Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Verdacht auf Schädlinge,Hijackthis Analyse

Verdacht auf Schädlinge,Hijackthis Analyse


Log-Analyse und Auswertung: Verdacht auf Schädlinge,Hijackthis Analyse

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 12.01.2011, 10:18   #1
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Schädlinge,Hijackthis Analyse - Standard

Verdacht auf Schädlinge,Hijackthis Analyse


Hallo und

Zitat:
Platform: Windows Vista SP1 (WinNT 6.00.1905)
Warum nur SP1?

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.01.2011, 11:12   #2
standardhans
 
Verdacht auf Schädlinge,Hijackthis Analyse - Standard

Verdacht auf Schädlinge,Hijackthis Analyse


Habe mir jetzt Malwarebytes runtergeladen und lasse nen Vollscan machen.
Die Logs von OTL poste ich dann später mit dem Malwarebytes Result zusammen.

Und irgendwie kriege ich keine höhere SP von Vista drauf.
Ich weiß leider nicht warum.
__________________
Alt 12.01.2011, 16:20   #3
standardhans
 
Verdacht auf Schädlinge,Hijackthis Analyse - Standard

Verdacht auf Schädlinge,Hijackthis Analyse


Also hier das Log vom Malwarebytes:

Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5506

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18999

12.01.2011 15:55:34
mbam-log-2011-01-12 (15-55-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 122119
Laufzeit: 47 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Und die zwei vom OTL :

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.01.2011 10:50:49 - Run 1
OTL by OldTimer - Version 3.2.20.1     Folder = C:\Users\Batu\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): c:\pagefile.sys 3000 5000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 37,89 Gb Free Space | 26,30% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 124,38 Gb Free Space | 86,37% Space Free | Partition Type: NTFS
Drive F: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: BATU-PC | User Name: Batu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Batu\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Users\Batu\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Batu\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (xusb21) -- C:\Windows\System32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (xnacc) -- C:\Windows\System32\drivers\xnacc.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.faridbang.com"
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.0.9
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.7
FF - prefs.js..extensions.enabledItems: {e213bb8f-8ebd-11db-96b7-005056c00008}:3.0.0.91
FF - prefs.js..extensions.enabledItems: Office2007Black@JBBS:1.5.5
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.11 15:14:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.19 19:10:41 | 000,000,000 | ---D | M]
 
