tr/kazy.mekml.1 auch bei mir.. (ausführliche Beschreibung..)

south · 23.04.2011, 10:57

Hallo zusammen,

Erstmal super, dass es solch eine Plattform im Netz gibt. Habe mich extra für mein Problem angemeldet und bin sehr froh, dass auch andere das Problem in den letzten Stunden hatten.. Ich bin totaler Anfänger und habe kaum Ahnung von solchen Viren und Trojanern. Ich habe nur das kostenlose Antivir..

Es handelt sich um den Virus "tr/kazy.mekml.1".

23. April, 02:11

Eingefangen habe ich ihn mir auf einer normalen Youtube-Seite, als ich gefragt wurde, ob ich "Adobe Flash Player" ausführen sollte. Ich klickte auf Abbrechen, weil mir an der Seite nichts auffiel, was unbedingt fehlte. Dann blinkte es wieder auf und ich habe, weil ich davon genervt war, auf Zulassen geklickt. Ab da an gings los: Erst meldete mir Antivir viele Virusmeldungen, die im 3 Minuten Tackt immer wieder kamen. Dann folgte ein schwarzer Bildschirm und alle Dateien verschwanden. Nach vielem hin und her.. (Systemwiederherstellung) fuhr er nicht mehr hoch. Habe ihn dann im abgesicherten Modus hochfahren lassen. Dies brachte ebensfalls nicht. Ich wurde gebeten wieder eine Wiederherstellung zu machen. Dies tat ich auch. Da es ziemlich lange gedauert hat, bin ich eingeschlafen und um 04:20 dann das Ergebnis zu betrachten:

Mein normaler Hintergrund war wieder, alles funktionierte wieder, alles sah wieder normal aus. Problem: Alle Dateien fehlen. Die Ordner sind zwar da, aber die Dateien fehlen. Nur eine OpenOffice Datei hat er mir da gelassen.

Die Frage die sich sicherlich alle stellen:

Wie komm ich an meine (hoch) wichtigen Dateien?

Viele Grüße und schonmal Danke,
South

Habe jetzt OTR drüber laufen lassen und einen Code aus einen anderen Thread eingefügt. Alle Dateien sind wieder da!!! (JUHU) Erscheinen aber so blaß, also fast grau. Wenn man drauf klickt siehts bei Bildern normal aus und Musik spielt sich normal aus. Aber das Aussehen der Dateien ist gräulich.. fast durchsichtig.

Text aus OTR nach dem Neustart:

All processes killed
========== OTL ==========
No active process named MRtPNAFMRSnT.exe was found!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
File C:\ProgramData\45539080.exe not found.
Unable to delete ADS C:\Users\pablo\Tracy Chapman - For My Lover (Album Version).avi:TOC.WMV .
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dome
->Temp folder emptied: 22210050 bytes
->Temporary Internet Files folder emptied: 26931402 bytes
->Java cache emptied: 168372785 bytes
->FireFox cache emptied: 113781613 bytes
->Google Chrome cache emptied: 27403222 bytes
->Flash cache emptied: 2806249 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 760987 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 346,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04232011_122749

Files\Folders moved on Reboot...
File\Folder C:\Users\Dome\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(114)\Content.IE5\QVLTBB8Y\e%3B+MSIE+8.0%3B+Windows+NT+6.0%3B+Trident%2F4.0%3B+SLCC1%3B+.NET+CLR+2.0.50727%3B+Media+Center+PC+5.0%3B+.NET+CLR +3.5.30729%3B+.NET+CLR+3.0.30618%3B+.NET4[1].htm not found!
File\Folder C:\Windows\temp\logishrd\LVPrcInj02.dll not found!

Registry entries deleted on Reboot...

_________________________

Malwarebytes läuft gerade im Vollscan..

Jetzt hatte mein PC einen Absturz (aus heiterem Himmel) und die Daten sind wieder weg.

Neuster Stand: Symbole sind wieder da. (Manuell über "Ordneroptionen" eingerichtet) Bei jedem hochfahren findet Antivir einen Virus. Name fehlt mir gerade.. Die Symbole erscheinen mir transparent, die Schrift unter der Mini-Ansicht ist normal. Malware komplett drüber scannen lassen. Außerdem habe ich das Gefühl wenn ich was google (bspw. firefox download) und den Link anklicke, werde ich auf Gewinnspielseiten weitergeleitet..

_____

Malware-Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6424

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

23.04.2011 20:34:23
mbam-log-2011-04-23 (20-34-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|I:\|J:\|)
Durchsuchte Objekte: 441391
Laufzeit: 4 Stunde(n), 12 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{B922D405-6D13-4A2B-AE89-08A030DA4402}\COMPONENTS\PDFFORGETOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: PDFFORGETOOLBARFF.DLL -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\mozilla firefox\extensions\{b922d405-6d13-4a2b-ae89-08a030da4402}\components\pdfforgetoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

OTLS im Anhang

kira · 23.04.2011, 23:13

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen

1.

Lade Dir Unhide.exe (Windows 7 und Vista mit Rechtsklick als Administrator ausführen

Doppelklick auf das Unhide.exe Icon auf dem Desktop - Alles braucht seine Zeit, also ein bisschen Geduld

<Achtung!>: Wenn Dateien etc, die absichtlich von Dir verborgen waren, also unter eigenschaften versteckt eingestellt hast, musst Du wieder auszublenden, nachdem das Tool ausgeführt wird.

2.
lade Dir HijackThis 2.0.4 von *von hier* herunter
HijackThis starten→ "Do a system scan and save a logfile" klicken→ das erhaltene Logfile "markieren" → "kopieren"→ hier in deinem Thread (rechte Maustaste) "einfügen"

3.
Bitte Versteckte - und Systemdateien sichtbar machen den Link hier anklicken:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
Am Ende unserer Arbeit, kannst wieder rückgängig machen!

4.
→ Lade Dir HJTscanlist.zip herunter
→ entpacke die Datei auf deinem Desktop
→ Bei WindowsXP Home musst vor dem Scan zusätzlich tasklist.zip installieren
→ per Doppelklick starten
→ Wähle dein Betriebsystem aus - bei Win7 wähle Vista
→ Wenn Du gefragt wirst, die Option "Einstellung" (1) - scanlist" wählen
→ Nach kurzer Zeit sollte sich Dein Editor öffnen und die Datei hjtscanlist.txt präsentieren
→ Bitte kopiere den Inhalt hier in Deinen Thread.
** Falls es klappt auf einmal nicht, kannst den Text in mehrere Teile teilen und so posten

5.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

gruß
Coverflow

south · 23.04.2011, 23:37

1. Geladen, auf den Desktop gezogen - schwarzes "system"-Fenster ist offen und es passiert (noch) nichts.. Edit: Alle Icons sind wieder normal.

______

2. Hoffe das ist das Richtige:

HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:27:48, on 24.04.2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\vVX1000.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Program Files\hijack\Trend Micro\HiJackThis\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
R3 - URLSearchHook: NCH Toolbar - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\tbNCH.dll
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NCH Toolbar - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\tbNCH.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (file missing)
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll
O3 - Toolbar: NCH Toolbar - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files\NCH\tbNCH.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [aqkkqss] "c:\users\dome\appdata\local\aqkkqss.exe" aqkkqss
O4 - HKCU\..\Run: [sgwokau] "c:\users\dome\appdata\local\sgwokau.exe" sgwokau
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [logonxt] "C:\Users\Dome\AppData\Roaming\logonxt.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Dome\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10 GTB7.1 (.NET CLR 3.5.30729)" -"hxxp://playskillgames.bwin.com/t/v/client/info?action=gameClient&tournamentSessionId=42940665&pwd=INSNIUAJBBWK"
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download Video on This Page - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html
O8 - Extra context menu item: Download Video This Links To - C:\Program Files\Tomato\YouTube Video Downloader\IELink.html
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Dome\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Download Video - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html
O9 - Extra 'Tools' menuitem: Download Video on This Page - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Program Files\Tomato\YouTube Video Downloader\IEPage.html
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - hxxp://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DirMngr - Unknown owner - C:\Program Files\GNU\GnuPG\dirmngr.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
 
 
 
--
End of file - 12543 bytes

--- --- ---

______

3. Hier: Done.

______

4. Hier:

Code:

ATTFilter

 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
 
Microsoft Windows [Version 6.0.6001]
 
 
C:
 
  24.04.2011 00:24     C:\System Volume Information --------- 32768   
  24.04.2011 00:23     C:\Program Files --------- 32768   
  24.04.2011 00:08     C:\rkill.log --------- 370   
  23.04.2011 23:40     C:\ProgramData --------- 20480   
  23.04.2011 21:23     C:\Windows --------- 28672   
       C:\hiberfil.sys ---------    
       C:\pagefile.sys ---------    
  23.04.2011 12:48     C:\Fraps --------- 4096   
  27.10.2010 17:12     C:\InstallHelper.log --------- 1463   
  01.02.2010 14:50     C:\models --------- 0   
  10.01.2010 16:17     C:\HammerAutosave --------- 0   
  26.11.2009 15:36     C:\test.spr --------- 4273   
  18.08.2009 17:48     C:\IO.SYS --------- 0   
  18.08.2009 17:48     C:\MSDOS.SYS --------- 0   
  04.05.2009 15:54     C:\fpRedmon.log --------- 305   
  10.02.2009 22:11     C:\img2-001.raw --------- 230424   
  02.01.2009 19:32     C:\smultra.gif --------- 6951   
  07.11.2008 14:54     C:\MSOCache --------- 0   
  24.10.2008 23:33     C:\DVDVideoSoft --------- 0   
  23.10.2008 14:06     C:\YouTubeVideos --------- 0   
  14.10.2008 19:48     C:\hp --------- 4096   
  14.10.2008 17:26     C:\$Recycle.Bin --------- 4096   
  14.10.2008 17:22     C:\Users --------- 4096   
  14.10.2008 17:22     C:\Programme --------- 0   
  14.10.2008 17:22     C:\Dokumente und Einstellungen --------- 0   
  10.09.2008 03:28     C:\BOOTSECT.BAK --------- 8192   
  10.09.2008 03:28     C:\Boot --------- 4096   
  09.09.2008 18:07     C:\autoexec.bat --------- 74   
  21.01.2008 04:32     C:\PerfLogs --------- 0   
  21.01.2008 04:24     C:\bootmgr --------- 333203   
  02.11.2006 15:02     C:\Documents and Settings --------- 0   
  18.09.2006 23:43     C:\config.sys --------- 10   
----------------------------------------
 
