|
Log-Analyse und Auswertung: Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswertenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.10.2010, 19:04 | #1 |
| Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten hi leude. . . ich habe ein Virenproblem ( gehe davon aus ). . . Kann viele Programme nicht mehr starten, installieren u.s.w. ( steht immer öffnet mit ) systemwiederherstellung geht nicht und meine antivirus programme kann ich auch nicht mehr öffnen, um mein pc scannen zu lassen. ich hoffe das ihr mir helfen könnt. hier ist mein hijack logfile... Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:46:55, on 21.10.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.21293) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\TaskSwitchXP\TaskSwitchXP.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.39\GoogleCrashHandler.exe C:\Programme\FRITZ!DSL\StCenter.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\FolderSize\FolderSizeSvc.exe C:\Programme\Hotspot Shield\bin\openvpnas.exe C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe C:\Programme\Hotspot Shield\bin\hsswd.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\libusbd-nt.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\Programme\Tunngle\TnglCtrl.exe C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Pcm.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://facebook.de/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file) O1 - Hosts: 74.208.10.249 gs.apple.com O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers Client\YontooIEClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SCHelper.exe] C:\Programme\Spyware Cease\SCHelper.exe -0 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TaskSwitchXP] C:\Programme\TaskSwitchXP\TaskSwitchXP.exe O4 - HKCU\..\Run: [Google Update] "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Java Update Manager] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HEX-5823-6893-6818\manager.exe O4 - HKCU\..\Run: [IJKUK66HMN] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Pcl.exe O4 - HKCU\..\Run: [NtWqIVLZEWZU] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Pcm.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [Ad-Watch Live!] C:\Programme\Lavasoft\Ad-Aware\Ad-Aware.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Programme\TaskSwitchXP\TaskSwitchXP.exe (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: FRITZ!DSL Startcenter.lnk = ? O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {490746C1-AEC2-4ADA-AEB5-393DE5D02017} (NeoLauncherCtl Class) - hxxp://dist.cdnetworks.co.kr/cdndist/neomapa/bin/NeoLauncher.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Folder Size (FolderSize) - Brio - C:\Programme\FolderSize\FolderSizeSvc.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Programme\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Programme\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Programme\Hotspot Shield\bin\hsswd.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - hxxp://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: TunngleService - Tunngle.net GmbH - C:\Programme\Tunngle\TnglCtrl.exe O24 - Desktop Component 1: (no name) - hxxp://itunes.apple.com/de/album/around-the-world-ep/id28127101 -- End of file - 13726 bytes |
21.10.2010, 19:28 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten Hallo und
__________________Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
21.10.2010, 22:04 | #3 |
| Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten also dies kam von der Malwarebytes raus . . .
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4904 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 21.10.2010 23:02:40 mbam-log-2010-10-21 (23-02-40).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 354999 Laufzeit: 2 Stunde(n), 25 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 2 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 12 Infizierte Registrierungswerte: 4 Infizierte Dateiobjekte der Registrierung: 6 Infizierte Verzeichnisse: 4 Infizierte Dateien: 46 Infizierte Speicherprozesse: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Pcm.exe (Rootkit.TDSS) -> No action taken. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Pcl.exe (Rootkit.TDSS) -> No action taken. Infizierte Speichermodule: c:\WINDOWS\system32\sshnas21.dll (Rootkit.TDSS) -> No action taken. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Rootkit.TDSS) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{cd6c7865-5864-11d0-abf0-0020af6b0b7a} (Malware.Packer.Gen) -> No action taken. HKEY_CLASSES_ROOT\Interface\{cd6c7866-5864-11d0-abf0-0020af6b0b7a} (Malware.Packer.Gen) -> No action taken. HKEY_CLASSES_ROOT\Interface\{cd6c7867-5864-11d0-abf0-0020af6b0b7a} (Malware.Packer.Gen) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{cd6c7868-5864-11d0-abf0-0020af6b0b7a} (Malware.Packer.Gen) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Spyware Cease (Rogue.SpywareCease) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware cease_is1 (Rogue.SpywareCease) -> No action taken. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RkHit (Rogue.SpywareCease) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\IJKUK66HMN (Trojan.FakeAlert) -> No action taken. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ntwqivlzewzu (Rootkit.TDSS) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ijkuk66hmn (Rootkit.TDSS) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> No action taken. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\java update manager (Trojan.Agent) -> No action taken. Infizierte Dateiobjekte der Registrierung: HKEY_CLASSES_ROOT\batfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> No action taken. HKEY_CLASSES_ROOT\comfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> No action taken. HKEY_CLASSES_ROOT\piffile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> No action taken. HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> No action taken. HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Infizierte Verzeichnisse: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HEX-5823-6893-6818 (Trojan.Agent) -> No action taken. C:\Programme\Spyware Cease (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\RegistryBackup (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\update (Rogue.SpywareCease) -> No action taken. Infizierte Dateien: c:\WINDOWS\system32\sshnas21.dll (Rootkit.TDSS) -> No action taken. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Pcm.exe (Rootkit.TDSS) -> No action taken. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Pcl.exe (Rootkit.TDSS) -> No action taken. C:\WINDOWS\IFinst27.exe (Trojan.Downloader) -> No action taken. C:\WINDOWS\system32\dmocx.dll (Malware.Packer.Gen) -> No action taken. C:\Naze\sonstiges\Eiskalt\VDOWNLOADER\vdownloader_setup.exe (Adware.ADON) -> No action taken. C:\Programme\Spyware Cease\RkHitApi.dll (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\spkdll.dll (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\AutoUpdate.exe (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\bcfile.lst (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\bmgac (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\dxddd (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\hrdb.hrl (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\idamx (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\iflee (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\LSR.lsr (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\md5.dll (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\mtools.dll (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\networkdll.dll (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\opfile.dll (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\QAreaDLL.dll (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\SCHelper.exe (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\sctdll.dll (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\SpywareCease.chm (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\SpywareCease.exe (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\SpywareCease.url (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\tmp5 (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\twcfile.lst (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\udefend.dll (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\unins000.dat (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\unins000.exe (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\update1 (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\update2 (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\update3 (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\ussafe.dll (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\vf (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\wcfile.lst (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\xxcum (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\zlib1.dll (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\update\Update.ini (Rogue.SpywareCease) -> No action taken. C:\Programme\Spyware Cease\update\uplist.up (Rogue.SpywareCease) -> No action taken. C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> No action taken. C:\a.txt (Worm.Traces) -> No action taken. C:\WINDOWS\system32\winrtsnr.txt (Malware.Trace) -> No action taken. C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> No action taken. C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> No action taken. |
21.10.2010, 22:17 | #4 |
| Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten dies kam bei OTL raus. . . OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.10.2010 23:05:48 - Run 1 OTL by OldTimer - Version 3.2.16.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 465,75 Gb Total Space | 288,44 Gb Free Space | 61,93% Space Free | Partition Type: NTFS Computer Name: asbiebgiqep | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Pcm.exe (Trend Micro Inc.) PRC - C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Pcl.exe (Trend Micro Inc.) PRC - C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe () PRC - C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe () PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\FolderSize\FolderSizeSvc.exe (Brio) PRC - C:\Programme\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin) PRC - C:\WINDOWS\system32\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (SSHNAS) -- C:\WINDOWS\system32\sshnas21.dll (Trend Micro Inc.) SRV - (Akamai) -- c:\Programme\Gemeinsame Dateien\Akamai\netsession_win_062a651.dll () SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (HotspotShieldService) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe () SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe () SRV - (TunngleService) -- C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe () SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (Adobe Version Cue CS4) -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated) SRV - (FolderSize) -- C:\Programme\FolderSize\FolderSizeSvc.exe (Brio) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (libusbd) -- C:\WINDOWS\system32\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (xhunter1) -- C:\WINDOWS\xhunter1.sys File not found DRV - (XDva359) -- C:\WINDOWS\System32\XDva359.sys File not found DRV - (XDva347) -- C:\WINDOWS\System32\XDva347.sys File not found DRV - (XDva346) -- C:\WINDOWS\System32\XDva346.sys File not found DRV - (XDva343) -- C:\WINDOWS\System32\XDva343.sys File not found DRV - (XDva341) -- C:\WINDOWS\System32\XDva341.sys File not found DRV - (XDva296) -- C:\WINDOWS\System32\XDva296.sys File not found DRV - (XDva295) -- C:\WINDOWS\System32\XDva295.sys File not found DRV - (vtany) -- C:\WINDOWS\vtany.sys File not found DRV - (Video3D) -- C:\WINDOWS\System32\Drivers\Video3D32.sys File not found DRV - (GarenaPEngine) -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\MMZ21.tmp File not found DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found DRV - (ADASPROT) -- C:\Programme\Advanced System Optimizer 3\adasprot32.sys File not found DRV - (RkHit) -- C:\WINDOWS\system32\drivers\RKHit.sys () DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc) DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (SPLITCAM) -- C:\WINDOWS\system32\drivers\splitcam.sys (LoteSoft Co.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\WINDOWS\system32\drivers\tap0901t.sys (Tunngle.net) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.) DRV - (asusgsb) -- C:\WINDOWS\system32\drivers\asusgsb.sys (ASUSTeK Computer Inc.) DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (ftsata2) -- C:\WINDOWS\System32\drivers\ftsata2.sys (Promise Technology, Inc.) DRV - (Si3114r5) -- C:\WINDOWS\System32\drivers\Si3114r5.sys (Silicon Image, Inc) DRV - (Si3132r5) -- C:\WINDOWS\System32\drivers\Si3132r5.sys (Silicon Image, Inc) DRV - (Si3132) -- C:\WINDOWS\System32\drivers\si3132.sys (Silicon Image, Inc.) DRV - (Si3124) -- C:\WINDOWS\System32\drivers\si3124.sys (Silicon Image, Inc.) DRV - (ulsata2) -- C:\WINDOWS\System32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation) DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation) DRV - (PAC7302) -- C:\WINDOWS\system32\drivers\PAC7302.SYS (PixArt Imaging Inc.) DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI Corporation) DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI Corporation) DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI Corporation) DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices) DRV - (ASUSVRC) -- C:\WINDOWS\system32\drivers\AsusVRC.sys (ASUSTeK COMPUTER INC.) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (EIO_XP) -- C:\WINDOWS\system32\drivers\EIO_XP.sys (ASUSTeK Computer Inc.) DRV - (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin) -- C:\WINDOWS\system32\drivers\BLKWGU.sys (Belkin Corporation) DRV - (BIOS) -- C:\WINDOWS\system32\drivers\BIOS.sys (BIOSTAR Group) DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys () DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245 IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = hxxp://www.google.com/search?q=%s IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11 FF - prefs.js..extensions.enabledItems: {43c35458-c907-439b-bcfd-07d373834689}:2.2.1 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.2.3 FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Ask.com" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Bing" FF - prefs.js..browser.startup.homepage: "hxxp://de.msn.com" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.live.com/results.aspx?mkt=de-DE&FORM=MICGEP&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.17 17:02:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.09.20 00:08:49 | 000,000,000 | ---D | M] [2010.01.26 22:23:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2010.10.21 18:57:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions [2010.01.28 12:03:47 | 000,000,000 | ---D | M] (FireShot) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2010.01.27 23:46:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.06 12:44:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\{43c35458-c907-439b-bcfd-07d373834689} [2010.08.06 12:48:18 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2010.02.20 13:41:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.03.24 00:25:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\plugin@yontoo.com [2010.08.11 19:13:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\support@predictad.com [2010.09.12 14:22:28 | 000,002,392 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\searchplugins\askcom.xml [2010.02.12 23:05:33 | 000,002,147 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\searchplugins\bing.xml [2010.06.08 11:29:10 | 000,000,927 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\searchplugins\conduit.xml [2010.02.13 17:22:43 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\searchplugins\sweetim.xml [2010.10.21 18:57:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.06.06 21:03:24 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.09.20 00:08:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.09.20 00:08:07 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.29 23:15:03 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.29 23:15:03 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.29 23:15:03 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.23 18:32:42 | 000,003,803 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\MyHeritage.xml [2010.01.29 23:15:03 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.29 23:15:03 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.10.21 18:23:25 | 000,423,844 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 74.208.10.249 gs.apple.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 14607 more lines... O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll (SimplyGen) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll (www.flashget.com) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll (www.flashget.com) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin-0.80.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [SCHelper.exe] C:\Programme\Spyware Cease\SCHelper.exe (QW Computer) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [IJKUK66HMN] C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Pcl.exe (Trend Micro Inc.) O4 - HKCU..