![]() |
|
Plagegeister aller Art und deren Bekämpfung: Google leitet mich immer wieder umWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
| ![]() Google leitet mich immer wieder um Hallo ich habe ein Problem und zwar leitet mich Google regelmäßig auf andere Suchmaschinen und andere Seiten um. Ich weiß nicht womit es begonnen hat, also was ich falsch gemacht habe. Hier ist der Malwarebytes log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4862 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 17.10.2010 21:01:57 mbam-log-2010-10-17 (21-01-57).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 174138 Laufzeit: 8 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{c2a9863c-100e-f7ea-934b-b2436973e9a9} (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) und nun die Logs von OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.10.2010 21:14:01 - Run 1 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 911,52 Gb Total Space | 711,74 Gb Free Space | 78,08% Space Free | Partition Type: NTFS Drive D: | 19,98 Gb Total Space | 9,30 Gb Free Space | 46,53% Space Free | Partition Type: FAT32 Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Opera\opera.exe (Opera Software) PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.com.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Users\***\Program Files\DNA\btdna.exe (BitTorrent, Inc.) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe (Deutsche Telekom AG) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe (Deutsche Telekom AG) PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe (Deutsche Telekom AG) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Programme\T-Online\T-Online_Software_6\Notifier\Notifier.exe (fun communications GmbH, hxxp://www.fun.de) PRC - C:\Programme\TCM\TCM COMBO SET\PS2USBKbdDrv.exe () PRC - C:\Programme\TCM\TCM COMBO SET\MouseDrv.exe () PRC - C:\Programme\Free Spyware Scanner\SpyWatcher.exe (Topdownloads Networks) ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe () ========== Driver Services (SafeList) ========== DRV - (XDva370) -- C:\Windows\System32\XDva370.sys File not found DRV - (XDva362) -- C:\Windows\System32\XDva362.sys File not found DRV - (XDva359) -- C:\Windows\System32\XDva359.sys File not found DRV - (XDva352) -- C:\Windows\System32\XDva352.sys File not found DRV - (XDva349) -- C:\Windows\System32\XDva349.sys File not found DRV - (XDva348) -- C:\Windows\System32\XDva348.sys File not found DRV - (XDva347) -- C:\Windows\System32\XDva347.sys File not found DRV - (XDva346) -- C:\Windows\System32\XDva346.sys File not found DRV - (XDva345) -- C:\Windows\System32\XDva345.sys File not found DRV - (XDva344) -- C:\Windows\System32\XDva344.sys File not found DRV - (XDva343) -- C:\Windows\System32\XDva343.sys File not found DRV - (XDva342) -- C:\Windows\System32\XDva342.sys File not found DRV - (XDva337) -- C:\Windows\System32\XDva337.sys File not found DRV - (XDva336) -- C:\Windows\System32\XDva336.sys File not found DRV - (XDva332) -- C:\Windows\System32\XDva332.sys File not found DRV - (XDva327) -- C:\Windows\System32\XDva327.sys File not found DRV - (XDva321) -- C:\Windows\System32\XDva321.sys File not found DRV - (XDva317) -- C:\Windows\System32\XDva317.sys File not found DRV - (XDva315) -- C:\Windows\System32\XDva315.sys File not found DRV - (XDva310) -- C:\Windows\System32\XDva310.sys File not found DRV - (vsdatant7) -- C:\Windows\System32\drivers\vsdatant.win7.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (dsltestSp5) -- C:\Windows\System32\drivers\DslTestSp5.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Programme\BS_Player\tbBS_1.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Programme\BS_Player\tbBS_1.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul" FF - prefs.js..extensions.enabledItems: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.6 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3.2 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.23 16:55:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.23 16:55:07 | 000,000,000 | ---D | M] [2009.03.29 14:48:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.10.17 14:39:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bxgw597k.default\extensions [2010.09.16 18:49:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bxgw597k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.16 18:49:09 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bxgw597k.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2010.09.25 11:07:54 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bxgw597k.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.09.16 18:50:09 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bxgw597k.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.09.16 18:49:08 | 000,000,000 | ---D | M] (BS Player Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bxgw597k.