[2010.04.20 18:06:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Batu\AppData\Roaming\mozilla\Extensions
[2011.01.11 16:20:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Batu\AppData\Roaming\mozilla\Firefox\Profiles\uumq2u4w.default\extensions
[2010.10.12 06:48:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Batu\AppData\Roaming\mozilla\Firefox\Profiles\uumq2u4w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.09 21:13:50 | 000,000,000 | ---D | M] (HyperCam Toolbar) -- C:\Users\Batu\AppData\Roaming\mozilla\Firefox\Profiles\uumq2u4w.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2010.10.12 06:48:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Batu\AppData\Roaming\mozilla\Firefox\Profiles\uumq2u4w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.12 06:48:10 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\Batu\AppData\Roaming\mozilla\Firefox\Profiles\uumq2u4w.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2010.06.06 16:21:21 | 000,000,000 | ---D | M] (myFireFox) -- C:\Users\Batu\AppData\Roaming\mozilla\Firefox\Profiles\uumq2u4w.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}
[2010.11.13 13:35:39 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Batu\AppData\Roaming\mozilla\Firefox\Profiles\uumq2u4w.default\extensions\firefox@tvunetworks.com
[2010.10.12 06:48:09 | 000,000,000 | ---D | M] (Office Black) -- C:\Users\Batu\AppData\Roaming\mozilla\Firefox\Profiles\uumq2u4w.default\extensions\Office2007Black@JBBS
[2010.06.06 16:21:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Batu\AppData\Roaming\mozilla\Firefox\Profiles\uumq2u4w.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008}\chrome\mozapps\extensions
[2011.01.11 16:20:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.12.19 19:10:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.12.19 19:10:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.12.19 19:10:32 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.05.25 17:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.08.04 17:49:21 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.04 17:49:21 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.04 17:49:21 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.04 17:49:21 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.04 17:49:21 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.11.25 20:55:59 | 000,000,854 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 210.249.144.166 we9stun.winning-eleven.net
O1 - Hosts: 217.112.88.118 pes6gate-ec.winning-eleven.net
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programme\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\HyperCam Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1026/Navigram.cab (Navigram Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.4 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Batu\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Batu\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.02.10 02:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 07:21:09 | 000,000,000 | ---D | M] - F:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2010.01.31 09:21:13 | 000,367,686 | R--- | M] () - F:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 03:55:03 | 009,965,568 | R--- | M] () - F:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 03:54:55 | 000,000,155 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{af3fc1c0-f008-11df-934d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{af3fc1c0-f008-11df-934d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2010.02.10 02:55:59 | 000,423,304 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{d510fc74-3a76-11df-842e-001377d0d7ee}\Shell - "" = AutoRun
O33 - MountPoints2\{d510fc74-3a76-11df-842e-001377d0d7ee}\Shell\adobe\command - "" = G:\goodies\ar405deu.exe -- File not found
O33 - MountPoints2\{d510fc74-3a76-11df-842e-001377d0d7ee}\Shell\AutoRun\command - "" = G:\aocsetup.exe -- File not found
O33 - MountPoints2\{d510fc74-3a76-11df-842e-001377d0d7ee}\Shell\log\command - "" = G:\goodies\machine\machine.exe -- File not found
O33 - MountPoints2\{d510fc74-3a76-11df-842e-001377d0d7ee}\Shell\machine\command - "" = G:\goodies\machine\machine.exe -- File not found
O33 - MountPoints2\{d510fc74-3a76-11df-842e-001377d0d7ee}\Shell\setup\command - "" = G:\aocsetup.exe -- File not found
O33 - MountPoints2\{d510fc74-3a76-11df-842e-001377d0d7ee}\Shell\zone\command - "" = G:\goodies\mszone\zonea660.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.12 10:30:20 | 000,000,000 | ---D | C] -- C:\Users\Batu\AppData\Roaming\Malwarebytes
[2011.01.12 10:29:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Batu\Desktop\OTL.exe
[2011.01.12 10:29:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.01.12 10:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.01.12 10:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.12 10:29:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.01.12 10:29:19 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.01.09 21:13:47 | 000,000,000 | ---D | C] -- C:\Programme\HyperCam Toolbar
[2011.01.09 21:13:20 | 000,000,000 | ---D | C] -- C:\Users\Batu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HyperCam 2
[2011.01.09 21:13:19 | 000,000,000 | ---D | C] -- C:\Programme\HyCam2
[2011.01.09 18:09:41 | 000,000,000 | ---D | C] -- C:\Users\Batu\Desktop\Neues Verzeichnis
[2011.01.09 18:06:17 | 000,000,000 | ---D | C] -- C:\Users\Batu\Desktop\SD_VIDEO
[2011.01.09 16:24:24 | 000,000,000 | ---D | C] -- C:\Users\Batu\Documents\Emicsoft Studio
[2011.01.09 16:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emicsoft
[2011.01.09 16:24:10 | 000,000,000 | ---D | C] -- C:\Programme\Emicsoft Studio
[2011.01.09 03:41:59 | 000,000,000 | ---D | C] -- C:\Users\Batu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.01.08 18:02:45 | 000,000,000 | ---D | C] -- C:\Users\Batu\Documents\Turbo Lister Backup
[2011.01.08 17:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010.12.19 19:20:30 | 000,000,000 | ---D | C] -- C:\Users\Batu\bluej
[2010.12.19 19:14:04 | 000,000,000 | ---D | C] -- C:\Programme\Sun
[2010.12.19 19:10:41 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.12.19 19:10:40 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.12.19 19:10:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.12.19 19:10:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.12.19 17:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueJ
[2010.12.19 17:16:13 | 000,000,000 | ---D | C] -- C:\BlueJ