\Run: [Java Update Manager] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HEX-5823-6893-6818\manager.exe File not found O4 - HKCU..\Run: [NtWqIVLZEWZU] C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Pcm.exe (Trend Micro Inc.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [TaskSwitchXP] C:\Programme\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [Ad-Watch Live!] C:\Programme\Lavasoft\Ad-Aware\Ad-Aware.exe (Lavasoft) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk = C:\WINDOWS\Installer\{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}\Icon2457326B4.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\JC_ALL.HTM () O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\JC_LINK.HTM () O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\FRITZ!DSL\\sarah.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {490746C1-AEC2-4ADA-AEB5-393DE5D02017} hxxp://dist.cdnetworks.co.kr/cdndist/neomapa/bin/NeoLauncher.cab (NeoLauncherCtl Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (XPize_Logon.exe) - C:\WINDOWS\System32\XPize_Logon.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop Components:1 () - hxxp://itunes.apple.com/de/album/around-the-world-ep/id28127101 O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0412655f-ab85-11df-bc09-00306724cd87}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{0412655f-ab85-11df-bc09-00306724cd87}\Shell\AutoRun\command - "" = K:\POGRJESILA\maychi.exe -- File not found O33 - MountPoints2\{0412655f-ab85-11df-bc09-00306724cd87}\Shell\explore\command - "" = K:\POGRJESILA\\maychi.exe -- File not found O33 - MountPoints2\{0412655f-ab85-11df-bc09-00306724cd87}\Shell\open\command - "" = K:\POGRJESILA\\maychi.exe -- File not found O33 - MountPoints2\{ad4f4174-1aef-11df-bafe-001cdf78a371}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ad4f4174-1aef-11df-bafe-001cdf78a371}\Shell\AutoRun\command - "" = K:\muza\sguza.exe -- File not found O33 - MountPoints2\{ad4f4174-1aef-11df-bafe-001cdf78a371}\Shell\explore\command - "" = K:\muza\\sguza.exe -- File not found O33 - MountPoints2\{ad4f4174-1aef-11df-bafe-001cdf78a371}\Shell\open\command - "" = K:\muza\\sguza.exe -- File not found O33 - MountPoints2\{b55eb244-748b-11df-bbb7-00306724cd87}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b55eb244-748b-11df-bbb7-00306724cd87}\Shell\AutoRun\command - "" = K:\rane\kure.exe -- File not found O33 - MountPoints2\{b55eb244-748b-11df-bbb7-00306724cd87}\Shell\explore\command - "" = K:\ O33 - MountPoints2\{b55eb244-748b-11df-bbb7-00306724cd87}\Shell\open\command - "" = K:\rane\\kure.exe -- File not found O33 - MountPoints2\{c2c35c96-197d-11df-baf9-001cdf78a371}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c2c35c96-197d-11df-baf9-001cdf78a371}\Shell\AutoRun\command - "" = K:\POGRJESILA\maychi.exe -- File not found O33 - MountPoints2\{c2c35c96-197d-11df-baf9-001cdf78a371}\Shell\explore\command - "" = K:\POGRJESILA\\maychi.exe -- File not found O33 - MountPoints2\{c2c35c96-197d-11df-baf9-001cdf78a371}\Shell\open\command - "" = K:\POGRJESILA\\maychi.exe -- File not found O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\POGRJESILA\maychi.exe -- File not found O33 - MountPoints2\K\Shell\explore\command - "" = K:\POGRJESILA\\maychi.exe -- File not found O33 - MountPoints2\K\Shell\open\command - "" = K:\POGRJESILA\\maychi.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (sasnative32) - File not found O34 - HKLM BootExecute: (aswBoot.exe /M:437c090b2) - File not found O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.21 20:33:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes [2010.10.21 20:33:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.10.21 20:33:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.10.21 20:33:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.10.21 20:33:10 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.21 20:32:27 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup.exe [2010.10.21 20:31:38 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2010.10.21 19:46:36 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe [2010.10.21 19:23:29 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{E961CE1B-C3EA-4882-9F67-F859B555D097} [2010.10.21 19:22:52 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft [2010.10.21 19:22:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft [2010.10.21 19:12:06 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent [2010.10.21 19:09:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software [2010.10.21 18:54:57 | 000,000,000 | RHSD | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HEX-5823-6893-6818 [2010.10.21 18:13:49 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2010.10.21 18:13:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2010.10.21 13:36:19 | 000,421,888 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\sshnas21.dll [2010.10.19 13:34:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Mihriban [2010.10.17 17:51:11 | 000,000,000 | ---D | C] -- C:\My Music [2010.10.16 18:16:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\usb stick [2010.10.15 11:43:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads [2010.10.15 02:12:24 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srvsvc.dll [2010.10.15 02:10:36 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll [2010.10.15 02:10:35 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2010.10.15 02:10:34 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010.10.15 02:10:27 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2010.10.15 01:36:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\AeriaGames [2010.10.13 23:26:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\.shsh [2010.10.13 23:26:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\__MACOSX [2010.10.13 14:00:49 | 000,000,000 | ---D | C] -- C:\Programme\Gravity [2010.10.13 11:50:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neuer Ordner [2010.10.11 20:56:02 | 000,000,000 | ---D | C] -- C:\GamerKraft [2010.10.11 20:05:54 | 000,000,000 | ---D | C] -- C:\pakour spiel [2010.10.09 03:33:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\gimme some house [2010.10.02 15:06:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX [2010.10.02 09:17:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Unsere Möbel [2010.10.02 00:10:16 | 000,000,000 | ---D | C] -- C:\AeriaGames [2010.10.01 20:54:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\HD Wallpaper [2010.10.01 19:16:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\EA Games [2010.10.01 19:12:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\EA Games [2010.10.01 17:51:33 | 000,000,000 | ---D | C] -- C:\Programme\EA GAMES [2010.09.24 19:48:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TS3Client [2010.09.24 19:45:29 | 000,000,000 | ---D | C] -- C:\Programme\TeamSpeak 3 Client [2010.09.24 02:20:32 | 000,000,000 | ---D | C] -- C:\gamigo [2010.08.11 19:12:58 | 002,944,904 | ---- | C] (Ask) -- C:\Programme\Gemeinsame Dateien\AskToolbarInstaller.exe [2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.21 23:07:06 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2010.10.21 22:52:17 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.10.21 22:28:00 | 000,000,262 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.10.21 22:22:00 | 000,001,240 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-117609710-1801674531-500UA.job [2010.10.21 22:21:02 | 000,000,494 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job [2010.10.21 20:33:16 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.21 20:32:55 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup.exe [2010.10.21 20:31:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2010.10.21 19:23:06 | 000,000,847 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware.lnk [2010.10.21 19:16:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.10.21 19:14:05 | 000,002,213 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk [2010.10.21 19:13:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.10.21 19:12:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat [2010.10.21 18:23:25 | 000,423,844 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.10.21 18:22:58 | 000,423,844 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101021-182325.backup [2010.10.21 18:22:00 | 000,001,188 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-117609710-1801674531-500Core.job [2010.10.21 18:14:04 | 000,000,905 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Spybot - Search & Destroy.lnk [2010.10.21 16:33:59 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2010.10.21 16:33:51 | 003,410,996 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Whoopi Goldberg - Sister Act - Oh Maria.mp3 [2010.10.21 13:36:19 | 000,421,888 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\sshnas21.dll [2010.10.21 03:13:17 | 000,012,253 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Unbenanntdgfdsg.JPG [2010.10.21 01:43:27 | 000,002,953 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010.10.20 15:25:25 | 000,002,424 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Google Chrome.lnk [2010.10.19 20:29:21 | 003,138,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Shy&#39;m - Tout Est Dit - Reflets ( bonne version ).mp3 [2010.10.19 20:20:22 | 002,563,002 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Aidonia - Wine N Bubble [Lyrics].mp3 [2010.10.19 20:17:42 | 004,457,611 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Mt Eden Dubstep - Still Alive.mp3 [2010.10.19 20:13:04 | 004,492,719 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Major Lazer - Bruk Out (Foamo Remix).mp3 [2010.10.19 20:05:04 | 002,672,507 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Wiz Khalifa - The Statement [Official Video].mp3 [2010.10.19 20:02:18 | 005,965,189 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Lloyds Tsb Advert Sick Dubstep Remix.mp3 [2010.10.19 19:56:05 | 003,622,946 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Christina Milian - Am To Pm (instrumental).mp3 [2010.10.18 13:34:07 | 004,364,406 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Stromae - .Alors on danse.mp3 [2010.10.17 00:52:25 | 000,001,360 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.umbrella [2010.10.17 00:52:25 | 000,001,359 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101021-182258.backup [2010.10.15 11:22:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.10.15 09:15:19 | 002,151,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.10.13 23:55:28 | 000,001,359 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn [2010.10.13 18:41:49 | 000,000,710 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Inception RO Updater.exe.lnk [2010.10.13 18:41:49 | 000,000,670 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Inception RO.exe.lnk [2010.10.13 14:00:13 | 000,065,536 | ---- | M] () -- C:\WINDOWS\IFinst27.exe [2010.10.13 00:47:10 | 001,290,889 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\SDC15486.JPG [2010.10.12 20:27:21 | 000,230,432 | ---- | M] () -- C:\PA7302.DAT [2010.10.11 14:48:27 | 003,191,612 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Kopie von Sexion D&#39;assaut - Desole.mp3 [2010.10.11 13:16:21 | 003,191,612 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Sexion D&#39;assaut - Desole.mp3 [2010.10.11 12:40:32 | 002,554,598 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Mc Cidinho-1 Funk.mp3 [2010.10.11 12:19:18 | 005,159,936 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\umbrella-4.1.6.exe [2010.10.10 11:10:43 | 000,001,858 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Die Sims™ 2 Deluxe.lnk [2010.10.10 10:37:37 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neu Microsoft Office Word-Dokument (2).docx [2010.10.07 22:04:44 | 000,555,614 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.10.07 22:04:44 | 000,505,106 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.10.07 22:04:44 | 000,116,596 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.10.07 22:04:44 | 000,088,952 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.10.06 21:23:43 | 003,103,872 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\cardigans.lovefool.mp3 [2010.10.06 20:38:40 | 000,000,076 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\aionmemo_c1b89fb0.dat [2010.10.02 20:11:18 | 000,115,663 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\my-name-is-khan-wallpaper-1.jpg [2010.10.01 22:12:29 | 010,422,901 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\01. Pas.mp3 [2010.09.30 17:39:30 | 000,154,912 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\AUFTRAG.pdf [2010.09.30 17:37:54 | 000,073,656 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\AUFTRAG.odt [2010.09.30 17:11:54 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\~$UFTRAG.odt [2010.09.27 18:24:04 | 478,959,325 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\iPad1,1_3.2_7B367_Restore.ipsw [2010.09.26 21:51:45 | 000,120,372 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Track13.mp3 [2010.09.26 21:51:04 | 000,011,542 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neu Microsoft Office Word-Dokument.docx [2010.09.25 15:48:46 | 479,012,625 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\iPad1,1_3.2.1_7B405_Restore.ipsw [2010.09.24 21:31:18 | 000,423,455 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Foto-0084.jpg [2010.09.24 19:45:39 | 000,000,809 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamSpeak 3 Client.lnk [2010.09.24 14:58:24 | 000,001,546 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\War Of Angels.lnk [2010.09.24 14:58:24 | 000,001,324 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WarOfAngelsRegistration.lnk [2010.09.23 19:40:01 | 000,091,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\59440_143272119050133_100001020366314_210611_3351625_n.jpg [2010.09.23 19:39:56 | 000,099,599 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58714_143272032383475_100001020366314_210608_4668506_n.jpg [2010.09.23 19:39:51 | 000,105,388 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\62955_143271972383481_100001020366314_210606_6658374_n.jpg [2010.09.23 19:39:43 | 000,066,206 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58576_143271569050188_100001020366314_210596_486803_n.jpg [2010.09.23 19:39:39 | 000,071,404 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\59904_143271512383527_100001020366314_210594_634072_n.jpg [2010.09.23 19:39:35 | 000,092,839 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58778_143271465716865_100001020366314_210592_3616781_n.jpg [2010.09.23 19:39:33 | 000,102,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60862_143271442383534_100001020366314_210591_4554289_n.jpg [2010.09.23 19:39:15 | 000,078,093 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60285_143271232383555_100001020366314_210584_6636367_n.jpg [2010.09.23 19:39:11 | 000,081,695 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60373_143271209050224_100001020366314_210583_4643076_n.jpg [2010.09.23 19:39:08 | 000,086,633 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\63791_143271179050227_100001020366314_210582_5452682_n.jpg [2010.09.23 19:39:04 | 000,089,766 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58457_143271149050230_100001020366314_210581_1581744_n.jpg [2010.09.23 19:38:59 | 000,089,715 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60235_143271125716899_100001020366314_210580_7620129_n.jpg [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.21 20:33:16 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.21 19:23:06 | 000,000,847 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware.lnk [2010.10.21 18:14:04 | 000,000,905 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Spybot - Search & Destroy.lnk [2010.10.21 16:31:10 | 003,410,996 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Whoopi Goldberg - Sister Act - Oh Maria.mp3 [2010.10.21 13:36:33 | 000,000,304 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2010.10.21 13:36:29 | 000,000,304 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.10.21 13:36:24 | 000,000,262 | -H-- | C] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.10.21 03:13:17 | 000,012,253 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Unbenanntdgfdsg.JPG [2010.10.16 17:18:01 | 003,622,946 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Christina Milian - Am To Pm (instrumental).mp3 [2010.10.16 17:13:47 | 004,364,406 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Stromae - .Alors on danse.mp3 [2010.10.16 17:13:33 | 003,138,949 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Shy&#39;m - Tout Est Dit - Reflets ( bonne version ).mp3 [2010.10.16 17:13:27 | 002,563,002 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Aidonia - Wine N Bubble [Lyrics].mp3 [2010.10.16 17:13:18 | 004,457,611 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Mt Eden Dubstep - Still Alive.mp3 [2010.10.13 23:25:59 | 005,159,936 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\umbrella-4.1.6.exe [2010.10.13 18:41:49 | 000,000,710 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Inception RO Updater.exe.lnk [2010.10.13 18:41:49 | 000,000,670 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Inception