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} [2010.10.11 19:56:45 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\bxgw597k.default\searchplugins\icqplugin-1.xml [2009.06.18 18:57:02 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\bxgw597k.default\searchplugins\icqplugin-2.xml [2009.08.01 13:22:55 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\bxgw597k.default\searchplugins\icqplugin-3.xml [2009.08.12 19:32:37 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\bxgw597k.default\searchplugins\icqplugin-4.xml [2009.09.17 14:21:22 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\bxgw597k.default\searchplugins\icqplugin-5.xml [2009.04.29 17:04:24 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\bxgw597k.default\searchplugins\icqplugin.xml [2009.10.22 13:59:12 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.04.10 21:31:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2009.06.04 21:08:39 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll [2010.09.21 15:14:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.21 15:14:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.21 15:14:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.21 15:14:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.21 15:14:14 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.09.10 10:11:29 | 000,411,777 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 14233 more lines... O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Programme\BS_Player\tbBS_1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Programme\BS_Player\tbBS_1.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Programme\BS_Player\tbBS_1.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Spy Watcher] C:\Programme\Free Spyware Scanner\SpyWatcher.exe (Topdownloads Networks) O4 - HKLM..\Run: [WireLessKeyboard ] C:\Programme\TCM\TCM COMBO SET\PS2USBKbdDrv.exe () O4 - HKLM..\Run: [WireLessMouse ] C:\Programme\TCM\TCM COMBO SET\MouseDrv.exe () O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\***\Program Files\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [Feeds] C:\Windows\feeds.bat.lnk File not found O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe File not found O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/F/D/9/FD9E437D-5BC8-4264-A093-DFA2C39D197E/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Users\***\Desktop\AGBOT~1.PAC\EDXDET~1\detour.dll) - C:\Users\***\Desktop\AGBOT~1.PAC\EDXDET~1\detour.dll File not found O20 - AppInit_DLLs: (C:\Users\***\Desktop\AGBOT~1.PAC\EDXDET~1\detour.dll) - C:\Users\***\Desktop\AGBOT~1.PAC\EDXDET~1\detour.dll File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2010.10.17 21:00:21 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2010.10.17 20:50:01 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.10.17 20:46:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.10.17 20:25:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.17 20:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.17 20:25:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.10.17 20:25:00 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.13 18:55:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010.10.13 18:46:51 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2010.10.13 18:46:19 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll [2010.10.13 18:45:53 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.10.13 18:41:14 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll [2010.10.13 18:41:14 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll [2010.10.13 18:40:36 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.10.13 18:40:34 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll [2010.10.13 18:40:27 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.10.13 18:40:25 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.10.13 18:40:25 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.10.13 18:40:25 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2010.10.13 18:40:25 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.10.13 18:40:25 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2010.10.13 18:40:25 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2010.10.13 18:40:25 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.10.13 18:40:25 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2010.10.13 18:40:25 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.10.03 13:06:22 | 000,000,000 | ---D | C] -- C:\Users\Weisel\Documents\Meine Corel-Shows [2010.09.29 14:13:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.09.28 17:26:07 | 000,000,000 | ---D | C] -- C:\Users\Weisel\AppData\Roaming\Avira [2010.09.28 17:21:55 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.09.28 17:21:54 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.09.28 17:21:54 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.09.28 17:21:54 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.09.28 17:21:54 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.09.28 17:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.09.25 14:22:01 | 000,000,000 | ---D | C] -- C:\Programme\Opera [2009.07.01 18:19:54 | 348,281,957 | ---- | C] (Subagames.com ) -- C:\Programme\CrossFire_Setup_v1011.