[2010.12.15 15:41:37 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.15 15:41:33 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.15 15:41:33 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.15 15:41:33 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.15 15:41:31 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.15 15:41:29 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.15 15:41:29 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.15 15:41:29 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.15 15:41:25 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.15 15:41:25 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.12.15 15:41:24 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.12.15 15:41:24 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.15 15:41:24 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.12.15 15:41:24 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.15 15:41:24 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.15 15:41:24 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.12.15 15:41:24 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.12.15 15:41:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.12.15 15:41:23 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.12.15 15:41:23 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.12.15 15:41:23 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.12.15 15:41:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.12.15 15:41:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.12.15 15:41:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.12.15 15:41:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.12.15 15:41:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.12 10:45:16 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2856599818-3961926855-1914498154-1003UA.job
[2011.01.12 10:29:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Batu\Desktop\OTL.exe
[2011.01.12 10:29:26 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.12 10:26:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.12 00:17:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.11 23:03:45 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.11 23:03:45 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.11 19:17:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.11 18:24:50 | 010,164,799 | ---- | M] () -- C:\Users\Batu\Desktop\Farid Bang - TEUFELSKREIS    OFFICIAL HQ VIDEO.mp3
[2011.01.11 16:36:46 | 006,224,000 | ---- | M] () -- C:\Users\Batu\Desktop\Farid Bang - TEUFELSKREIS.mp3
[2011.01.09 22:30:47 | 000,690,898 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.01.09 22:30:47 | 000,646,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.01.09 22:30:47 | 000,151,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.01.09 22:30:47 | 000,123,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.01.09 21:45:08 | 000,058,880 | ---- | M] () -- C:\Users\Batu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.09 21:25:36 | 3353,788,416 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.09 21:25:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.01.09 21:24:51 | 016,777,216 | ---- | M] () -- C:\Users\Batu\Documents\clip0004.avi
[2011.01.09 18:17:21 | 313,292,800 | ---- | M] () -- C:\Users\Batu\Desktop\MOV0E8.MOD
[2011.01.09 16:28:27 | 021,348,522 | ---- | M] () -- C:\Users\Batu\Desktop\MOV0E8.mp4
[2011.01.09 16:24:16 | 000,001,148 | ---- | M] () -- C:\Users\Batu\Desktop\Emicsoft Mod Converter.lnk
[2011.01.09 14:10:12 | 000,016,819 | ---- | M] () -- C:\Users\Batu\Desktop\The curious incident_christopher.doc
[2011.01.09 03:45:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2856599818-3961926855-1914498154-1003Core.job
[2011.01.09 03:42:03 | 000,002,037 | ---- | M] () -- C:\Users\Batu\Desktop\Google Chrome.lnk
[2011.01.04 21:23:48 | 000,000,680 | ---- | M] () -- C:\Users\Batu\AppData\Local\d3d9caps.dat
[2011.01.03 15:35:35 | 011,604,668 | ---- | M] () -- C:\Users\Batu\Desktop\Sido_2010.mp3
[2010.12.21 17:27:33 | 000,000,194 | ---- | M] () -- C:\Windows\System32\dmlg.dat
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.20 15:50:05 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.19 19:10:32 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.12.19 19:10:32 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.12.19 19:10:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.12.19 19:10:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.12.16 03:23:36 | 000,397,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2011.01.12 10:29:26 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.11 18:24:20 | 010,164,799 | ---- | C] () -- C:\Users\Batu\Desktop\Farid Bang - TEUFELSKREIS    OFFICIAL HQ VIDEO.mp3
[2011.01.11 16:35:47 | 006,224,000 | ---- | C] () -- C:\Users\Batu\Desktop\Farid Bang - TEUFELSKREIS.mp3
[2011.01.09 21:16:28 | 016,777,216 | ---- | C] () -- C:\Users\Batu\Documents\clip0004.avi
[2011.01.09 16:26:42 | 021,348,522 | ---- | C] () -- C:\Users\Batu\Desktop\MOV0E8.mp4
[2011.01.09 16:24:16 | 000,001,148 | ---- | C] () -- C:\Users\Batu\Desktop\Emicsoft Mod Converter.lnk
[2011.01.09 16:19:57 | 313,292,800 | ---- | C] () -- C:\Users\Batu\Desktop\MOV0E8.MOD
[2011.01.09 14:10:09 | 000,016,819 | ---- | C] () -- C:\Users\Batu\Desktop\The curious incident_christopher.doc
[2011.01.09 03:42:03 | 000,002,037 | ---- | C] () -- C:\Users\Batu\Desktop\Google Chrome.lnk
[2011.01.09 03:40:20 | 000,001,114 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2856599818-3961926855-1914498154-1003UA.job
[2011.01.09 03:40:19 | 000,001,062 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2856599818-3961926855-1914498154-1003Core.job
[2011.01.03 15:35:14 | 011,604,668 | ---- | C] () -- C:\Users\Batu\Desktop\Sido_2010.mp3
[2010.11.25 14:13:41 | 000,000,140 | ---- | C] () -- C:\Users\Batu\AppData\Local\RAExpertHistory.xml
[2010.11.11 12:21:59 | 000,057,344 | ---- | C] () -- C:\Windows\System32\mupkernps11.dll
[2010.11.07 15:55:59 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.07.02 15:26:57 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2010.05.30 20:51:21 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2010.05.30 20:51:21 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010.05.29 13:09:16 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.05.29 13:09:16 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.04.08 23:10:45 | 000,000,680 | ---- | C] () -- C:\Users\Batu\AppData\Local\d3d9caps.dat
[2010.03.30 14:19:23 | 000,058,880 | ---- | C] () -- C:\Users\Batu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.28 15:31:09 | 000,420,920 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.03.27 12:42:57 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.03.27 12:42:57 | 000,138,056 | ---- | C] () -- C:\Users\Batu\AppData\Roaming\PnkBstrK.sys
[2010.03.03 04:06:00 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2008.09.01 13:10:30 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2008.09.01 13:10:30 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2008.09.01 12:46:47 | 000,001,670 | ---- | C] () -- C:\Windows\HotFixList.ini
[2007.03.12 17:59:00 | 000,299,008 | ---- | C] () -- C:\Programme\navigram_register.exe
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2002.07.31 17:32:03 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2001.11.14 04:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1998.06.09 23:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\System32\REPUTIL.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Batu\Desktop\MOV0E8.MOD:TOC.WMV

