program\plugins\NPSWF32.dll
FF - plugin: c:\programme\Opera\9.64\program\plugins\npwmsdrm.dll
FF - plugin: c:\programme\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-AdobeCS5ServiceManager - c:\programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL
MSConfigStartUp-Pando Media Booster - c:\programme\Pando Networks\Media Booster\PMB.exe
MSConfigStartUp-SwitchBoard - c:\programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe
AddRemove-BitTorrent DNA - c:\programme\DNA\btdna.exe



[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="\"c:\dokumente und einstellungen\***\Desktop\dslan_v1.13\dslan_v1.13\mysql\bin\mysqld-nt\" \"--defaults-file=c:\dokumente und einstellungen\***\Desktop\dslan_v1.13\dslan_v1.13\mysql\bin\my.cnf\" mysql"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(836)
c:\windows\system32\nvappfilter.dll

- - - - - - - > 'explorer.exe'(4864)
c:\programme\FTP\en-US\sfShellTools.dll.mui
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programme\WinSCP\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\programme\AVG\AVG9\avgchsvx.exe
c:\programme\AVG\AVG9\avgrsx.exe
c:\programme\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\msdtc.exe
c:\programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\programme\AVG\AVG9\avgnsx.exe
c:\windows\system32\RUNDLL32.EXE
c:\programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\programme\Skype\Phone\Skype.exe
c:\programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\PAStiSvc.exe
c:\programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\programme\Windows Live\Contacts\wlcomm.exe
c:\programme\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
c:\programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-10-09  22:46:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-10-09 20:46

Vor Suchlauf: 39 Verzeichnis(se), 56.711.069.696 Bytes frei
Nach Suchlauf: 45 Verzeichnis(se), 58.695.299.072 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 6F98174F4CA5B0D6B4822D1A27FB0D1A

08.10.2010, 07:48	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Skype - Facebook Virus Dann öffne Malwarebytes und schau im Reiter Logdateien nach. Ohne zu wissen was genau gefunden wurde wird das eine Sache für die __________________ Logfiles bitte immer in CODE-Tags posten

09.10.2010, 19:27	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Skype - Facebook Virus Beim Fix? Probier es bitte nochmal! __________________ Logfiles bitte immer in CODE-Tags posten

10.10.2010, 19:18	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Skype - Facebook Virus Das Log ist ist unvollständig! Bitte komplett posten. __________________ Logfiles bitte immer in CODE-Tags posten

Skype - Facebook Virus

Plagegeister aller Art und deren Bekämpfung: Skype - Facebook Virus