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.17 21:15:00 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job [2010.10.17 21:00:13 | 001,062,574 | ---- | M] () -- C:\Users\***\Desktop\7z911.exe [2010.10.17 20:50:01 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Weisel\Desktop\OTL.exe [2010.10.17 20:48:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.10.17 20:25:05 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.17 19:51:30 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.10.17 19:49:40 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.17 19:49:40 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.17 19:49:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.17 19:49:19 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys [2010.10.17 17:15:18 | 000,002,623 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Word.lnk [2010.10.17 15:47:19 | 000,029,184 | ---- | M] () -- C:\Users\***\Documents\FolieMINT.doc [2010.10.15 13:20:06 | 003,659,982 | ---- | M] () -- C:\Users\***\Desktop\Usher - DJ Got Us Falling In Love Again.mp3 [2010.10.15 13:20:05 | 000,975,556 | ---- | M] () -- C:\Users\***\Desktop\Gigi D'Agostino - I'll Fly with You.mp3 [2010.10.14 06:20:50 | 000,302,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.13 14:43:15 | 000,000,719 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2010.10.11 11:49:28 | 000,003,452 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys [2010.10.11 11:49:24 | 000,000,088 | RHS- | M] () -- C:\Windows\System32\B767E94595.sys [2010.10.04 18:10:08 | 008,742,220 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.04 18:10:08 | 003,070,156 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.04 18:10:08 | 002,477,918 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.04 18:10:07 | 002,724,536 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.01 15:07:14 | 004,678,550 | ---- | M] () -- C:\Users\***\Desktop\IYAZ - Solo.MP3 [2010.09.24 20:41:52 | 003,821,696 | ---- | M] () -- C:\Users\***\Desktop\Michael Mind Project - Feel Your Body.mp3 [2010.09.20 11:25:01 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll [2010.09.18 17:50:21 | 000,165,376 | ---- | M] () -- C:\Users\***\Desktop\bus_portfolio.doc [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.17 21:00:09 | 001,062,574 | ---- | C] () -- C:\Users\***\Desktop\7z911.exe [2010.10.17 20:25:05 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.17 19:53:34 | 004,159,105 | ---- | C] () -- C:\Users\***\Desktop\Lady GaGa - Paparazzi.mp3 [2010.10.17 15:47:19 | 000,029,184 | ---- | C] () -- C:\Users\***\Documents\FolieMINT.doc [2010.10.14 22:41:46 | 003,659,982 | ---- | C] () -- C:\Users\***\Desktop\Usher - DJ Got Us Falling In Love Again.mp3 [2010.10.14 22:39:42 | 000,975,556 | ---- | C] () -- C:\Users\***\Desktop\Gigi D'Agostino - I'll Fly with You.mp3 [2010.10.02 16:40:52 | 004,678,550 | ---- | C] () -- C:\Users\***\Desktop\IYAZ - Solo.MP3 [2010.10.02 16:40:47 | 003,821,696 | ---- | C] () -- C:\Users\***\Desktop\Michael Mind Project - Feel Your Body.mp3 [2010.09.25 14:22:03 | 000,000,719 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2010.02.26 14:57:18 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.02.03 17:09:53 | 000,000,552 | ---- | C] () -- C:\Users\***\AppData\Local\d3d8caps.dat [2009.11.02 15:40:06 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.09.22 20:13:53 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2009.06.28 15:02:05 | 000,015,872 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.04 16:42:59 | 000,000,009 | ---- | C] () -- C:\Users\***\AppData\Roaming\mdb.bin [2009.04.04 12:46:58 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2009.04.01 20:19:51 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\B767E94595.sys [2009.04.01 20:19:50 | 000,003,452 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2009.03.27 19:04:39 | 000,001,114 | ---- | C] () -- C:\Users\*** [2009.01.23 16:37:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 72 bytes -> C:\Windows:6710A79750971EC0 @Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:66B13F37 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6152D44C < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.10.2010 21:14:01 - Run 1 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 911,52 Gb Total Space | 711,74 Gb Free Space | 78,08% Space Free | Partition Type: NTFS Drive D: | 19,98 Gb Total Space | 9,30 Gb Free Space | 46,53% Space Free | Partition Type: FAT32 Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = Opera.HTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{001BEE00-47B8-4A3C-8796-1C38B49B9D0E}" = lport=2869 | protocol=6 | dir=in | app=system | "{00F890EB-7337-4974-9F81-70B27621B1B4}" = lport=6933 | protocol=17 | dir=in | name=league of legends launcher | "{06FE4955-1E71-4B1F-94DA-5E5EFF1A2C1F}" = lport=6883 | protocol=6 | dir=in | name=league of legends launcher | "{2152B8B3-62D2-4BB0-A463-0E02F8E5A7D8}" = lport=6883 | protocol=17 | dir=in | name=league of legends launcher | "{2AC644EE-1B3C-4482-98B0-60DB0BE60FC7}" = lport=6950 | protocol=6 | dir=in | name=league of legends launcher | "{2EECFA56-1812-4AAD-8D2C-0FF6C1F90630}" = lport=6983 | protocol=6 | dir=in | name=league of legends launcher | "{438EAE9D-BE8B-46D7-ADCD-B9A09C9D35CC}" = lport=6957 | protocol=17 | dir=in | name=league of legends launcher | "{484FEC70-14F8-4A66-81A5-5559D1BD2DBF}" = rport=139 | protocol=6 | dir=out | app=system | "{4DBCA4DC-8416-427C-88BA-2992B76B321A}" = lport=6967 | protocol=6 | dir=in | name=league of legends launcher | "{50CA6076-3748-4E9A-AE09-0A5370BE122A}" = lport=6933 | protocol=6 | dir=in | name=league of legends launcher | "{5605CBE8-E425-4CC8-8650-11E2E54CD410}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | "{6244266C-BA13-411D-8135-B3FE1C593740}" = lport=6957 | protocol=6 | dir=in | name=league of legends launcher | "{8D1DC060-8445-4755-8DFC-E442E25D477F}" = lport=139 | protocol=6 | dir=in | app=system | "{8E09107B-1DCB-445A-B151-E7A8BCE866E4}" = rport=445 | protocol=6 | dir=out | app=system | "{8EC5676F-6E0C-485A-B7D8-CCC0A51902E3}" = rport=137 | protocol=17 | dir=out | app=system | "{924AC7F4-9A89-4298-AFDE-200F2956C1F7}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | "{9FBF1464-4E14-4272-A57F-A6FD097F0D19}" = lport=6983 | protocol=17 | dir=in | name=league of legends launcher | "{A4F0297B-AB98-46AD-948E-10756EBC003D}" = lport=445 | protocol=6 | dir=in | app=system | "{A8FF4D4D-379C-469D-B062-C00D957AB101}" = rport=138 | protocol=17 | dir=out | app=system | "{AC7BBF24-F578-4AE7-AB29-C81FECF2A546}" = lport=137 | protocol=17 | dir=in | app=system | "{B6B8A548-913C-4929-BB5D-74880C413469}" = lport=6905 | protocol=6 | dir=in | name=league of legends launcher | "{BB2252DE-4DCD-451A-9279-124F289E7B3F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C312AB40-B5C5-430B-99BE-184C8ACD417F}" = lport=138 | protocol=17 | dir=in | app=system | "{CC96B6AF-7507-4609-A1B9-BAE5EF391C32}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D24F0E0B-06FC-4321-926F-B05F4749F144}" = lport=6905 | protocol=17 | dir=in | name=league of legends launcher | "{DB8A9A3A-6AC8-4875-B6BB-B3D9FF65324A}" = lport=6967 | protocol=17 | dir=in | name=league of legends launcher | "{E882AAA3-D43C-49CC-A0D5-00E6E2700FE0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{F234F8DE-BAB0-4902-B671-8AAF4236D9FE}" = lport=6950 | protocol=17 | dir=in | name=league of legends launcher | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01D02C4C-30B8-487A-9396-1AEB431B5046}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{0EE77DD1-3727-4494-AB7E-F7F415818091}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{1164C742-4982-4BA2-99C4-629F9BA91239}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{1CA0FD0C-3709-43AB-81F4-7D7D890C61DB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{229EF94A-467D-4741-8DE3-52831E9503F4}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | "{23B11257-ADF8-4D5D-8ED9-AEA05B1B4116}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | "{37B03BCA-A64C-466E-9F47-EBF2A15D6141}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | "{3CF8E98A-12EF-48FB-9497-62664A990DF0}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | "{4392491D-AA22-406F-A122-1D6206FA59D6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{660E0E0A-B6BF-4276-9DDA-F508BF97C74D}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | "{69C589FD-CD0E-41B6-BB81-C0ED5530BE75}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{70BBCCD9-5AB9-4083-944F-CC6B4FAD60D7}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{88C0036E-5C9C-4369-900C-6A9F2A39FBC9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{890B1C8D-0EA6-4698-A825-1491AEF15FA3}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | "{92A8BF6C-CBF2-485B-B349-276BFC01BB9F}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{9DCB2140-A6D2-4992-95E4-012B0A336508}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{B0F41ADA-0687-40E8-8AC8-F47E120D1EA5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{B8F12969-B93B-4FC6-8076-178821C5E71B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C826975C-2144-4D99-9E20-F82BAAB603CD}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{E7C1F490-5097-4A8A-8895-CC129D132E07}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "TCP Query User{819E694F-27A1-4E3A-BAC7-1BCCCE23F4FA}C:\users\***\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\***\program files\dna\btdna.exe | "TCP Query User{89070301-75C2-4B3F-A372-3AD470095DDB}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{DFC23AA6-A7CB-4E2C-AB39-5D2D4360E872}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{38D239CC-204C-412D-93E6-FC818F69C65B}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{4B12C143-00E2-4F56-B51C-BFD490E0FA17}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{DF3EC06B-E211-4D42-BBD5-97D76CE8DAE0}C:\users\***\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\***\program files\dna\btdna.