< End of report >
--- --- ---

[/QUOTE]

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.01.2011 10:50:49 - Run 1
OTL by OldTimer - Version 3.2.20.1     Folder = C:\Users\Batu\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): c:\pagefile.sys 3000 5000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 37,89 Gb Free Space | 26,30% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 124,38 Gb Free Space | 86,37% Space Free | Partition Type: NTFS
Drive F: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: BATU-PC | User Name: Batu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{056178A6-0115-4F30-90A8-4C507D2688A4}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{130A0605-7E66-48CA-8CFB-18FB02866A1C}" = lport=6881 | protocol=6 | dir=in | name=league of legends launcher | 
"{1CCAFF82-C67C-4BF6-A6F9-3EA49C1BE120}" = lport=6881 | protocol=17 | dir=in | name=league of legends launcher | 
"{1F0B0695-2F83-46A4-8CE3-127B0A442ACC}" = lport=6934 | protocol=6 | dir=in | name=league of legends launcher | 
"{2594E44C-078C-4AFF-B066-230A6E9F5D4B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{27A934DB-6073-4A34-8204-4118E5D6B02F}" = lport=6951 | protocol=6 | dir=in | name=league of legends launcher | 
"{2A21D6AA-422D-4D57-BC8A-36BC96FFAA84}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2BAE0F5A-5960-4CB7-B14E-1268CFB4EFE8}" = lport=6927 | protocol=6 | dir=in | name=league of legends launcher | 
"{35B16180-9EBA-4951-8E0D-55A1E9C7A4C7}" = lport=6966 | protocol=6 | dir=in | name=league of legends launcher | 
"{403DDA90-093C-47C7-84FE-B96DCE96BAF6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{429A8B38-A8AF-4C7C-9581-9ED9035B32ED}" = lport=6989 | protocol=17 | dir=in | name=league of legends launcher | 
"{518D8EE6-F328-40FC-802E-31B92D2E2007}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5536BD33-1D09-4FFE-9B1F-7A0BCE7A6E24}" = rport=445 | protocol=6 | dir=out | app=system | 
"{555551F9-F726-40DB-A61F-4187FCBF5308}" = lport=6934 | protocol=17 | dir=in | name=league of legends launcher | 
"{70599453-A427-4020-B11B-6E400D85E9BB}" = lport=6989 | protocol=6 | dir=in | name=league of legends launcher | 
"{7D5966BF-FAC2-41D7-A179-A468D8FB6A40}" = lport=6927 | protocol=17 | dir=in | name=league of legends launcher | 
"{8C9C0452-3E9D-4EF0-A7C4-620B2FEE17BE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{949DEB38-720E-4FA4-984A-06684B29E280}" = lport=138 | protocol=17 | dir=in | app=system | 
"{99E9C7EE-164C-4211-AB36-871C911BC7D6}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{A4C3C354-E933-4BC1-A351-1869960EBA1F}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{A8774147-24CC-4B83-A493-BD4DFF50E236}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{C619B1EB-CFB1-4BE4-B38C-E82B1F2CB630}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{C691E232-7441-4AAA-B176-D9A1523D97AE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D2690371-557C-4DD8-83F8-A75A6E8DAA2A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E99CF2AD-F735-4CC2-8E85-44CA91BD808A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EA9685AE-7D63-4825-86D2-48875FA7BF6A}" = lport=6951 | protocol=17 | dir=in | name=league of legends launcher | 
"{EE22A237-43F0-4BD9-A9C8-C2EADDE39D56}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F8B57CD5-BC6B-40AB-A74A-FBE4C612792C}" = lport=6966 | protocol=17 | dir=in | name=league of legends launcher | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{029CF7E2-831F-4E27-88A2-DB422A9B50E0}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{0312CDE3-F76F-4D2F-8AFD-4A9E68983C64}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{086768A7-5B7A-437D-82FD-C097DC187DFD}" = protocol=17 | dir=in | app=c:\users\batu\documents\world of warcraft\launcher.patch.exe | 
"{088EDB68-DCA1-467F-A931-A7FD883A2231}" = protocol=6 | dir=in | app=c:\users\batu\documents\world of warcraft\launcher.patch.exe | 
"{0A0F4E71-824D-498C-BE09-43EF25998BAB}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{0A91CB9D-558D-4E21-98F3-B81CB72FE63F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mafia ii - public demo\launcher.exe | 
"{1056F2A2-D5ED-4C25-8394-5655C3577277}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{1510D977-D1E0-4281-94EF-C529BFFAA28E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1633AF2B-9328-4160-8B66-6430B6F351D3}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | 
"{18C91CA0-5626-49DD-9B4F-7DFF43685C51}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1B147DD7-3039-462B-B75F-111CA126832B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1D1FF385-C396-4718-9F6B-6DB58CAF16F0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{1E1F1697-24E2-40AD-8897-ABE6237768CD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{20EFFFC5-5BA2-43DC-8664-3DC21ADEC7E3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{212C5A03-2B9C-45E3-B97B-33386DF454F0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{24A30089-0A29-4B3B-BFDB-AA702CDCF704}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{26AF1971-0F25-448E-A143-3B623EA62655}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{279BA155-623A-476D-8491-9861A9282778}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2C966FA2-0F69-46E5-8C18-E06CFB4E6B67}" = protocol=6 | dir=in | app=c:\users\batu\documents\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{2DA8352B-70B5-48DA-A1E3-04E9821CED46}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2EFE6EE4-D407-4405-ADB9-ADADCDD6F89B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2F404B37-66B3-4F9E-BA83-6E3E1F3E0E6A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{30972822-9177-4F3A-ACA9-FB9E6F608A21}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3650B2D8-9B2C-4EEA-8186-35D40E3731BD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\backlash114\counter-strike\hl.exe | 