RO.exe.lnk [2010.10.13 00:46:54 | 001,290,889 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\SDC15486.JPG [2010.10.12 20:27:21 | 000,230,432 | ---- | C] () -- C:\PA7302.DAT [2010.10.11 12:58:54 | 003,191,612 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Kopie von Sexion D&#39;assaut - Desole.mp3 [2010.10.11 12:35:13 | 004,492,719 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Major Lazer - Bruk Out (Foamo Remix).mp3 [2010.10.11 12:35:04 | 002,554,598 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Mc Cidinho-1 Funk.mp3 [2010.10.11 12:35:00 | 003,191,612 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Sexion D&#39;assaut - Desole.mp3 [2010.10.11 12:34:53 | 002,672,507 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Wiz Khalifa - The Statement [Official Video].mp3 [2010.10.11 12:34:47 | 005,965,189 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Lloyds Tsb Advert Sick Dubstep Remix.mp3 [2010.10.10 11:10:43 | 000,001,858 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Die Sims™ 2 Deluxe.lnk [2010.10.10 10:37:37 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neu Microsoft Office Word-Dokument (2).docx [2010.10.06 21:23:43 | 003,103,872 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\cardigans.lovefool.mp3 [2010.10.05 15:28:13 | 479,012,625 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\iPad1,1_3.2.1_7B405_Restore.ipsw [2010.10.05 15:20:42 | 478,959,325 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\iPad1,1_3.2_7B367_Restore.ipsw [2010.10.02 20:11:18 | 000,115,663 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\my-name-is-khan-wallpaper-1.jpg [2010.10.01 17:47:31 | 010,422,901 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\01. Pas.mp3 [2010.09.30 17:39:29 | 000,154,912 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\AUFTRAG.pdf [2010.09.30 17:11:54 | 000,000,162 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\~$UFTRAG.odt [2010.09.30 17:11:52 | 000,073,656 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\AUFTRAG.odt [2010.09.26 21:51:45 | 000,120,372 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Track13.mp3 [2010.09.26 21:25:47 | 000,011,542 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neu Microsoft Office Word-Dokument.docx [2010.09.25 01:05:56 | 000,423,455 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Foto-0084.jpg [2010.09.24 23:03:26 | 000,000,076 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\aionmemo_c1b89fb0.dat [2010.09.24 19:45:39 | 000,000,809 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamSpeak 3 Client.lnk [2010.09.24 14:58:24 | 000,001,546 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\War Of Angels.lnk [2010.09.24 14:58:24 | 000,001,324 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WarOfAngelsRegistration.lnk [2010.09.23 19:40:01 | 000,091,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\59440_143272119050133_100001020366314_210611_3351625_n.jpg [2010.09.23 19:39:56 | 000,099,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58714_143272032383475_100001020366314_210608_4668506_n.jpg [2010.09.23 19:39:51 | 000,105,388 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\62955_143271972383481_100001020366314_210606_6658374_n.jpg [2010.09.23 19:39:42 | 000,066,206 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58576_143271569050188_100001020366314_210596_486803_n.jpg [2010.09.23 19:39:38 | 000,071,404 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\59904_143271512383527_100001020366314_210594_634072_n.jpg [2010.09.23 19:39:35 | 000,092,839 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58778_143271465716865_100001020366314_210592_3616781_n.jpg [2010.09.23 19:39:32 | 000,102,457 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60862_143271442383534_100001020366314_210591_4554289_n.jpg [2010.09.23 19:39:15 | 000,078,093 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60285_143271232383555_100001020366314_210584_6636367_n.jpg [2010.09.23 19:39:11 | 000,081,695 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60373_143271209050224_100001020366314_210583_4643076_n.jpg [2010.09.23 19:39:07 | 000,086,633 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\63791_143271179050227_100001020366314_210582_5452682_n.jpg [2010.09.23 19:39:04 | 000,089,766 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58457_143271149050230_100001020366314_210581_1581744_n.jpg [2010.09.23 19:38:59 | 000,089,715 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60235_143271125716899_100001020366314_210580_7620129_n.jpg [2010.09.15 03:48:10 | 000,034,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RKHit.sys [2010.09.15 03:20:22 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2010.09.10 03:03:54 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL [2010.08.25 23:37:18 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2010.08.12 03:57:54 | 000,706,624 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.06.07 19:02:03 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys [2010.05.28 02:04:46 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2010.04.21 20:19:05 | 000,164,864 | ---- | C] () -- C:\Programme\UNWISE.EXE [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2010.03.20 20:53:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini [2010.02.23 00:10:18 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI [2010.02.14 18:50:02 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2010.02.14 18:50:02 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2010.02.05 12:50:32 | 000,000,525 | ---- | C] () -- C:\WINDOWS\QIII.INI [2010.01.30 14:30:04 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt [2010.01.30 14:29:12 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010.01.27 00:16:40 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2010.01.26 23:53:23 | 000,139,776 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.26 21:59:12 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010.01.26 21:50:21 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010.01.26 21:48:14 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll [2010.01.26 21:38:52 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll [2010.01.26 21:33:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009.07.09 03:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll [2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2008.06.18 15:00:50 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\AIO-Auswahl.ini [2008.06.18 14:59:00 | 001,800,192 | ---- | C] () -- C:\WINDOWS\System32\hmtcdres.dll [2008.06.18 14:58:59 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\hmtcd.dll [2008.05.26 23:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 23:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 23:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.04.23 20:00:00 | 000,056,880 | ---- | C] () -- C:\WINDOWS\System32\scvideo.dll [2007.03.20 17:44:02 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.ini [2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll < End of report > [/CODE] und das . . . OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.10.2010 23:05:48 - Run 1 OTL by OldTimer - Version 3.2.16.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 465,75 Gb Total Space | 288,44 Gb Free Space | 61,93% Space Free | Partition Type: NTFS Computer Name: abqueobgoqe | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] exefile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [7zip Packen und SFX Erstellen] -- C:\Programme\7-zip\7z_SFX-GUI-Pack.exe "%1" () Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "AntiVirusOverride" = 1 "FirewallDisableNotify" = 0 "FirewallOverride" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "58186:TCP" = 58186:TCP:*:Enabled:Pando Media Booster "58186:UDP" = 58186:UDP:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "11:TCP" = 11:TCP:*:Enabled:WarriorEpic "11:UDP" = 11:UDP:*:Enabled:WarriorEpic "882:TCP" = 882:TCP:*:Enabled:WarriorEpic "882:UDP" = 882:UDP:*:Enabled:WarriorEpic "575:TCP" = 575:TCP:*:Enabled:WarriorEpic "575:UDP" = 575:UDP:*:Enabled:WarriorEpic "60:TCP" = 60:TCP:*:Enabled:WarriorEpic "60:UDP" = 60:UDP:*:Enabled:WarriorEpic "56:TCP" = 56:TCP:*:Enabled:WarriorEpic "56:UDP" = 56:UDP:*:Enabled:WarriorEpic "629:TCP" = 629:TCP:*:Enabled:WarriorEpic "629:UDP" = 629:UDP:*:Enabled:WarriorEpic "150:TCP" = 150:TCP:*:Enabled:WarriorEpic "150:UDP" = 150:UDP:*:Enabled:WarriorEpic "704:TCP" = 704:TCP:*:Enabled:WarriorEpic "704:UDP" = 704:UDP:*:Enabled:WarriorEpic "584:TCP" = 584:TCP:*:Enabled:WarriorEpic "584:UDP" = 584:UDP:*:Enabled:WarriorEpic "8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher "8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher "58186:TCP" = 58186:TCP:*:Enabled:Pando Media Booster "58186:UDP" = 58186:UDP:*:Enabled:Pando Media Booster "6894:TCP" = 6894:TCP:*:Enabled:League of Legends Launcher "6894:UDP" = 6894:UDP:*:Enabled:League of Legends Launcher "6893:TCP" = 6893:TCP:*:Enabled:League of Legends Launcher "6893:UDP" = 6893:UDP:*:Enabled:League of Legends Launcher "6927:TCP" = 6927:TCP:*:Enabled:League of Legends Launcher "6927:UDP" = 6927:UDP:*:Enabled:League of Legends Launcher "6951:TCP" = 6951:TCP:*:Enabled:League of Legends Launcher "6951:UDP" = 6951:UDP:*:Enabled:League of Legends Launcher "8395:TCP" = 8395:TCP:*:Enabled:League of Legends Launcher "8395:UDP" = 8395:UDP:*:Enabled:League of Legends Launcher "1035:TCP" = 1035:TCP:*:Enabled:Akamai NetSession Interface "5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\DNA\btdna.exe" = C:\Programme\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.) "C:\Programme\FlashGet\flashget.exe" = C:\Programme\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com) "K:\Erdem\Garena\Garena.exe" = K:\Erdem\Garena\Garena.exe:*:Enabled:Garena -- File not found "C:\Programme\Aqua\AquaDownloadern.exe" = C:\Programme\Aqua\AquaDownloadern.exe:*:Enabled:AquaDownloadern -- (CDNetworks) "C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe" = C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- () "C:\Programme\ijji\ijji REACTOR\ijjiOptimizer.exe" = C:\Programme\ijji\ijji REACTOR\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- () "C:\Programme\League of Legends\Air\LolClient.exe" = C:\Programme\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.) "C:\Programme\League of Legends\Game\League of Legends.exe" = C:\Programme\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- () "C:\Programme\Xfire\Xfire.exe" = C:\Programme\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.) "C:\Programme\Street Fighter IV\StreetFighterIV.exe" = C:\Programme\Street Fighter IV\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV -- (CAPCOM U.S.A., INC.) "C:\Programme\Vuze\Azureus.exe" = C:\Programme\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.) "C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft) "C:\Programme\Tunngle\TnglCtrl.exe" = C:\Programme\Tunngle\TnglCtrl.exe:*:Enabled:Tunngle Service -- (Tunngle.net GmbH) "C:\Programme\Tunngle\Tunngle.exe" = C:\Programme\Tunngle\Tunngle.exe:*:Enabled:Tunngle Client -- (Tunngle.net GmbH) "C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin) "C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin) "C:\Programme\FRITZ!DSL\WebwaIgd.exe" = C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin) "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation) "C:\Programme\Java\jre1.6.0_06\bin\javaw.exe" = C:\Programme\Java\jre1.6.0_06\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon) "C:\Nexon\Vindictus\en-US\NMService.exe" = C:\Nexon\Vindictus\en-US\NMService.exe:*:Enabled:Nexon Messenger Core -- (Nexon Corp.) "C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\FJ_Downloader.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\FJ_Downloader.exe:*:Enabled:FreeJack_Downloader -- File not found "C:\Dokumente und Einstellungen\Administrator\Desktop\umbrella-4.1.6.exe" = C:\Dokumente und Einstellungen\Administrator\Desktop\umbrella-4.1.6.exe:*:Enabled:Umbrella - Save your SHSH! -- () "C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HEX-5823-6893-6818\manager.exe" = C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HEX-5823-6893-6818\manager.exe:*:Enabled:Java Update Manager -- File not found ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01AE8E54-F235-74C5-9875-A655C6555634}" = CCC Help Italian "{027AA9DB-7176-2929-ED2E-38C0317F3566}" = Catalyst Control Center Localization All "{050227B0-1E77-D377-A63D-EB5F12318FB8}" = Catalyst Control Center Localization Korean "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{055EE59D-217B-43A7-ABFF-507B966405D8}" = CCC "{071E5FA3-20CA-BE1D-7AE4-D0514507E1C3}" = CCC Help Danish "{07F31E45-2E01-8663-1B57-E826FCDA09E3}" = Catalyst Control Center Localization Japanese "{0834403C-CC0C-D2A3-1684-D04C82D04FE4}" = Catalyst Control Center Localization Russian "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0C0670E5-2D51-42C6-ACFF-CBCB65B7DCDB}" = SplitCam "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4 "{0DE817CB-9294-F350-64F0-36E42D7B27F2}" = CCC Help French "{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6 "{0E2E9FD2-3C63-FBAD-F41E-736CF1DA5BC0}" = Catalyst Control Center Localization Chinese Standard "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{116A277E-6809-825D-BDCB-E32DCDA231E2}" = Catalyst Control Center Graphics Light "{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver "{142D633B-6D5E-43FC-ADCD-BF71C495F91C}_is1" = EKRO Fullclient v1.0 "{147AAF68-A89A-8E2E-97EE-A1F1430F9F68}" = Catalyst Control Center Graphics Previews Common "{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4 "{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4 "{160625BC-937E-6F4A-58F7-6BCB7C74148B}" = ccc-core-preinstall "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{17EAC83B-F259-B0FE-BABC-802E06E03654}" = CCC Help Turkish "{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server "{1BA7B068-4719-42A3-B553-D4ED97434F92}" = ASUS Utilities "{1BF23060-E1E1-2EE1-037D-264D9EC15CBD}" = ccc-core-preinstall "{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4 "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler "{1EFE9082-F3EC-13CA-FD37-E1490531CDF3}" = CCC Help Greek "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{211E8730-5681-49ED-BC6A-78C9F88E95F5}" = Adobe Shockwave Player "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{232D00D0-F1CE-BEE3-58DD-2C826007D917}" = CCC Help Greek "{23FC20B7-0119-B007-B788-0A4EB46336DA}" = Catalyst Control Center Localization Spanish "{241647C2-9318-D048-67BA-E64ED5F2CCC4}" = Catalyst Control Center Core Implementation "{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2 "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21 "{2959C2F1-5C0C-AAEE-1D94-8B3AE1806C31}" = Catalyst Control Center Localization Norwegian "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models "{2B274D3F-8D66-91B3-0555-C0ED7019F3C6}" = CCC Help Russian "{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman) "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4 "{30F4418F-6CBF-9CC2-1AC3-25234DCAD4CE}" = CCC Help English "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{391F4C49-7ADF-84E6-2028-19310E7AC8E1}" = Catalyst Control Center Localization Thai "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3AC0DC58-B167-51D7-4440-2E02F63C942E}" = CCC Help Finnish "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{3F3733A5-8322-454D-A638-3B74E1C83752}" = Gadget Installer "{3FD5A0F7-A39B-06D3-07E5-E0C5DE3267B7}" = CCC Help Japanese "{40EF588A-3C0D-5779-0951-74C0BCA661C2}" = Catalyst Control Center Localization Dutch "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4 "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets "{4514B9C2-8E75-CF9D-B148-8ED40CAA35F0}" = Catalyst Control Center HydraVision Full "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4 "{465AE684-39DF-F8BC-A702-81860DE6EBCF}" = CCC Help Spanish "{46C6315A-8E24-F30C-0EB1-3D22DFACBCD8}" = Catalyst Control Center Localization Turkish "{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4956D70D-E758-7CDC-D131-2895E8A5DAD4}" = CCC Help Spanish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4 "{4A66FB4E-F08F-6DCD-1823-4BDACC6F7D67}" = CCC Help Hungarian "{4D7BE862-435C-0F6F-0558-B3E6DCA839E2}" = CCC Help Portuguese "{5091043D-D941-E17E-1E0F-0B2F1DBE4D9E}" = ccc-core-static "{520AE942-F7F0-8A53-4F34-FED00ADAC639}" = Catalyst Control Center Localization Czech "{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs "{526A494F-8A59-3E10-EEF4-52400B4D72F3}" = Catalyst Control Center Localization Italian "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter "{583F8A3F-2D92-E13B-AF5D-E362DDFA13E7}" = Catalyst Control Center Core Implementation "{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection "{6347B976-4310-4555-A35F-91D607708F07}" = CCC Help Thai "{63886E34-F9F8-378B-A7FB-710C6ED9AAEB}" = ATI Catalyst Install Manager "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{648C8BCF-424F-4C68-AF43-9AB9CF87859E}_is1" = UPXShell 3.2.5.2006 "{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist "{66064139-314F-44B2-805A-0AAC71A32E02}" = ccc-utility "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6CA5F5DC-33C3-D56F-F399-BD5792397089}" = CCC Help English "{6D0955B9-C1D6-CB1C-6CE3-BFAC9696A882}" = CCC