 
C:\Windows
 
  24.04.2011 00:29     C:\Windows\WindowsUpdate.log --------- 1858707   
  23.04.2011 20:36     C:\Windows\S.dirmngr --------- 22   
  23.04.2011 20:36     C:\Windows\bootstat.dat --------- 67584   
  13.05.2009 13:59     C:\Windows\AM_D8.PRF --------- 24   
  29.10.2008 08:29     C:\Windows\explorer.exe --------- 2927104   
  21.10.2008 12:00     C:\Windows\hpoins28.dat --------- 187437   
  20.10.2008 19:55     C:\Windows\win.ini --------- 179   
  09.09.2008 18:09     C:\Windows\hpqins13.dat --------- 115774   
  09.09.2008 17:57     C:\Windows\DIFxAPI.dll --------- 319456   
  09.09.2008 17:57     C:\Windows\HideWin.exe --------- 315392   
  09.09.2008 17:48     C:\Windows\csup.txt --------- 12   
  04.08.2008 16:22     C:\Windows\VX1000.dll --------- 115728   
  04.08.2008 16:22     C:\Windows\vVX1000.dll --------- 218128   
  04.08.2008 16:22     C:\Windows\VX1000.src --------- 13023   
  04.08.2008 16:22     C:\Windows\vVX1000.exe --------- 721936   
  04.08.2008 16:22     C:\Windows\VX1000.ini --------- 15498   
  03.07.2008 13:27     C:\Windows\RtHDVCpl.exe --------- 6266880   
  09.06.2008 02:06     C:\Windows\hpomdl28.dat --------- 752   
  02.04.2008 11:27     C:\Windows\RtlUpd.exe --------- 1196032   
  14.03.2008 06:56     C:\Windows\Twunk_16.dll --------- 12288   
  14.03.2008 06:56     C:\Windows\Twunk_32.dll --------- 12288   
  05.03.2008 20:07     C:\Windows\RtlExUpd.dll --------- 520192   
  21.01.2008 04:43     C:\Windows\WindowsShell.Manifest --------- 749   
  21.01.2008 04:24     C:\Windows\regedit.exe --------- 134656   
  21.01.2008 04:24     C:\Windows\bfsvc.exe --------- 58880   
  21.01.2008 04:24     C:\Windows\fveupdate.exe --------- 13312   
  21.01.2008 04:24     C:\Windows\HelpPane.exe --------- 498176   
  21.01.2008 04:23     C:\Windows\notepad.exe --------- 151040   
  14.11.2007 17:18     C:\Windows\USetup.iss --------- 553   
  02.11.2006 14:35     C:\Windows\WMSysPr9.prx --------- 316640   
  02.11.2006 14:34     C:\Windows\twunk_16.exe --------- 49680   
  02.11.2006 14:34     C:\Windows\twain_32.dll --------- 50688   
  02.11.2006 14:34     C:\Windows\twunk_32.exe --------- 31232   
  02.11.2006 14:34     C:\Windows\twain.dll --------- 94784   
  02.11.2006 11:45     C:\Windows\winhlp32.exe --------- 9216   
  02.11.2006 11:45     C:\Windows\hh.exe --------- 14848   
  02.11.2006 09:46     C:\Windows\mib.bin --------- 43131   
  19.09.2006 13:41     C:\Windows\HomePremium.xml --------- 8328   
  18.09.2006 23:46     C:\Windows\system.ini --------- 219   
  18.09.2006 23:43     C:\Windows\_default.pif --------- 707   
  18.09.2006 23:43     C:\Windows\winhelp.exe --------- 256192   
  18.09.2006 23:30     C:\Windows\msdfmap.ini --------- 1405   
  18.09.2002 01:45     C:\Windows\lsb_un20.exe --------- 119808   
  23.03.1999 09:12     C:\Windows\unin0407.exe --------- 304128   
----------------------------------------
 
 
C:\Windows\System
 
 14.10.2008 17:26      C:\Windows\System\hpsysdrv.dat --------- 44 
 02.11.2006 14:34      C:\Windows\System\mciseq.drv --------- 25264 
 02.11.2006 14:34      C:\Windows\System\mciwave.drv --------- 28160 
 02.11.2006 14:34      C:\Windows\System\avicap.dll --------- 69584 
 02.11.2006 14:34      C:\Windows\System\avifile.dll --------- 109456 
 02.11.2006 14:34      C:\Windows\System\mciavi.drv --------- 73376 
 02.11.2006 14:34      C:\Windows\System\msvideo.dll --------- 126912 
 02.11.2006 09:10      C:\Windows\System\OLESVR.DLL --------- 24064 
 02.11.2006 09:10      C:\Windows\System\WFWNET.DRV --------- 12704 
 02.11.2006 09:10      C:\Windows\System\COMMDLG.DLL --------- 32816 
 02.11.2006 09:10      C:\Windows\System\TIMER.DRV --------- 4048 
 02.11.2006 09:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992 
 02.11.2006 09:10      C:\Windows\System\mmtask.tsk --------- 1152 
 02.11.2006 09:10      C:\Windows\System\mouse.drv --------- 2032 
 02.11.2006 09:10      C:\Windows\System\vga.drv --------- 2176 
 02.11.2006 09:10      C:\Windows\System\sound.drv --------- 1744 
 02.11.2006 09:10      C:\Windows\System\keyboard.drv --------- 2000 
 02.11.2006 09:10      C:\Windows\System\SHELL.DLL --------- 5120 
 02.11.2006 09:10      C:\Windows\System\system.drv --------- 3360 
 18.09.2006 23:43      C:\Windows\System\ver.dll --------- 9008 
 18.09.2006 23:43      C:\Windows\System\olecli.dll --------- 82944 
 18.09.2006 23:43      C:\Windows\System\lzexpand.dll --------- 9936 
 18.09.2006 23:35      C:\Windows\System\stdole.tlb --------- 5532 
----------------------------------------
 
 
C:\Windows\System32
 
 23.04.2011 22:36     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3616  
 23.04.2011 22:36     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3616  
 23.04.2011 20:36     C:\Windows\system32\drivers --------- 65536  
 23.04.2011 13:11     C:\Windows\system32\WDI --------- 4096  
 23.04.2011 12:49     C:\Windows\system32\config --------- 12288  
 23.04.2011 12:48     C:\Windows\system32\Tasks --------- 4096  
 23.04.2011 12:48     C:\Windows\system32\spool --------- 4096  
 23.04.2011 12:48     C:\Windows\system32\Msdtc --------- 4096  
 23.04.2011 12:48     C:\Windows\system32\wbem --------- 65536  
 23.04.2011 12:31     C:\Windows\system32\catroot2 --------- 12288  
 23.04.2011 02:58     C:\Windows\system32\perfh009.dat --------- 595798  
 23.04.2011 02:58     C:\Windows\system32\perfc009.dat --------- 103872  
 23.04.2011 02:58     C:\Windows\system32\perfc007.dat --------- 126248  
 23.04.2011 02:58     C:\Windows\system32\perfh007.dat --------- 628504  
 23.04.2011 02:58     C:\Windows\system32\PerfStringBackup.INI --------- 1445310  
 18.04.2011 13:13     C:\Windows\system32\DOErrors.log --------- 52  
 18.04.2011 12:21     C:\Windows\system32\FNTCACHE.DAT --------- 366648  
 18.04.2011 12:18     C:\Windows\system32\migration --------- 4096  
 17.04.2011 15:12     C:\Windows\system32\catroot --------- 4096  
 10.03.2011 18:12     C:\Windows\system32\mfc42u.dll --------- 1161728  
 10.03.2011 18:12     C:\Windows\system32\mfc42.dll --------- 1136640  
 09.03.2011 20:42     C:\Windows\system32\SpOrder.dll --------- 8464  
 03.03.2011 17:00     C:\Windows\system32\inetcomm.dll --------- 738816  
 03.03.2011 14:53     C:\Windows\system32\win32k.sys --------- 2040832  
 02.03.2011 16:49     C:\Windows\system32\dnsrslvr.dll --------- 86528  
 02.03.2011 16:49     C:\Windows\system32\dnsapi.dll --------- 167936  
 24.02.2011 09:42     C:\Windows\system32\de-DE --------- 196608  
 24.02.2011 09:42     C:\Windows\system32\WindowsPowerShell --------- 0  
 22.02.2011 08:21     C:\Windows\system32\wininet.dll --------- 916480  
 22.02.2011 08:21     C:\Windows\system32\urlmon.dll --------- 1210880  
 22.02.2011 08:19     C:\Windows\system32\occache.dll --------- 206848  
 22.02.2011 08:18     C:\Windows\system32\mstime.dll --------- 611840  
 22.02.2011 08:17     C:\Windows\system32\mshtmled.dll --------- 66560  
 22.02.2011 08:17     C:\Windows\system32\mshtml.dll --------- 5962240  
 22.02.2011 08:17     C:\Windows\system32\msfeeds.dll --------- 602112  
 22.02.2011 08:17     C:\Windows\system32\msfeedsbs.dll --------- 55296  
 22.02.2011 08:17     C:\Windows\system32\licmgr10.dll --------- 43520  
 22.02.2011 08:16     C:\Windows\system32\jsproxy.dll --------- 25600  
 22.02.2011 08:16     C:\Windows\system32\inetcpl.cpl --------- 1469440  
 22.02.2011 08:16     C:\Windows\system32\ieui.dll --------- 164352  
 22.02.2011 08:16     C:\Windows\system32\iesysprep.dll --------- 109056  
 22.02.2011 08:16     C:\Windows\system32\iertutil.dll --------- 1991680  
 22.02.2011 08:16     C:\Windows\system32\iesetup.dll --------- 71680  
 22.02.2011 08:16     C:\Windows\system32\iernonce.dll --------- 55808  
 22.02.2011 08:16     C:\Windows\system32\iepeers.dll --------- 184320  
 22.02.2011 08:16     C:\Windows\system32\ieframe.dll --------- 11080704  
 22.02.2011 08:16     C:\Windows\system32\iedkcs32.dll --------- 387584  
 22.02.2011 07:20     C:\Windows\system32\html.iec --------- 385024  
 22.02.2011 06:43     C:\Windows\system32\ieUnatt.exe --------- 133632  
 22.02.2011 06:43     C:\Windows\system32\ie4uinit.exe --------- 173568  
 22.02.2011 06:43     C:\Windows\system32\msfeedssync.exe --------- 13312  
 22.02.2011 06:42     C:\Windows\system32\mshtml.tlb --------- 1638912  
 17.02.2011 08:23     C:\Windows\system32\vbscript.dll --------- 420864  
 17.02.2011 08:19     C:\Windows\system32\jscript.dll --------- 726528  
 16.02.2011 17:29     C:\Windows\system32\atmlib.dll --------- 34304  
 16.02.2011 15:24     C:\Windows\system32\atmfd.dll --------- 292864  
 02.02.2011 18:11     C:\Windows\system32\MpSigStub.exe --------- 222080  
 28.01.2011 18:10     C:\Windows\system32\Adobe --------- 0  
 21.01.2011 17:46     C:\Windows\system32\shlwapi.dll --------- 351744  
 21.01.2011 17:46     C:\Windows\system32\shell32.dll --------- 11582464  
 29.12.2010 19:41     C:\Windows\system32\sbeio.dll --------- 153088  
 29.12.2010 19:41     C:\Windows\system32\sbe.dll --------- 323072  
 29.12.2010 19:41     C:\Windows\system32\EncDec.dll --------- 429056  
 29.12.2010 19:39     C:\Windows\system32\mpg2splt.ax --------- 177664  
 28.12.2010 16:57     C:\Windows\system32\odbc32.dll --------- 409600  
 17.12.2010 18:43     C:\Windows\system32\mstscax.dll --------- 2067456  
 17.12.2010 17:06     C:\Windows\system32\mstsc.exe --------- 677888  
 14.12.2010 17:49     C:\Windows\system32\sdclt.exe --------- 1169408  
 29.11.2010 13:58     C:\Windows\system32\Macromed --------- 0  
 06.11.2010 13:10     C:\Windows\system32\wmicmiplugin.dll --------- 345088  
 06.11.2010 13:10     C:\Windows\system32\taskschd.dll --------- 357376  
 06.11.2010 13:10     C:\Windows\system32\taskcomp.dll --------- 270336  
 06.11.2010 13:09     C:\Windows\system32\schedsvc.dll --------- 603648  
 05.11.2010 02:53     C:\Windows\system32\taskeng.exe --------- 171520  
 02.11.2010 18:13     C:\Windows\system32\ealregsnapshot1.reg --------- 4372  
 01.11.2010 17:48     C:\Windows\system32\CodeIntegrity --------- 0  
 28.10.2010 14:56     C:\Windows\system32\tzres.dll --------- 2048  
 18.10.2010 16:01     C:\Windows\system32\consent.exe --------- 81920  
 15.10.2010 16:08     C:\Windows\system32\ntoskrnl.exe --------- 3548048  
 15.10.2010 16:08     C:\Windows\system32\ntkrnlpa.exe --------- 3600272  
 15.10.2010 15:48     C:\Windows\system32\ntdll.dll --------- 1205080  
 20.09.2010 11:25     C:\Windows\system32\msshsq.dll --------- 231936  
 10.09.2010 20:18     C:\Windows\system32\wmp.dll --------- 10626560  
 10.09.2010 18:37     C:\Windows\system32\wmploc.DLL --------- 8147456  
 06.09.2010 18:24     C:\Windows\system32\srvsvc.dll --------- 125952  
 06.09.2010 18:23     C:\Windows\system32\netevent.dll --------- 17920  
 31.08.2010 17:41     C:\Windows\system32\mfc40u.dll --------- 954288  
 31.08.2010 17:41     C:\Windows\system32\mfc40.dll --------- 954752  
 31.08.2010 17:40     C:\Windows\system32\comctl32.dll --------- 531968  
 26.08.2010 18:07     C:\Windows\system32\t2embed.dll --------- 157184  
 26.08.2010 18:01     C:\Windows\system32\Apphlpdm.dll --------- 28672  
 26.08.2010 16:11     C:\Windows\system32\GameUXLegacyGDFs.dll --------- 4240384  
 20.08.2010 17:21     C:\Windows\system32\wmpmde.dll --------- 866816  
 17.08.2010 15:32     C:\Windows\system32\spoolsv.exe --------- 126464  
 10.08.2010 17:02     C:\Windows\system32\schannel.dll --------- 274432  
 28.06.2010 18:15     C:\Windows\system32\ole32.dll --------- 1315840  
 26.06.2010 13:35     C:\Windows\system32\en-US --------- 262144  
 18.06.2010 18:43     C:\Windows\system32\rtutils.dll --------- 36352  
 16.06.2010 17:12     C:\Windows\system32\fontsub.dll --------- 72704  
 11.06.2010 17:30     C:\Windows\system32\msxml3.dll --------- 1257472  
----------------------------------------
 