"{368478AC-3EA9-4D20-AC19-FDB188E214F5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{37E7811B-31C1-44C2-838D-E26C7DAA28E4}" = protocol=17 | dir=in | app=c:\users\batu\documents\world of warcraft\blizzard downloader.exe | 
"{3A1D189D-C1CB-425F-8320-256F885442F6}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{3BB2C46E-A33D-4CAB-9C10-D146AE67143B}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{3DEAA55C-F43A-44BB-BAF1-F79023D1C760}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3E861F6C-E3D3-4F78-BC93-A12AA7C0E4FA}" = protocol=6 | dir=in | app=c:\users\batu\documents\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{3F5CA3B6-D4CF-4FC9-8819-45A9E96751B0}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{422C0CD1-7A61-4B6E-993E-F73C25CDF2E8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{432E9B46-4D48-4D07-8F50-6BF91A12F461}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{45A56F11-A4A2-4D06-8E81-E30334F569CD}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{4A5E0FD1-E23C-443D-B66D-5D5EE49259D5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4CF47823-AA4C-49D5-BA64-20063A425DCB}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{4E143C64-D743-43CE-8518-6C67C60F2C09}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{53609DDC-0599-43DF-9920-268C31C9CB41}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{55A70E46-A598-4736-8075-1A8B805FF042}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{568631AF-02EC-427D-926E-9BC4A2FD28CF}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"{57A7D4AE-5FF3-4F2C-AAA7-06417672FA61}" = protocol=17 | dir=in | app=c:\users\batu\documents\world of warcraft\launcher.exe | 
"{5B45EBA5-1441-433B-8D54-D6E6A135009F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5BEDA14E-A455-4A94-88E4-49D268E631ED}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5E8C306B-BF24-49E1-83DF-D3D72CD622A3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5FF350B8-0717-4593-BAA0-230F1B9A69F8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6098E2DA-4EB1-498B-A09A-DB11AB5EBE55}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{62645202-74FB-4DFD-96F9-55AE715785F4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{649FC1C5-2489-4820-8AC3-FE81C16922BE}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{665826B8-6534-45AE-9227-E5878783AB1E}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{66BF1322-C4DA-4AD7-A49A-C2498176CA5B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{672529DD-D709-4605-870C-A7394400820F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6920652C-0B08-4354-9F5C-A04EB3537593}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6B4B3385-504B-4F13-A041-A530CCAA1D08}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6C3DEE16-46B9-4378-A079-8EC1A698C242}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6F69525D-B7B3-40DD-8D6C-CA98F8F912A8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{70FE4960-43D5-4D4A-9E8F-654608C5ADF1}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{744ACA58-821A-415B-97F4-4A7CC5AF3ED9}" = protocol=6 | dir=in | app=c:\users\batu\documents\world of warcraft\blizzard downloader.exe | 
"{74BAFA71-B555-41A1-A33C-8C0E8FC345FF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7584A5C2-A879-4945-BBD9-31FF57283592}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{766DD927-1252-4A68-8DC3-3D2C329ECCDE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{7A6D2019-8BA5-4F48-A5CF-46BCB04BB7E2}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{7BDA172E-9CD3-4F37-831A-8194AA7CE027}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7E787EEF-6DE2-4C7D-8318-991B6FD359DF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7F609831-575D-4E80-BDF2-AC3889B82886}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8166064B-5E35-416C-A61B-71521DE9EFE0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8770747F-6D38-459A-B2BD-9A488EED1CE0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{883E5188-51AD-44AB-8812-1E22B83C40B0}" = protocol=6 | dir=in | app=c:\users\batu\documents\world of warcraft\launcher.exe | 
"{89609C86-97C0-410A-8154-D76AC7B03F8D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8BD1D516-C1FB-483D-B39C-73D55A1D9ED5}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{8CA32F7A-AA28-426C-A759-9D24D811793F}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{8EBFE8A5-8C83-4B06-9387-C4F465FD1480}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8FF19249-AB35-4A66-8609-652E304B9E41}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{92C7B342-341F-4E4E-910D-9970474D367F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9623CD88-8399-4250-9E48-531B0BC3CCFB}" = protocol=17 | dir=in | app=c:\users\batu\documents\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{9E348F31-8F84-4E94-A855-3E38E53BC1B8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\backlash114\counter-strike\hl.exe | 