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas "{09F25F86-F957-4051-8AB2-0E0D948BBB5D}" = 1310 "{0ADF1B89-17EA-489C-86DF-6E33DA8520A6}_is1" = flatster "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{10798AE3-DCBB-43C3-9C93-C23512427E25}" = Die Sims Deluxe "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09 "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12 "{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{32A3A4F4-B792-11D6-A78A-00B0D0160070}" = Java(TM) SE Development Kit 6 Update 7 "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{6206FD57-3E60-4A52-AD1B-7D9F7BA2777E}" = TCM Combo Set "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie "{6D4553DF-2095-4D10-92C0-17934733B51D}" = 1310_Help "{6D7E031C-4C05-4265-854A-FE9FDEA9984D}" = 1310Trb "{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer "{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call "{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63 "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync "{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002 "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{9C244239-ED8E-40f1-937F-51C706CD2160}" = Die Sims™ 2 Deluxe "{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13 "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0 "{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "7-Zip" = 7-Zip 9.11 beta "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BS_Player Toolbar" = BS_Player Toolbar "CABAL Online_is1" = CABAL Online "CloneCD" = CloneCD "Cross Fire_is1" = Cross Fire En "Defraggler" = Defraggler "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Free Spyware Scanner 9.6" = Free Spyware Scanner 9.6 "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "InstallShield_{6206FD57-3E60-4A52-AD1B-7D9F7BA2777E}" = TCM Combo Set "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager "League of Legends_is1" = League of Legends "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10) "MP3 Cutter 1" = MP3 Cutter 1 "Mpeg2Decoder_is1" = Mpeg2Decoder 1.3 "NVIDIA Drivers" = NVIDIA Drivers "Picasa 3" = Picasa 3 "StarCraft II" = StarCraft II "VLC media player" = VLC media player 1.0.2 "WinGimp-2.0_is1" = GIMP 2.6.8 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "Works2003Setup" = Microsoft Works 2003-Setup-Start "ZoneAlarm" = ZoneAlarm ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent DNA" = DNA "TeamSpeak 3 Client" = TeamSpeak 3 Client ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 15.10.2010 12:23:36 | Computer Name = ***-PC | Source = System Restore | ID = 8193 Description = Error - 15.10.2010 14:53:37 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 16.10.2010 08:16:40 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 16.10.2010 09:12:16 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 16.10.2010 09:53:37 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 16.10.2010 14:04:56 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 17.10.2010 05:15:29 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 17.10.2010 08:23:02 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 17.10.2010 13:50:52 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 17.10.2010 14:46:58 | Computer Name = ***-PC | Source = MBAMService | ID = 131073 Description = [ System Events ] Error - 15.10.2010 07:17:53 | Computer Name = ***-PC | Source = HTTP | ID = 15016 Description = Error - 15.10.2010 12:12:18 | Computer Name = ***-PC | Source = HTTP | ID = 15016 Description = Error - 15.10.2010 14:52:19 | Computer Name = ***-PC | Source = HTTP | ID = 15016 Description = Error - 16.10.2010 08:15:18 | Computer Name = ***-PC | Source = HTTP | ID = 15016 Description = Error - 16.10.2010 09:10:54 | Computer Name = ***-PC | Source = HTTP | ID = 15016 Description = Error - 16.10.2010 09:52:21 | Computer Name = ***-PC | Source = HTTP | ID = 15016 Description = Error - 16.10.2010 14:03:33 | Computer Name = ***-PC | Source = HTTP | ID = 15016 Description = Error - 17.10.2010 05:14:06 | Computer Name = ***-PC | Source = HTTP | ID = 15016 Description = Error - 17.10.2010 08:21:42 | Computer Name = ***-PC | Source = HTTP | ID = 15016 Description = Error - 17.10.2010 13:49:43 | Computer Name = ***-PC | Source = HTTP | ID = 15016 Description = < End of report > Ich hoffe dass ich alles richtig gemacht habe, da dies mein erster Thread ist. Ein vergleichbarer Thread wurde gestern erstellt: http://www.trojaner-board.de/91885-a...ory-co-uk.html Danke schon mal im Voraus |
Themen zu Google leitet mich immer wieder um |
0x00000001, 32 bit, alternate, antivir, autorun, avira, bho, components, conduit, corp./icp, dsl, error, excel, excel.exe, firefox, flash player, google, grand theft auto, home, home premium, iastor.sys, install.exe, kernel.exe, league of legends, location, logfile, mozilla, nvlddmkm.sys, nvstor.sys, object, officejet, oldtimer, opera.exe, otl logfile, otl.exe, pando media booster, picasa, plug-in, problem, programdata, realtek, registry, saver, sched.exe, searchplugins, security, server, shell32.dll, skype.exe, software, sptd.sys, spyware, studio, suchmaschine, svchost.exe, system restore, teamspeak, trojan.zbotr.gen, vista, vlc media player, xdva337 |