Help Polish "{6DA81A72-2C13-34D8-BD98-B60DE6FEB55B}" = ccc-utility "{6EDCACF0-12BD-2BD2-6161-54ABE116B185}" = CCC Help Chinese Standard "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1" = ConTEXT v0.98.6 "{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4 "{7409D3F5-CB81-8ECF-656C-9C096AA7FA7A}" = CCC Help French "{745D2782-BB1E-51EA-5BDB-1E1BE7590594}" = CCC Help English "{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL "{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online "{7B7435AF-62A9-224E-94F2-A5C0408E7894}" = Catalyst Control Center Localization French "{7B8F4AA8-0426-64EF-1727-6E4911446307}" = Catalyst Control Center Localization Portuguese "{7C6B146C-735F-2E95-8A96-450911F3446B}" = CCC Help Portuguese "{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{832D724F-05A2-81D1-B3D0-801761E9EB94}" = Catalyst Control Center Localization German "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01 "{88F1EB35-7E38-AFA6-49DD-ABD004ACA1B1}" = CCC Help Polish "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C377565-02FD-493A-B85F-8D9A33D326F0}" = Aion "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{94928C91-8A2E-A94E-A7EF-C41FBE515718}" = Catalyst Control Center Graphics Previews Common "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3 "{96DA8A90-1BD6-F86A-D51B-B46882A80980}" = ccc-utility "{97AA05F0-CF31-4CFA-F3BD-B6F3A0022579}" = CCC Help Korean "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9879DD41-CD73-4BBC-ADEA-85005979F7F8}" = ccc-core-static "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C244239-ED8E-40f1-937F-51C706CD2160}" = Die Sims™ 2 Deluxe "{A15102F8-B63C-31C5-EDBC-D3614AFAA13D}" = CCC Help Norwegian "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A454D257-0E6D-BCD1-2A10-78FEDB5BB21E}" = Catalyst Control Center Graphics Full New "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A4D4FC6F-5BE6-4ECB-49CC-AFD566A93F23}" = Catalyst Control Center Graphics Full Existing "{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4 "{A73FBA2D-7C64-F293-3140-EB02DDBEFA2E}" = Catalyst Control Center Localization Hungarian "{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.10.509 "{AC2B4022-8F75-6AA5-612F-9598EFD31C9B}" = Catalyst Control Center InstallProxy "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch "{AD0F1745-3B34-443B-E137-A21271A17D74}" = CCC Help Chinese Traditional "{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser "{AEBE3F70-585E-17C7-C91D-964C91772410}" = ccc-utility "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4 "{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4 "{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{B3542011-52A1-8782-EEB9-B72AB9EC7336}" = Catalyst Control Center Graphics Light "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4 "{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel "{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = Alky for Applications (Windows XP) "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver "{C1D27535-0AD9-1BFB-7F76-2E74BED09A41}" = Catalyst Control Center Localization Danish "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C33228F4-D34B-4271-B3B4-E973BA67B230}" = SPEEDLINK SL-6825 Snappy Webcam "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CBD87C29-38A1-FEBB-1A29-B8412B47509C}" = Catalyst Control Center Graphics Previews Common "{CC37A914-E541-4A79-0DF8-B746444E7D5A}" = Catalyst Control Center Localization Polish "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CD23CF9D-7B10-C68C-7390-97EC5087E1F4}" = CCC Help Dutch "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1DD73EB-36DE-D4E8-421A-88D0C8FD998F}" = ccc-core-static "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4 "{D54640A3-2C2B-4CB1-9666-01E55F54E7F5}" = NCsoft Launcher "{D5D0178D-57E4-C32C-5275-401F384303A7}" = CCC Help Hungarian "{D70552B4-B68A-367B-F669-552E97667F32}" = CCC Help German "{D824F44B-B6AF-E93D-F7A3-19E02319B751}" = Catalyst Control Center Localization Finnish "{DA932D71-E52A-43D5-009E-395A1AEC1474}" = Die Sims™ Lebensgeschichten "{DBAA7DF5-7DE0-DD8D-A748-5A35AC2DA420}" = CCC Help Italian "{DD7C56A2-8E85-AABA-D807-F61C135CC1AE}" = Catalyst Control Center Graphics Full Existing "{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4 "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E320ECE8-FE7F-425C-8F8C-33C1D9907F93}" = SlimDrivers "{E41B53EF-A153-4A11-5155-AE9DEF42EDE2}" = Catalyst Control Center Localization Greek "{E7137FEB-B06C-781F-2ACF-962AF992FC2D}" = Catalyst Control Center Localization Swedish "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E8D57727-8BC3-F093-A3EE-94BDD55305F5}" = CCC Help Czech "{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup "{E9BB066A-632F-4849-CDD4-5B7BCFB285B6}" = Catalyst Control Center Graphics Full New "{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby "{EEDE89A0-9412-52AF-563D-A335D6C00BA5}" = CCC Help Swedish "{F08826AF-C414-6921-9A50-D39972C7D975}" = CCC Help German "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1972370-E7EE-B572-761B-FB7FAE17595F}" = Catalyst Control Center Localization Chinese Traditional "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F454F142-7241-D804-D067-CCCE016643C3}" = Skins "{F527C466-971D-B4EE-BBF7-076C805C1F59}" = CCC Help English "{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage "{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs "{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US) "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) "65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) "8461-7759-5462-8226" = Vuze "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_14cffbe014b566bef9e9125ea146ab9" = Adobe Creative Suite 4 Master Collection "Akamai" = Akamai NetSession Interface "AquaDownloadern" = AquaDownloadern 2,1,56,0 "Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.20 "ASIO4ALL" = ASIO4ALL "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode) "AutocompletePro3_is1" = AutocompletePro "Avidemux 2.5" = Avidemux 2.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BandiMPEG1" = Bandisoft MPEG-1 Decoder "Burn4Free" = Burn4Free CD and DVD "CCleaner" = CCleaner "Collab" = Collab "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Creative WebCam Center" = "Daniusoft Video Converter_is1" = Daniusoft Video Converter(Build 2.1.1.0) "Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2) "ENTERPRISE" = Microsoft Office Enterprise 2007 "FlashGet" = FlashGet 1.9.6.1073 "Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.4 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free DVD Video Converter_is1" = Free DVD Video Converter version 1.1 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1 "Free Studio_is1" = Free Studio version 4.3 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "HijackThis" = HijackThis 2.0.2 "HotspotShield" = Hotspot Shield 1.49 "ie7" = Internet Explorer 7 "IL Download Manager" = IL Download Manager "Inception RO Installer 1.00" = Inception RO Installer 1.00 "InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online "InstallShield_{C33228F4-D34B-4271-B3B4-E973BA67B230}" = SPEEDLINK SL-6825 Snappy Webcam "LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15 "LAME for Audacity_is1" = LAME v3.98.2 for Audacity "League of Legends_is1" = League of Legends "LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Mozilla Firefox (3.5.13)" = Mozilla Firefox (3.5.13) "Neffy" = Neffy 1,3,29,0 "NVIDIA Drivers" = NVIDIA Drivers "OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter "PoiZone" = PoiZone "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "Ragnarok Online" = Ragnarok Online "Runtimes" = Allgemeine Runtime Dateien "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "Spyware Cease_is1" = Spyware Cease v6.4.0 "Street Fighter IV_is1" = Street Fighter IV "TaskSwitchXP" = TaskSwitchXP "TeamSpeak 3 Client" = TeamSpeak 3 Client "Theme 1.00" = Theme 1.00 "TuneUp Utilities" = TuneUp Utilities "Tunngle beta_is1" = Tunngle beta "Uninstall_is1" = Uninstall 1.0.0.1 "Unlocker" = Unlocker 1.8.6 "Vindictus" = Vindictus "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "VLC media player" = VLC media player 1.0.5 "WarOfAngels" = War Of Angels "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Sidebar" = Windows Sidebar "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Xfire" = Xfire (remove only) "XP Codec Pack" = XP Codec Pack "XPize Darkside" = XPize Darkside 2.1 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "XPSP3UPPACK" = Sereby's XP SP3 Updatepack Version 3.8.6 "xvid" = XviD MPEG-4 Video Codec ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent DNA" = DNA "Facebook Plug-In" = Facebook Plug-In "Google Chrome" = Google Chrome "InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 20.10.2010 18:11:07 | Computer Name = nsavneqiovnieqp| Source = Bonjour Service | ID = 100 Description = 244: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 20.10.2010 18:11:07 | Computer Name = vnqvoeqnvo | Source = Bonjour Service | ID = 100 Description = 240: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 20.10.2010 18:11:07 | Computer Name = bqnioeofqcgqe | Source = Bonjour Service | ID = 100 Description = 404: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 20.10.2010 18:11:07 | Computer Name = bqnvcqeovqe | Source = Bonjour Service | ID = 100 Description = 396: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 20.10.2010 18:11:07 | Computer Name = abuvqeov | Source = Bonjour Service | ID = 100 Description = 416: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 21.10.2010 11:02:22 | Computer Name = bqenjeqovb | Source = Bonjour Service | ID = 100 Description = 244: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 21.10.2010 11:02:22 | Computer Name = qbnuqoevneq | Source = Bonjour Service | ID = 100 Description = 240: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 21.10.2010 11:02:22 | Computer Name = qevnuobqebq | Source = Bonjour Service | ID = 100 Description = 408: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 21.10.2010 11:02:22 | Computer Name = abeqbqehqeqebv | Source = Bonjour Service | ID = 100 Description = 400: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 21.10.2010 11:02:22 | Computer Name = aebqeefqhbqfqbq | Source = Bonjour Service | ID = 100 Description = 420: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) [ System Events ] Error - 17.10.2010 19:20:12 | Computer Name = avedqbeqbeqbq | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D. Error - 18.10.2010 07:26:01 | Computer Name = abeqeqfvqehbeq | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D. Error - 18.10.2010 07:26:01 | Computer Name = avbeqbneqfeqfq | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D. Error - 18.10.2010 07:34:27 | Computer Name = aberwhabab | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D. Error - 18.10.2010 07:34:27 | Computer Name = avgbnqibqenbq | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D. Error - 20.10.2010 18:10:07 | Computer Name = avbeqbeqbeqgqef | Source = DCOM | ID = 10010 Description = Der Server "{DC0C2640-1415-4644-875C-6F4D769839BA}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 20.10.2010 20:53:16 | Computer Name = eqbeqbeqfgaf | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D. Error - 20.10.2010 20:53:16 | Computer Name = aebeqbqebeqbqe| Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D. Error - 20.10.2010 21:04:23 | Computer Name = aebqbeabeha | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D. Error - 20.10.2010 21:04:23 | Computer Name = abeabeqbegagea | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D. < End of report > |
21.10.2010, 22:17 | #5 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswertenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
21.10.2010, 22:19 | #6 |
| Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten ups sry >.< hier ist malwarebyte again^^ Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4904 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 21.10.2010 23:18:20 mbam-log-2010-10-21 (23-18-20).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 354999 Laufzeit: 2 Stunde(n), 25 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 2 Infizierte Speichermodule: 1 Infizierte Registrierungsschlüssel: 12 Infizierte Registrierungswerte: 4 Infizierte Dateiobjekte der Registrierung: 6 Infizierte Verzeichnisse: 4 Infizierte Dateien: 46 Infizierte Speicherprozesse: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Pcm.exe (Rootkit.TDSS) -> Unloaded process successfully. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Pcl.exe (Rootkit.TDSS) -> Unloaded process successfully. Infizierte Speichermodule: c:\WINDOWS\system32\sshnas21.dll (Rootkit.TDSS) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Rootkit.TDSS) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{cd6c7865-5864-11d0-abf0-0020af6b0b7a} (Malware.Packer.Gen) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cd6c7866-5864-11d0-abf0-0020af6b0b7a} (Malware.Packer.Gen) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cd6c7867-5864-11d0-abf0-0020af6b0b7a} (Malware.Packer.Gen) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cd6c7868-5864-11d0-abf0-0020af6b0b7a} (Malware.Packer.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Spyware Cease (Rogue.SpywareCease) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware cease_is1 (Rogue.SpywareCease) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RkHit (Rogue.SpywareCease) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\IJKUK66HMN (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ntwqivlzewzu (Rootkit.TDSS) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ijkuk66hmn (Rootkit.TDSS) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\java update manager (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CLASSES_ROOT\batfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\comfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\piffile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HEX-5823-6893-6818 (Trojan.Agent) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\RegistryBackup (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\update (Rogue.SpywareCease) -> Quarantined and deleted successfully. Infizierte Dateien: c:\WINDOWS\system32\sshnas21.dll (Rootkit.TDSS) -> Delete on reboot. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Pcm.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Pcl.exe (Rootkit.TDSS) -> Delete on reboot. C:\WINDOWS\IFinst27.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dmocx.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Naze\sonstiges\Eiskalt\VDOWNLOADER\vdownloader_setup.exe (Adware.ADON) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\RkHitApi.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\spkdll.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\AutoUpdate.exe (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\bcfile.lst (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\bmgac (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\dxddd (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\hrdb.hrl (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\idamx (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\iflee (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\LSR.lsr (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\md5.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\mtools.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\networkdll.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\opfile.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\QAreaDLL.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\SCHelper.exe (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\sctdll.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\SpywareCease.chm (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\SpywareCease.exe (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\SpywareCease.url (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\tmp5 (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\twcfile.lst (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\udefend.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\unins000.dat (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\unins000.exe (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\update1 (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\update2 (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\update3 (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\ussafe.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\vf (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\wcfile.lst (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\xxcum (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\zlib1.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\update\Update.ini (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\Programme\Spyware Cease\update\uplist.up (Rogue.SpywareCease) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\a.txt (Worm.Traces) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winrtsnr.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. |
21.10.2010, 22:25 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten Dann bitte neue OTL-Logs erstellen und posten, wenn sie jetzt erst entfernt wurden.