"{A1DC3639-892D-453F-A954-190CFBBF7D43}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{A516EA32-7229-4AAD-B993-6ADC86728534}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A78793B3-4784-40CA-99D9-233020EEB540}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AA2BFE7F-3DFA-4BAC-B507-10511188CC61}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AB3EF88C-3AD8-4BCB-912B-F0B046D0915C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ADFFF7BD-2E02-4B15-B9E3-966495016DFF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B31C9C82-511E-4453-A1A3-A8787D44C8B6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B6C78B96-047F-42A2-A54A-63E123E2012F}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"{BC36DA0A-7DC2-46C2-8518-DCCE26A9622B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C38D415E-DD14-44EC-ADD3-150D6952F5FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C60E383E-B85F-4FB4-ADE0-03149EAF5D40}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C6B7D3B1-65C1-4C89-8400-CA25EBF7029D}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{C71AA6FE-7949-4F74-BEB1-091ADA78CB29}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CABBCCA9-A914-4FBB-8285-25FDA7EF1E07}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CD58F55D-B8D9-42FB-BA89-A0934D912022}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{D1476ADE-BA7F-458C-8F37-9AC9DC232CBB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\backlash114\counter-strike\hl.exe | 
"{D237B27B-12D4-43F7-965A-0F06B2789434}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D24CE48C-8E2E-4DF6-8C2C-F06324FA97CE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{D47D88BB-A16F-4BE3-A475-B5DFA74EEAC0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{D4B9A9A8-C529-4ED8-AE53-28AD31B57A94}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D697E190-41ED-4C2E-ACC0-F0356BD027BD}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{D7E8D7D0-C5ED-408C-BCA6-378B4FD9098A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{D8B83539-90C2-42EF-988A-219DA7F14BF4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DBD7DBEB-0B7E-4B29-AC0F-9E86261D6796}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DF887EF5-C92C-445A-95B0-6FF5F6F2A38B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E220073A-FC24-4BFE-8243-88D54B2C4496}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E406348F-C5BE-4F1C-AE52-6BEB3A8D58B8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E623618B-B52B-44D5-BAF7-CD7286C28517}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{EE2A8CF6-A7B2-40AB-8BCB-A0508F4B5CEF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\backlash114\counter-strike\hl.exe | 
"{F0A8D9E6-6BCB-46D6-8571-D4F176E71196}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{F58E86D2-49AF-43A0-8140-37730459A4F9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FCBA730C-71D1-40B2-9CFE-8D74623FEF51}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FD411F2D-B26E-46AA-95DE-39CEBF1C2F44}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FD7C95CA-EC8F-45EE-BA55-B48AA4445268}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mafia ii - public demo\launcher.exe | 
"{FFE9D785-BE13-490E-B302-A7D36945E242}" = protocol=17 | dir=in | app=c:\users\batu\documents\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"TCP Query User{0243A4C0-EF26-414C-9A7A-8155EAEEAED0}C:\program files\konami\pro evolution soccer 6\pes6.exe" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 6\pes6.exe | 
"TCP Query User{17CEE26C-6652-48D8-92AE-4F74AFD3A245}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"TCP Query User{31BD972C-F04F-4E59-8F65-55CA2ED7A6B3}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"TCP Query User{34E32580-52FD-4743-B6B1-35AF2658F0BC}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{5C059087-AEDC-4A09-BDC6-75AE4C6C93E5}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
"TCP Query User{6B0F9291-0385-41D0-83A7-B5CA8466C1D3}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"TCP Query User{73CD5417-B051-4CBB-82A4-82464AD948BE}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | 
"TCP Query User{740DDABF-31A1-46C7-9125-6BC1E9C178C0}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{75E53DB0-CEC4-48AF-87D6-90AF02BD586B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{83E04BA4-10B6-4F5A-AA11-7933D439DFAD}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
"TCP Query User{B409E98C-EFAB-442C-873F-869E02288443}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{BDB5C4C8-6621-4AF8-B543-4516AD547017}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"TCP Query User{CE0B6749-C18F-41D8-AA1B-18C53FD7C948}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{D14F522E-1DD5-4DE2-960B-12344ED3EEC1}C:\users\batu\documents\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\batu\documents\world of warcraft\launcher.exe | 
"TCP Query User{D238D688-1D9E-45EC-A7AC-1E5C9AF09FE7}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | 
"TCP Query User{EA71F61C-ECE1-45C2-84E8-C67D93E0103C}C:\program files\konami\pro evolution soccer 6\pes6.exe" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 6\pes6.exe | 
"TCP Query User{F788635D-38A0-40B1-B66F-545A66430816}C:\users\batu\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\batu\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{0D0B027F-F71D-42B1-AD57-CA9B7D0C7312}C:\users\batu\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\batu\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{24E15B11-BDEF-4EA9-BB49-E5F98E747269}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{3B9E7A06-7285-47BA-ACA0-3EA2C4F03336}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{50634481-4AFE-401F-83A5-0AC3E8EC4D46}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"UDP Query User{5109E50B-E443-4A2C-AF64-A208DBE29945}C:\program files\konami\pro evolution soccer 6\pes6.exe" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 6\pes6.exe | 