 
C:\Windows\Prefetch
 
----------------------------------------
 
 
C:\Windows\Tasks
 
 24.04.2011 00:07     C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1094  
 23.04.2011 23:46     C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-539484725-963075036-3239415091-1000UA.job --------- 1114  
 23.04.2011 22:07     C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1090  
 23.04.2011 20:36     C:\Windows\Tasks\SA.DAT --------- 6  
 23.04.2011 20:35     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32596  
 23.04.2011 15:46     C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-539484725-963075036-3239415091-1000Core.job --------- 1062  
 23.04.2011 02:51     C:\Windows\Tasks\User_Feed_Synchronization-{15F96683-BB28-4E1E-9789-62F461E8437D}.job --------- 416  
----------------------------------------
 
 
C:\Windows\Temp
 
 24.04.2011 00:24     C:\Windows\Temp\hpqddsvc.log --------- 3526  
 23.04.2011 20:36     C:\Windows\Temp\LVCOMSX.LOG --------- 954  
 23.04.2011 20:36     C:\Windows\Temp\logishrd --------- 0  
----------------------------------------
 
 
C:\Users\Dome\AppData\Local\Temp
 
 24.04.2011 00:29     C:\Users\Dome\AppData\Local\Temp\hjtscanlist.zip --------- 2097  
 24.04.2011 00:23     C:\Users\Dome\AppData\Local\Temp\Dome.bmp --------- 31832  
 24.04.2011 00:20     C:\Users\Dome\AppData\Local\Temp\RarSFX2 --------- 0  
 24.04.2011 00:08     C:\Users\Dome\AppData\Local\Temp\RarSFX0 --------- 4096  
 24.04.2011 00:08     C:\Users\Dome\AppData\Local\Temp\WPDNSE --------- 0  
 23.04.2011 23:54     C:\Users\Dome\AppData\Local\Temp\plugtmp --------- 0  
 23.04.2011 23:40     C:\Users\Dome\AppData\Local\Temp\SUPERSetup --------- 0  
 23.04.2011 23:17     C:\Users\Dome\AppData\Local\Temp\etilqs_SJ2uGRNACLO70Af --------- 262176  
 23.04.2011 21:20     C:\Users\Dome\AppData\Local\Temp\Low --------- 0  
 23.04.2011 21:08     C:\Users\Dome\AppData\Local\Temp\coredmp --------- 138903  
 23.04.2011 20:57     C:\Users\Dome\AppData\Local\Temp\~nsu.tmp --------- 0  
 23.04.2011 20:48     C:\Users\Dome\AppData\Local\Temp\RarSFX1 --------- 0  
 23.04.2011 20:41     C:\Users\Dome\AppData\Local\Temp\jusched.log --------- 3638  
 23.04.2011 20:41     C:\Users\Dome\AppData\Local\Temp\au-descriptor-uac-1.6.0_20-b76.xml --------- 8854  
 23.04.2011 20:38     C:\Users\Dome\AppData\Local\Temp\hpqddusr.log --------- 624  
 23.04.2011 20:38     C:\Users\Dome\AppData\Local\Temp\MAR3A70.tmp --------- 1285  
 23.04.2011 20:37     C:\Users\Dome\AppData\Local\Temp\JET205B.tmp --------- 0  
 23.04.2011 20:37     C:\Users\Dome\AppData\Local\Temp\qcemptysound.wav --------- 195862  
 23.04.2011 20:37     C:\Users\Dome\AppData\Local\Temp\EAD109.tmp --------- 0  
 23.04.2011 20:37     C:\Users\Dome\AppData\Local\Temp\LVCOMSX.LOG --------- 1421  
 23.04.2011 20:37     C:\Users\Dome\AppData\Local\Temp\appdata.xml --------- 18426  
 23.04.2011 20:36     C:\Users\Dome\AppData\Local\Temp\callingapps.xml --------- 3275  
 23.04.2011 14:25     C:\Users\Dome\AppData\Local\Temp\AUCHECK_PARSER.txt --------- 74  
 23.04.2011 14:25     C:\Users\Dome\AppData\Local\Temp\AUCHECK_CORE.txt --------- 294  
 23.04.2011 13:42     C:\Users\Dome\AppData\Local\Temp\MAR88DD.tmp --------- 1285  
 23.04.2011 13:42     C:\Users\Dome\AppData\Local\Temp\EAD56A7.tmp --------- 0  
----------------------------------------
 
 
C:\Program Files
 
 24.04.2011 00:23     C:\Program Files\hijack --------- 0  
 23.04.2011 23:40     C:\Program Files\SUPERAntiSpyware --------- 4096  
 23.04.2011 23:17     C:\Program Files\Mozilla Firefox --------- 32768  
 23.04.2011 20:37     C:\Program Files\Steam --------- 16384  
 23.04.2011 12:48     C:\Program Files\phase5 --------- 8192  
 23.04.2011 12:48     C:\Program Files\Microsoft Works --------- 49152  
 23.04.2011 12:48     C:\Program Files\JDownloader --------- 8192  
 23.04.2011 12:48     C:\Program Files\ICQ6.5 --------- 28672  
 23.04.2011 11:48     C:\Program Files\Malwarebytes' Anti-Malware --------- 4096  
 18.04.2011 12:18     C:\Program Files\Internet Explorer --------- 4096  
 17.04.2011 15:01     C:\Program Files\Windows Mail --------- 4096  
 01.04.2011 11:32     C:\Program Files\DVDVideoSoft --------- 4096  
 01.04.2011 11:24     C:\Program Files\YouTube Downloader --------- 4096  
 09.03.2011 20:42     C:\Program Files\Vodafone --------- 0  
 13.02.2011 23:02     C:\Program Files\NCH --------- 4096  
 13.02.2011 23:02     C:\Program Files\Conduit --------- 0  
 13.02.2011 23:02     C:\Program Files\ConduitEngine --------- 4096  
 13.02.2011 23:02     C:\Program Files\NCH Software --------- 0  
 11.01.2011 21:39     C:\Program Files\TrueCrypt --------- 4096  
 11.01.2011 19:42     C:\Program Files\Mozilla Thunderbird --------- 12288  
 24.12.2010 16:41     C:\Program Files\AviSynth 2.5 --------- 0  
 24.12.2010 16:38     C:\Program Files\eRightSoft --------- 0  
 24.12.2010 02:28     C:\Program Files\HooTech WAV MP3 Converter --------- 4096  
 23.12.2010 21:55     C:\Program Files\facemoods.com --------- 0  
 08.12.2010 19:37     C:\Program Files\Pidgin --------- 8192  
 29.11.2010 14:04     C:\Program Files\Symantec --------- 0  
 29.11.2010 14:00     C:\Program Files\Google --------- 0  
 02.11.2010 18:13     C:\Program Files\InstallShield Installation Information --------- 4096  
 02.11.2010 18:13     C:\Program Files\Electronic Arts --------- 0  
 01.11.2010 18:27     C:\Program Files\Zattoo --------- 8192  
 01.11.2010 18:27     C:\Program Files\TV-Browser --------- 0  
 01.11.2010 18:27     C:\Program Files\SprayR --------- 4096  
 01.11.2010 18:27     C:\Program Files\pidgin-otr --------- 4096  
 01.11.2010 18:27     C:\Program Files\Microsoft Games --------- 4096  
 01.11.2010 18:27     C:\Program Files\DivX --------- 8192  
 01.11.2010 18:26     C:\Program Files\Common Files --------- 4096  
 01.11.2010 18:26     C:\Program Files\2nd Speech Center --------- 0  
 15.10.2010 18:56     C:\Program Files\Windows Media Player --------- 4096  
 13.08.2010 14:51     C:\Program Files\FileZilla FTP Client --------- 4096  
 12.08.2010 20:31     C:\Program Files\Movie Maker --------- 4096  
 11.08.2010 23:26     C:\Program Files\GNU --------- 0  
 29.06.2010 20:22     C:\Program Files\VTFEdit --------- 4096  
 26.06.2010 13:35     C:\Program Files\Microsoft.NET --------- 0  
 11.03.2010 22:45     C:\Program Files\CCleaner --------- 0  
 11.03.2010 22:40     C:\Program Files\pdfforge Toolbar --------- 4096  
 11.03.2010 22:38     C:\Program Files\FreePDF_XP --------- 8192  
 07.02.2010 23:18     C:\Program Files\TeamViewer --------- 0  
 06.02.2010 20:58     C:\Program Files\Java --------- 4096  
 25.01.2010 15:50     C:\Program Files\Screaming Bee --------- 0  
 14.01.2010 17:52     C:\Program Files\Microsoft --------- 0  
 14.01.2010 17:51     C:\Program Files\Windows Live --------- 0  
 12.01.2010 15:36     C:\Program Files\CFS-Technologies --------- 0  
 09.01.2010 16:57     C:\Program Files\Teamspeak2_RC2 --------- 4096  
 02.12.2009 20:56     C:\Program Files\Mumble --------- 12288  
 25.11.2009 14:46     C:\Program Files\Software2000 --------- 0  
 10.11.2009 21:45     C:\Program Files\PDFCreator --------- 4096  
 18.08.2009 17:06     C:\Program Files\Nvu --------- 8192  
 19.07.2009 12:50     C:\Program Files\Illustrate --------- 0  
 18.07.2009 23:37     C:\Program Files\JanSoft --------- 0  
 19.06.2009 16:12     C:\Program Files\DesignCreator --------- 4096  
 16.06.2009 14:03     C:\Program Files\ICQ6 --------- 12288  
 06.05.2009 20:23     C:\Program Files\VideoMach --------- 4096  
 20.04.2009 15:49     C:\Program Files\Youtube Downloader HD --------- 4096  
 30.03.2009 14:14     C:\Program Files\OpenOffice.org 3 --------- 4096  
 04.03.2009 10:42     C:\Program Files\Astonsoft --------- 0  
 04.03.2009 10:41     C:\Program Files\Nero --------- 4096  
 03.03.2009 18:25     C:\Program Files\Audacity --------- 4096  
 22.01.2009 17:54     C:\Program Files\Microsoft LifeCam --------- 4096  
 22.01.2009 17:25     C:\Program Files\Logitech --------- 0  
 08.01.2009 17:10     C:\Program Files\Paint.NET --------- 12288  
 03.01.2009 17:16     C:\Program Files\Skype --------- 0  
 15.12.2008 14:31     C:\Program Files\Norton Internet Security --------- 12288  
 15.12.2008 02:18     C:\Program Files\Avira --------- 0  
 14.12.2008 16:10     C:\Program Files\WinRAR --------- 4096  
 13.12.2008 23:51     C:\Program Files\SurfMusik 3.1 --------- 4096  
 12.12.2008 18:31     C:\Program Files\S.A.D --------- 0  
 08.12.2008 21:02     C:\Program Files\Songbird --------- 8192  
 25.11.2008 19:49     C:\Program Files\Digital TV 2050 --------- 4096  
 09.11.2008 18:53     C:\Program Files\eBay --------- 0  
 07.11.2008 14:59     C:\Program Files\Microsoft Office --------- 4096  
 07.11.2008 14:55     C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites --------- 8192  
 07.11.2008 14:55     C:\Program Files\MSECache --------- 0  
 23.10.2008 14:16     C:\Program Files\VideoLAN --------- 0  
 18.10.2008 11:31     C:\Program Files\uTorrent --------- 0  
 17.10.2008 19:37     C:\Program Files\Tomato --------- 0  
 16.10.2008 12:56     C:\Program Files\MSXML 4.0 --------- 0  
 15.10.2008 15:43     C:\Program Files\ICQ6Toolbar --------- 4096  
 14.10.2008 19:43     C:\Program Files\HP --------- 4096  
 14.10.2008 17:24     C:\Program Files\Adobe --------- 0  
 14.10.2008 17:23     C:\Program Files\Online Services --------- 4096  
 14.10.2008 17:23     C:\Program Files\Windows Sidebar --------- 4096  
 14.10.2008 17:22     C:\Program Files\Windows NT --------- 4096  
 14.10.2008 17:22     C:\Program Files\Gemeinsame Dateien --------- 0  
 10.09.2008 03:29     C:\Program Files\Windows Calendar --------- 0  
 10.09.2008 03:29     C:\Program Files\Windows Photo Gallery --------- 4096  
 10.09.2008 03:29     C:\Program Files\Windows Collaboration --------- 4096  
 10.09.2008 03:29     C:\Program Files\Windows Journal --------- 4096  
 10.09.2008 03:29     C:\Program Files\Windows Defender --------- 4096  
 09.09.2008 18:20     C:\Program Files\EasyBits For Kids --------- 0  
 09.09.2008 18:20     C:\Program Files\Hewlett-Packard --------- 4096  
 09.09.2008 18:19     C:\Program Files\HP Games --------- 12288  
 09.09.2008 18:07     C:\Program Files\muvee Technologies --------- 0  
 09.09.2008 17:57     C:\Program Files\Realtek --------- 0  
 09.09.2008 17:54     C:\Program Files\Ralink Driver --------- 0  
 09.09.2008 17:54     C:\Program Files\RALINK --------- 0  
 21.01.2008 04:43     C:\Program Files\desktop.ini --------- 174  
 02.11.2006 15:01     C:\Program Files\Uninstall Information --------- 0  
 02.11.2006 14:37     C:\Program Files\Reference Assemblies --------- 0  
 02.11.2006 14:37     C:\Program Files\MSBuild --------- 0  
----------------------------------------
 