__________________ Logfiles bitte immer in CODE-Tags posten |
21.10.2010, 22:31 | #8 |
| Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten oki hier sind beide von OTL. . . 1. OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.10.2010 23:29:40 - Run 3 OTL by OldTimer - Version 3.2.16.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 80,00% Memory free 5,00 Gb Paging File | 5,00 Gb Available in Paging File | 90,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 465,75 Gb Total Space | 288,55 Gb Free Space | 61,95% Space Free | Partition Type: NTFS Computer Name: ALKAN-4A88F3B7D | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe () PRC - C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe () PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\FolderSize\FolderSizeSvc.exe (Brio) PRC - C:\Programme\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin) PRC - C:\WINDOWS\system32\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Akamai) -- c:\Programme\Gemeinsame Dateien\Akamai\netsession_win_062a651.dll () SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (HotspotShieldService) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe () SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe () SRV - (TunngleService) -- C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe () SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (Adobe Version Cue CS4) -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated) SRV - (FolderSize) -- C:\Programme\FolderSize\FolderSizeSvc.exe (Brio) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (libusbd) -- C:\WINDOWS\system32\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (xhunter1) -- C:\WINDOWS\xhunter1.sys File not found DRV - (XDva359) -- C:\WINDOWS\System32\XDva359.sys File not found DRV - (XDva347) -- C:\WINDOWS\System32\XDva347.sys File not found DRV - (XDva346) -- C:\WINDOWS\System32\XDva346.sys File not found DRV - (XDva343) -- C:\WINDOWS\System32\XDva343.sys File not found DRV - (XDva341) -- C:\WINDOWS\System32\XDva341.sys File not found DRV - (XDva296) -- C:\WINDOWS\System32\XDva296.sys File not found DRV - (XDva295) -- C:\WINDOWS\System32\XDva295.sys File not found DRV - (vtany) -- C:\WINDOWS\vtany.sys File not found DRV - (Video3D) -- C:\WINDOWS\System32\Drivers\Video3D32.sys File not found DRV - (GarenaPEngine) -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\MMZ21.tmp File not found DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found DRV - (ADASPROT) -- C:\Programme\Advanced System Optimizer 3\adasprot32.sys File not found DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc) DRV - (SPLITCAM) -- C:\WINDOWS\system32\drivers\splitcam.sys (LoteSoft Co.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\WINDOWS\system32\drivers\tap0901t.sys (Tunngle.net) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.) DRV - (asusgsb) -- C:\WINDOWS\system32\drivers\asusgsb.sys (ASUSTeK Computer Inc.) DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (ftsata2) -- C:\WINDOWS\System32\drivers\ftsata2.sys (Promise Technology, Inc.) DRV - (Si3114r5) -- C:\WINDOWS\System32\drivers\Si3114r5.sys (Silicon Image, Inc) DRV - (Si3132r5) -- C:\WINDOWS\System32\drivers\Si3132r5.sys (Silicon Image, Inc) DRV - (Si3132) -- C:\WINDOWS\System32\drivers\si3132.sys (Silicon Image, Inc.) DRV - (Si3124) -- C:\WINDOWS\System32\drivers\si3124.sys (Silicon Image, Inc.) DRV - (ulsata2) -- C:\WINDOWS\System32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation) DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation) DRV - (PAC7302) -- C:\WINDOWS\system32\drivers\PAC7302.SYS (PixArt Imaging Inc.) DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI Corporation) DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI Corporation) DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI Corporation) DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices) DRV - (ASUSVRC) -- C:\WINDOWS\system32\drivers\AsusVRC.sys (ASUSTeK COMPUTER INC.) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (EIO_XP) -- C:\WINDOWS\system32\drivers\EIO_XP.sys (ASUSTeK Computer Inc.) DRV - (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin) -- C:\WINDOWS\system32\drivers\BLKWGU.sys (Belkin Corporation) DRV - (BIOS) -- C:\WINDOWS\system32\drivers\BIOS.sys (BIOSTAR Group) DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys () DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245 IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = hxxp://www.google.com/search?q=%s IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11 FF - prefs.js..extensions.enabledItems: {43c35458-c907-439b-bcfd-07d373834689}:2.2.1 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.2.3 FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Ask.com" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Bing" FF - prefs.js..browser.startup.homepage: "hxxp://de.msn.com" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.live.com/results.aspx?mkt=de-DE&FORM=MICGEP&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.21 23:26:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.21 23:26:03 | 000,000,000 | ---D | M] [2010.01.26 22:23:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2010.10.21 18:57:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions [2010.01.28 12:03:47 | 000,000,000 | ---D | M] (FireShot) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2010.01.27 23:46:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.06 12:44:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\{43c35458-c907-439b-bcfd-07d373834689} [2010.08.06 12:48:18 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2010.02.20 13:41:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.03.24 00:25:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\plugin@yontoo.com [2010.08.11 19:13:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\support@predictad.com [2010.09.12 14:22:28 | 000,002,392 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\searchplugins\askcom.xml [2010.02.12 23:05:33 | 000,002,147 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\searchplugins\bing.xml [2010.06.08 11:29:10 | 000,000,927 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\searchplugins\conduit.xml [2010.02.13 17:22:43 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\searchplugins\sweetim.xml [2010.10.21 18:57:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.06.06 21:03:24 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.09.20 00:08:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.09.20 00:08:07 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.29 23:15:03 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.29 23:15:03 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.29 23:15:03 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.23 18:32:42 | 000,003,803 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\MyHeritage.xml [2010.01.29 23:15:03 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.29 23:15:03 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.10.21 18:23:25 | 000,423,844 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 74.208.10.249 gs.apple.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 14607 more lines... O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll (SimplyGen) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll (www.flashget.com) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll (www.flashget.com) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin-0.80.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [SCHelper.exe] C:\Programme\Spyware Cease\SCHelper.exe File not found O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [Java Update Manager] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HEX-5823-6893-6818\manager.exe File not found O4 - HKCU..\Run: [TaskSwitchXP] C:\Programme\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk = C:\WINDOWS\Installer\{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}\Icon2457326B4.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\JC_ALL.HTM () O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\JC_LINK.HTM () O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\FRITZ!DSL\\sarah.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {490746C1-AEC2-4ADA-AEB5-393DE5D02017} hxxp://dist.cdnetworks.co.kr/cdndist/neomapa/bin/NeoLauncher.cab (NeoLauncherCtl Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (XPize_Logon.exe) - C:\WINDOWS\System32\XPize_Logon.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop Components:1 () - hxxp://itunes.apple.com/de/album/around-the-world-ep/id28127101 O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0412655f-ab85-11df-bc09-00306724cd87}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{0412655f-ab85-11df-bc09-00306724cd87}\Shell\AutoRun\command - "" = K:\POGRJESILA\maychi.exe -- File not found O33 - MountPoints2\{0412655f-ab85-11df-bc09-00306724cd87}\Shell\explore\command - "" = K:\POGRJESILA\\maychi.exe -- File not found O33 - MountPoints2\{0412655f-ab85-11df-bc09-00306724cd87}\Shell\open\command - "" = K:\POGRJESILA\\maychi.exe -- File not found O33 - MountPoints2\{ad4f4174-1aef-11df-bafe-001cdf78a371}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ad4f4174-1aef-11df-bafe-001cdf78a371}\Shell\AutoRun\command - "" = K:\muza\sguza.exe -- File not found O33 - MountPoints2\{ad4f4174-1aef-11df-bafe-001cdf78a371}\Shell\explore\command - "" = K:\muza\\sguza.exe -- File not found O33 - MountPoints2\{ad4f4174-1aef-11df-bafe-001cdf78a371}\Shell\open\command - "" = K:\muza\\sguza.exe -- File not found O33 - MountPoints2\{b55eb244-748b-11df-bbb7-00306724cd87}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b55eb244-748b-11df-bbb7-00306724cd87}\Shell\AutoRun\command - "" = K:\rane\kure.exe -- File not found O33 - MountPoints2\{b55eb244-748b-11df-bbb7-00306724cd87}\Shell\explore\command - "" = K:\ O33 - MountPoints2\{b55eb244-748b-11df-bbb7-00306724cd87}\Shell\open\command - "" = K:\rane\\kure.exe -- File not found O33 - MountPoints2\{c2c35c96-197d-11df-baf9-001cdf78a371}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c2c35c96-197d-11df-baf9-001cdf78a371}\Shell\AutoRun\command - "" = K:\POGRJESILA\maychi.exe -- File not found O33 - MountPoints2\{c2c35c96-197d-11df-baf9-001cdf78a371}\Shell\explore\command - "" = K:\POGRJESILA\\maychi.exe -- File not found O33 - MountPoints2\{c2c35c96-197d-11df-baf9-001cdf78a371}\Shell\open\command - "" = K:\POGRJESILA\\maychi.exe -- File not found O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\POGRJESILA\maychi.exe -- File not found O33 - MountPoints2\K\Shell\explore\command - "" = K:\POGRJESILA\\maychi.exe -- File not found O33 - MountPoints2\K\Shell\open\command - "" = K:\POGRJESILA\\maychi.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (sasnative32) - File not found O34 - HKLM BootExecute: (aswBoot.exe /M:437c090b2) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.21 23:21:15 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent [2010.10.21 20:33:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes [2010.10.21 20:33:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.10.21 20:33:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.10.21 20:33:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.10.21 20:33:10 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.21 20:32:27 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup.exe [2010.10.21 20:31:38 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2010.10.21 19:46:36 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe [2010.10.21 19:23:29 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{E961CE1B-C3EA-4882-9F67-F859B555D097} [2010.10.21 19:22:52 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft [2010.10.21 19:22:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft [2010.10.21 19:09:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software [2010.10.21 18:13:49 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2010.10.21 18:13:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2010.10.19 13:34:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Mihriban [2010.10.17 17:51:11 | 000,000,000 | ---D | C] -- C:\My Music [2010.10.16 18:16:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\usb stick [2010.10.15 11:43:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads [2010.10.15 02:12:24 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srvsvc.dll [2010.10.15 02:10:36 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll [2010.10.15 02:10:35 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2010.10.15 02:10:34 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010.10.15 02:10:27 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2010.10.15 01:36:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\AeriaGames [2010.10.13 23:26:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\.shsh [2010.10.13 23:26:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\__MACOSX [2010.10.13 14:00:49 | 000,000,000 | ---D | C] -- C:\Programme\Gravity [2010.10.13 11:50:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neuer Ordner [2010.10.11 20:56:02 | 000,000,000 | ---D | C] -- C:\GamerKraft [2010.10.11 20:05:54 | 000,000,000 | ---D | C] -- C:\pakour spiel [2010.10.09 03:33:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\gimme some house [2010.10.02 15:06:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX [2010.10.02 09:17:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Unsere Möbel [2010.10.02 00:10:16 | 000,000,000 | ---D | C] -- C:\AeriaGames [2010.10.01 20:54:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\HD Wallpaper [2010.10.01 19:16:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\EA Games [2010.10.01 19:12:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\EA Games [2010.10.01 17:51:33 | 000,000,000 | ---D | C] -- C:\Programme\EA GAMES [2010.09.24 19:48:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TS3Client [2010.09.24 19:45:29 | 000,000,000 | ---D | C] -- C:\Programme\TeamSpeak 3 Client [2010.09.24 02:20:32 | 000,000,000 | ---D | C] -- C:\gamigo [2010.08.11 19:12:58 | 002,944,904 | ---- | C] (Ask) -- C:\Programme\Gemeinsame Dateien\AskToolbarInstaller.exe [2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.21 23:25:43 | 000,000,494 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job [2010.10.21 23:25:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.10.21 23:23:17 | 000,002,213 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk [2010.10.21 23:23:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.10.21 23:21:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat [2010.10.21 22:22:00 | 000,001,240 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-117609710-1801674531-500UA.job [2010.10.21 20:33:16 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.21 20:32:55 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup.exe [2010.10.21 20:31:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2010.10.21 19:23:06 | 000,000,847 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware.lnk [2010.10.21 18:23:25 | 000,423,844 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.10.21 18:22:58 | 000,423,844 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101021-182325.backup [2010.10.21 18:22:00 | 000,001,188 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-117609710-1801674531-500Core.job [2010.10.21 16:33:59 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2010.10.21 16:33:51 | 003,410,996 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Whoopi Goldberg - Sister Act - Oh Maria.mp3 [2010.10.21 03:13:17 | 000,012,253 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Unbenanntdgfdsg.JPG [2010.10.21 01:43:27 | 000,002,953 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010.10.20 15:25:25 | 000,002,424 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Google Chrome.lnk [2010.10.19 20:29:21 | 003,138,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Shy&#39;m - Tout Est Dit - Reflets ( bonne version ).mp3 [2010.10.19 20:20:22 | 002,563,002 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Aidonia - Wine N Bubble [Lyrics].mp3 [2010.10.19 20:17:42 | 004,457,611 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Mt Eden Dubstep - Still Alive.mp3 [2010.10.19 20:13:04 | 004,492,719 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Major Lazer - Bruk Out (Foamo Remix).mp3 [2010.10.19 20:05:04 | 002,672,507 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Wiz Khalifa - The Statement [Official Video].mp3 [2010.10.19 20:02:18 | 005,965,189 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Lloyds Tsb Advert Sick Dubstep Remix.mp3 [2010.10.19 19:56:05 | 003,622,946 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Christina Milian - Am To Pm (instrumental).mp3 [2010.10.18 13:34:07 | 004,364,406 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Stromae - .Alors on danse.mp3 [2010.10.17 00:52:25 | 000,001,360 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.umbrella [2010.10.17 00:52:25 | 000,001,359 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101021-182258.backup [2010.10.15 11:22:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.10.15 09:15:19 | 002,151,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.10.13 23:55:28 | 000,001,359 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn [2010.10.13 18:41:49 | 000,000,710 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Inception RO Updater.exe.lnk [2010.10.13 18:41:49 | 000,000,670 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Inception RO.exe.lnk [2010.10.13 00:47:10 | 001,290,889 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\SDC15486.JPG [2010.10.12 20:27:21 | 000,230,432 | ---- | M] () -- C:\PA7302.DAT [2010.10.11 14:48:27 | 003,191,612 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Kopie von Sexion D&#39;assaut - Desole.mp3 [2010.10.11 13:16:21 | 003,191,612 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Sexion D&#39;assaut - Desole.mp3 [2010.10.11 12:40:32 | 002,554,598 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Mc Cidinho-1 Funk.mp3 [2010.10.11 12:19:18 | 005,159,936 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\umbrella-4.1.6.exe [2010.10.10 11:10:43 | 000,001,858 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Die Sims™ 2 Deluxe.lnk [2010.10.10 10:37:37 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neu Microsoft Office Word-Dokument (2).docx [2010.10.07 22:04:44 | 000,555,614 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.10.07 22:04:44 | 000,505,106 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.10.07 22:04:44 | 000,116,596 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.10.07 22:04:44 | 000,088,952 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.10.06 21:23:43 | 003,103,872 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\cardigans.lovefool.mp3 [2010.10.06 20:38:40 | 000,000,076 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\aionmemo_c1b89fb0.dat [2010.10.02 20:11:18 | 000,115,663 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\my-name-is-khan-wallpaper-1.jpg [2010.10.01 22:12:29 | 010,422,901 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\01. Pas.mp3 [2010.09.30 17:39:30 | 000,154,912 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\AUFTRAG.pdf [2010.09.30 17:37:54 | 000,073,656 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\AUFTRAG.odt [2010.09.30 17:11:54 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\~$UFTRAG.odt [2010.09.27 18:24:04 | 478,959,325 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\iPad1,1_3.2_7B367_Restore.ipsw [2010.09.26 21:51:45 | 000,120,372 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Track13.mp3 [2010.09.26 21:51:04 | 000,011,542 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neu Microsoft Office Word-Dokument.docx [2010.09.25 15:48:46 | 479,012,625 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\iPad1,1_3.2.1_7B405_Restore.ipsw [2010.09.24 21:31:18 | 000,423,455 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Foto-0084.jpg [2010.09.24 19:45:39 | 000,000,809 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamSpeak 3 Client.lnk [2010.09.24 14:58:24 | 000,001,546 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\War Of Angels.lnk [2010.09.24 14:58:24 | 000,001,324 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WarOfAngelsRegistration.lnk [2010.09.23 19:40:01 | 000,091,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\59440_143272119050133_100001020366314_210611_3351625_n.jpg [2010.09.23 19:39:56 | 000,099,599 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58714_143272032383475_100001020366314_210608_4668506_n.jpg [2010.09.23 19:39:51 | 000,105,388 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\62955_143271972383481_100001020366314_210606_6658374_n.jpg [2010.09.23 19:39:43 | 000,066,206 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58576_143271569050188_100001020366314_210596_486803_n.jpg [2010.09.23 19:39:39 | 000,071,404 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\59904_143271512383527_100001020366314_210594_634072_n.jpg [2010.09.23 19:39:35 | 000,092,839 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58778_143271465716865_100001020366314_210592_3616781_n.jpg [2010.09.23 19:39:33 | 000,102,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60862_143271442383534_100001020366314_210591_4554289_n.jpg [2010.09.23 19:39:15 | 000,078,093 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60285_143271232383555_100001020366314_210584_6636367_n.jpg [2010.09.23 19:39:11 | 000,081,695 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60373_143271209050224_100001020366314_210583_4643076_n.jpg [2010.09.23 19:39:08 | 000,086,633 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\63791_143271179050227_100001020366314_210582_5452682_n.jpg [2010.09.23 19:39:04 | 000,089,766 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58457_143271149050230_100001020366314_210581_1581744_n.jpg [2010.09.23 19:38:59 | 000,089,715 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60235_143271125716899_100001020366314_210580_7620129_n.jpg [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.21 20:33:16 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.21 19:23:06 | 000,000,847 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware.lnk [2010.10.21 16:31:10 | 003,410,996 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Whoopi Goldberg - Sister Act - Oh Maria.mp3 [2010.10.21 03:13:17 | 000,012,253 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Unbenanntdgfdsg.JPG [2010.10.16 17:18:01 | 003,622,946 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Christina Milian - Am To Pm (instrumental).mp3 [2010.10.16 17:13:47 | 004,364,406 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Stromae - .Alors on danse.mp3 [2010.10.16 17:13:33 | 003,138,949 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Shy&#39;m - Tout Est Dit - Reflets ( bonne version ).mp3 [2010.10.16 17:13:27 | 002,563,002 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Aidonia - Wine N Bubble [Lyrics].mp3 [2010.10.16 17:13:18 | 004,457,611 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Mt Eden Dubstep - Still Alive.mp3 [2010.10.13 23:25:59 | 005,159,936 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\umbrella-4.1.6.exe [2010.10.13 18:41:49 | 000,000,710 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Inception RO Updater.exe.lnk [2010.10.13 18:41:49 | 000,000,670 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Inception RO.exe.lnk [2010.10.13 00:46:54 | 001,290,889 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\SDC15486.JPG [2010.10.12 20:27:21 | 000,230,432 | ---- | C] () -- C:\PA7302.DAT [2010.10.11 12:58:54 | 003,191,612 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Kopie von Sexion D&#39;assaut - Desole.mp3 [2010.10.11 12:35:13 | 004,492,719 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Major Lazer - Bruk Out (Foamo Remix).mp3 [2010.10.11 12:35:04 | 002,554,598 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Mc Cidinho-1 Funk.mp3 [2010.10.11 12:35:00 | 003,191,612 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Sexion D&#39;assaut - Desole.mp3 [2010.10.11 12:34:53 | 002,672,507 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Wiz Khalifa - The Statement [Official Video].mp3 [2010.10.11 12:34:47 | 005,965,189 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Lloyds Tsb Advert Sick Dubstep Remix.mp3 [2010.10.10 11:10:43 | 000,001,858 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Die Sims™ 2 Deluxe.lnk [2010.10.10 10:37:37 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neu Microsoft Office Word-Dokument (2).docx [2010.10.06 21:23:43 | 003,103,872 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\cardigans.lovefool.mp3 [2010.10.05 15:28:13 | 479,012,625 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\iPad1,1_3.2.1_7B405_Restore.ipsw [2010.10.05 15:20:42 | 478,959,325 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\iPad1,1_3.2_7B367_Restore.ipsw [2010.10.02 20:11:18 | 000,115,663 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\my-name-is-khan-wallpaper-1.jpg [2010.10.01 17:47:31 | 010,422,901 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\01. Pas.mp3 [2010.09.30 17:39:29 | 000,154,912 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\AUFTRAG.pdf [2010.09.30 17:11:54 | 000,000,162 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\~$UFTRAG.odt [2010.09.30 17:11:52 | 000,073,656 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\AUFTRAG.odt [2010.09.26 21:51:45 | 000,120,372 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Track13.mp3 [2010.09.26 21:25:47 | 000,011,542 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neu Microsoft Office Word-Dokument.docx [2010.09.25 01:05:56 | 000,423,455 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Foto-0084.jpg [2010.09.24 23:03:26 | 000,000,076 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\aionmemo_c1b89fb0.dat [2010.09.24 19:45:39 | 000,000,809 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamSpeak 3 Client.lnk [2010.09.24 14:58:24 | 000,001,546 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\War Of Angels.lnk [2010.09.24 14:58:24 | 000,001,324 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WarOfAngelsRegistration.lnk [2010.09.23 19:40:01 | 000,091,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\59440_143272119050133_100001020366314_210611_3351625_n.jpg [2010.09.23 19:39:56 | 000,099,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58714_143272032383475_100001020366314_210608_4668506_n.jpg [2010.09.23 19:39:51 | 000,105,388 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\62955_143271972383481_100001020366314_210606_6658374_n.jpg [2010.09.23 19:39:42 | 000,066,206 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58576_143271569050188_100001020366314_210596_486803_n.jpg [2010.09.23 19:39:38 | 000,071,404 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\59904_143271512383527_100001020366314_210594_634072_n.jpg [2010.09.23 19:39:35 | 000,092,839 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58778_143271465716865_100001020366314_210592_3616781_n.jpg [2010.09.23 19:39:32 | 000,102,457 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60862_143271442383534_100001020366314_210591_4554289_n.jpg [2010.09.23 19:39:15 | 000,078,093 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60285_143271232383555_100001020366314_210584_6636367_n.jpg [2010.09.23 19:39:11 | 000,081,695 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60373_143271209050224_100001020366314_210583_4643076_n.jpg [2010.09.23 19:39:07 | 000,086,633 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\63791_143271179050227_100001020366314_210582_5452682_n.jpg [2010.09.23 19:39:04 | 000,089,766 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58457_143271149050230_100001020366314_210581_1581744_n.jpg [2010.09.23 19:38:59 | 000,089,715 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60235_143271125716899_100001020366314_210580_7620129_n.jpg [2010.09.15 03:48:10 | 000,034,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RKHit.sys [2010.09.15 03:20:22 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2010.09.10 03:03:54 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL [2010.08.25 23:37:18 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2010.08.12 03:57:54 | 000,706,624 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.06.07 19:02:03 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys [2010.05.28 02:04:46 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2010.04.21 20:19:05 | 000,164,864 | ---- | C] () -- C:\Programme\UNWISE.EXE [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2010.03.20 20:53:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini [2010.02.23 00:10:18 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI [2010.02.14 18:50:02 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2010.02.14 18:50:02 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2010.02.05 12:50:32 | 000,000,525 | ---- | C] () -- C:\WINDOWS\QIII.INI [2010.01.30 14:30:04 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt [2010.01.30 14:29:12 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010.01.27 00:16:40 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2010.01.26 23:53:23 | 000,139,776 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.26 21:59:12 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2010.01.26 21:50:21 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010.01.26 21:48:14 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll [2010.01.26 21:38:52 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll [2010.01.26 21:33:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009.07.09 03:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll [2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2008.06.18 15:00:50 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\AIO-Auswahl.ini [2008.06.18 14:59:00 | 001,800,192 | ---- | C] () -- C:\WINDOWS\System32\hmtcdres.dll [2008.06.18 14:58:59 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\hmtcd.dll [2008.05.26 23:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 23:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 23:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.04.23 20:00:00 | 000,056,880 | ---- | C] () -- C:\WINDOWS\System32\scvideo.dll [2007.03.20 17:44:02 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.ini [2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll < End of report > [/CODE] 2. OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.10.2010 23:29:40 - Run 3 OTL by OldTimer - Version 3.2.16.