"UDP Query User{607BC0C5-8A40-46CB-A15F-0B5E5C20F660}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{667E65BE-5823-4A03-AF70-1C82853A3D3C}C:\users\batu\documents\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\batu\documents\world of warcraft\launcher.exe | 
"UDP Query User{6B9EE997-E2B8-4F1D-8501-4B7DD2AE469A}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
"UDP Query User{6D563785-6C84-4538-BC8F-8B175D4B4AFC}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"UDP Query User{7A71F3CE-2500-456F-947A-18E096055898}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | 
"UDP Query User{7D7892BB-1128-4936-9A91-817906CBA24E}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{A93CB47D-DA4A-4C63-B21C-81967CC63967}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | 
"UDP Query User{A99B8166-4168-4DA0-B89C-02456C147BD1}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"UDP Query User{B5F541C5-D92C-4A89-B423-E2BA21CD5398}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{C2F6A2C0-702F-49A3-9262-B2D27196D774}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | 
"UDP Query User{CAD3C3DB-D8FA-4D8A-BA1C-670AFA3FE0AB}C:\program files\konami\pro evolution soccer 6\pes6.exe" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 6\pes6.exe | 
"UDP Query User{E144F8E0-998D-43E0-9C1E-6C547C0EFAE5}C:\program files\microsoft games\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{00D8A43D-4FE6-7AF1-FE10-05B87B07831E}" = CCC Help English
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{043641A4-F4D1-02B6-FFAA-136789EA576A}" = Skins
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{17DB2BEE-2FD6-456F-5E5D-C38DB1ABC8B5}" = ccc-core-static
"{190E76A9-B26C-10C3-4A24-69AD81012067}" = ccc-utility
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}" = Easy Network Manager 4.0
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{32A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java(TM) SE Development Kit 6 Update 20
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3749D33C-26C8-4669-ACAA-DA3B0ADA67B6}" = Das große Tafelwerk interaktiv
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{471D55BB-00D1-F4C9-DDC5-BD8B848E204C}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{7B233975-3F27-8A78-EFE7-2017DB517AEC}" = Catalyst Control Center InstallProxy
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{80732880-FEE7-64BD-A213-1B5EE5D623B7}" = ATI Catalyst Install Manager
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8C453F13-6877-4D34-8816-009ABDE306DB}" = Prince of Persia The Sands of Time
"{8CBD3538-4A61-7040-A989-D5CAEEABB12C}" = Catalyst Control Center Localization All
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9DB192F7-BABD-9205-4F47-69BFC5CE12AB}" = Catalyst Control Center Graphics Previews Vista
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A5B5B6D8-DE44-44A3-90C4-8C07A1E0FAD4}" = WBFS Manager 2.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}" = Microsoft Xbox 360 Accessories 1.2
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D02A3DBC-6A86-2FB3-699F-6F95BD7A811E}" = Catalyst Control Center Graphics Full New
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DB249302-FB94-4578-84FE-7B856C315779}" = HTC Sync
"{DF0D3C2E-11B5-7937-7929-06EC35FF760D}" = Catalyst Control Center Core Implementation
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}" = ATI PCI Express (3GIO) Filter Driver
"{E81BE8F9-E988-4531-08C5-4D03FE2F774F}" = Catalyst Control Center Graphics Full Existing
"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FD14A51B-2206-D07A-A610-8EBCA8D611A3}" = Catalyst Control Center Graphics Light
"AC3Filter_is1" = AC3Filter 1.63b
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BlueJ_is1" = BlueJ 3.0.4
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"DivX Setup.divx.com" = DivX-Setup
"Emicsoft Mod Converter_is1" = Emicsoft Mod Converter
"GameSpy Arcade" = GameSpy Arcade
"GCFScape_is1" = GCFScape 1.8.1
"HyperCam 2" = HyperCam 2
"HyperCam Toolbar" = HyperCam Toolbar
"InstallShield_{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}" = Easy Network Manager 4.0
"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"JDownloader" = JDownloader
"Jed's Half-Life Model Viewer" = Jed's Half-Life Model Viewer 1.3.6
"Keycraft" = Keycraft (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"mIRC" = mIRC
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MsJavaVM" = Microsoft VM for Java
"Mumble" = Mumble and Murmur
"PhotoScape" = PhotoScape
"PROHYBRIDR" = 2007 Microsoft Office system
"PunkBusterSvc" = PunkBuster Services
"Steam App 10" = Counter-Strike
"Steam App 400" = Portal
"Steam App 50280" = Mafia II - Demo
"TuneUp Utilities" = TuneUp Utilities
"TVUPlayer" = TVUPlayer 2.5.3.1
"Update Service" = Update Service
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"VLC media player" = VLC media player 1.0.5
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.16.0.0b
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.12.2010 12:53:53 | Computer Name = Batu-PC | Source = VSS | ID = 12292
Description = 
 