 
C:\ProgramData\.. 
 
Dome    
Public    
Default    
desktop.ini    
Default User    
All Users    
----------------------------------------
 
 
C:\Windows\system32\drivers\etc\hosts
 
127.0.0.1       localhost
::1       localhost
 
----------------------------------------
 
 
 
Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0        39.260 K
smss.exe                       472 Services                   0         1.460 K
csrss.exe                      540 Services                   0        13.976 K
wininit.exe                    588 Services                   0         9.548 K
csrss.exe                      600 Console                    1        10.244 K
services.exe                   632 Services                   0        27.196 K
lsass.exe                      644 Services                   0         2.216 K
lsm.exe                        664 Services                   0         4.040 K
svchost.exe                    812 Services                   0        10.372 K
nvvsvc.exe                     860 Services                   0         3.216 K
svchost.exe                    888 Services                   0         9.680 K
winlogon.exe                   932 Console                    1         6.196 K
svchost.exe                    964 Services                   0        43.076 K
svchost.exe                   1028 Services                   0        16.684 K
svchost.exe                   1084 Services                   0       135.512 K
svchost.exe                   1116 Services                   0       267.020 K
audiodg.exe                   1248 Services                   0        16.096 K
svchost.exe                   1272 Services                   0         4.832 K
SLsvc.exe                     1292 Services                   0         7.828 K
rundll32.exe                  1352 Console                    1         6.772 K
svchost.exe                   1396 Services                   0        15.168 K
svchost.exe                   1544 Services                   0        21.904 K
spoolsv.exe                   1940 Services                   0        12.448 K
sched.exe                     2000 Services                   0           748 K
dwm.exe                       2016 Console                    1        77.776 K
taskeng.exe                   2024 Services                   0         6.940 K
svchost.exe                   2036 Services                   0        24.892 K
taskeng.exe                    508 Console                    1        11.944 K
MSASCui.exe                   2356 Console                    1        14.932 K
rundll32.exe                  2468 Console                    1         4.564 K
jusched.exe                   2516 Console                    1         9.376 K
avguard.exe                   2560 Services                   0        16.168 K
dirmngr.exe                   2580 Services                   0         5.728 K
hpwuSchd2.exe                 2648 Console                    1         2.716 K
vVX1000.exe                   2672 Console                    1         5.132 K
avgnt.exe                     2680 Console                    1         1.752 K
Communications_Helper.exe     2688 Console                    1         9.872 K
Quickcam.exe                  2696 Console                    1        11.404 K
sidebar.exe                   2764 Console                    1        10.500 K
Steam.exe                     2772 Console                    1        80.784 K
msnmsgr.exe                   2780 Console                    1        30.232 K
ICQ.exe                       2804 Console                    1        35.280 K
svchost.exe                   2844 Services                   0         9.308 K
LVComSer.exe                  2872 Services                   0         5.388 K
LVPrcSrv.exe                  2892 Services                   0         5.292 K
LVComSer.exe                  2940 Console                    1         5.092 K
MSCamS32.exe                  3044 Services                   0         3.084 K
svchost.exe                   3072 Services                   0         3.008 K
svchost.exe                   3152 Services                   0         2.804 K
svchost.exe                   3184 Services                   0         5.816 K
svchost.exe                   3208 Services                   0         7.100 K
TeamViewer_Service.exe        3252 Services                   0         2.964 K
svchost.exe                   3296 Services                   0         4.284 K
hpqtra08.exe                  3304 Console                    1        15.892 K
SearchIndexer.exe             3348 Services                   0        79.032 K
VMCService.exe                3408 Services                   0        43.240 K
ONENOTEM.EXE                  3476 Console                    1         3.852 K
WUDFHost.exe                  3516 Services                   0         8.240 K
soffice.exe                   1104 Console                    1         9.600 K
soffice.bin                   2476 Console                    1        56.716 K
COCIManager.exe               3372 Console                    1         7.948 K
SteamService.exe              5116 Services                   0         7.780 K
unsecapp.exe                  5680 Console                    1         5.348 K
WmiPrvSE.exe                  5740 Services                   0         6.124 K
hpqste08.exe                  6000 Console                    1        12.904 K
hpqbam08.exe                  6052 Console                    1         5.520 K
hpqgpc01.exe                  6120 Console                    1         8.968 K
HPHC_Service.exe               788 Services                   0         9.484 K
wuauclt.exe                   4312 Console                    1         7.888 K
jucheck.exe                   5624 Console                    1         9.876 K
conime.exe                    4320 Console                    1         3.716 K
SearchProtocolHost.exe        8004 Services                   0        16.040 K
firefox.exe                   2392 Console                    1       156.460 K
plugin-container.exe          4228 Console                    1        21.552 K
SUPERAntiSpyware.exe          1684 Console                    1       150.344 K
explorer.exe                  9380 Console                    1        85.408 K
explorer.exe                  6464 Console                    1        54.044 K
unhide.exe                    8936 Console                    1         8.440 K
cmd.exe                       6152 Console                    1         2.876 K
attrib.exe                    8996 Console                    1         3.828 K
msiexec.exe                   8736 Services                   0        18.408 K
svchost.exe                   6720 Services                   0         7.068 K
WinRAR.exe                    9804 Console                    1        13.020 K
TrustedInstaller.exe          7508 Services                   0         8.612 K
cmd.exe                       4340 Console                    1         3.756 K
SearchFilterHost.exe          8616 Services                   0         6.868 K
tasklist.exe                  8376 Console                    1         5.084 K
LVPrcSrv.exe                 10028 Console                    1         2.976 K
WmiPrvSE.exe                  8992 Services                   0         6.128 K
 
 
***** Ende des Scans 24.04.2011 um  0:33:08,44 ***

______

5. Hier:

Code:

ATTFilter

 
Activation Assistant for the 2007 Microsoft Office suites    Microsoft Corporation    22.04.2011    1.437,0MB    
Adobe Flash Player 10 ActiveX    Adobe Systems Incorporated    22.04.2011        10.1.102.64
Adobe Flash Player 10 Plugin    Adobe Systems Incorporated    22.04.2011        10.0.22.87
Adobe Reader 8.1.2 - Deutsch    Adobe Systems Incorporated    14.10.2008        8.1.2
Adobe Shockwave Player 11.5    Adobe Systems, Inc.    22.04.2011    7,19MB    11.5.9.615
Audacity 1.2.6        22.04.2011    8,43MB    
Avira AntiVir Personal - Free Antivirus    Avira GmbH    22.04.2011    55,0MB    
Call of Duty: Black Ops    Treyarch    22.04.2011    7.885,2MB    
Call of Duty: Black Ops - Multiplayer    Treyarch    22.04.2011    7.885,2MB    
Call of Duty: Modern Warfare 2    Infinity Ward    22.04.2011    11.762,5MB    
Call of Duty: Modern Warfare 2 - Multiplayer    Infinity Ward    22.04.2011    11.762,5MB    
CCleaner    Piriform    22.04.2011    2,88MB    2.29
Command & Conquer™ Alarmstufe Rot 3    Electronic Arts    02.11.2010        1.0.1.0
Compatibility Pack für 2007 Office System    Microsoft Corporation    17.04.2011        12.0.6425.1000
Conduit Engine    Conduit Ltd.    22.04.2011    3,82MB    
Counter-Strike: Source    Valve    22.04.2011    68,1MB    
Day of Defeat: Source    Valve    22.04.2011        
EA Download Manager    Electronic Arts    01.11.2010    5,43MB    4.0.0.462
FileZilla Client 3.2.7.1        12.08.2010    15,7MB    3.2.7.1
Google Chrome    Google Inc.    20.03.2011    346,4MB    10.0.648.205
HiJackThis    Trend Micro    23.04.2011    0,36MB    1.0.0
HP Customer Participation Program 11.0    HP    22.04.2011    162,4MB    11.0
HP Demo    Hewlett-Packard    09.09.2008        1.00.0000
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3    HP    22.04.2011    13,7MB    11.0
HP Easy Setup - Frontend    Hewlett-Packard    08.09.2008    2,17MB    5.7.0.2693
HP Imaging Device Functions 11.0    HP    22.04.2011    2,41MB    11.0
HP Photosmart Essential 3.0    HP    22.04.2011    2,40MB    3.0
HP Smart Web Printing    HP    22.04.2011    8,51MB    4.0
HP Solution Center 11.0    HP    22.04.2011    2,39MB    11.0
HP Total Care Advisor    Hewlett-Packard    09.09.2008        2.3.4292.2709
HP Update    Hewlett-Packard    09.09.2008        4.000.010.008
ICQ6.5    ICQ    15.06.2009    47,3MB    6.5
Java(TM) 6 Update 18    Sun Microsystems, Inc.    06.02.2010        6.0.180
Java(TM) SE Runtime Environment 6 Update 1    Sun Microsystems, Inc.    09.09.2008        1.6.0.10
JDownloader    AppWork UG (haftungsbeschränkt)    22.04.2011    54,1MB    
Left 4 Dead    Valve    22.04.2011    4.464,5MB    
Left 4 Dead 2    Valve    22.04.2011    6.710,4MB    
Logitech QuickCam    Logitech Inc.    22.01.2009        11.80.1065
Logitech QuickCam-Treiberpaket        22.04.2011        
Malwarebytes' Anti-Malware    Malwarebytes Corporation    22.04.2011    4,80MB    
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU    Microsoft Corporation    22.04.2011    37,0MB    
Microsoft .NET Framework 3.5 SP1    Microsoft Corporation    22.04.2011    37,0MB    
Microsoft .NET Framework 4 Client Profile    Microsoft Corporation    22.04.2011    120,3MB    4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack    Microsoft Corporation    22.04.2011    24,5MB    4.0.30319
Microsoft LifeCam    Microsoft    22.01.2009        1.30.175.0
Microsoft Office Home and Student 2007    Microsoft Corporation    22.04.2011    308,6MB    12.0.6425.1000
Microsoft Office PowerPoint Viewer 2007 (German)    Microsoft Corporation    17.04.2011        12.0.6425.1000
Microsoft Office Word Viewer 2003    Microsoft Corporation    17.04.2011        11.0.8173.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053    Microsoft Corporation    17.08.2009        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    09.09.2008        8.0.56336
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148    Microsoft Corporation    17.08.2009        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022    Microsoft Corporation    09.09.2008        9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17    Microsoft Corporation    29.12.2009        9.0.30729
Microsoft Works    Microsoft Corporation    16.12.2010        9.7.0621
MorphVOX Pro    Screaming Bee    25.01.2010        4.3.4
Movies        22.04.2011    1,93MB    
Mozilla Firefox 4.0 (x86 de)    Mozilla    22.04.2011    35,2MB    4.0
Mozilla Thunderbird (3.1.7)    Mozilla    22.04.2011    33,4MB    3.1.7 (de)
MSXML 4.0 SP2 (KB941833)    Microsoft Corporation    17.10.2008        4.20.9849.0
MSXML 4.0 SP2 (KB954430)    Microsoft Corporation    14.11.2008        4.20.9870.0
MSXML 4.0 SP2 (KB973688)    Microsoft Corporation    30.11.2009        4.20.9876.0
My HP Games    WildTangent    22.04.2011    297,4MB    1.0.0.52
NCH Toolbar    NCH    22.04.2011    3,96MB    6.2.7.3
Nero 8 Lite    UpdatePack.nl    03.03.2009    53,0MB    8.3.13.0
NVIDIA Drivers        22.04.2011        
OpenOffice.org 3.0    OpenOffice.org    30.03.2009        3.0.9379
Optimierte Multimedia-Tastatur-Lösung    Hewlett-Packard    22.04.2011    6,85MB    
Paint.NET v3.36    dotPDN LLC    08.01.2009        3.36.0
pdfforge Toolbar v1.0    GreenTree Applications, Inc.    27.04.2009        1.00.0000
Phase 5 HTML-Editor    Systemberatung Schommer    28.10.2009    1,66MB    5.6.2.3
Pidgin        22.04.2011    51,6MB    2.7.7
Ralink Wireless LAN    RaLink    08.09.2008    2,44MB    1.0.2.5
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    08.09.2008    21,1MB    6.0.1.5657
RedMon - Redirection Port Monitor        22.04.2011        
Shop for HP Supplies    HP    22.04.2011    162,4MB    11.0
Skype™ 3.8    Skype Technologies S.A.    03.01.2009        3.8.188
Source SDK    Valve    22.04.2011    64,7MB    
Source SDK Base    Valve    22.04.2011    56,2MB    
SPORE Creature Creator Trial Edition    Electronic Arts    22.04.2011    2,01MB    1.00.0000
Steam(TM)    Valve    14.10.2008        1.0.0.0
SUPER © Version 2010.bld.42 (Nov 7, 2010)    eRightSoft    22.04.2011    27,8MB    Version 2010.bld.42 (Nov 7, 2010)
SUPERAntiSpyware    SUPERAntiSpyware.com    22.04.2011    53,1MB    4.51.1000
SurfMusik 3.1a    Marcus Schmitt    12.12.2008    2,47MB    3.1a
TeamSpeak 2 RC2    Dominating Bytes Design    22.04.2011        2.0.32.60
TeamSpeak 3 Client    TeamSpeak Systems GmbH    04.10.2010    25,1MB    
TeamViewer 5    TeamViewer GmbH    22.04.2011    16,9MB    5.0.7687 
Testversion von Microsoft Office Home and Student 2007        22.04.2011    1.437,0MB    
TrueCrypt    TrueCrypt Foundation    22.04.2011    7,68MB    7.0a
Uninstall 1.0.0.1        31.03.2011    41,8MB    
VLC media player 0.9.4    VideoLAN Team    22.04.2011    49,0MB    0.9.4
Vodafone Mobile Connect Lite    Vodafone    09.03.2011        9.4.3.17550
VTFEdit 1.2.5    Neil Jedrzejewski & Ryan Gregg    28.06.2010    2,68MB    
WAV MP3 Converter v4.2 build 1259    Hoo Technologies    23.12.2010    12,3MB    
Windows Live Anmelde-Assistent    Microsoft Corporation    14.01.2010        5.000.818.5
Windows Live Essentials    Microsoft Corporation    22.04.2011    44,0MB    14.0.8089.0726
Windows Media Player Firefox Plugin    Microsoft Corp    14.10.2008    0,29MB    1.0.0.8
WinRAR        22.04.2011    3,73MB    
Yahoo! BrowserPlus 2.9.2    Yahoo! Inc.    10.07.2010    25,4MB    
YouTube Downloader 2.7.1    BienneSoft    22.04.2011    6,86MB    
Youtube Downloader HD v. 1.1    YoutubeDownloaderHD.com    22.04.2011    3,22MB    
YouTube Video Downloader 2.0.9    Tomato    16.10.2008    2,53MB

- - - - - - - - - -

Hoffe habe alles richtig gemacht. Danke für deine Hilfe!

kira · 24.04.2011, 08:57

1.
Deinstalliere unter `Start→ Systemsteuereung→ Ändern/Entfernen...`

Code:

ATTFilter

Conduit Engine 
pdfforge Toolbar - Adware -Toolbar

Bestandteile der Standardinstallation vieler Freeware-Programme und teilweise sogar von kostenpflichtigen Programmen. Daher:
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen, weil damit stimmt man nämlich zu, dass Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.
in diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars deinstallieren
Toolbars mit wenige Ausnahme sind unnötig (Yahoo, Google etc), machen den Browser nur langsammer und telefonieren nach Hause >

2.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen

Code:

ATTFilter

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
03 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (file missing)
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll

3.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java Version 6 Update 24 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

4.
Adobe Reader aktualisieren :
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

5.
alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren
**Der Temp Ordner,ist für temporäre Dateien,also der Inhalt kann man ohne weiteres löschen.- Dateien, die noch in Benutzung sind, nicht löschbar.
**Lösche nur den Inhalt der Ordner, nicht die Ordner selbst!

`Start → ausführen` "cleanmgr" reinschreiben (ohne "") → "ok" - die Temporary Files, Temporary Internet Files, und der Papierkorb (Recycle Bin) müssen geleert werden→ "Ok"
`Start → ausführen` → %temp% reinschreiben (ohne "")→ "Ok" - - Ordnerinhalt überall markieren und löschen
für jedes Benutzerkonto bitte durchführen
anschließend den Papierkorb leeren

6.
reinige dein System mit Ccleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

7.
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

* Doppelklick auf die OTL.exe
* Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
* Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
* Setze ein Häckchen bei Scan All Users.
* Unter Standard Registry wähle bitte All
* Unter Extra Registry, wähle bitte Use SafeList
* Schliesse bitte alle laufenden Programme.
* Klicke nun auf Run Scan ( links oben ).
* Wenn der Scan beendet wurde werden 2 Logfiles auf dem Desktop erstellt
* Poste den Inhalt von OTL.txt und Extra.txt hier in Deinen Thread

south · 24.04.2011, 12:34

1. bis 6. gemacht!