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 80,00% Memory free 5,00 Gb Paging File | 5,00 Gb Available in Paging File | 90,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 465,75 Gb Total Space | 288,55 Gb Free Space | 61,95% Space Free | Partition Type: NTFS Computer Name: ALKAN-4A88F3B7D | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [7zip Packen und SFX Erstellen] -- C:\Programme\7-zip\7z_SFX-GUI-Pack.exe "%1" () Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 1 "FirewallDisableNotify" = 0 "FirewallOverride" = 1 "AntiVirusDisableNotify" = 0 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "58186:TCP" = 58186:TCP:*:Enabled:Pando Media Booster "58186:UDP" = 58186:UDP:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "11:TCP" = 11:TCP:*:Enabled:WarriorEpic "11:UDP" = 11:UDP:*:Enabled:WarriorEpic "882:TCP" = 882:TCP:*:Enabled:WarriorEpic "882:UDP" = 882:UDP:*:Enabled:WarriorEpic "575:TCP" = 575:TCP:*:Enabled:WarriorEpic "575:UDP" = 575:UDP:*:Enabled:WarriorEpic "60:TCP" = 60:TCP:*:Enabled:WarriorEpic "60:UDP" = 60:UDP:*:Enabled:WarriorEpic "56:TCP" = 56:TCP:*:Enabled:WarriorEpic "56:UDP" = 56:UDP:*:Enabled:WarriorEpic "629:TCP" = 629:TCP:*:Enabled:WarriorEpic "629:UDP" = 629:UDP:*:Enabled:WarriorEpic "150:TCP" = 150:TCP:*:Enabled:WarriorEpic "150:UDP" = 150:UDP:*:Enabled:WarriorEpic "704:TCP" = 704:TCP:*:Enabled:WarriorEpic "704:UDP" = 704:UDP:*:Enabled:WarriorEpic "584:TCP" = 584:TCP:*:Enabled:WarriorEpic "584:UDP" = 584:UDP:*:Enabled:WarriorEpic "8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher "8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher "58186:TCP" = 58186:TCP:*:Enabled:Pando Media Booster "58186:UDP" = 58186:UDP:*:Enabled:Pando Media Booster "6894:TCP" = 6894:TCP:*:Enabled:League of Legends Launcher "6894:UDP" = 6894:UDP:*:Enabled:League of Legends Launcher "6893:TCP" = 6893:TCP:*:Enabled:League of Legends Launcher "6893:UDP" = 6893:UDP:*:Enabled:League of Legends Launcher "6927:TCP" = 6927:TCP:*:Enabled:League of Legends Launcher "6927:UDP" = 6927:UDP:*:Enabled:League of Legends Launcher "6951:TCP" = 6951:TCP:*:Enabled:League of Legends Launcher "6951:UDP" = 6951:UDP:*:Enabled:League of Legends Launcher "8395:TCP" = 8395:TCP:*:Enabled:League of Legends Launcher "8395:UDP" = 8395:UDP:*:Enabled:League of Legends Launcher "1035:TCP" = 1035:TCP:*:Enabled:Akamai NetSession Interface "5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\DNA\btdna.exe" = C:\Programme\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.) "C:\Programme\FlashGet\flashget.exe" = C:\Programme\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com) "K:\Erdem\Garena\Garena.exe" = K:\Erdem\Garena\Garena.exe:*:Enabled:Garena -- File not found "C:\Programme\Aqua\AquaDownloadern.exe" = C:\Programme\Aqua\AquaDownloadern.exe:*:Enabled:AquaDownloadern -- (CDNetworks) "C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe" = C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- () "C:\Programme\ijji\ijji REACTOR\ijjiOptimizer.exe" = C:\Programme\ijji\ijji REACTOR\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- () "C:\Programme\League of Legends\Air\LolClient.exe" = C:\Programme\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.) "C:\Programme\League of Legends\Game\League of Legends.exe" = C:\Programme\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- () "C:\Programme\Xfire\Xfire.exe" = C:\Programme\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.) "C:\Programme\Street Fighter IV\StreetFighterIV.exe" = C:\Programme\Street Fighter IV\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV -- (CAPCOM U.S.A., INC.) "C:\Programme\Vuze\Azureus.exe" = C:\Programme\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.) "C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft) "C:\Programme\Tunngle\TnglCtrl.exe" = C:\Programme\Tunngle\TnglCtrl.exe:*:Enabled:Tunngle Service -- (Tunngle.net GmbH) "C:\Programme\Tunngle\Tunngle.exe" = C:\Programme\Tunngle\Tunngle.exe:*:Enabled:Tunngle Client -- (Tunngle.net GmbH) "C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin) "C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin) "C:\Programme\FRITZ!DSL\WebwaIgd.exe" = C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin) "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation) "C:\Programme\Java\jre1.6.0_06\bin\javaw.exe" = C:\Programme\Java\jre1.6.0_06\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon) "C:\Nexon\Vindictus\en-US\NMService.exe" = C:\Nexon\Vindictus\en-US\NMService.exe:*:Enabled:Nexon Messenger Core -- (Nexon Corp.) "C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\FJ_Downloader.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\FJ_Downloader.exe:*:Enabled:FreeJack_Downloader -- File not found "C:\Dokumente und Einstellungen\Administrator\Desktop\umbrella-4.1.6.exe" = C:\Dokumente und Einstellungen\Administrator\Desktop\umbrella-4.1.6.exe:*:Enabled:Umbrella - Save your SHSH! -- () "C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HEX-5823-6893-6818\manager.exe" = C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HEX-5823-6893-6818\manager.exe:*:Enabled:Java Update Manager -- File not found ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01AE8E54-F235-74C5-9875-A655C6555634}" = CCC Help Italian "{027AA9DB-7176-2929-ED2E-38C0317F3566}" = Catalyst Control Center Localization All "{050227B0-1E77-D377-A63D-EB5F12318FB8}" = Catalyst Control Center Localization Korean "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{055EE59D-217B-43A7-ABFF-507B966405D8}" = CCC "{071E5FA3-20CA-BE1D-7AE4-D0514507E1C3}" = CCC Help Danish "{07F31E45-2E01-8663-1B57-E826FCDA09E3}" = Catalyst Control Center Localization Japanese "{0834403C-CC0C-D2A3-1684-D04C82D04FE4}" = Catalyst Control Center Localization Russian "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0C0670E5-2D51-42C6-ACFF-CBCB65B7DCDB}" = SplitCam "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4 "{0DE817CB-9294-F350-64F0-36E42D7B27F2}" = CCC Help French "{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6 "{0E2E9FD2-3C63-FBAD-F41E-736CF1DA5BC0}" = Catalyst Control Center Localization Chinese Standard "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{116A277E-6809-825D-BDCB-E32DCDA231E2}" = Catalyst Control Center Graphics Light "{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver "{142D633B-6D5E-43FC-ADCD-BF71C495F91C}_is1" = EKRO Fullclient v1.0 "{147AAF68-A89A-8E2E-97EE-A1F1430F9F68}" = Catalyst Control Center Graphics Previews Common "{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4 "{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4 "{160625BC-937E-6F4A-58F7-6BCB7C74148B}" = ccc-core-preinstall "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{17EAC83B-F259-B0FE-BABC-802E06E03654}" = CCC Help Turkish "{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server "{1BA7B068-4719-42A3-B553-D4ED97434F92}" = ASUS Utilities "{1BF23060-E1E1-2EE1-037D-264D9EC15CBD}" = ccc-core-preinstall "{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4 "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler "{1EFE9082-F3EC-13CA-FD37-E1490531CDF3}" = CCC Help Greek "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{211E8730-5681-49ED-BC6A-78C9F88E95F5}" = Adobe Shockwave Player "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{232D00D0-F1CE-BEE3-58DD-2C826007D917}" = CCC Help Greek "{23FC20B7-0119-B007-B788-0A4EB46336DA}" = Catalyst Control Center Localization Spanish "{241647C2-9318-D048-67BA-E64ED5F2CCC4}" = Catalyst Control Center Core Implementation "{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2 "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21 "{2959C2F1-5C0C-AAEE-1D94-8B3AE1806C31}" = Catalyst Control Center Localization Norwegian "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models "{2B274D3F-8D66-91B3-0555-C0ED7019F3C6}" = CCC Help Russian "{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman) "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4 "{30F4418F-6CBF-9CC2-1AC3-25234DCAD4CE}" = CCC Help English "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{391F4C49-7ADF-84E6-2028-19310E7AC8E1}" = Catalyst Control Center Localization Thai "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3AC0DC58-B167-51D7-4440-2E02F63C942E}" = CCC Help Finnish "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{3F3733A5-8322-454D-A638-3B74E1C83752}" = Gadget Installer "{3FD5A0F7-A39B-06D3-07E5-E0C5DE3267B7}" = CCC Help Japanese "{40EF588A-3C0D-5779-0951-74C0BCA661C2}" = Catalyst Control Center Localization Dutch "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4 "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets "{4514B9C2-8E75-CF9D-B148-8ED40CAA35F0}" = Catalyst Control Center HydraVision Full "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4 "{465AE684-39DF-F8BC-A702-81860DE6EBCF}" = CCC Help Spanish "{46C6315A-8E24-F30C-0EB1-3D22DFACBCD8}" = Catalyst Control Center Localization Turkish "{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4956D70D-E758-7CDC-D131-2895E8A5DAD4}" = CCC Help Spanish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4 "{4A66FB4E-F08F-6DCD-1823-4BDACC6F7D67}" = CCC Help Hungarian "{4D7BE862-435C-0F6F-0558-B3E6DCA839E2}" = CCC Help Portuguese "{5091043D-D941-E17E-1E0F-0B2F1DBE4D9E}" = ccc-core-static "{520AE942-F7F0-8A53-4F34-FED00ADAC639}" = Catalyst Control Center Localization Czech "{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs "{526A494F-8A59-3E10-EEF4-52400B4D72F3}" = Catalyst Control Center Localization Italian "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter "{583F8A3F-2D92-E13B-AF5D-E362DDFA13E7}" = Catalyst Control Center Core Implementation "{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection "{6347B976-4310-4555-A35F-91D607708F07}" = CCC Help Thai "{63886E34-F9F8-378B-A7FB-710C6ED9AAEB}" = ATI Catalyst Install Manager "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{648C8BCF-424F-4C68-AF43-9AB9CF87859E}_is1" = UPXShell 3.2.5.2006 "{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist "{66064139-314F-44B2-805A-0AAC71A32E02}" = ccc-utility "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6CA5F5DC-33C3-D56F-F399-BD5792397089}" = CCC Help English "{6D0955B9-C1D6-CB1C-6CE3-BFAC9696A882}" = CCC Help Polish "{6DA81A72-2C13-34D8-BD98-B60DE6FEB55B}" = ccc-utility "{6EDCACF0-12BD-2BD2-6161-54ABE116B185}" = CCC Help Chinese Standard "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1" = ConTEXT v0.98.6 "{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4 "{7409D3F5-CB81-8ECF-656C-9C096AA7FA7A}" = CCC Help French "{745D2782-BB1E-51EA-5BDB-1E1BE7590594}" = CCC Help English "{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL "{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online "{7B7435AF-62A9-224E-94F2-A5C0408E7894}" = Catalyst Control Center Localization French "{7B8F4AA8-0426-64EF-1727-6E4911446307}" = Catalyst Control Center Localization Portuguese "{7C6B146C-735F-2E95-8A96-450911F3446B}" = CCC Help Portuguese "{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{832D724F-05A2-81D1-B3D0-801761E9EB94}" = Catalyst Control Center Localization German "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01 "{88F1EB35-7E38-AFA6-49DD-ABD004ACA1B1}" = CCC Help Polish "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C377565-02FD-493A-B85F-8D9A33D326F0}" = Aion "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{94928C91-8A2E-A94E-A7EF-C41FBE515718}" = Catalyst Control Center Graphics Previews Common "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3 "{96DA8A90-1BD6-F86A-D51B-B46882A80980}" = ccc-utility "{97AA05F0-CF31-4CFA-F3BD-B6F3A0022579}" = CCC Help Korean "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9879DD41-CD73-4BBC-ADEA-85005979F7F8}" = ccc-core-static "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C244239-ED8E-40f1-937F-51C706CD2160}" = Die Sims™ 2 Deluxe "{A15102F8-B63C-31C5-EDBC-D3614AFAA13D}" = CCC Help Norwegian "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A454D257-0E6D-BCD1-2A10-78FEDB5BB21E}" = Catalyst Control Center Graphics Full New "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A4D4FC6F-5BE6-4ECB-49CC-AFD566A93F23}" = Catalyst Control Center Graphics Full Existing "{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4 "{A73FBA2D-7C64-F293-3140-EB02DDBEFA2E}" = Catalyst Control Center Localization Hungarian "{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.10.509 "{AC2B4022-8F75-6AA5-612F-9598EFD31C9B}" = Catalyst Control Center InstallProxy "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch "{AD0F1745-3B34-443B-E137-A21271A17D74}" = CCC Help Chinese Traditional "{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser "{AEBE3F70-585E-17C7-C91D-964C91772410}" = ccc-utility "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4 "{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4 "{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support "{B3542011-52A1-8782-EEB9-B72AB9EC7336}" = Catalyst Control Center Graphics Light "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4 "{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel "{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = Alky for Applications (Windows XP) "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver "{C1D27535-0AD9-1BFB-7F76-2E74BED09A41}" = Catalyst Control Center Localization Danish "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C33228F4-D34B-4271-B3B4-E973BA67B230}" = SPEEDLINK