Error - 06.12.2010 12:53:53 | Computer Name = Batu-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 06.12.2010 12:53:53 | Computer Name = Batu-PC | Source = System Restore | ID = 8210
Description = 
 
Error - 07.12.2010 14:51:32 | Computer Name = Batu-PC | Source = VSS | ID = 40
Description = 
 
Error - 07.12.2010 14:51:32 | Computer Name = Batu-PC | Source = VSS | ID = 12292
Description = 
 
Error - 07.12.2010 14:51:32 | Computer Name = Batu-PC | Source = VSS | ID = 40
Description = 
 
Error - 07.12.2010 14:51:32 | Computer Name = Batu-PC | Source = VSS | ID = 12292
Description = 
 
Error - 07.12.2010 14:51:32 | Computer Name = Batu-PC | Source = VSS | ID = 40
Description = 
 
Error - 07.12.2010 14:51:32 | Computer Name = Batu-PC | Source = VSS | ID = 12292
Description = 
 
Error - 07.12.2010 14:51:32 | Computer Name = Batu-PC | Source = System Restore | ID = 8193
Description = 
 
[ System Events ]
Error - 27.03.2010 06:03:13 | Computer Name = Batu-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 27.03.2010 06:03:14 | Computer Name = Batu-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 27.03.2010 06:04:14 | Computer Name = Batu-PC | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 27.03.2010 06:40:43 | Computer Name = Batu-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 27.03.2010 06:41:06 | Computer Name = Batu-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 27.03.2010 06:42:02 | Computer Name = Batu-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.03.2010 07:05:48 | Computer Name = Batu-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 27.03.2010 07:06:11 | Computer Name = Batu-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 27.03.2010 07:07:11 | Computer Name = Batu-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 28.03.2010 05:38:36 | Computer Name = Batu-PC | Source = volsnap | ID = 393283
Description = Die Schattenkopie des erstellten Volumes "C:" konnte nicht installiert
 werden.
 
 
< End of report >
--- --- ---

[/QUOTE]
__________________
Antwort

Themen zu Verdacht auf Schädlinge,Hijackthis Analyse
adobe, antivir, antivir guard, avira, bho, bonjour, desktop, explorer, google, hijack, hijackthis, internet, internet explorer, messenger, micro, microsoft, pdf, plug-in, ratlos, rechner verseucht, rundll, schädlinge, software, system, vista, windows, wmp


« Mail Acc wegen Missbrauch gesperrt | svchost.exe lastet computer aus und... »


Ähnliche Themen: Verdacht auf Schädlinge,Hijackthis Analyse


  1. Windows 7: Adware/Verdacht auf andere Schädlinge
    Log-Analyse und Auswertung - 20.05.2015 (16)
  2. Verdacht auf Schädlinge - OTL-Logfiles
    Log-Analyse und Auswertung - 15.04.2013 (23)
  3. Verdacht auf Trojaner-Befall! Bitte um HijachThis LogFile Analyse
    Log-Analyse und Auswertung - 30.03.2013 (16)
  4. OTL und Extra.txt Log Analyse. Verdacht auf Keyloger o.ä Spyware.
    Log-Analyse und Auswertung - 25.08.2012 (1)
  5. Verdacht auf Schädlinge - Computer hängt sich auf, E-Mail Adresse eventuell geknackt /-:
    Log-Analyse und Auswertung - 03.10.2011 (1)
  6. Versteckte Ordner wurden nicht angezeigt - Verdacht auf Schädlinge
    Log-Analyse und Auswertung - 17.04.2011 (4)
  7. Verdacht auf versteckte Schädlinge im System (Malware)
    Plagegeister aller Art und deren Bekämpfung - 17.02.2011 (16)
  8. Logfile auswertung bitte, verdacht auf Schädlinge (Trojan.Codecpack.gen o ähnliches?)
    Log-Analyse und Auswertung - 01.02.2010 (1)
  9. Verdacht auf Schädlinge
    Log-Analyse und Auswertung - 20.08.2009 (5)
  10. Verdacht auf Schädlinge pls helfen
    Log-Analyse und Auswertung - 07.04.2009 (0)
  11. Bitte um Hijackthis analyse
    Mülltonne - 14.10.2008 (3)
  12. Verdacht auf Hack, bitte um Analyse.
    Log-Analyse und Auswertung - 04.02.2008 (0)
  13. Bitte um Analyse von HiJackThis-Log
    Log-Analyse und Auswertung - 21.11.2007 (7)
  14. Hijackthis Log analyse bitte
    Log-Analyse und Auswertung - 23.07.2007 (2)
  15. Bitte um HiJackThis Log analyse
    Log-Analyse und Auswertung - 02.11.2005 (2)
  16. Hilfe bei Hijackthis Logfile Analyse
    Log-Analyse und Auswertung - 20.04.2005 (2)
  17. Hijackthis, bitte um analyse :)
    Log-Analyse und Auswertung - 23.10.2004 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Verdacht auf Schädlinge,Hijackthis Analyse - Hallo und Zitat: Platform: Windows Vista SP1 (WinNT 6.00.1905) Warum nur SP1? Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell - Verdacht auf Schädlinge,Hijackthis Analyse...
Archiv
Du betrachtest: Verdacht auf Schädlinge,Hijackthis Analyse auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27