Punkt 7:

OTL.txt

Code:

ATTFilter

Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,66 Gb Total Space | 127,84 Gb Free Space | 44,75% Space Free | Partition Type: NTFS
Drive D: | 12,43 Gb Total Space | 1,71 Gb Free Space | 13,76% Space Free | Partition Type: NTFS
 
Computer Name: DOME-PC | User Name: Dome | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Dome\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Programme\GNU\GnuPG\dirmngr.exe ()
PRC - C:\Programme\Steam\Steam.exe (Valve Corporation)
PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe (Bytemobile, Inc.)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Programme\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Dome\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\Temp\logishrd\LVPrcInj01.dll (Logitech Inc.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (DirMngr) -- C:\Program Files\GNU\GnuPG\dirmngr.exe ()
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Programme\NCH\tbNCH.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-539484725-963075036-3239415091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-539484725-963075036-3239415091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-539484725-963075036-3239415091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-539484725-963075036-3239415091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\S-1-5-21-539484725-963075036-3239415091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-539484725-963075036-3239415091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-539484725-963075036-3239415091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 29 16 1D 22 B2 76 CB 01  [binary data]
IE - HKU\S-1-5-21-539484725-963075036-3239415091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-539484725-963075036-3239415091-1000\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
IE - HKU\S-1-5-21-539484725-963075036-3239415091-1000\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\S-1-5-21-539484725-963075036-3239415091-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKU\S-1-5-21-539484725-963075036-3239415091-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-539484725-963075036-3239415091-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008.10.14 19:43:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.07 13:07:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2011.03.09 20:43:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.23 23:17:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.24 13:11:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.01.11 19:42:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.04.23 21:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dome\AppData\Roaming\mozilla\Extensions
[2011.01.11 19:42:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dome\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008.12.08 21:01:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dome\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2011.04.23 20:57:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dome\AppData\Roaming\mozilla\Firefox\Profiles\0z2t1184.default\extensions
[2011.04.23 21:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dome\AppData\Roaming\mozilla\Firefox\Profiles\0z2t1184.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.23 21:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dome\AppData\Roaming\mozilla\Firefox\Profiles\0z2t1184.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.04.23 21:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dome\AppData\Roaming\mozilla\Firefox\Profiles\0z2t1184.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.04.23 21:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dome\AppData\Roaming\mozilla\Firefox\Profiles\0z2t1184.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.23 21:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dome\AppData\Roaming\mozilla\Firefox\Profiles\0z2t1184.default\extensions\{9815d32d-08c2-42ca-a8c6-43e501a4512f}
[2011.04.23 21:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dome\AppData\Roaming\mozilla\Firefox\Profiles\0z2t1184.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.23 21:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dome\AppData\Roaming\mozilla\Firefox\Profiles\0z2t1184.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
[2011.04.23 21:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dome\AppData\Roaming\mozilla\Firefox\Profiles\0z2t1184.default\extensions\engine@conduit.com
[2011.04.23 21:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dome\AppData\Roaming\mozilla\Firefox\Profiles\0z2t1184.default\extensions\fbdislike@doweb.fr
[2011.04.23 21:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dome\AppData\Roaming\mozilla\Firefox\Profiles\0z2t1184.default\extensions\foxyproxy@eric.h.jung
[2011.04.23 21:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dome\AppData\Roaming\mozilla\Firefox\Profiles\0z2t1184.default\extensions\moveplayer@movenetworks.com
[2011.04.23 21:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dome\AppData\Roaming\mozilla\Firefox\Profiles\0z2t1184.default\extensions\twitternotifier@naan.net
[2010.12.23 21:55:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dome\AppData\Roaming\mozilla\Firefox\Profiles\t4wca3y1.default\extensions
[2008.11.09 15:21:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dome\AppData\Roaming\mozilla\Firefox\Profiles\t4wca3y1.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2011.04.23 12:48:48 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Dome\AppData\Roaming\mozilla\Firefox\Profiles\t4wca3y1.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.23 12:48:48 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Dome\AppData\Roaming\mozilla\Firefox\Profiles\t4wca3y1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2008.11.09 15:21:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dome\AppData\Roaming\mozilla\Firefox\Profiles\t4wca3y1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.04.23 12:48:48 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Dome\AppData\Roaming\mozilla\Firefox\Profiles\t4wca3y1.default\extensions\ffxtlbr@Facemoods.com
[2011.04.24 12:59:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.04.23 23:17:04 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.01.12 15:51:29 | 000,000,000 | ---D | M] (TextAloud Firefox Plugin) -- C:\Programme\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}
[2009.01.03 17:16:24 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2011.04.24 12:59:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- 
[2011.04.24 12:59:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2009.09.07 13:07:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2007.04.10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\np-mswmp.dll
[2011.04.24 12:58:41 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2006.10.26 21:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL
[2011.01.30 17:45:12 | 000,135,568 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Mozilla Firefox\plugins\nppdf32.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchddr.xml
[2010.01.01 10:00:00 | 000,002,364 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\google.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.04.23 13:37:39 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Programme\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-539484725-963075036-3239415091-1000..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-539484725-963075036-3239415091-1000..\Run: [Google Update] C:\Users\Dome\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-539484725-963075036-3239415091-1000..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-539484725-963075036-3239415091-1000..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-539484725-963075036-3239415091-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-539484725-963075036-3239415091-1000..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-539484725-963075036-3239415091-1000..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-539484725-963075036-3239415091-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-539484725-963075036-3239415091-1000..\RunOnce: [Shockwave Updater]  File not found
O4 - Startup: C:\Users\Dome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Dome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Download Video on This Page - C:\Programme\Tomato\YouTube Video Downloader\IEPage.html ()
O8 - Extra context menu item: Download Video This Links To - C:\Programme\Tomato\YouTube Video Downloader\IELink.html ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Dome\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Download Video - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Programme\Tomato\YouTube Video Downloader\IEPage.html ()
O9 - Extra 'Tools' menuitem : Download Video on This Page - {11F19C45-9675-488A-A8E0-8E8234DC245D} - C:\Programme\Tomato\YouTube Video Downloader\IEPage.html ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-539484725-963075036-3239415091-1000\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} hxxp://messenger.zone.msn.com/binary/Chess.cab57176.cab (ZoneChess Object)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dome\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dome\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.09.09 18:07:43 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{26266cd2-4a54-11e0-8c96-00221557c4cd}\Shell - "" = AutoRun
O33 - MountPoints2\{26266cd2-4a54-11e0-8c96-00221557c4cd}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{26266cd9-4a54-11e0-8c96-001e101faedd}\Shell - "" = AutoRun
O33 - MountPoints2\{26266cd9-4a54-11e0-8c96-001e101faedd}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.24 13:11:12 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2011.04.24 13:11:09 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2011.04.24 13:09:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.04.24 13:00:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2011.04.24 12:59:19 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.04.24 12:59:19 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.04.24 12:59:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.04.24 12:59:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.04.24 12:58:31 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2011.04.24 01:20:32 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011.04.24 00:23:16 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.04.24 00:23:16 | 000,000,000 | ---D | C] -- C:\Programme\hijack
[2011.04.23 23:40:10 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\SUPERAntiSpyware.com
[2011.04.23 23:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.04.23 23:40:05 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.04.23 23:40:02 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2011.04.23 21:14:16 | 000,000,000 | ---D | C] -- C:\Users\Dome\Desktop\Sicherung
[2011.04.23 21:12:24 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Dome\Desktop\OTL.exe
[2011.04.23 11:48:53 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\Malwarebytes
[2011.04.23 11:48:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.23 11:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.23 11:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.23 11:48:34 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.21 14:08:48 | 000,000,000 | ---D | C] -- C:\Users\Dome\Desktop\Maxim Soth
[2011.04.15 15:01:44 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.15 15:01:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.15 15:01:29 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.15 15:01:29 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.15 15:01:28 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.15 15:01:28 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.15 15:01:28 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.15 15:01:28 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.15 15:01:28 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.15 15:01:28 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.15 15:01:28 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.15 15:01:27 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.15 15:01:27 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.15 15:01:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.15 15:01:27 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.15 15:01:27 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.15 15:01:27 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.15 15:01:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.15 15:01:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.15 15:01:12 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.15 15:01:11 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.15 15:00:49 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.15 15:00:38 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.15 15:00:15 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.15 15:00:15 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.01 11:28:49 | 022,229,776 | ---- | C] (DVDVideoSoft Limited.                                       ) -- C:\Users\Dome\Desktop\FreeYouTubeToMp3Converter.exe
[2011.04.01 11:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader
[2011.04.01 11:24:14 | 000,000,000 | ---D | C] -- C:\Programme\YouTube Downloader
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.24 13:21:22 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.24 13:21:22 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.24 13:21:17 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr
[2011.04.24 13:21:16 | 000,364,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.24 13:21:06 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.24 13:21:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.24 13:20:53 | 3219,615,744 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.24 13:11:51 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.04.24 13:07:28 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.24 12:58:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.04.24 12:58:39 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.04.24 12:58:39 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.04.24 12:58:39 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.04.24 12:24:13 | 000,002,625 | ---- | M] () -- C:\Users\Dome\Desktop\HiJackThis.lnk
[2011.04.24 01:46:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-539484725-963075036-3239415091-1000UA.job
[2011.04.24 01:33:13 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{15F96683-BB28-4E1E-9789-62F461E8437D}.job
[2011.04.23 23:40:05 | 000,001,802 | ---- | M] () -- C:\Users\Dome\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.04.23 23:17:06 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.04.23 21:12:24 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dome\Desktop\OTL.exe
[2011.04.23 15:46:03 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-539484725-963075036-3239415091-1000Core.job
[2011.04.23 13:37:39 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.04.23 12:58:00 | 000,504,657 | ---- | M] () -- C:\Users\Dome\Desktop\unhide.exe
[2011.04.23 11:48:37 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.23 11:32:27 | 000,002,078 | ---- | M] () -- C:\Users\Dome\Desktop\Google Chrome.lnk
[2011.04.23 02:58:22 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.23 02:58:22 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.23 02:58:22 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.23 02:58:22 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.23 02:01:19 | 000,000,392 | ---- | M] () -- C:\ProgramData\40820488
[2011.04.23 01:59:22 | 000,000,136 | ---- | M] () -- C:\ProgramData\~40820488r
[2011.04.23 01:59:22 | 000,000,120 | ---- | M] () -- C:\ProgramData\~40820488
[2011.04.01 11:32:58 | 000,001,034 | ---- | M] () -- C:\Users\Dome\Desktop\DVDVideoSoft Free Studio.lnk
[2011.04.01 11:32:40 | 000,001,193 | ---- | M] () -- C:\Users\Dome\Desktop\Free YouTube to MP3 Converter.lnk
[2011.04.01 11:31:51 | 022,229,776 | ---- | M] (DVDVideoSoft Limited.                                       ) -- C:\Users\Dome\Desktop\FreeYouTubeToMp3Converter.exe
[2011.04.01 11:24:15 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2011.04.01 11:23:48 | 004,699,109 | ---- | M] () -- C:\Users\Dome\Desktop\YouTubeDownloaderSetup271.exe
 