SL-6825 Snappy Webcam "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3 "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CBD87C29-38A1-FEBB-1A29-B8412B47509C}" = Catalyst Control Center Graphics Previews Common "{CC37A914-E541-4A79-0DF8-B746444E7D5A}" = Catalyst Control Center Localization Polish "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CD23CF9D-7B10-C68C-7390-97EC5087E1F4}" = CCC Help Dutch "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1DD73EB-36DE-D4E8-421A-88D0C8FD998F}" = ccc-core-static "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4 "{D54640A3-2C2B-4CB1-9666-01E55F54E7F5}" = NCsoft Launcher "{D5D0178D-57E4-C32C-5275-401F384303A7}" = CCC Help Hungarian "{D70552B4-B68A-367B-F669-552E97667F32}" = CCC Help German "{D824F44B-B6AF-E93D-F7A3-19E02319B751}" = Catalyst Control Center Localization Finnish "{DA932D71-E52A-43D5-009E-395A1AEC1474}" = Die Sims™ Lebensgeschichten "{DBAA7DF5-7DE0-DD8D-A748-5A35AC2DA420}" = CCC Help Italian "{DD7C56A2-8E85-AABA-D807-F61C135CC1AE}" = Catalyst Control Center Graphics Full Existing "{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4 "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E320ECE8-FE7F-425C-8F8C-33C1D9907F93}" = SlimDrivers "{E41B53EF-A153-4A11-5155-AE9DEF42EDE2}" = Catalyst Control Center Localization Greek "{E7137FEB-B06C-781F-2ACF-962AF992FC2D}" = Catalyst Control Center Localization Swedish "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E8D57727-8BC3-F093-A3EE-94BDD55305F5}" = CCC Help Czech "{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup "{E9BB066A-632F-4849-CDD4-5B7BCFB285B6}" = Catalyst Control Center Graphics Full New "{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby "{EEDE89A0-9412-52AF-563D-A335D6C00BA5}" = CCC Help Swedish "{F08826AF-C414-6921-9A50-D39972C7D975}" = CCC Help German "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1972370-E7EE-B572-761B-FB7FAE17595F}" = Catalyst Control Center Localization Chinese Traditional "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F454F142-7241-D804-D067-CCCE016643C3}" = Skins "{F527C466-971D-B4EE-BBF7-076C805C1F59}" = CCC Help English "{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage "{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs "{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US) "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0) "65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0) "8461-7759-5462-8226" = Vuze "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_14cffbe014b566bef9e9125ea146ab9" = Adobe Creative Suite 4 Master Collection "Akamai" = Akamai NetSession Interface "AquaDownloadern" = AquaDownloadern 2,1,56,0 "Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.20 "ASIO4ALL" = ASIO4ALL "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode) "AutocompletePro3_is1" = AutocompletePro "Avidemux 2.5" = Avidemux 2.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BandiMPEG1" = Bandisoft MPEG-1 Decoder "Burn4Free" = Burn4Free CD and DVD "CCleaner" = CCleaner "Collab" = Collab "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Creative WebCam Center" = "Daniusoft Video Converter_is1" = Daniusoft Video Converter(Build 2.1.1.0) "Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2) "ENTERPRISE" = Microsoft Office Enterprise 2007 "FlashGet" = FlashGet 1.9.6.1073 "Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.4 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free DVD Video Converter_is1" = Free DVD Video Converter version 1.1 "Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1 "Free Studio_is1" = Free Studio version 4.3 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2 "HijackThis" = HijackThis 2.0.2 "HotspotShield" = Hotspot Shield 1.49 "ie7" = Internet Explorer 7 "IL Download Manager" = IL Download Manager "Inception RO Installer 1.00" = Inception RO Installer 1.00 "InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online "InstallShield_{C33228F4-D34B-4271-B3B4-E973BA67B230}" = SPEEDLINK SL-6825 Snappy Webcam "LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15 "LAME for Audacity_is1" = LAME v3.98.2 for Audacity "League of Legends_is1" = League of Legends "LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Mozilla Firefox (3.5.14)" = Mozilla Firefox (3.5.14) "Neffy" = Neffy 1,3,29,0 "NVIDIA Drivers" = NVIDIA Drivers "OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter "PoiZone" = PoiZone "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "Ragnarok Online" = Ragnarok Online "Runtimes" = Allgemeine Runtime Dateien "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "Street Fighter IV_is1" = Street Fighter IV "TaskSwitchXP" = TaskSwitchXP "TeamSpeak 3 Client" = TeamSpeak 3 Client "Theme 1.00" = Theme 1.00 "TuneUp Utilities" = TuneUp Utilities "Tunngle beta_is1" = Tunngle beta "Uninstall_is1" = Uninstall 1.0.0.1 "Unlocker" = Unlocker 1.8.6 "Vindictus" = Vindictus "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "VLC media player" = VLC media player 1.0.5 "WarOfAngels" = War Of Angels "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Sidebar" = Windows Sidebar "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Xfire" = Xfire (remove only) "XP Codec Pack" = XP Codec Pack "XPize Darkside" = XPize Darkside 2.1 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "XPSP3UPPACK" = Sereby's XP SP3 Updatepack Version 3.8.6 "xvid" = XviD MPEG-4 Video Codec ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent DNA" = DNA "Facebook Plug-In" = Facebook Plug-In "Google Chrome" = Google Chrome "InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 20.10.2010 18:11:07 | Computer Name = ALKAN-4A88F3B7D | Source = Bonjour Service | ID = 100 Description = 244: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 20.10.2010 18:11:07 | Computer Name = ALKAN-4A88F3B7D | Source = Bonjour Service | ID = 100 Description = 240: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 20.10.2010 18:11:07 | Computer Name = ALKAN-4A88F3B7D | Source = Bonjour Service | ID = 100 Description = 404: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 20.10.2010 18:11:07 | Computer Name = ALKAN-4A88F3B7D | Source = Bonjour Service | ID = 100 Description = 396: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 20.10.2010 18:11:07 | Computer Name = ALKAN-4A88F3B7D | Source = Bonjour Service | ID = 100 Description = 416: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 21.10.2010 11:02:22 | Computer Name = ALKAN-4A88F3B7D | Source = Bonjour Service | ID = 100 Description = 244: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 21.10.2010 11:02:22 | Computer Name = ALKAN-4A88F3B7D | Source = Bonjour Service | ID = 100 Description = 240: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 21.10.2010 11:02:22 | Computer Name = ALKAN-4A88F3B7D | Source = Bonjour Service | ID = 100 Description = 408: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 21.10.2010 11:02:22 | Computer Name = ALKAN-4A88F3B7D | Source = Bonjour Service | ID = 100 Description = 400: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error - 21.10.2010 11:02:22 | Computer Name = ALKAN-4A88F3B7D | Source = Bonjour Service | ID = 100 Description = 420: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) [ System Events ] Error - 17.10.2010 19:20:12 | Computer Name = ALKAN-4A88F3B7D | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D. Error - 18.10.2010 07:26:01 | Computer Name = ALKAN-4A88F3B7D | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D. Error - 18.10.2010 07:26:01 | Computer Name = ALKAN-4A88F3B7D | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D. Error - 18.10.2010 07:34:27 | Computer Name = ALKAN-4A88F3B7D | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D. Error - 18.10.2010 07:34:27 | Computer Name = ALKAN-4A88F3B7D | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D. Error - 20.10.2010 18:10:07 | Computer Name = ALKAN-4A88F3B7D | Source = DCOM | ID = 10010 Description = Der Server "{DC0C2640-1415-4644-875C-6F4D769839BA}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 20.10.2010 20:53:16 | Computer Name = ALKAN-4A88F3B7D | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D. Error - 20.10.2010 20:53:16 | Computer Name = ALKAN-4A88F3B7D | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D. Error - 20.10.2010 21:04:23 | Computer Name = ALKAN-4A88F3B7D | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D. Error - 20.10.2010 21:04:23 | Computer Name = ALKAN-4A88F3B7D | Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D. < End of report > [/CODE] |
22.10.2010, 14:35 | #9 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswertenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
22.10.2010, 14:47 | #10 |
| Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten wie nicht erreichen? o.o ( hab kein plan wieso ) und falls es hilft wenns auf antivir klicken will kommt ein error :" onDblClick()failed " kann nur mit ok bestätigen. und wenn ich halt mozilla öffne kommt auch ein error ( was üblicherweise auch nie da war ) :" Auf das angegebene Gerät bzw. den Pfad oder die Datei kann nicht zugegriffen werden. Sie verfügen eventuell nicht über ausreichende Berechtigung, um auf das Element zugreifen zu können. " mit nem klick auf OK geht mozilla auf. ( als Pfad ist C:\Programme\Java\jre6\lib\deploy\.....\jqsnotify.exe angegeben) Wenn ich auf Systemsteuerung -> System -> Hardware klicke, ebenfalls ein error das ich auf das angegebene Gerät bzw. den Pfad oder die Datei kann nicht zugegriffen werden. Sie verfügen eventuell nicht über . . . .. Bin als Admin drin und hab auch nur dieses Konto. Hoffe die Infos können bei der Behebung meines Problems helfen >.< Ahja und wenn ich Ad Aware starten will, steht da failed to connect to service obwohl internet usw besteht ( genau so wie im game League of legends ) und wenn ich den Internet explorer starte und ca eine sek warte, ist es so als ob die maus 1000 mal auf aktualisieren klicken würde ohne ein Ende ( kann es dann nur noch über task manager schließen ). Geändert von Naze (22.10.2010 um 15:03 Uhr) |
23.10.2010, 14:54 | #11 |
| Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten und schon eine idee was ich noch machen könnte? . . . |
23.10.2010, 14:54 | #12 |
| Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten sry wegen doppelpost >.< |
23.10.2010, 19:16 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten Lade dir Lop S&D herunter. Führe Lop S&D.exe per Doppelklick aus. VISTA-User: Rechtsklick => Ausführen als Admin!! Wähle die Sprache deiner Wahl und anschließend die Option 1. Warte bis der Scanbericht erstellt wird und poste ihn hier (Du findest ihn unter C:\lopR.txt, sollte der Bericht nicht erscheinen).
__________________ Logfiles bitte immer in CODE-Tags posten |
24.10.2010, 10:23 | #14 | |
| Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswertenZitat:
"C/Lop SD/LopSD.cmd" konnte nicht gefunden werden. Stellen Sie sicher, das sie den Namen korrekt eingegeben haben und wiederholen Sie den Vorgang. Klicken Sie auf "Start" und anschließend auf "Suchen", um eine Datei zu suchen. |
24.10.2010, 14:03 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten Naja, dann vergiss mal Lop S&D... Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL DRV - (xhunter1) -- C:\WINDOWS\xhunter1.sys File not found DRV - (XDva359) -- C:\WINDOWS\System32\XDva359.sys File not found DRV - (XDva347) -- C:\WINDOWS\System32\XDva347.sys File not found DRV - (XDva346) -- C:\WINDOWS\System32\XDva346.sys File not found DRV - (XDva343) -- C:\WINDOWS\System32\XDva343.sys File not found DRV - (XDva341) -- C:\WINDOWS\System32\XDva341.sys File not found DRV - (XDva296) -- C:\WINDOWS\System32\XDva296.sys File not found DRV - (XDva295) -- C:\WINDOWS\System32\XDva295.sys File not found DRV - (vtany) -- C:\WINDOWS\vtany.sys File not found DRV - (Video3D) -- C:\WINDOWS\System32\Drivers\Video3D32.sys File not found DRV - (GarenaPEngine) -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\MMZ21.tmp File not found DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found DRV - (ADASPROT) -- C:\Programme\Advanced System Optimizer 3\adasprot32.sys File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0412655f-ab85-11df-bc09-00306724cd87}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{0412655f-ab85-11df-bc09-00306724cd87}\Shell\AutoRun\command - "" = K:\POGRJESILA\maychi.exe -- File not found O33 - MountPoints2\{0412655f-ab85-11df-bc09-00306724cd87}\Shell\explore\command - "" = K:\POGRJESILA\\maychi.exe -- File not found O33 - MountPoints2\{0412655f-ab85-11df-bc09-00306724cd87}\Shell\open\command - "" = K:\POGRJESILA\\maychi.exe -- File not found O33 - MountPoints2\{ad4f4174-1aef-11df-bafe-001cdf78a371}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ad4f4174-1aef-11df-bafe-001cdf78a371}\Shell\AutoRun\command - "" = K:\muza\sguza.exe -- File not found O33 - MountPoints2\{ad4f4174-1aef-11df-bafe-001cdf78a371}\Shell\explore\command - "" = K:\muza\\sguza.exe -- File not found O33 - MountPoints2\{ad4f4174-1aef-11df-bafe-001cdf78a371}\Shell\open\command - "" = K:\muza\\sguza.exe -- File not found O33 - MountPoints2\{b55eb244-748b-11df-bbb7-00306724cd87}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b55eb244-748b-11df-bbb7-00306724cd87}\Shell\AutoRun\command - "" = K:\rane\kure.exe -- File not found O33 - MountPoints2\{b55eb244-748b-11df-bbb7-00306724cd87}\Shell\explore\command - "" = K:\ O33 - MountPoints2\{b55eb244-748b-11df-bbb7-00306724cd87}\Shell\open\command - "" = K:\rane\\kure.exe -- File not found O33 - MountPoints2\{c2c35c96-197d-11df-baf9-001cdf78a371}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c2c35c96-197d-11df-baf9-001cdf78a371}\Shell\AutoRun\command - "" = K:\POGRJESILA\maychi.exe -- File not found O33 - MountPoints2\{c2c35c96-197d-11df-baf9-001cdf78a371}\Shell\explore\command - "" = K:\POGRJESILA\\maychi.exe -- File not found O33 - MountPoints2\{c2c35c96-197d-11df-baf9-001cdf78a371}\Shell\open\command - "" = K:\POGRJESILA\\maychi.exe -- File not found O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\POGRJESILA\maychi.exe -- File not found O33 - MountPoints2\K\Shell\explore\command - "" = K:\POGRJESILA\\maychi.exe -- File not found O33 - MountPoints2\K\Shell\open\command - "" = K:\POGRJESILA\\maychi.exe -- File not found [2010.10.13 23:26:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\.shsh :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten |
.com, ad-aware, antivir guard, auswerten, avira, bho, bonjour, browser, desktop, excel, firefox, google, hijack, hijackthis, hkus\s-1-5-18, hotspot, hotspot shield, hängen, log auswerten, nicht mehr öffnen, plug-in, problem, scan, senden, server, software, spyware, starten, u.s.w., virus, windows, windows xp, yontoo |