========== Files Created - No Company Name ==========
 
[2011.04.24 13:21:17 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr
[2011.04.24 13:11:51 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.04.24 13:11:50 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.04.24 00:29:38 | 000,030,259 | ---- | C] () -- C:\Users\Dome\Desktop\hjtscanlist.bat
[2011.04.24 00:23:16 | 000,002,625 | ---- | C] () -- C:\Users\Dome\Desktop\HiJackThis.lnk
[2011.04.23 23:40:05 | 000,001,802 | ---- | C] () -- C:\Users\Dome\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.04.23 23:17:06 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.04.23 23:17:05 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.04.23 12:57:56 | 000,504,657 | ---- | C] () -- C:\Users\Dome\Desktop\unhide.exe
[2011.04.23 11:48:37 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.23 01:59:22 | 000,000,136 | ---- | C] () -- C:\ProgramData\~40820488r
[2011.04.23 01:59:22 | 000,000,120 | ---- | C] () -- C:\ProgramData\~40820488
[2011.04.23 01:58:48 | 000,000,392 | ---- | C] () -- C:\ProgramData\40820488
[2011.04.01 11:32:52 | 000,001,034 | ---- | C] () -- C:\Users\Dome\Desktop\DVDVideoSoft Free Studio.lnk
[2011.04.01 11:32:40 | 000,001,193 | ---- | C] () -- C:\Users\Dome\Desktop\Free YouTube to MP3 Converter.lnk
[2011.04.01 11:24:15 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2011.04.01 11:22:59 | 004,699,109 | ---- | C] () -- C:\Users\Dome\Desktop\YouTubeDownloaderSetup271.exe
[2010.12.24 16:41:19 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.11.10 17:28:50 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2010.08.17 17:55:33 | 000,000,600 | ---- | C] () -- C:\Users\Dome\AppData\Local\PUTTY.RND
[2010.03.10 12:14:39 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.01.27 19:57:28 | 000,000,680 | ---- | C] () -- C:\Users\Dome\AppData\Local\d3d9caps.dat
[2009.11.10 21:45:47 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.07.19 12:50:07 | 000,131,072 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2009.07.19 12:50:07 | 000,036,104 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2009.06.16 14:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009.04.27 11:01:48 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.04.27 11:01:48 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2009.03.04 10:50:48 | 001,012,736 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2009.03.04 10:50:48 | 000,012,800 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2009.01.22 14:10:11 | 000,277,318 | ---- | C] () -- C:\Users\Dome\AppData\Local\sgwokau_nav.dat
[2009.01.22 14:10:11 | 000,003,311 | ---- | C] () -- C:\Users\Dome\AppData\Local\sgwokau.dat
[2009.01.22 14:10:11 | 000,000,332 | ---- | C] () -- C:\Users\Dome\AppData\Local\sgwokau_navps.dat
[2009.01.21 15:24:32 | 000,277,318 | ---- | C] () -- C:\Users\Dome\AppData\Local\aqkkqss_nav.dat
[2009.01.21 15:24:32 | 000,003,362 | ---- | C] () -- C:\Users\Dome\AppData\Local\aqkkqss.dat
[2009.01.21 15:24:32 | 000,000,330 | ---- | C] () -- C:\Users\Dome\AppData\Local\aqkkqss_navps.dat
[2009.01.20 14:40:03 | 000,277,318 | ---- | C] () -- C:\Users\Dome\AppData\Local\miomc_nav.dat
[2009.01.20 14:40:03 | 000,003,308 | ---- | C] () -- C:\Users\Dome\AppData\Local\miomc.dat
[2009.01.20 14:40:03 | 000,000,959 | ---- | C] () -- C:\Users\Dome\AppData\Local\miomc_navps.dat
[2008.12.15 02:11:22 | 000,000,089 | ---- | C] () -- C:\Users\Dome\AppData\Local\ibcxk.bat
[2008.12.15 02:09:26 | 000,000,087 | ---- | C] () -- C:\Users\Dome\AppData\Local\mbglkydl.bat
[2008.12.15 02:08:13 | 000,000,089 | ---- | C] () -- C:\Users\Dome\AppData\Local\sacioshe.bat
[2008.11.25 19:54:04 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008.11.06 14:13:25 | 000,002,300 | ---- | C] () -- C:\Users\Dome\AppData\Roaming\wklnhst.dat
[2008.10.27 16:03:50 | 000,015,360 | ---- | C] () -- C:\Users\Dome\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.17 19:37:24 | 006,514,176 | ---- | C] () -- C:\Windows\System32\MioPlayer1.dll
[2008.10.17 19:37:24 | 006,294,528 | ---- | C] () -- C:\Windows\System32\MediaIO1.dll
[2008.10.16 12:58:51 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.10.16 12:58:51 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.14 19:38:07 | 000,187,437 | ---- | C] () -- C:\Windows\hpoins28.dat
[2008.09.10 03:27:47 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.09.10 03:27:47 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.09.10 03:27:47 | 000,126,248 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.09.10 03:27:47 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.09.09 18:20:17 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2008.09.09 18:08:33 | 000,115,774 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008.09.09 17:54:59 | 000,438,272 | ---- | C] () -- C:\Windows\System32\RaCoInst.dll
[2008.09.09 17:54:59 | 000,011,783 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2008.09.09 17:49:03 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008.09.09 17:49:03 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2008.08.04 16:22:18 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2008.07.26 09:25:02 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008.06.09 02:06:52 | 000,000,752 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,364,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002.09.18 01:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:70B3C619

< End of report >

EXTRA.txt
OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 24.04.2011 13:28:18 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Dome\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,66 Gb Total Space | 127,84 Gb Free Space | 44,75% Space Free | Partition Type: NTFS
Drive D: | 12,43 Gb Total Space | 1,71 Gb Free Space | 13,76% Space Free | Partition Type: NTFS
 
Computer Name: DOME-PC | User Name: Dome | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-539484725-963075036-3239415091-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AC65391-7FCC-4CA6-970A-938B0C4CBF34}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0E0329BE-7102-48F7-B2C5-630583519D17}" = rport=445 | protocol=6 | dir=out | app=system | 
"{264478A1-D6C0-4A0B-B15F-B8EE5A556634}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{32A0C93F-F2E2-483D-89DC-F8B116650747}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{406C93E8-8691-485F-94BF-C61274787FF3}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5048A3EC-5525-4888-B01E-AA9AE1FA4583}" = lport=139 | protocol=6 | dir=in | app=system | 
"{58AE3A0C-33A1-41F8-9725-44DD93929BF8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{684C163A-1A8E-433B-B4C5-664EB9D3DA47}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{6B73FA68-4811-4C13-9685-6B409B2536C5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7F4ABA22-2FF8-4EE6-9E8D-AC289C603B8E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{82EBDCE4-EFDD-4949-803F-3CDDF2F6538D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{917E94ED-2DF8-4EF0-A06E-7D1C69BD92D4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A0BA3BD7-B2AB-4044-B262-AEB329C2469F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B6FC9BCA-557A-4FAB-BF3B-DF7321BD38DA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BBF4F637-F4C7-4C5E-9B6B-1D0F007F4636}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C54F73B0-2F7D-42B6-B7C5-1055357DF7F8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CAF1F45D-2EC2-452A-B093-24E54C2E0C8C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{CBC3BD77-D5E8-4E19-8FB9-B75CE7CCD469}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DBA9DB8C-3A77-46AA-BF50-8633B7607BEA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EB32EE14-0600-40AB-ADA1-A228B9CC6B8F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0248BFA5-E3FE-46D3-A7F5-AD20DCA994B9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{04B15C05-15F0-44C8-AE5B-FDCE1FFF48C3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{15E38A5E-7AE8-4329-AC2A-B1B0F235A735}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{19D8B007-96CA-4B78-A93A-6164257BBFE1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{1ABB0162-6BF0-4C04-854A-B73C942B2D74}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{2AD8E9DF-44F2-426C-9C17-1B52EEF021C9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\wrestlemania2007\day of defeat source\hl2.exe | 
"{2BCD141B-741E-467D-BCB5-B1AE9D397DCB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{37BF6A0F-3A53-4902-9A90-03DF30A11CB3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{3FEBF48E-58E7-467C-9DAE-B062BAF36067}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{493AA9FB-459C-4E63-B833-8262D673EC1F}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{4F8A6FE8-36E5-4801-B214-B4779D438035}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\wrestlemania2007\sourcesdk\bin\sdklauncher.exe | 
"{5D8AE324-5DA8-4D3F-918C-EB36D7CCE7D0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{62C55994-8D20-40A5-AA43-4DED8E315F77}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{63F9FEA7-23FB-4389-909D-5094583C654F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\wrestlemania2007\day of defeat source\hl2.exe | 
"{67687C2E-D64F-43DE-97AA-F42BA44FBE79}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{69C60183-5351-441C-ADDE-F468B5369363}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{6BCE2CF8-3447-41B4-8702-C35065B60CC6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6D70B3A8-85B4-48D1-83AF-5F16B918EDF1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{6EDCC84C-0328-4B45-8EDE-6BCFE307AEAA}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{6F39CAC2-3DBA-460C-B321-01525BD0D1BB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{7218B39D-5721-4276-B07B-A57E2B84A361}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{7281B9F2-2DFC-4DB0-82F2-F7D2826BD4F9}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{729BEB07-14A1-40D1-A074-697649C11397}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{72A7C25A-31C7-421C-BF75-045C4BDD83C1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\wrestlemania2007\sourcesdk\bin\sdklauncher.exe | 
"{75FA9EC9-135B-4CBD-95EC-B99645EAEF40}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{78112B44-4466-4B4C-9A77-FF3038D736CF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{7E28A111-65F5-41A9-AC64-FBC3F89EA357}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{81CAF62F-DDA1-4A64-B129-7F6F35DFEA61}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{87830CC6-9B41-41B0-87F4-E964223B2E75}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{8895777C-2B04-4578-A63B-4DC84318ED29}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{98700290-C88B-4247-8144-7C01E1AFA546}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\wrestlemania2007\counter-strike source\hl2.exe | 
"{9D8EBF1B-F8F6-41A3-AFC9-A79A73213059}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{A6F104BE-61C1-4541-8462-14F0C9BF55B3}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{A930C834-ADF7-4F28-988F-08AD26E0B5C2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{AAB102EB-66E2-498F-98B1-CBE76FA069DF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\wrestlemania2007\counter-strike source\hl2.exe | 
"{AC19BCDB-B1E6-4DF9-B90A-06B9DD78010D}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{AC9D045A-2C67-46A3-AE97-A78962884709}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{B722125A-0AEF-4BB4-A68D-2FD95B3E6EF4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B7E5F046-EF8E-43D9-BF12-1235BBA68F51}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{B980928B-AF1B-4179-943D-22C4A6185AFC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\wrestlemania2007\counter-strike source\hl2.exe | 
"{C0A976A8-79F7-4B8E-A69B-C7C93CFCAEE5}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{C63AE9B5-F34C-4090-A524-28A5D1715CFC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CF36903E-0EEB-4E64-B340-8652A3B34F15}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{D2E8D4FB-3122-4A36-95BB-4388312E1910}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{D32F6CCD-F8F2-4EB3-B68D-69DFA1278B4A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{D8BA1837-0F90-434D-B169-B665E31A904D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\wrestlemania2007\counter-strike source\hl2.exe | 
"{E7BF6D84-4B89-42B3-BD0E-F6C80B85C314}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{EBF13385-1B13-43A2-9194-42D6D2BB4580}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{F676398D-01F6-4080-BCD0-630A153D063E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F7D4A6CC-21CE-4F73-8C92-99EFD77837B5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{0712F7F8-5E7A-470D-A429-AA46A8881FFB}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{1402E614-23AA-415F-9E12-42CC2DDC9174}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{2C1EA64C-5EBE-4CBA-9865-DA0CCF39D4C3}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{3B2808B5-1B17-4DC6-AA40-92C74D59D06A}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"TCP Query User{48AAD1A8-7372-4FAB-AC25-87742E7719A1}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{4A65CDA7-E8CD-4A99-936C-98FD7C91A539}C:\program files\mumble\murmur.exe" = protocol=6 | dir=in | app=c:\program files\mumble\murmur.exe | 
"TCP Query User{5014F577-AC58-43A4-A1DD-261834C1F9CE}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{7E8A175F-27DE-4075-8EDD-1891004DB4B3}C:\program files\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files\pidgin\pidgin.exe | 
"TCP Query User{83B74CD1-6699-451F-92B4-D0E97704D2E6}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{8A0392DE-CC06-44D0-9BFF-4B07C37651C4}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{909CEE19-C9A8-412C-AB35-C9AE9734E4D8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{96665AF4-A897-4C44-BFBC-347AA640FD60}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{9922E056-A460-47FE-96F2-F44BED99DCFB}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{99518F0E-7CF6-46E7-AD92-146D7FCF74EF}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{A1457D75-5C5B-4AC6-8E94-E9D09B1613A7}C:\program files\teamviewer\version5\teamviewer.exe" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"TCP Query User{C020F247-BD3D-4BB0-90A4-97BB9EC71693}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{D2F1C14E-0F6F-4B45-B882-688E8BC24759}C:\program files\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files\pidgin\pidgin.exe | 
"TCP Query User{EA99DEA1-D3FF-49C8-B6E1-938A6BCE020C}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{EEB278E0-2596-47BE-B9CD-23FA6EAEA650}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"TCP Query User{F07FFD7D-A7CE-400B-8D9F-4D2EB7EF3A3B}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{071369C0-2C47-4F4E-82D8-9F7B75CFA0F0}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{2D2D6589-E0E6-4E12-8E9B-25031588ED94}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{38AAA949-4047-4EA2-BA87-F9365B61D299}C:\program files\mumble\murmur.exe" = protocol=17 | dir=in | app=c:\program files\mumble\murmur.exe | 
"UDP Query User{3C2C3AA0-083F-4FDC-91AB-942560E65CC8}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | 
"UDP Query User{3DF858FF-A0F1-42B8-87E7-0BBB4BF83343}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{3ED9CA20-5367-44CA-BBE3-A01824D72BF5}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{462CB664-8EAB-44E7-A9A2-2A00B26F3D81}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{561632A3-A1A6-46AD-827C-E46482DE70A2}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{5A5408ED-57B0-43A6-8166-D1167A725FDE}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{6211BB70-A230-4185-AF91-9DC44FDD7999}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{71B9CB9E-1058-4C8A-A43E-DFE7110E619C}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{76543B76-9C87-42B1-B73B-0FD536A8B8FD}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | 
"UDP Query User{76748744-E995-494B-A6DD-8EC1EDD17898}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{8AE61EB9-D268-417B-8924-234A42795431}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{8FB79B18-AB80-4DFA-AA5A-2D946786FE27}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{9245C4CD-62EC-4F83-835C-CCA100AB9832}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{AF9F2393-8D6B-4594-A047-26AEE35B52E5}C:\program files\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files\pidgin\pidgin.exe | 
"UDP Query User{CAC6CF8D-42E7-4E4B-9A2D-1C8112EE6CBF}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{CB85B313-8F43-486D-A41C-4C96CD19C106}C:\program files\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files\pidgin\pidgin.exe | 
"UDP Query User{E6550085-96FA-4BF1-B6CD-05A7D77B1BC7}C:\program files\teamviewer\version5\teamviewer.exe" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.1
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5527CA99-AAEC-45E2-9EB9-CED0BB2FC2BD}" = MorphVOX Pro
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4220_ProductContext
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78DB08B0-F440-4BA6-9372-F2C6CC9721B7}" = Microsoft LifeCam
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A4A14B15-F25D-44F8-8483-291C1DF7C548}_is1" = WAV MP3 Converter v4.2 build 1259
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}" = Phase 5 HTML-Editor
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}" = HP Easy Setup - Frontend
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"JDownloader" = JDownloader
"lvdrivers_11.80" = Logitech QuickCam-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Movies" = Movies
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"NCH Toolbar" = NCH Toolbar
"Nero8Lite_is1" = Nero 8 Lite
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Testversion von Microsoft Office Home and Student 2007
"Pidgin" = Pidgin
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Shop for HP Supplies" = Shop for HP Supplies
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 500" = Left 4 Dead
"Steam App 550" = Left 4 Dead 2
"SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010)
"SurfMusik 3.1a_is1" = SurfMusik 3.1a
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 5" = TeamViewer 5
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.4
"VTFEdit_is1" = VTFEdit 1.2.5
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 1.1
"YouTube Video Downloader_is1" = YouTube Video Downloader 2.0.9
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-539484725-963075036-3239415091-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.2.7.1
"Google Chrome" = Google Chrome
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.2
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.04.2010 16:01:13 | Computer Name = Dome-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung hl2.exe, Version 0.0.0.0, Zeitstempel 0x4445c334,
 fehlerhaftes Modul filesystem_steam.dll_unloaded, Version 0.0.0.0, Zeitstempel 
0x47e2d72b, Ausnahmecode 0xc0000005, Fehleroffset 0x0210553e,  Prozess-ID 0x192c, 
Anwendungsstartzeit 01cad1cdd9d92768.
 
Error - 02.04.2010 05:49:34 | Computer Name = Dome-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung HpqSRmon.exe, Version 11.0.0.142, Zeitstempel
 0x47d78822, fehlerhaftes Modul HpqSRmon.exe, Version 11.0.0.142, Zeitstempel 0x47d78822,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000033c5,  Prozess-ID 0x890, Anwendungsstartzeit
 01cad249be432ace.
 
Error - 02.04.2010 05:50:20 | Computer Name = Dome-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.04.2010 08:57:18 | Computer Name = Dome-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung hl2.exe, Version 0.0.0.0, Zeitstempel 0x4445c334,
 fehlerhaftes Modul filesystem_steam.dll_unloaded, Version 0.0.0.0, Zeitstempel 
0x47e2d72b, Ausnahmecode 0xc0000005, Fehleroffset 0x0efe553e,  Prozess-ID 0x1980, 
Anwendungsstartzeit 01cad25c1678e37a.
 
Error - 03.04.2010 06:36:54 | Computer Name = Dome-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung HpqSRmon.exe, Version 11.0.0.142, Zeitstempel
 0x47d78822, fehlerhaftes Modul HpqSRmon.exe, Version 11.0.0.142, Zeitstempel 0x47d78822,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000033c5,  Prozess-ID 0x89c, Anwendungsstartzeit
 01cad319719a25e8.
 
Error - 03.04.2010 06:37:31 | Computer Name = Dome-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.04.2010 14:21:30 | Computer Name = Dome-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung HpqSRmon.exe, Version 11.0.0.142, Zeitstempel
 0x47d78822, fehlerhaftes Modul HpqSRmon.exe, Version 11.0.0.142, Zeitstempel 0x47d78822,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000033c5,  Prozess-ID 0x8c4, Anwendungsstartzeit
 01cad35a5bbbd93f.
 
Error - 03.04.2010 14:22:10 | Computer Name = Dome-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.04.2010 06:24:52 | Computer Name = Dome-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung HpqSRmon.exe, Version 11.0.0.142, Zeitstempel
 0x47d78822, fehlerhaftes Modul HpqSRmon.exe, Version 11.0.0.142, Zeitstempel 0x47d78822,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000033c5,  Prozess-ID 0x8e4, Anwendungsstartzeit
 01cad3e0f0ed5e62.
 
Error - 04.04.2010 06:25:31 | Computer Name = Dome-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 24.04.2011 07:09:23 | Computer Name = Dome-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 24.04.2011 07:09:23 | Computer Name = Dome-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.04.2011 07:09:23 | Computer Name = Dome-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 24.04.2011 07:09:23 | Computer Name = Dome-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.04.2011 07:09:23 | Computer Name = Dome-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 24.04.2011 07:09:23 | Computer Name = Dome-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.04.2011 07:21:05 | Computer Name = Dome-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 24.04.2011 07:21:05 | Computer Name = Dome-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 24.04.2011 07:22:43 | Computer Name = Dome-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.04.2011 07:23:58 | Computer Name = Dome-PC | Source = Service Control Manager | ID = 7022
Description = 
 
 
< End of report >

--- --- ---

Das wars glaube ich!

kira · 24.04.2011, 20:39

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
[2011.04.23 12:48:48 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Dome\AppData\Roaming\mozilla\Firefox\Profiles\t4wca3y1.default\extensions\ffxtlbr@Facemoods.com
[2010.12.13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchddr.xml
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)
[2011.04.23 02:01:19 | 000,000,392 | ---- | M] () -- C:\ProgramData\40820488
[2011.04.23 01:59:22 | 000,000,136 | ---- | M] () -- C:\ProgramData\~40820488r
[2011.04.23 01:59:22 | 000,000,120 | ---- | M] () -- C:\ProgramData\~40820488
[2009.01.22 14:10:11 | 000,277,318 | ---- | C] () -- C:\Users\Dome\AppData\Local\sgwokau_nav.dat
[2009.01.22 14:10:11 | 000,003,311 | ---- | C] () -- C:\Users\Dome\AppData\Local\sgwokau.dat
[2009.01.22 14:10:11 | 000,000,332 | ---- | C] () -- C:\Users\Dome\AppData\Local\sgwokau_navps.dat
[2009.01.21 15:24:32 | 000,277,318 | ---- | C] () -- C:\Users\Dome\AppData\Local\aqkkqss_nav.dat
[2009.01.21 15:24:32 | 000,003,362 | ---- | C] () -- C:\Users\Dome\AppData\Local\aqkkqss.dat
[2009.01.21 15:24:32 | 000,000,330 | ---- | C] () -- C:\Users\Dome\AppData\Local\aqkkqss_navps.dat
[2009.01.20 14:40:03 | 000,277,318 | ---- | C] () -- C:\Users\Dome\AppData\Local\miomc_nav.dat
[2009.01.20 14:40:03 | 000,003,308 | ---- | C] () -- C:\Users\Dome\AppData\Local\miomc.dat
[2009.01.20 14:40:03 | 000,000,959 | ---- | C] () -- C:\Users\Dome\AppData\Local\miomc_navps.dat
[2008.12.15 02:11:22 | 000,000,089 | ---- | C] () -- C:\Users\Dome\AppData\Local\ibcxk.bat
[2008.12.15 02:09:26 | 000,000,087 | ---- | C] () -- C:\Users\Dome\AppData\Local\mbglkydl.bat
[2008.12.15 02:08:13 | 000,000,089 | ---- | C] () -- C:\Users\Dome\AppData\Local\sacioshe.bat

:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

south · 24.04.2011, 21:03

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Folder C:\Users\Dome\AppData\Roaming\mozilla\Firefox\Profiles\t4wca3y1.default\extensions\ffxtlbr@Facemoods.com\ not found.
File C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchddr.xml not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\facemoods not found.
File C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe not found.
File C:\ProgramData\40820488 not found.
File C:\ProgramData\~40820488r not found.
File C:\ProgramData\~40820488 not found.
File C:\Users\Dome\AppData\Local\sgwokau_nav.dat not found.
File C:\Users\Dome\AppData\Local\sgwokau.dat not found.
File C:\Users\Dome\AppData\Local\sgwokau_navps.dat not found.
File C:\Users\Dome\AppData\Local\aqkkqss_nav.dat not found.
File C:\Users\Dome\AppData\Local\aqkkqss.dat not found.
File C:\Users\Dome\AppData\Local\aqkkqss_navps.dat not found.
File C:\Users\Dome\AppData\Local\miomc_nav.dat not found.
File C:\Users\Dome\AppData\Local\miomc.dat not found.
File C:\Users\Dome\AppData\Local\miomc_navps.dat not found.
File C:\Users\Dome\AppData\Local\ibcxk.bat not found.
File C:\Users\Dome\AppData\Local\mbglkydl.bat not found.
File C:\Users\Dome\AppData\Local\sacioshe.bat not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Dome
->Temp folder emptied: 628320 bytes
->Temporary Internet Files folder emptied: 458683 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 15192595 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 638 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 131486 bytes
RecycleBin emptied: 152757 bytes
 
Total Files Cleaned = 16,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04242011_221051

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

kira · 25.04.2011, 22:35

1.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

- also lade Dir Gmer herunter und entpacke es auf deinen Desktop
- starte gmer.exe
- [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
- bitte nichts am Pc machen während der Scan läuft!
- klicke auf "Scan", um das Tool zu starten
- wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
- mit "Ok" wird GMER beendet.
- das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

2.

lade Dir SUPERAntiSpyware FREE Edition herunter.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

3.
- "Link:-> ESET Online Scanner
>>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.► [Sicherheit] Autorun Funktion für mehr Sicherheit auf allen Laufwerken deaktivieren /Avira Support Forum

-> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch

- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"

Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen

4.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in Code-Tags hier in den Thread.

tr/kazy.mekml.1 auch bei mir.. (ausführliche Beschreibung..)

Plagegeister aller Art und deren Bekämpfung: tr/kazy.mekml.1 auch bei mir.. (ausführliche Beschreibung..)